Gartner: 'Prepare now' for the death of Windows XP; security at risk

Gartner: 'Prepare now' for the death of Windows XP; security at risk

Summary: Microsoft flips the 'off' switch on Windows XP and Office 2003 support a year from now, and with no more security updates and patches coming, corporate security could be at risk.

TOPICS: Windows, Cloud, Microsoft

Jump, and jump quickly.

That's the message from research firm Gartner, which through their latest research have found that more than 15 percent of midsize to large enterprises still have Windows XP running on at least 10 percent of their PCs.

(Image: Screenshot by ZDNet)

Earlier this month, Microsoft warned that as of April 8, 2014, there will be no more support for Windows XP, which is rapidly approaching its 13th birthday. 

Is it really such a big deal? Actually, yes. That support entails security fixes, patches for vulnerabilities, and updates to software that will all disappear this time next year. When a new exploit comes along, it won't be fixed, leaving your entire network and systems vulnerable to cyberattacks, denial-of-service attacks, data theft, hacking and network intrusion.

And we, here at ZDNet HQ in New York, know only oh-so-well. We're still running Windows XP.

Despite being a Web-based media organization focused all but entirely on technology, we're still using an operating system that has been in the workplace longer than many of our editorial staff members. 

To be fair, this isn't the first time a ZDNet writer has thrown his own company under the IT bus. ZDNet's Andrew Nusca notes, while CBS Interactive — the owner of ZDNet, CNET and CBS News, and many more — jumped ship to outsource the corporate email to Google Apps, it also took the opportunity to ditch the aging Lenovo laptops in favor of Apple MacBooks.

But those devices aren't thrown away. The waiting list for the shiny MacBooks is long, and the migration is step-by-step.

Even at the most advanced companies, there are issues surrounding an impending gap in network and data security. But Mr. Nusca's, and many other machines at work, are still running the Windows XP operating system and will fall foul of a lack of security patches and updates this time next year.

It looks like those Gartner folks know (at least for once) what they're on about.

No more security patches, no more software support

"New vulnerabilities are always being found, and new vulnerabilities that are found in more current products could affect Windows XP and Office 2003. Any unpatched device can be vulnerable to attack," say Gartner analysts Michael Silver and Steve Kleynhans. 

Even if a vulnerable Windows XP-based machine, or any other software that falls out of security update support, is on a private network and has no Internet access, another device, such as one running a supported product, can be infected with malware outside that private network and can infect other devices on that private network.

This is almost exactly what happened to Facebook and Apple, among others, whose employees were running unpatched versions of Java on their Apple OS X machines. A popular website was laden with malware, which then infected employee machines. Once they joined the private corporate network, DNS logs showed suspicious behavior suggesting the malware had impacted internal-only systems. 

Not only is the security concern enough to be worried by, many third-party applications and services have moved on from Windows XP and organizations may be on their own to resolve issues. This could result in downtime and ding a company's bottom line.

Migration over cloudification?

"For a lot of organizations it may very well be too late to finish on time," Gartner analyst Michael Silver told ZDNet earlier today. "But they still need to address it in some way — even if that’s just to assess the risk and know what the potential problems will be." 

The "Windows XP problem" still spans across all industry sectors because organizations are cutting corners in IT to save money.

Healthcare remains one of the more problematic sectors, according to Silver, "because their applications generally take longer to be supported by their vendors on a new OS, leaving them less time to complete the migration."

Particularly as many health providers in Europe and further afield are public sector funded, entirely or in part, the question of receiving such funding from local or state governments can be tricky.

"At that point, lack of money to spend on the project often becomes the issue that prevents them from migrating," he said.

Also speaking to ZDNet, Gartner analyst Steve Kleynhans, who co-authored the latest report, said that above all else, there is "urgency to get off of Windows XP and it must be done in the most expedient and risk-free way possible."

He added: "Moving to a new cloud-based solution might be elegant and even better in the long run, but the simplest most expedient approach is a direct migration to Windows 7. And most companies are already somewhere along the Windows 7 migration project. Moving to anything else is likely to set the project back by some significant amount of time."

Silver noted that the time to experiment with the cloud was "a few years ago," but while that doesn't preclude a try-out period in the future, it's time to focus on certain priorities now.

"It depends on what applications [organizations] need to run," referring to the cloud. "Service providers can be pretty good at supplying commodity applications and services, but most organizations have a lot of software that’s not mainstream that they rely on to do their business."

"Organizations are still way too concerned about supporting the hardware and the operating system — the whole stack. With consumerization and BYOD, organizations would be in much better shape spending time provisioning, securing, and supporting applications and data."

The fact is that anyone who has yet to start a migration plan for Windows XP, for apps such as Office 2003, and Web-based services reliant on Internet Explorer 6, is already facing some serious IT headaches and may not have enough time to fully migrate before the cut-off date hits.

After all, for home users it's a case of banging in a DVD and hoping for the best. Enterprises require planning, budgeting, negotiation, and the likely chance of hardware upgrades. And, above all, the possibility that mission-critical apps written for an old, no-longer-supported operating system will fail to work properly in a new environment.

CIOs take note. If you're leaving it this late, clear your schedule for the next 11 months. You and your IT staff may have to pull a few all-nighters.

Topics: Windows, Cloud, Microsoft

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Still on Windows XP here

    I work in education, so the computers here are really Government owned. The folks came to do a recent audit and I brought up the topic of Windows XP's pending EOL. The response I got was nonchalant 'Well, these kids don't know any better, since giving them upgraded versions of Office and Windows will confuse them when they do their practical external exams'. As was like, WTF in my mind. These students are bringing Windows 7 or Windows 8 based notebooks to school, some Tablets and they seem switch between school and personal systems they own just fine. Another weird response was, we need to better care of these systems, because we should expect to get another 15 years of life out of the OptiPlex 760. The auditor was serious.

    We got these systems in 2008, the audit was done last year. So we should still be running Windows XP in 2027.
  • we won't be upgrading our XP machines

    we still have some windows 2000 and win 98 machines even
    • Same

      one previous employer was still using Windows 98 machines for some mission critical tasks, because the software only ran on Windows 98, it wouldn't run on an NT based system in 2011.

      Replacing the software with a more modern version, which would run on Windows XP (but not 7) would have meant replacing laboratory machinery worth over $100,000. The attitude was, if the lab equipment still works, they won't fork out money for a new one...

      Likewise, the time stamping system was also Windows 98 based, because the company that provided it had gone bankrupt, but the automated door system still ran.

      And the colour offset printer was also controlled from Windows 95. That was a harder one, it meant that any work produced had to be converted to outdated file formats, so many things were no longer possible, so it was mainly used for printing OLD marketing material!

      No wonder they are in receivership!
  • The Gmail that went down this morning?

    MacBooks or Lenovos, CBS should upgrade to W7 or W8. A MacBook is never happier than when it's running Windows, safe from all the safari and QuickTime and native macos security holes.
    Johnny Vegas
    • Woah, woah

      Reel it in, please don't use every article to say how you think Windows 7/8 is better than everything...
      Michael Alan Goff
      • whats the problem?

        It is indeed better than
        • Maybe better than XP

          But to say that a Macbook "is never happier than when it's running Windows" might be a bit of a stretch.

          Windows is great, but I'd hardly say there's one definitive "best OS" because software is a subjective thing. Does it do what you need it to? Then it's good. If not, then it's no-good.
          Michael Alan Goff
          • If that's true

            Then why are so many on this site complaining about Windows 8 on a desktop? If you're going to say Win8 doesn't do the same tasks as Win 7 then you're full of it.
          • Because they don't like it?

            "Then why are so many on this site complaining about Windows 8 on a desktop?"

            Errr - because they don't like the changes in the UI?
            Because they don't see any reason to "upgrade" to new OS that doesn't give them anything compelling?
            Because their applications still run fine on Windows 7 or XP, and they see no reason to fix what ain't broke?
          • Because it's different

            People complain about changes, people hate changes.
            Michael Alan Goff
          • I think thats generally true

            But in the case of Windows 8 its not a change for the better, its just change for the sake of change. If the UI was trully better as many in Microsoft Fanboidom maintain the uptake of Windows 8 would be huge as we know the opposite is true....consumers hate it.
          • I don't think the people who bought it hate it

            It has roughly the same rating as Windows 7 on amazon.

            Wait for Windows 9, when everyone who hated 8 says "they fixed it" when they don't really change much. Notice how everyone hated Vista, but 7 (very little change) was welcomed with open arms.
            Michael Alan Goff
    • Amazing how some people still cling to XP

      Out of hate born in the *early* Vista months. I installed Vista (just to check it out, since the company I worked at had a TechNet sub), just after SP1 came out. It was decent (not great), and UAC was still a bit annoying (specially the first hours/days when you installed everything fresh), but after a while the benefits over XP were notorious. Vista was pretty usable, sure it used more RAM than XP (duh!) but by then most systems came with at least 2GB of RAM and a mid-range system could be found with 3 or 4.

      Then came 7. The haters loved to sperge that 7 would be a return to XP's architecture because Vista had been such a failure. Idiots. 7 is still Vista's architecture, they just fixed a lot of the things that are on top that were screwed up in Vista. And most people agree, 7 is pretty solid, performs well and is as secure as you can get.

      So, good bye, Win XP, it's about time. You did good, but we won't miss you, it's about time to move on.

      As a side note, I've noticed that many Mac fanboys still think in terms of XP when saying Mac OS is better than Windows. Weird, huh? I guess Windows XP is waay better than Mac (talking of Mac OS 9)
      • Here's the problem...

        If the features offered by Vista/Win7/Win8 aren't compelling to a particular enterprise...because XP with Office is 'good enough' as is probably true for the majority of cubicle workers...then MS has a real problem. This may be the only way to generate revenue...drop support and let the security holes that remain in XP (if any) force people to migrate to the newer system that is, hopefully, less subject to said holes (or new ones).

        If Vista/Win7/Win8 (any of them) truly offered a compelling featute set (or the upgrade cost was really low), we wouldn't be having this conversation, would we?
        • Change to: if the new OS didn't screw up what we did under the 'old' OS,

          then we'd all be upgrading every time. That's the real story, here.

          Vertical applications upgrade every year, and the upgrades are small. WE pay annual subscription prices to use the software in the legal, financial, manufacturing, tax, accounting sectors. The interface doesn't change, but instead little tweaks to support new law, new year, new hardware or fix bugs, is done. We are glad to pay. It's kinda like the fact I pay $2,600 per year for the PAPER version of Commerce Clearing House Pension Plan Guide. Same price, if I bought the web-based version.

          MS could operate the same way, but doesn't. Instead, it charges far less for buggy software and then spends 1000s of hours patching. The patches aren't tested, as indeed the OS was barely tested, so everyone's spending billions of dollars IN TIME that could instead be saved if MS would just QUALITY TEST their buggy stuff, first. And then, charge for the patches.

          Oh, and if they didn't change the interface, they'd have more subscribers to the new stuff. Maintaining backwards-compatibility is key. Don't do that, and businesses won't upgrade, because they don't want the upgrade to destabilize the procedures they now have.

          Any sane top management person should know all this, without having to even THINK about it. But alas, the MS top management is completely clueless, and therefore should all be fired. Sorry.
          • whatever

            Microsoft could care less if they moved to Windoes 8 or Windows they get their fill of money either way and they supported XP for 13 years thats more than enough. I have yet to see any Windows as buggy as well i dont know what kinda versions u run but mine have run solid ever since i was a child.
            Laurin Krystyn
          • typo

            *Win 8 or Win 7
            Laurin Krystyn
        • exactly

      • CPU is factor too

        My brother has Windows Vista Home Basic on his laptop, 2 GBs of RAM and Intel Celeron 1.8 GHz processor. Its slow and groggy.
  • Thanks for the truth....

    "To be fair, this isn't the first time a ZDNet writer has thrown his own company under the IT bus. ZDNet's Andrew Nusca notes, while CBS Interactive — the owner of ZDNet, CNET and CBS News, and many more — jumped ship to outsource the corporate email to Google Apps, it also took the opportunity to ditch the aging Lenovo laptops in favor of Apple MacBooks."

    - No wonder Zdnet is nothing but crap in recent years. Looks at the tools they are using. Gmail and Macbooks.... ha ha ha,.... Cnet is trying its best to bad mouth Microsoft, but the truth is toy apps like Gmail and Mac books is not good enough for SMB and Enterprise....