How businesses can cope with the looming Windows XP deadline

Six months and counting. That's how long you've got until Microsoft stops delivering security updates for Windows XP, leaving those machines vulnerable to outside attackers. Here are three strategies you can use to kick-start the migration process.
Written by Ed Bott, Senior Contributing Editor

You hear that ticking sound? The one that got noticeably louder this week?

How businesses can cope with the looming Windows XP deadline

That’s the sound of the alarm clock set to go off on April 8, 2014. On that date, Microsoft will release its last security updates for Windows XP, whose extended support period will come to a hard stop. That end date is now less than six months away, which means you really should stop procrastinating and start planning on how you’re going to avoid being part of a relatively small population that will be targeted by every piece of villainous scum in the universe.

Exactly how many PCs will still be out there running Windows XP next April? Good luck with that forecast. It’s hard enough to get current estimates, with the two most popular sources estimating that XP-powered machines constitute between 20.5 percent (StatCounter) and 31.42 percent (NetMarketShare) of the installed base of PCs and Macs worldwide.

If we assume that 1-2 percent of those machines upgrade or die each month for the next six months, that still leaves more than 100 million PCs still running Windows XP when security updates stop next April. Will you be one of them? And if so, why?

Frankly, I can’t imagine anyone deliberately choosing to continue using an outdated and increasingly insecure operating system when other options are readily available. But I can understand people who feel forced to remain on a platform for compatibility’s sake.

Businesses of every size that are wrestling with the how-to-upgrade-from-XP question can be blocked from migrating for a variety of reasons. (I discussed the topic at length with Dell’s Margaret Walsh in a recent Google+ hangout that’s now available for replay.)

If the hardware is of relatively recent vintage (any system older than five years has probably outlived its usefulness), you can upgrade to a supported version of Windows—ideally Windows 7 or Windows 8.1. For desktop PCs, some hardware upgrades might be required, but that’s still less than the cost of a new PC.

If your budget is so tight that the cost of an OS upgrade is too much to bear, now might be the time to consider switching to a free alternative like Linux, along with open-source apps and free or low-cost services to complement them.

For most mobile devices and older desktops, though, a replacement PC is usually a smarter investment than a potentially expensive combination of hardware and software upgrades plus the cost of the labor to install them. New hardware is also generally easier and cheaper to manage, maintain, and secure than older PCs, which are more likely to break and where replacement parts can be hard to find and expensive.

But what if you don’t have the luxury of switching? Here are three strategies to adopt if you can’t cut your XP ties right away.

Pull the (network) plug

One reader told me last week that switching away from Windows XP wasn’t an option for him because of some custom audio mixing software he uses. There’s no upgrade option available, there’s no acceptable alternative program, and the software needs direct access to audio hardware, so it won’t run in a virtual machine. In the past, I’ve heard similar stories from people using peripherals like scanners and custom printers that require device drivers only available for Windows XP.

If there’s truly no possibility of upgrading or replacing that must-have program or device, then the best solution is to move that PC off the network, out of harm’s way. Disconnect its Internet connection so you (and others) cannot use it for email or web browsing and thus can’t expose yourself to potentially malicious software or network intrusion attempts.

You can use removable media (carefully) to copy files between this isolated XP PC and other machines that have full Internet access. But if you’re really keeping that XP box around just for one purpose, let it be dedicated to that purpose.

Virtualize the problem apps

Some older apps simply don’t work on Windows 7, and in extreme cases incompatible apps are blocked from installation completely. For off-the-shelf applications, there’s usually an upgrade available, or a suitable replacement program.

A much worse problem, especially in enterprise settings, is with custom line-of-business apps that would cost a fortune to update—or, worse, can’t be updated because the program’s author is long gone and no one has the slightest idea how it works.

If the OS version is the only roadblock, you should be able to solve the compatibility conundrum by running the problem app in a well-sandboxed virtual machine (VM). Windows 8.x Pro and Enterprise have Hyper-V virtualization built in. Windows 7 Pro includes Windows XP Mode and Virtual PC, which has the advantage of eliminating the cost of an XP license for your VM. You can use VMware or Virtual Box on Windows 7 or, for that matter, on a PC running Linux.

With your virtualization software  Set up a VM running Windows XP, lock it down firmly so it can’t be used for web browsing or email, and then install your XP-only app. You can use the physical machine, with its modern, fully patched operating system, for everyday tasks and use the VM exclusively for that one app.

On enterprise networks, you can use application virtualization or session virtualization to package older apps and allow them to run in an isolated environment on client PCs, using Microsoft’s App-V, Citrix’s XenApp, or other similar solutions.

Ask for help

If your organization is large enough, you can call on outside resources for assistance with app compatibility testing, app management, and deployment. And instead of thinking of this as a one-time chore designed to fix a single problem, think of it as an opportunity to prepare IT systems for the future.

Compatibility testing is a huge issue for organizations, Jefferson Raley of Dell’s Strategic Consulting Practice told me last week. On average, he said, large organizations have about 700 apps installed for every 10,000 users. Very large enterprises might have 10,000 installed apps and several thousand more Web-based apps. To assist organizations that are stuck on an XP treadmill, Dell has set up a new Windows Migration Fast Forward service, which can transition up to 5000 PCs in five sites in 16 weeks. 

"We can get you to the April deadline,” said Raley, “but let's clean up your environment at the same time." By doing a comprehensive range of compatibility testing and setting up automated deployment and management tools, those outside consultants can process up to 500 apps a week, deciding which ones should enter the new environment as is, which ones can be virtualized, and which ones should be retired. The key is making sure that the infrastructure you build today will help you not just with this migration but with the next one, and the one after that.

The clock is ticking.

Editorial standards