Windows XP Deadline's Potential Aftermath Concerns IT Experts

Firms still using Windows XP are playing with fire, and many SMBs and industrial control users stuck on the old OS will be at risk, IT experts say.

Windows XP deadline

The Windows XP era is drawing to a close in just a few days, and businesses that don't move quickly to transition from the operating system are flirting with disaster, warn industry experts.

On April 8, Microsoft is cutting off support for the 12-year-old desktop OS, meaning that the company will no longer issue security updates and will effectively stop trying to modify the aging code base in an attempt to keep up with the times. Waiting in the wings are malware coders, hackers and cyber-criminals, Microsoft has warned over the past year.

Several small and midsize businesses (SMBs) that have come to rely on the long-lived OS are in for a rough awakening, according to Jerry Irvine, CIO of Prescient Solutions, an IT services specialist based in the Chicago area. "The average SMB organization is still trying to figure out what they're going to do," Irvine told eWEEK. "The risks are far greater than most SMBs are considering."

Get started on a plan to upgrade now, urged Irvine. "If [SMBs] don't get on the bus, they're getting in front of the bus," he said. Simply put, "there is no future for XP," he said, adding that businesses that don't heed Microsoft's warnings are "placing themselves at extreme risk."

When excising Windows XP from SMB IT environments, Irvine advocates somewhat of a scorched-earth policy. "There is absolutely no valid reason to continue to use XP moving forward," said Irvine. "The weakest link is your highest risk."

While an XP system may not have a direct connection to the Internet at large, it still poses a danger to a company's network. Irvine explained that should hackers wend their way to XP systems after April 8, they will have a mounting pile of vulnerabilities to work with. XP machines will be quickly compromised, granting them access to other parts of internal networks, including critical systems. "That is what has happened in every major breach," he said. Many industrial control systems are based on Windows XP, a concern for manufacturers, he reminded.

Even if SMBs can successfully mount a defense against malware and hackers that target the OS, time is running out for systems built for Windows XP. Hardware support has all but dried up as vendors have moved on and are unwilling to shoulder the burden of servicing the market without Microsoft's backing, said Irvine. Short of trawling eBay, XP diehards will be out of luck.

Irvine said his company has been busy busting myths about the cost or disruption caused by migrating away from Windows XP. Afraid of rocking the boat, many SMBs are clinging to the OS out of a belief that their "legacy applications will not be supported under Windows 7 or Windows 8.1." (Many still work thanks to various compatibility modes.) An investment in newer IT and little discomfort today will pay off in peace of mind down the road, he said.

Big businesses won't be immune from the elevated risk of running Windows XP after the support cut-off. Gartner Vice President Michael Silver said in a statement: "When support ends, we estimate that 20 to 25 percent of enterprise systems will still run XP and that one-third of enterprises will have more than 10 percent of their systems remaining on XP."

Like Irvine, Silver suggests that businesses make a plan to get rid of XP now. In the meantime, he advises administrators to reduce user rights, confine XP machines to only "known good" applications, and "minimize Web browsing and email use on the PCs."

Pedro Hernandez

Pedro Hernandez

Pedro Hernandez is a contributor to eWEEK and the IT Business Edge Network, the network for technology professionals. Previously, he served as a managing editor for the network of...