Support for Windows XP is to end today (April 8th), and PCR has gathered the industry’s thoughts on the end of the OS.
The removal of security updates for the 12-year-old operating system has been heavily discussed since Microsoft’s announcement of the switch-off date in 2012, providing consumers and businesses with two years to upgrade their computers to a more up-to-date platform.
However, despite the lengthy warning period, analysts are estimating that around 20 per cent of computers will still be running the now defunct software post-end of support.
“Many of the legacy systems which represent the XP population are in difficult to reach places, where the security of the system depends as much on physical security and network segregation as it does on the patching of the operating system itself," explained Stephen Bonner, a partner in analyst KPMG’s information protection and business resilience team.
He added his hope that increased awareness about the danger of out-of-date software would catalyse an overall refresh of enterprise technology.
“It is worth remembering just how much obsolete software resides on our desktops,” he said.
“So let’s look beyond XP, but learn some lessons about the importance of managing obsolescence, removing obsolete software, and remembering to secure those out of sight computers.”
“There can be no denying the fact that PCs running Windows XP are ‘at large’ in the enterprise, even though their number is declining,” added Richard Edwards, principal analyst for enterprise mobility and productivity software at analyst Ovum, on the ubiquity of XP in business environments.
“There are various reasons why a business or institution might continue to run Windows XP past the April deadline, and not all of these are low risk scenarios.
“Whichever [migration] option is chosen, moving on from Windows XP could prove transformational for employees and for businesses, as any change of tool brings with it a change in thinking and capability.”
David Emm, a senior security researcher at security specialist Kaspersky Lab, added his concerns regarding the risk of outdated XP systems: “Effectively, every vulnerability discovered after today will become a zero-day vulnerability – that is, one for which there is (and never will be) a patch," he said.
“This problem will be compounded as application vendors stop developing updates for Windows XP: this will create an even greater attack surface, since every unpatched application will become a further potential point of compromise.
Alexandru Catalin Cosoi, chief security strategist at Bitdefender, added: "The main security issue with XP is that its security model is ancient in terms of the internet, meaning hackers have had a lot of time to dig in and find flaws.
"This is why we believe Microsoft is correct in ending support for XP; it is old and buggy and belongs on the trash heap. Whether this means that people will stop running it, however, remains to be seen.
"From a security point of view we believe that XP’s risks are well understood; it is a very well characterised system and there is vast know-how available on how to keep it safe.
"That being said, the sooner people can upgrade the better."