Nick Donaldson, Director of Avnet Embedded, offers his take on the ramifications of the end of support for Windows XP.
When we're talking about something as significant as “end of life” – the withdrawal of support that heralds the demise of a particular technology - businesses have a duty to move to an alternative, and vendors have an obligation to provide that alternative. Ever was it thus, right?
But with the imminent demise of XP, this model has, arguably, dissolved. And thousands of businesses and commentators are now in denial over this successful operating system's impending swansong - with potentially disastrous results.
The exiting of XP is not a necessary and logical transition from an obsolete operating system to a better one. As one consultancy firm put it, Windows XP “isn't broken.”
Is it this disconnect that is somehow encouraging businesses to effectively ignore the issue? A recent industry survey suggests that 40 per cent of them have "yet to even start migrating off XP", and 20 per cent of them are not planning to do so at all.
So, in an attempt to rouse these businesses from the comfort zone, let's take just one (terrifying) example to clarify what an appalling false economy their current approach could prove to be.
Huge numbers of payment devices currently run on XP. POS tills, chip and PIN terminals, parking payment machines, motorway tolls, ATMs, and more. From April 2014, XP support for all these devices will cease, overnight. The resulting lack of updates and patches, and the loss of compliance with the payment industry's strict PCI security requirements, will put at risk everybody who is in any way involved with the creation and use of those millions of payment devices. This includes, of course, the hapless consumer!
Security experts have already predicted a rash of cybercriminal activity. Gregg Keizer reported, “Hackers could find themselves in the catbird seat on April 8, 2014... those who have zero-day exploits for XP will bank them until that day and then sell them to crooks or loose them themselves...”
Any machine or device running the XP operating system will rapidly become increasingly vulnerable once support is withdrawn – but payment devices, given their lucrative function, will make the juiciest targets.
This is where wholesale confusion reigns. Many seem to think that help will still be readily available for security and PCI compliance. In fact, according to law firm Pinsent Masons, businesses will still be able to engage with Microsoft or a licensed sourcing provider. But the implication is clear – these services do not come for free.
So is moving to Windows 7 or 8 an option? Not in any easy sense. The withdrawal of XP is no ordinary migration exercise - nowhere is this clearer than in the lack of seamlessness between XP and Windows 7 and 8. Firstly, 7 and 8 do not support all of the devices that XP supports. Secondly, and rather more seriously, 7 and 8 will not necessarily be PCI-compliant on those particular devices even if they are supported.
Most damaging of all, however, is the lack of understanding around the options for using embedded software instead of standard XP. Many businesses still think, for example, that embedded software requires a hardware refresh. Not so. Embedded offerings also include XP-based operating systems, such as POSReady 2009 and WES 2009, which can be delivered via a software services model.
Embedded licensing also allows for a longer lifespan of devices, with some embedded products being available or supported for up to 15 years (thus avoiding exactly the kind of disruptive support withdrawal situation that businesses are having to deal with in the current scenario!)
The benefits of embedded aren’t just limited to prolonging support life, however; there is also much greater licence discounting, locked-down functionality and full customisation support, enabling easy integration into a business environment. And there is no shortage of choice for XP users – the embedded variants of XP are abundant.
I hold my hands up. This industry (and this company) could have done a much better job of demystifying the embedded software value proposition. The level of misunderstanding in the marketplace proves it.
But at the same time, businesses have to accept responsibility for sleepwalking themselves (and their users) into huge financial risk, rather than addressing a technical issue that temporarily requires some out-of-the-box thinking.
Yes, the demise of XP is disruptive. Yes, XP has been effectively killed off by Microsoft in an act of unnecessary and premature euthanasia. Yes, this means that it doesn't fit the mould of technology change that businesses are used to coping with.
But in the final analysis, we have only six months to go before a lot of businesses start haemorrhaging their customers' money to hackers. And still the minor leap to an XP-like alternative seems to be a bridge too far for many of the businesses whose products and services handle your and my money on a daily basis.
Denial? More like suicide.