Today will be like no other day because it’s the last Patch Tuesday for Windows XP. Yet there's good news if you're still using XP. For starters, you're not alone.
Thirteen years after it was released, Windows XP remains the world’s second most popular PC operating system. It's running on 27.69 per cent of consumer machines, according to market stats from beancounters Netcraft. For businesses and governments, the numbers are thought to be slightly lower but not by much. Windows 7 is the number one OS.
Gartner reckons up to a quarter of enterprise systems and 10 per cent of “large” organisations are still running Windows XP. That means SMEs, corporations, multinationals, utility companies, retailers, and government – both local and national – and hospitals are all in the same boat.
And it’s not just PCs.
Seventy-seven per cent of UK organisations have the 13-year-old operating system running “somewhere”, according to UK software company AppSense.
That “somewhere” can mean anything that’s not a PC – so passenger information systems, kiosks and airline ticketing systems.
And let's not forget ATMs: two-thirds of the country’s 60,000 cash machines are also, as of today, still trucking along on Windows XP.
Yet for every silver lining there is a cloud: from now on, you're alone when it comes to security. As of now, if a new vulnerability is written that targets the operating system, Microsoft won't come riding to your safety with a software fix.
Security experts fear the worst: that rather than malware writers discovering new code, they’ve been hoarding a back catalogue of badness that they’ll release.
Microsoft’s last security patch contained two fixes for Windows XP and for Office 2003, which also runs out of gas on Tuesday.
From now on, the only protection you have is if you’ve got loads of money to fling at Microsoft. If so, you can afford a custom-support agreement priced at $200 per desktop, meaning Microsoft will keep on making security fixes for your machines.
Such agreements, though, are only for the biggest of the big – and you also need to prove to Microsoft you’ve got a migration plan in place.
Plenty in the private sector who’ll be running Windows XP after today have swallowed the price and taken out cover. Application migration specialist Camwood reckons at least 10 large enterprises it knows of have paid up.
Often the price is factored into the overall project costs of migrating off of Windows XP, with a view that the migration will be finished in a year and they won’t need to pay for a second, more expensive, year of custom Windows XP security.
Last week, the British Government became the latest to take out just such a deal.
A one-year deal priced at £5.584m will provide support for Office 2003 and Exchange 2003, which is also no longer supported by Microsoft. Crown Commercial Services, the commercial arm of the Cabinet Office, reckons the deal will save £20m over the standard pricing of such Microsoft Windows XP deals. Cover is available for tens for thousands of PCs in Whitehall, the NHS and other government bodies struggling with upgrades. These organisations will remain on Windows XP for at least another year.
There is an upside to this tale: in about a year’s time, most of the outstanding Windows XP users in business and government should have gone, thereby closing down a large attack vector open to hackers and malware writers. Many are already migrating, it’s just that the completion dates shoot well out past the April 8 end date.
They haven’t buried their heads in the sand. Well, mostly they haven't.
“There are customers we are talking to that are still talking and who haven’t started yet or in the process of just starting their Windows XP migration programs,” Avanade's head of technology infrastructure, Paul Marsh, tells The Register.
He has seen a stream of customers moving to either Windows 7 or Windows 8 in financial services, manufacturing, and utilities.
Recent headlines in publications such as The Reg about the Government’s £5.584m deal have been responsible for a sudden, late rush to action, too.
“There’s been a lot of headlines recently – the government extended its support deal to the NHS and lots of government agencies,” added Simon Body, chief technology officer for app migration bods Camwood. “Lots of customers are coming to us are talking to us about doing a very fast migration. It pricks the realisation there must be one risk they [government] do not know about and they [customers] are pressing the button.”
Camwood found 15 per cent running Windows XP didn’t know the end date was coming in March 2014. A year on, that number has decreased by nine per cent, Body said, adding that he reckons SMBs are only now waking up to the problems caused by XP's demise.
Fellow app migration specialist 1E reckoned that private sector projects are moving faster and are more focused than those in the government sector. Finance and healthcare companies are moving fastest because of concerns about the “business impact” and security risks.
For “business impact”, read lost income or fear of fines for breaches resulting from the fact they are running a desktop operating system lacking the latest security features.
Those without a company or organization-wide plan are seeing business units move on their own – phasing out Windows XP PCs only as they reach end-of-life.
But why have so many people so comprehensively missed the date? It’s not like nobody knew Microsoft was going to finally kill all updates for Windows XP.
Installing a new operating system is relatively simple, and we’ve been here before. Windows 98 and Win 2000 did gave way to XP, after all.
Sponsored: Ransomware has gone nuclear