Feeds

Tick-tock! 40% of PCs start Windows XP malware meltdown countdown

In 365 days, you'll be on your own against the hackers

Combat fraud and increase customer satisfaction

With one year to go until Microsoft kills free support for Windows XP, if you haven’t got a migration plan in place it’s time to start doing something about it... but don't panic, say the migration experts.

One year from today, on 8 April 2014, Microsoft will stop fixing broken code and no longer release security patches for free for an operating system that is still used by a staggering 40 per cent of PCs.

From that date on, you’ll either have to face hackers and malware writers on your own or you’ll be hiding behind the skirts of some premium-level paid Microsoft support instead. Gartner reckons Microsoft will charge you $200,000 if you have a Software Assurance contract and $500,000 without a SA agreement.

With just 12 months until next April’s deadline, if you haven’t already started moving off Windows XP then there’s little chance you'll finish in time.

Adrian Foxall, chief executive of application migration specialist Camwood, told The Reg that he fully expects Camwood will still be working with customers on migrations up to a year after next April’s deadline has passed. Microsoft officially estimates a “successful” migration would take 18 to 30 months.

“The next two years will be very busy for us,” Foxall said. “We’ve made great steps with a lot of customers… but for everyone that’s there, there are 10 that haven’t done anything. Even if all those who were unprepared now started to plan, physically there wouldn’t be enough people to get through that.”

Over the years, Camwood has migrated apps for customers including high street retailers M&S and Sainsbury’s, financial services firm Deloitte, banking giants RBS and Lloyds TSB and even Her Maj's Revenues & Customs.

Camwood reckons just 42 per cent of Windows XP customers have not yet started moving. He also noted that while a stunning 15 per cent of IT decision-makers didn’t know about the existence of next year’s deadline, of those who are aware, 23 per cent blamed their colleagues on in the business side for blocking migrations.

Camwood’s data comes from its survey of 250 strategic types initially released in March but published in detail with a migration white paper.

Factors blocking upgrades include lack of budget (25 per cent) and “hardware issues” (27 per cent). On the latter, that’s a problem because it means organisations have decided to upgrade as part of a business-as-usual process of buying brand-new PCs to run Windows 7 and Windows 8 rather than realising they have to actually rewrite Windows XP apps.

Business types are not forking over budget in part because of the parlous state of the economy, to see if they’ll still be around in a year’s time and in the belief the problems of today matter more than something that’ll happen 12 months from now, Camwood says.

However, tech can’t shift all the blame to the padded shoulders of the suits, and it seems IT departments are also out of shape on planning and executing Windows upgrades.

Windows XP shipped in 2001 but many adopters later avoided Windows Vista and Windows 7, meaning that for many of these firms, it has been 13 years and several working generations since their IT departments have had to manage a mass Windows upgrade programme. Since then, we’ve had a surge in home computing and a growing expectation that devices should update themselves.

Camwood’s solutions architect Ed Shepley tells us he’s talked to some who are complacent and simply don’t understand the scope of the work that’s looming. “People are used to an iPad updating in their front room. People have got used to easy IT solutions and they don’t recognise the scope in front of them until they start it,” he says.

“When you run though the logistics, when they want to start the business engagement and pilot, and full-scale deployment, and you explain what it involves, you get that rabbit-in-the-headlights look, when they didn’t see the scope of it. You talk to an IT guy – and he’s thinking: ‘I can install Windows 7 in a couple of hours’ - but when you're talking 300 applications a month and thousands of machines and you have to swap out the [Windows] PIN, and do this live and not disrupt the business, then you realise a year is not enough.”

Foxall concurs: “Ten years ago [when Windows XP was new], the office equipment was better than the home. Now that culture of where 'It’s so easy to do at home so why should it be so hard to do in the office' - that little learning has become a dangerous thing.”

Among the bread-and-butter problems to consider are application compatibility with Windows 7 and 8 thanks to changes in Windows introduced in the years after Windows XP. For example, Session 0 Isolation was introduced in Windows 7, User Access Control came with Windows Vista, and Windows XP’s GINA secure authentication and log-on services was replaced by Credential Provider in Windows Vista.

Camwood’s advice now is to do what’s realistic in the time left before next April. That means managing a phased migration that moves groups of applications rather than try to move everything. This involves identifying apps that are the most important and moving these first, weeding out apps that are old or unused and dumping them, and keeping Windows XP apps that are really important off the web and working only behind the corporate firewall. ®

3 Big data security analytics techniques

More from The Register

next story
This time it's 'Personal': new Office 365 sub covers just two devices
Redmond also brings Office into Google's back yard
Inside the Hekaton: SQL Server 2014's database engine deconstructed
Nadella's database sqares the circle of cheap memory vs speed
Microsoft lobs pre-release Windows Phone 8.1 at devs who dare
App makers can load it before anyone else, but if they do they're stuck with it
Oh no, Joe: WinPhone users already griping over 8.1 mega-update
Hang on. Which bit of Developer Preview don't you understand?
Half of Twitter's 'active users' are SILENT STALKERS
Nearly 50% have NEVER tweeted a word
Internet-of-stuff startup dumps NoSQL for ... SQL?
NoSQL taste great at first but lacks proper nutrients, says startup cloud whiz
Batten down the hatches, Ubuntu 14.04 LTS due in TWO DAYS
Admins dab straining server brows in advance of Trusty Tahr's long-term support landing
IRS boss on XP migration: 'Classic fix the airplane while you're flying it attempt'
Plus: Condoleezza Rice at Dropbox 'maybe she can find ... weapons of mass destruction'
Ditch the sync, paddle in the Streem: Upstart offers syncless sharing
Upload, delete and carry on sharing afterwards?
prev story

Whitepapers

Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
SANS - Survey on application security programs
In this whitepaper learn about the state of application security programs and practices of 488 surveyed respondents, and discover how mature and effective these programs are.