Tick-tock! 40% of PCs start Windows XP malware meltdown countdown

In 365 days, you'll be on your own against the hackers

Internet Security Threat Report 2014

With one year to go until Microsoft kills free support for Windows XP, if you haven’t got a migration plan in place it’s time to start doing something about it... but don't panic, say the migration experts.

One year from today, on 8 April 2014, Microsoft will stop fixing broken code and no longer release security patches for free for an operating system that is still used by a staggering 40 per cent of PCs.

From that date on, you’ll either have to face hackers and malware writers on your own or you’ll be hiding behind the skirts of some premium-level paid Microsoft support instead. Gartner reckons Microsoft will charge you $200,000 if you have a Software Assurance contract and $500,000 without a SA agreement.

With just 12 months until next April’s deadline, if you haven’t already started moving off Windows XP then there’s little chance you'll finish in time.

Adrian Foxall, chief executive of application migration specialist Camwood, told The Reg that he fully expects Camwood will still be working with customers on migrations up to a year after next April’s deadline has passed. Microsoft officially estimates a “successful” migration would take 18 to 30 months.

“The next two years will be very busy for us,” Foxall said. “We’ve made great steps with a lot of customers… but for everyone that’s there, there are 10 that haven’t done anything. Even if all those who were unprepared now started to plan, physically there wouldn’t be enough people to get through that.”

Over the years, Camwood has migrated apps for customers including high street retailers M&S and Sainsbury’s, financial services firm Deloitte, banking giants RBS and Lloyds TSB and even Her Maj's Revenues & Customs.

Camwood reckons just 42 per cent of Windows XP customers have not yet started moving. He also noted that while a stunning 15 per cent of IT decision-makers didn’t know about the existence of next year’s deadline, of those who are aware, 23 per cent blamed their colleagues on in the business side for blocking migrations.

Camwood’s data comes from its survey of 250 strategic types initially released in March but published in detail with a migration white paper.

Factors blocking upgrades include lack of budget (25 per cent) and “hardware issues” (27 per cent). On the latter, that’s a problem because it means organisations have decided to upgrade as part of a business-as-usual process of buying brand-new PCs to run Windows 7 and Windows 8 rather than realising they have to actually rewrite Windows XP apps.

Business types are not forking over budget in part because of the parlous state of the economy, to see if they’ll still be around in a year’s time and in the belief the problems of today matter more than something that’ll happen 12 months from now, Camwood says.

However, tech can’t shift all the blame to the padded shoulders of the suits, and it seems IT departments are also out of shape on planning and executing Windows upgrades.

Windows XP shipped in 2001 but many adopters later avoided Windows Vista and Windows 7, meaning that for many of these firms, it has been 13 years and several working generations since their IT departments have had to manage a mass Windows upgrade programme. Since then, we’ve had a surge in home computing and a growing expectation that devices should update themselves.

Camwood’s solutions architect Ed Shepley tells us he’s talked to some who are complacent and simply don’t understand the scope of the work that’s looming. “People are used to an iPad updating in their front room. People have got used to easy IT solutions and they don’t recognise the scope in front of them until they start it,” he says.

“When you run though the logistics, when they want to start the business engagement and pilot, and full-scale deployment, and you explain what it involves, you get that rabbit-in-the-headlights look, when they didn’t see the scope of it. You talk to an IT guy – and he’s thinking: ‘I can install Windows 7 in a couple of hours’ - but when you're talking 300 applications a month and thousands of machines and you have to swap out the [Windows] PIN, and do this live and not disrupt the business, then you realise a year is not enough.”

Foxall concurs: “Ten years ago [when Windows XP was new], the office equipment was better than the home. Now that culture of where 'It’s so easy to do at home so why should it be so hard to do in the office' - that little learning has become a dangerous thing.”

Among the bread-and-butter problems to consider are application compatibility with Windows 7 and 8 thanks to changes in Windows introduced in the years after Windows XP. For example, Session 0 Isolation was introduced in Windows 7, User Access Control came with Windows Vista, and Windows XP’s GINA secure authentication and log-on services was replaced by Credential Provider in Windows Vista.

Camwood’s advice now is to do what’s realistic in the time left before next April. That means managing a phased migration that moves groups of applications rather than try to move everything. This involves identifying apps that are the most important and moving these first, weeding out apps that are old or unused and dumping them, and keeping Windows XP apps that are really important off the web and working only behind the corporate firewall. ®

Internet Security Threat Report 2014

More from The Register

next story
UNIX greybeards threaten Debian fork over systemd plan
'Veteran Unix Admins' fear desktop emphasis is betraying open source
Netscape Navigator - the browser that started it all - turns 20
It was 20 years ago today, Marc Andreeesen taught the band to play
Redmond top man Satya Nadella: 'Microsoft LOVES Linux'
Open-source 'love' fairly runneth over at cloud event
Chrome 38's new HTML tag support makes fatties FIT and SKINNIER
First browser to protect networks' bandwith using official spec
Google+ goes TITSUP. But WHO knew? How long? Anyone ... Hello ...
Wobbly Gmail, Contacts, Calendar on the other hand ...
Admins! Never mind POODLE, there're NEW OpenSSL bugs to splat
Four new patches for open-source crypto libraries
prev story


Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
Three 1TB solid state scorchers up for grabs
Big SSDs can be expensive but think big and think free because you could be the lucky winner of one of three 1TB Samsung SSD 840 EVO drives that we’re giving away worth over £300 apiece.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.