With Microsoft retiring its official support for XP today, many users are in panic mode. Users of XP however should not despair nor does immediate upgrade action need to be necessarily taken. But, users should educate themselves on what this means going forward.
Some 20% to 30% of the worldwide Windows PC user base still uses some flavor of XP, typically XP Pro. It has been a good run, and XP Pro has been a reliable, relatively annoying-free operating system (and remains our favorite).
Behind the scenes, Microsoft will be continuing to update XP Pro for some customers privately, particularly in the financial sector. If a critical update becomes obvious, it would be surprising if that is not released in some fashion to the general public, although one's strategy in going forward should not bank on that happening.
Upgrading a given PC from XP Pro to Windows 7 Pro typically isn't really feasible (and even less for a Windows 8 Pro transition). It isn't just a matter of installing some update to an existing PC (or laptop) after which all of your currently installed programs will simply function in a way that you just go forward and never look back.
While we have no reservations about using Windows 7 Pro or Windows 8 Pro and/or corresponding server versions with our software generally, there can be various kinds of other compatibility issues, and since it effectively requires a full replacement of an existing PC (both in terms of likely hardware upgrades required, plus the PC running XP is likely old and not worth spending the time and money to refurbish it) , the cost of migrating software to a new PC is very high unless the end user runs very few software applications. For some users, you could easily budget the true cost of a new PC to include some four to six hours of time per PC (minimum) PLUS the actual cost of the hardware, to make a migration. For some PC /server migrations, it could take quite literally days to effect a full migration and that PC/server still would not contain everything that that the prior one did. And even then, some third party application may not work and/or important information overlooked and lost.
Depending on end user and other software requirements, compliance with HIPAA or other industry specific standards, whether the software used most is on-premises or cloud-based, and depending on the compatibility of critical software used and equipment age, it may be best to simply plan on replacing PC's in connection with current retirement schedules, but not otherwise act right now simply because Microsoft has stopped providing security updates and not succumb to some of the scare tactics that are being circulated.
Exploits relating to the use of the Internet Explorer (IE) web browser have been known for a very long time and are not new. While there are some government or financial web sites where you still might have to use IE to gain all functionality, it would be best to now restrict the use of IE (and even then, only if you have to use it) on updated Win 7/Win 8 PC's to the extent available (in a mixed network environment for example) and completely avoid using IE on your XP Pro PC's. (Do not however attempt in any event to ever remove or uninstall IE from a PC running Windows!).
Automatic Windows updates have also often caused as many problems as they have purported to cure. We are not suggesting never updating, but we have seen numerous problems with automatic updates. This is something then that XP Pro users will no longer have to worry about! We frankly do NOT recommend setting your computer system to automatically update for operating system related changes and updates; instead apply the updates when you can monitor their progress, and watch them being installed. This will avoid many bad Mondays.
It will remain important to be vigilant about all PC use and to continue to update your browser and anti-virus software. Opera, Mozilla Firefox and Google Chrome (at least until 2015) have all indicated that they will continue to support XP. So, if you have not already done so, we would strongly suggest installing both the latest versions of Chrome and Firefox (because sometimes Chrome doesn't get the job done) on your PC's or laptops running XP Pro and keep them updated. The same of course is true with anti-virus and malware software since most anti-virus software publishers (including Avast which we like) have indicated that they will continue to support XP Pro (in the case of Avast, for at least the next three years).
If you already have installations of Firefox or Chrome on your battle-proven XP Pro machine, make sure they are the latest versions (some older versions of Firefox for example do not support the latest XP Pro through SP3).
Ensure also that you have anti-virus software in place that is being updated (but which is set with appropriate exclusions; it should not be scanning database files for example in real-time). If you are using Microsoft Security Essentials, Microsoft says that they will continue to provide updates for a “limited time” after XP's official retirement to allow for a transition, so plan on disabling that and installing some other anti-virus program on impacted PC's in the very near future.
Continue to educate end users as to best practices and safe web surfing. Continue to consider issues that relate to physical access as well as your firewall, and restricting what can and cannot be done on a given PC. Continue to monitor the effectiveness of your data back-up strategies and ensure that they are actually made, and that you know how to restore files should that become necessary.
An overlooked security tip: when your PC or laptop isn't being used for an extended period of time and all other things being equal, turn it off. While there are certainly exceptions, most PC's do NOT need to be left on overnight. Nor should they be unless needed for remote access or on-line back-up (they should even in that event be scheduled to shut off at some point during the night, other than perhaps the "server" which still needs to be periodically powered down). And if you are going to be gone from the office for several hours during the day, why not turn your desktop PC off as well?
When upgrading your PC's, if you use Microsoft Terminal Services, consider replacing your in-house PC's not with yet more PC's, but rather with Winterms. We cannot understand why that approach has never gained traction; it isn't appropriate necessarily for every user on your network, but would be a very effective approach for many in-house users and substantially reduce not only current and future costs but also increase security. So the only upgrade path for your XP Pro device is not limited to moving to Win 7 or Win 8.
The sky is not falling and many users will continue to make good use of their PC's running XP Pro for at least the next several years. Early last year we assisted a user running a legacy version of our software on a Windows 98 PC. Somehow they had survived running in that fashion since 1997. The technology cycle continues to shorten and so we are not suggesting that users should continue using XP Pro longer than perhaps another year or two; but we will also not be surprised to encounter users still successfully and happily still running it many years from now.
Postscript: A Microsoft security blog relating to the above that you should read if you have XP PC's and plan to stay on XP for a while is
here. Even though we don't agree with everything that is stated there, this may help you to arrive at own conclusions. It is important to note that sometimes getting the latest and greatest updates, especially when they are relatively new, is not hardly any guarantee of better protection. An example is the so-called Heartbleed bug. It was only the newer released OpenSSL DLL's that had the issue. DLL's released in 2011 for example did not have the problem. Again, we are not suggesting never updating nor keeping current up to a point, but that was in essence a two-year old bug that only just recently came to light and it was the newer updates that caused the problem, and it simply speaks to the fact that the overall security of your system involves far greater issues often than just whether or not you can obtain automatic updates. Sometimes being on the bleeding edge isn't so great and exposes you to greater risk. Yet, this is rarely discussed or written about.
A pertinent April 21, 2014 avast! blog:
So you’re sticking to Windows XP? Here’s how to protect yourself: It’s the end of Microsoft support, not the end of the world.