Skip to navigation
Real World Computing
Calendar

The end of Windows XP support: what it really means for businesses

Posted on 29 Nov 2013 at 13:01

Simon Jones explains the full implications of the looming deadline for Windows XP support

April 2014 sees the end of support for Windows XP, Windows Server 2003, Exchange Server 2003, Small Business Server 2003 and Office 2003.

By then, the 2003 wave of products will be 11 years old, and Windows XP will be 13. Office XP ran out of support in December 2011, but Windows XP’s lifecycle was extended a couple of times because people stubbornly refused to move away from it. Anyway, at T-minus five months and counting, what exactly does "end of support" entail? Should you be worried, and what are your options?

Microsoft provides three levels of support for its software products: Mainstream Support, Extended Support and Online Self-Help Support. The Support Lifecycle policy is reasonably flexible, but generally it offers ten years of support for business and developer products (five years’ Mainstream and five years’ Extended) and five years of Mainstream Support for consumer and multimedia products.

If anyone in a black hat finds a new security hole to exploit, Microsoft isn’t going to be doing anything about it in future

The main difference between Mainstream and Extended Support is that only bugs relating to security will be fixed during Extended Support – non-security bugs will only be fixed for customers who have purchased extended hot-fix agreements within 90 days of Mainstream Support ending. Once Extended Support ends, you’re on your own. Microsoft commits to maintaining Online Self-Help Support for ten years for most business and developer products, but since Office 2003 and Windows XP are already older than that, these knowledgebase articles could start disappearing at any time.

With about a third of all PCs in the world still running Windows XP, it’s highly unlikely that Microsoft will remove all the patches for it from Windows Update yet, but there won’t be any more arriving. If anyone in a black hat finds a new security hole to exploit, Microsoft isn’t going to be doing anything about it in future. Security holes in Windows and Office aren’t rare, as you can tell from the regular stream of patches that appears on the second Tuesday of every month. Once Windows XP and Office 2003 go out of support, there won’t be any more patches for those products, and the likelihood of your PC catching something nasty will increase, no matter how good your antivirus software.

We can’t know by what factor it will increase, but around a third of malware infections can be traced to missing security patches; that is, if the computer had been kept up to date, it wouldn’t have become infected. Even though infections and virus threats are increasingly common – up 182% year on year in 2012 – Windows 7 is still far less likely to be infected than Windows XP if you’re running anti-malware protection; if you don’t have real-time malware protection in place, Windows XP and Windows 7 are about on a par for infection rates.

Windows 8 comes with real-time protection built in and turned on by default, so its infection rates are incredibly low – you’d have to consciously turn off Windows Defender to reach any significant infection rate.

XP infection rates

The headline figures for the second half of 2012 were that protected Windows XP SP2 computers had 4.2 infections per thousand, while 32-bit Windows 8 machines and 64-bit Windows 8 machines had 0.5 and 0.2 infections per thousand respectively. With no real-time anti-malware installed, these figures went up to 15.6 per thousand for Windows XP and 2.7 per thousand for 64-bit Windows 8 (no data is provided for 32-bit Windows 8). These figures are a summary of the telemetry data from Microsoft’s Malicious Software Removal Tool (MSRT), which is run on millions of computers every Patch Tuesday. See more of them in Microsoft Security Intelligence Report Volume 14.

Operating systems at 64-bit are substantially more secure than their 32-bit equivalents, with the exception of Windows Vista, for reasons that aren’t clear. It’s interesting how relatively insecure Windows 7 RTM compares to Vista SP2 or Windows 7 SP1, but it’s blindingly obvious that Windows 8 is far more secure than any previous version of the operating system.

Security patches that are released for more up-to-date versions of Windows and Office will probably be reverse-engineered by malware writers to see whether Windows XP and Office 2003 share the same vulnerabilities; if they do, those old products will become even more at risk, since their now-known holes will surely be exploited.

Eventually, there will be fewer computers in the field using this obsolete operating software. Fewer pieces of malware will be written to target their vulnerabilities, and fewer instances of that malware will be in circulation. This kind of "security by obscurity" (which is often claimed by Mac aficionados) is a long way off yet, however, and you shouldn’t be sitting on your hands in the meantime.

1 2
Subscribe to PC Pro magazine. We'll give you 3 issues for £1 plus a free gift - click here
User comments

Windows Server 2003

The extended support end date for this is 14/07/2015 - not next April?

By halsteadk on 29 Nov 2013

Not Server 2003

Windows XP and Office 2003 are going end of life on the date in April. Server 2003 has support until 2015 as mentioned by halsteadk comments.

By MikeeMiracle on 29 Nov 2013

Not Server 2003

Windows XP and Office 2003 are going end of life on the date in April. Server 2003 has support until 2015 as mentioned by halsteadk comments.

By MikeeMiracle on 29 Nov 2013

Alternatively...

... instead of sticking with the Microsoft alternative, try a version of Linux. I use Linux Mint XFCE and its very very good indeed.

By knobheads on 29 Nov 2013

@Knobheads

it depends, a company with thousands of PCs all running custom software isn't going to be able to easily switch to Linux. It would probably cost more than upgrading to Windows 7 or Windows 8, by the time they've re-engineered all their bespoke software. It would also take a long time to re-write the milliomns of lines of code.

Their best hope is that it the code didn't use any "hacks" and that it will work on later versions of Windows. Either that or they are going to have to sandbox the applications in VMs or sandbox their network.

By big_D on 2 Dec 2013

@Big_D

Yes some organisations are locked in as you describe. They see Windows 8 as cheaper than a change to Linux. Still, next time this problem rolls around they'll still be locked in.

By knobheads on 2 Dec 2013

Excellent solution for XP Users stuck on XP

I am an IT Consultant in North America and I have run into many Clients who simply cannot afford to upgrade their hardware and or software to Windows 7 or 8. The main reasons are the amount of money and time it takes to accomplish this. A typical example is that their existing vertical business application software needs to be rewritten for either Windows 7 or 8. Further since their hardware is still working they simply refuse to migrate from XP but they are afraid of getting viruses and malware. Essentially many Microsoft Users are stuck between a rock and hard place.

So I found an excellent User friendly Linux OS that cocoons all versions of Windows: i.e. XP and or 7 inside a very innovative Virtual Machine so that the users data files are saved to a Linux partition while the Windows OS & software is initially backed up and stored in just one .vdi file safely inside the Linux partition,  which contains their original Windows installation with all its programs too. So if they get hit with a morphing virus it takes them only one click to restore their original copy of Windows XP or 7 and of course since their data is always safe inside the Linux partition and fully read writable from the Windows OS with bookmarked folders there is no downtime as it only takes seconds to click on their Robolinux menu option that restores their original perfect Windows Virtual Machine back to the way it was before the virus struck them.

The result is my Clients are saving a lot of money and they are completely immune to all Windows malware and now they have as much time as they need to rewrite their software for either Linux or Windows 7. None of my Clients will even consider Windows 8 as a solution.

Check it out: Google Robolinux.

By LukeITguru on 2 Dec 2013

No problem

LukeITguru, you've got a great VM idea. I run XP so seldom now that it was easier for me to dual boot, but everybody else at work is scared to death of Linux, for no particular reason. I know they'd like openSUSE or Mint if they tried it. Still, I think the ultimate answer is the Munich solution; just convert and get it over with, and be free forever.

By Col_Panek on 5 Dec 2013

Brace yourselves, Linux fans are coming

Nobody in their right mind will exchange some Open Office documents with MS Office equipped contractors and risk compatibility issues.

There is no SAGE financial software for Linux. There's no Photoshop, full Adobe Acrobat, Indesign. There's no Autocad nor hundreds of financial, stock-control and bespoke applications that companies use on daily basis.

And please don't suggest that people could use Gimp instead of PS to produce project conceptual visualisations and collaborate successfully with contractors and print shops.

By radnor on 12 Dec 2013

Microsoft FUD

"You will get fired, your dog will die, and your daughters will marry interracially if you take off the Microsoft handcuffs. Slavery is freedom."

By Col_Panek on 19 Dec 2013

Windows 7 downgrade

Why do Sony consider Windows 7 a downgrade from the phone app aka windows 8. Sony say Downgrade to windows 7 and parts of your laptop will cease to function.

By tyronet2000 on 30 Jan 2014

Leave a comment

You need to Login or Register to comment.

(optional)

Simon Jones

Simon Jones

Simon is a contributing editor to PC Pro. He's an independent IT consultant specialising in Microsoft Office, Visual Basic and SQL Server.

Read more More by Simon Jones

advertisement

Latest Real World Computing
Latest Blog Posts Subscribe to our RSS Feeds
Latest News Stories Subscribe to our RSS Feeds
Latest ReviewsSubscribe to our RSS Feeds

advertisement

Sponsored Links
 
SEARCH
Loading
WEB ID
SIGN UP

Your email:

Your password:

remember me

advertisement


Hitwise Top 10 Website 2010
 
 

PCPro-Computing in the Real World Printed from www.pcpro.co.uk

Register to receive our regular email newsletter at http://www.pcpro.co.uk/registration.

The newsletter contains links to our latest PC news, product reviews, features and how-to guides, plus special offers and competitions.