There has been much written recently about the end of support for Windows XP on April 8, 2014. There are concerns about security vulnerabilities that will be used after Microsoft stops patching the operating system. However, if your organizations is still using Windows XP 13 years after its initial release, you have some more serious issues to address. The hardware XP computers have could not support a more modern operating system. It is more likely that people just need to buy a new computer and “get with the times”.
Windows XP Capable Hardware
If you have a computer running Windows XP, it probably came with between 512MB and 1GB of memory. It could possibly have 2GB or memory if it is “newer” (~2005 to ~2009), but that is less likely. If you have a computer that is 8 to 13 years old, it is surprising that the hardware is even still functional. If it is a desktop/mid-tower, it is amazing that the power supply, fans, and floppy disk are functional. If it is a laptop, that is even more miraculous because it is likely that the battery is completely useless and unable to hold a decent charge.
On that type of computer, you are not going to be able to run Windows 7 or Windows 8.1 on it. Those operating systems demand more CPU and memory resources than those older computers have. If your computer experienced a hardware failure in the past 8 years, we hope you didn’t purchase a new computer with 4GB of memory, 500GB hard drive and Windows 7 and then load Windows XP on it.
Windows XP Limitations
While Windows XP was a revolutionary operating system when it was first released, newer Windows operating systems have make significant improvements. There are many reasons to upgrade including increased security protections, higher performance, and greater scalability.
- 32-bit addressing architecture limited to 4GB of memory (There was a Windows XP Professional x64 version and 64-bit Edition, which only worked on IA-64 systems but both were rarely used)
- Limits on the number of physical and logical processors
- Basic firewall (inbound only)
- Limited support for IPSec
- IPv6 not enabled by default (no DHCPv6 server, DNS queries only sent over IPv4 transport)
- No USB 3.0 support
The most recent limitation of Windows XP is the impending lack of software support from Microsoft. Microsoft actually ended “mainstream” support for Windows XP ended on April 14th, 2009. However, due to industry backlash, Microsoft offered “Extended” support until April 8, 2014. Therefore, if you are using Windows XP after April 8th, there will be no more updates from Microsoft. The concern here is that if a security vulnerability is uncovered that there will not be any update to patch that hole. There is a fear that attackers are saving their best Windows XP attacks for after April 8th.
Why Haven’t You Upgraded?
It is perplexing why people have not upgraded before now. Here are some of the common reasons why companies have not yet upgraded.
- It is understandable why many people did not move from Windows XP to Microsoft Vista due to same driver support issues (especially 64-bit versions of Vista). There were many issues related to printer drivers not being Vista compatible. I was early on the Vista bandwagon because of its native IPv6 support and increased security.
- There may be some specific application that people are using that only runs on Windows XP. However, if that piece of software has not been updated in around 10 years to run on a newer operating system, then that software company probably is not long for this world. It is a concern that the vast majority of ATMs run Windows XP.
- As I said before, if your organization has not been able to migrate computers running an operating system that is 13 years old, then you might have other challenges. Maybe your organization does not believe in the warnings issues by US-CERT and do not realize it is a security best practice to keep your systems patched and updated. It could be that your organization lacks a comprehensive patch management strategy.
- If your desktop support team has not embraced a more modern operating system than Windows XP, maybe they should be replaced. Then you might want to consider hiring some college interns who have more up-to-date IT skills.
- Your organization could be based in China and you have resisted purchasing legitimately-licensed copies of Microsoft operating systems.
- Your organization does not need to meet any type of compliance requirements (PCI, HIPAA, SOX, GLBA, FISMA) and so you do not have a need to focus on security.
- It is likely that if you only provide Windows XP computers to your employees, your organization has a huge Bring Your Own Device (BYOD) movement. The employees probably have better mobile devices with more modern operating systems at their homes. In order to be effective and productive at work, they may actually prefer using their personal device over the corporate issued Windows XP computer.
Any system that is still running Windows XP in likely in need of a serious upgrade. If the hardware hasn’t died yet that is remarkable, but that old hardware cannot support running a newer operating system. You need to buy new hardware and a new operating system to go with it. If you plan to continue to use Windows XP, then brace yourself for security vulnerabilities. There are things you can to do help protect those computers. If you cannot move off of Windows XP for whatever reason, you may be able to work out a special arrangement with Microsoft for continuing support. The old adage “if it ain’t broke, don’t fix it” does not apply in this case. Windows XP is broke and it is well past the time to fix it. It is time to move on.