HEAT Blog

Extended XP Support Is No Excuse for Complacency

Holger Weeres, FrontRangeEarlier this month, on the Microsoft Threat Research & Response Blog, Microsoft revealed that it would be extending its antimalware support for Windows XP beyond the original end of support date of April 8, 2014. So, while Windows XP users will not receive any free or paid assisted support or any online technical content updates after this date, they will still continue to receive updates to the Windows XP antimalware signatures and engine until July 14, 2015.

When Microsoft originally announced that security patch support for Windows XP would end in April 2014, the hope was to force all customers off Windows XP and at the same time increase the adoption rate of Windows 8. After an initial quick decline of XP and a growing market share of Windows 7, this trend slowed down significantly and, according to NetmarketShare, has almost ground to a halt over the last few months.

Windows 8 is struggling, with most larger companies upgrading their XP machines slowly to Windows 7. Smaller businesses often wait for the hardware to be replaced over time with newer hardware, already preloaded with Windows 8.

The announcement for extended XP support shows what was known all along. Customers are neither willing or able to follow the rapid OS release cycles of Microsoft. For many, Windows XP is still a proven and well working corporate platform and the scale of the upgrade is so vast that many large organisations are struggling to replace all of their Windows XP machines in the imposed timeframe.

This is complicated by the fact that Windows 7 has higher processor and other hardware requirements than XP, so it’s by no means a simple upgrade. With so many firms still relying on XP, Microsoft has been left with little choice but to continue to issue security fixes way beyond its original cut-off date.

Most of our customers have upgraded from XP across the board as we make it relatively easy for them to get that done, but there remain applications and departments at some businesses for which migration to a new OS is deemed as being too involved and laborious with some tool sets.

Organisations should not be complacent following the latest news of extended security support for XP. Security is perhaps the leading operational concern for businesses, but this does not mean that XP is now any safer an option, as the support announced is relatively limited.

Of course, OS migration is not as simple as flicking a switch, but it is easier than perhaps some organisations may realise, provided there is scope within deployments for centralised control.