Business Perspectives

Still relying on Windows XP? Days are numbered

The 500 million people around the world who rely on Windows XP may be at risk for security threats as changes to Microsoft policy render the software virtually obsolete.

Effective April 8, 2014, Microsoft will discontinue support on its most utilized operating system. After the April date, Microsoft will no longer provide automatic fixes, security updates or online technical assistance for Windows XP and Office 2003.

Although this shift is taking many by surprise, Microsoft has been gearing up changes for some time. In 2002, Microsoft introduced its Support Lifecycle policy, which limited the amount of support available for its products. What’s known as the MSL policy went into effect in June 2004 and is applicable to previous and future Microsoft product versions, including Windows and Office products. According to the MSL policy, Microsoft will offer a minimum of 10 years of support for business and developer products.

Since the MSL policy took effect, several third-party software vendors, including device drivers, have ended or plan to end application support for Windows XP. According to Microsoft vice president Peter Han, as many as half of Windows XP users are unaware of the policy change and how the shift will affect their businesses.

Windows XP users still holding on to older versions of the operating system will be left behind. Software companies such as McAfee, Intuit, Adobe and Kaspersky no longer have a vested interest in maintaining a product for an OS that is, for all intents and purposes, obsolete. This poses significant risks for businesses, as performance disruptions and security gaps may result from critical software applications not compatible with updated Windows versions (Windows 7 and 8).

Unlike in the past, older versions of Windows will not be compatible with the latest updates. As software and application compatibility lessens, users will face problems. For instance, online banking may no longer be quick and easy for XP users once Web access requires Internet Explorer 9. Windows XP supports only Internet Explorer 8 and older, and no fixes will be provided.

Without the routine updates provided by Microsoft, Windows XP users will become increasingly vulnerable to system glitches, cyber-attacks, software incompatibility issues, and even face industry-specific compliance liabilities.

For example, since Microsoft will no longer support security updates, merchants utilizing Point of Sale (or other payment card systems) and running Windows XP will fall out of compliance with the Payment Card Industry Security Standards Council. The PCI SSC sets the standards governing electronic transactions followed by merchants and major credit card companies (including American Express, Discover, JCB, MasterCard and Visa) nationwide. Requirement 6.1 of the PCI Data Security Standard states merchants must ensure that all system components and software are protected from known vulnerabilities by having the latest vendor-supplied security patches installed. They also must install critical security patches within one month of release, according to the standard.

The requirements are designed to ensure the security of cardholder data and to help prevent credit card fraud, hacking and other security issues. After the April 2014 date, merchants using XP can no longer claim compliance with this requirement.

The health care industry may face similar threats regarding Electronic Health Record compliance. EHR compliance requires adherence to the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Security Rule, and it calls for specific protections to ensure the security and confidentiality of electronic health information. According to the rule, administrative action must be taken to properly manage and safeguard electronic protected health information.

Anyone using older versions of Microsoft operating systems to conduct everyday business tasks such as payroll, processing financial data, filing electronic claims, accessing bank websites, etc., may find their system no longer capable of performing such functions. And there is an excellent chance that other electronic access services will follow suit.

Those who continue to run Windows XP after April also put themselves in the hackers’ bulls-eye. Cyberattackers use tools to detect and exploit system vulnerabilities. Once an access point is identified, a series of cyberattacks ensue, leaving your personal and vital information at risk.

XP users need also keep in mind that upgrading the OS may mandate an upgrade to the computer’s hardware. Hardware not meeting minimum specifications will not be able to support newer versions of Microsoft operating systems. Newer versions of Microsoft require a computer have at least:

• a 1 gigahertz (GHz) or faster 32-bit or 64-bit processor;

• a 1 gigabyte (GB) memory RAM, preferably 2 GB memory RAM;

• a 16 GB available hard disk space;

• a DirectX 9 graphics card.

If your computer’s hardware isn’t powerful enough to support Microsoft upgrades, you have a few options: Buy a new computer with the latest operating system already installed; upgrade the computer’s hardware; or consider running a free open-source operating system such as Linux, which requires few hardware resources.

Operating-system migration can be complex, time consuming and disruptive. But it can also provide an opportunity to strengthen and improve your IT infrastructure. IT professionals can help you achieve a risk-free migration, improve your security posture, and they can help you take full advantage of productivity tools that maximize the long-term value of your software migration.