This content is part of the Essential Guide: Surveying options after the Windows XP end of support
Manage Learn to apply best practices and optimize your operations.

Admins planning for extended XP support must reduce security exposure

IT admins can plan for extended XP support, but they should reduce corporate security exposure by evaluating critical software.

Every enterprise data center requires consistency and support, ensuring that each platform will perform reliably, provide desired functionality and receive timely updates when flaws are revealed. Microsoft Windows XP emerged as the epitome of this mantra, finding broad acceptance in even the most demanding data centers while receiving regular patches and security updates since its initial introduction in 2002.

However, with the official end of Windows XP support on April 8, 2014, many organizations must face the inevitable consequences of supporting or replacing an iconic operating system. Let's consider some of the most pressing issues surrounding extended XP support.

Windows XP is so mature, so what are the major concerns about ending support?

There are several serious concerns about the end of support and development for Microsoft's venerable operating system, but perhaps the single biggest issue is security. Security is not static -- hackers and attackers are always finding new weaknesses that they can exploit to steal sensitive data, disrupt operations or wreak other mayhem on unsuspecting organizations.

Even after 12 years of development, hotfixes, patches and service packs, Windows XP received regular security updates that addressed all manner of vulnerabilities and malware.

The end of Microsoft support means that no further security patches or updates will necessarily be forthcoming. Eventually, this can leave XP vulnerable to future attacks. Beyond the immediate disruption of such incidents, a company's choice to continue using XP despite an increased security risk may represent a breach of regulatory compliance.

Beyond security and compliance, the end of Windows XP support also affects the development of third-party applications and device support. For example, an independent software vendor (ISV) may discontinue developing, selling, installing and supporting products for XP in favor of later OSes. When this affects mission-critical applications, an organization may be unable to migrate to a later version in order to use new features.

The same thing can occur with new devices, which may not be released with XP-compatible drivers, making newer devices unusable (or not fully functional) on XP-based servers.

Are there alternatives to Microsoft's support for XP?

It's important to realize that Microsoft has pulled the plug on Windows XP, so there will be no new code coming for patches and updates. Sooner or later, everyone will wind up migrating off the OS, but some organizations will stick with it for a time.

For example, a business that is just using XP for thousands of retail point-of-sale (POS) systems might have a difficult time justifying a move to Windows 7 or Windows 8.1 just to continue running the same systems. Similarly, an organization strictly adhering to a three-year refresh cycle may not be positioned to advance that cycle to meet the end of XP support. These organizations will seek alternatives to fill the support gap, at least temporarily.

Value-added resellers (VARs) and others may continue offering extended XP support services to address XP setup, use, troubleshooting and so on. After all, even if Microsoft won't pick up the phone for XP anymore, a huge body of OS expertise is still available. Businesses that already have such relationships can just check with their VARs to help keep XP systems running.

Since security remains a principal concern, some organizations may choose to strengthen their security posture using third-party tools and services. For example, there are a variety of enterprise-class antimalware tools from Symantec, Kaspersky, McAfee and others. There are also managed products such as Arkoon's StormShield ExtendedXP security agent, which can be installed on each XP system.

What can IT do to protect investments while deciding how to move past XP?

IT administrators still deciding how to move past Windows XP have several additional tactics that may help protect their organizations. Start by obtaining, evaluating and deploying any important Windows XP updates that you might have overlooked or chosen to delay. No new updates will be coming, but existing ones should remain available into the foreseeable future.

Getting XP devices to their latest state will buy you the most time before an unprotected vulnerability arises. Also update other applications, such as Microsoft Office, to their latest XP-compliant versions. This is particularly important if you had delayed updates or had not yet evaluated current XP versions.

More on the end of XP support

Microsoft offers reprieve by extending XP antimalware support to 2015

Essential Guide to surviving the post-XPalypse

Why did Windows XP last so long?

XP migration tools ease IT's burden

Mitigate potential problems after the end of XP support

Five things to remember around the Windows XP end of life

Next, Internet Explorer is often a point of attack, so replace the aging IE 8 with a current version of Google Chrome or Mozilla Firefox that supports XP. Both of these IE alternatives should receive updates for at least another year or so.

Take a closer look at XP systems, and disable or remove any software that is not essential for system operations. For example, update Java and Adobe Acrobat if you need them. Otherwise, disable or uninstall them. Lowering the software count narrows the possible points of attack on a system.

Another tactic is to install and use third-party antimalware and firewall tools to bolster desktop security in the absence of future updates from Microsoft. Choose one that is established, updated frequently, easy to use, and provides comprehensive alerting or reporting if a security event is detected.

Finally, consider using a limited user account to operate systems whenever possible. Most systems rely on administrator accounts. This makes sense in data centers where admins typically handle the systems, but it may allow attacks that rely on administrator-level privileges.

If you create and use a more restricted user account, such as one that prevents the installation of new software, it may limit the potential mischief caused by an attacker. It's a simple matter to switch to the administrator account when that level of access is needed -- then switch back to the limited account for regular operations.

With the end of Microsoft's Windows XP support, many enterprise data centers must chart a course ahead using some other OS. The move to a newer OS may be inevitable, but for those businesses that must continue on with XP -- even for a time -- it's important that they understand the risks, locate any extended XP support alternatives, and take proactive steps to protect XP systems and the business from potential vulnerabilities and attacks.

Dig Deeper on Microsoft Windows XP Pro

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

Does your organization plan to arrange for extended XP support?
Currently updating to Windows7
Ubuntu’s requirements are a little more demanding than XP’s are, but many computers currently running XP should be capable. Ubuntu requires a 700 MHz processor or better, 512 megabytes of system memory, 5 gigabytes of hard-drive space, and a VGA display capable of 1024x768 screen resolution.