Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

If you haven't retired Windows XP and haven't been fired yet, get busy

Tim Greene | March 10, 2014
Security comes first, with a premium on speed upgrading to a supported Microsoft operating system.

CIOs who haven't moved their companies from Windows XP by now ought to be fired, some people think, but those who haven't and are still on the job have options for saving their bacon.

"Start," is the first piece of advice from Shawn Allaway, CEO of Converter Technology, which specializes in migrating businesses to new versions of Windows and Microsoft Office. Even if the project isn't completed before Microsoft ends support for XP on April 8, it's important to minimize the window of exposure during which XP runs unsupported on corporate networks.

Those who haven't started yet probably should be fired for leaving their businesses open to the impending threat, he says. "This is not like Microsoft dropped this on you six months ago," he says. "You're putting your organization at risk."

That threat is that vulnerabilities discovered after April 8 will never be patched by Microsoft, leaving Windows XP open to an ever expanding range of attacks. In addition, many applications will no longer be supported when running on Windows XP, Gartner warns.It's possible and even desirable to sign a custom support contract with Microsoft that provides continued upgrades after the end-of-support date, but it is also expensive, says Directions on Microsoft. If that's not possible, the main goal is to minimize risks caused by using unsupported XP, which means a review and possible beefing up of security.

Isolating XP machines on corporate networks and limiting what devices they can communicate with is essential, and there are tools for this. For instance Unisys Stealth can limit a machine's access to other machines and hide it from attackers, says Unisys CIO Dave Frymier. A Stealth shim in the IP stack of XP machines sits between the link and network layers to decrypt IP payloads if it can and drops packets when it can't. A machine can talk to another only if it is a member of the same community of interest as defined by Active Directory, he says.

Migrating isn't a quick process, and the larger the network, the longer it takes. The rule of thumb is that for a 10,000-desktop network with 15 offices, it will take two to three months to complete the project, Allaway says.

A first step toward the transition is testing application compatibility with a newer operating system, getting new licensing agreements and assessing the need for and buying new hardware.

Like any OS rollout, this one will be done in phases. Organizations that think they'll miss the deadline should prioritize their applications and users and migrate the most important and most vulnerable first to reduce the risks, Gartner says.

Some of the preparatory steps can be sped up using tools. For example ChangeBase and AppDNA can help determine whether business apps are compatible with newer OSs. If not businesses may need to buy newer versions that are or in the case of custom software, recoding it, Allaway says.


1  2  Next Page 

Sign up for Computerworld eNewsletters.