Well, not really.
Microsoft released Windows XP in August of 2001 as its personal computer operating system within the Windows NT family of operating systems. As late as October 2010, you could still buy a new PC with Windows XP installed. Windows XP was the most widely used operating system until August 2012, when Windows 7 overtook it. Mainstream support ended in April of 2009, and extended support ended on April 8, 2014. The last stable release was in April 2008. Going forward, it will cost customers on the order of $200 per PC per year to maintain security patches.
There have been a lot of security patches for Windows XP. The phrase “Patch Tuesday” refers to the second Tuesday of each month in North America, when Microsoft issues its planned security updates. Of course, sometimes there is an extraordinary Patch Tuesday fourteen days after a scheduled Patch Tuesday, plus critical patches in between. There were 99 security flaws detected in Windows XP in 2013. I would not expect the need for frequent security patches for Windows XP to diminish at all.
But Windows XP is not dead, and is not going to disappear for a long time. As of March 2014, NetMarketShare reported that Windows XP still had over one quarter of the desktop operating system market share. That represents on the order of 500 million computers worldwide.
The simple solution is for people to move off Windows XP. For some people, that is conceptually easy:
- Buy a new PC (your old one probably won’t support Windows 7 or Windows 8).
- Move all of your applications and files to the new PC.
- Deal with the applications that need updating, including Microsoft Office, or find replacements for those who just won’t run at all on the new OS.
There are a lot of proprietary software products that just will not run on anything but Windows XP. Some amusing examples:
- 95% of all ATMs in the world. Yes, the bank teller machine that gives you money is probably running Windows XP, and probably communicates back to the branch or service provider over the Internet.
- Cash registers and other POS (point of sale) devices, many of which are using wireless technology to communicate back to the server.
- SCADA systems (supervisory control and data acquisition). These systems allow remote control and data acquisition for environments like manufacturing, power generation and distribution, and water and sewer management including dams. Again, they are often running over the Internet.
- Industrial robots
- Slot machines.
These systems are all prime targets of cyber-criminals and cyber-terrorists.
There actually is a solution for many XP environments: the Unisys Stealth Solution. It can completely isolate your XP systems from the outside world, allowing communication only from the specific systems and users you permit. Since the protection is based on user identity, not specific network location or device identity, the rights of an individual change automatically when their role changes. As Unisys says, “You can’t hack what you can’t see.”
The last word:
This is serious. If your company is relying on Windows XP you are much more exposed to attack now then you were last month. What is worse, your exposure is not just from your own systems, but the systems used by your partners and employees when they work remotely. Have you asked your CIO how many XP systems are still in use in your extended IT infrastructure? Has your CIO checked with your partners? What about your POS equipment or the factory robots used to make the products you sell?
Your first step should be to determine what you really have, and make a plan to fix the problems. It may literally take years to eliminate all of the issues, so you will need to have mitigation efforts in place in the meantime.
You should have done this at least five years ago, but if you didn’t, now is the time to act.
Keep your sense of humor.