As a reminder, Windows XP will officially reach EOSL (End Of Support Life) on April 8, 2014, a milestone in the making for over a decade, finally coming up a little over eight months from now. On this date, Microsoft will stop publishing new fixes for security holes and bugs in XP. It will no longer be possible to use XP securely, and the degree of exposure and danger will begin to ramp up thereafter, like a proverbial ticking timebomb.
XP will join Windows 98 in the “Recycle Bin” of operating system history. You could still run it, but not safely. Put it on an exposed network, or actually browse anything, guess what happens.
Office 2003 and Internet Explorer 6 will also reach EOSL on the same date. (Yes, people still use IE6, very few in the west, but nearly a quarter of Chinese users.)
It is critical for everyone to migrate off of Windows XP and Office 2003 and on to newer versions by or before the April 8, 2014 deadline.
To most people this means new OEM hardware with a fresh OEM operating system layout, along with migrating programs and data. It’s been a long time since factories stopped imaging XP so if you’re running it, unless your circumstances are special, your hardware is probably old enough to be replaced.
Microsoft would like nothing more than to sell you Windows 8. But because I still view 8 as unproven – even numbered Windows are historically suspect – I’m recommending and migrating customers to Windows 7 where I can, going into refurb inventory to get it if need be.
For reference, Windows Vista and Office 2007 will both EOSL in 2017, and Windows 7 will EOSL in 2020. The retirement schedule for Windows 7 is sufficiently far off as to not concern me at this time.
Most users have no idea that this EOSL is coming up and do not understand what it means to them. I’ve been talking it up for a while and I can tell you from the situation on the ground, XP is going to die hard.
Home users without significant assets to protect will largely just let it go. (The glut of vulnerable systems this will precipitate over time could correspond to a meaningful global security impact. XP still represents anywhere from 15% to close to 40% of the space depending on how you measure.)
Business users, particularly those with compliance concerns, but really anyone with sensitive data to protect, should be more informed and more proactive about this than they are right now. Remember, a core defensive control against host compromise, the ability to maintain current patch levels, is being discontinued without recourse.
I imagine media outlets will have a nice go of it in the final few weeks, spreading fear and causing a scramble. By that time my customers will hopefully have long since had the problem taken care of.
Contact me if you need expert help steering safely through this mess, or any other.