Windows XP end of support - what is your company doing?

[BloodFetish]

What other companies are doing about Windows XP now that it's no longer receiving security updates?

For my company we've decided to let attrition take it's course for a while. We estimated that we replace about 20 computers a month nationally, and mostly these would be computers running XP. We've also hardened security between each store location and the rest of our network to help contain an security issue should it arise.

As far as actual end of support and what that entails, we're not anticipating a higher rate of problems as a result but I suppose we are waiting to be proven wrong.

Mostly I'm just curious if our attitudes towards XP are consistent with other companies. Please add your 2 cents!

[Hack&Lube]

Most companies should have migrated or kicked off the migration already 1-3 years ago.

I think the strategies might change if all the zero-day kits that have been allegedly been held back until Microsoft ended support do pop up.

[Super Nintendo Chalmers]

Yeesh. It was just a few years ago that we got rid of our last PC with NT installed.

[Galakanokis]

We lease, 2 or 3 year rotation, so we are for the most part off of XP and have been for awhile. Currently we are looking at going the VDI route rather than physical desktops.

Most of us are on Windows 7 which I don't mind. A select few are on 8.1 with most of the big wigs wanting to use Mac's nowadays.

[Buff]

I manage a network with over 450 computers, and there is still quite a few XP machines. Less than 100 but there is plenty enough. Unfortunately I can't force the upgrade because I don't own those computers, my customers on my network own them, but I can't also deny those XP computers access to the network because I then cause a big customer service nightmare that cascades from me to my customers to their customers. I'm only working with my customers to upgrade as soon as they can afford it. Thankfully, of the 450+ computers there is less than 100 and they are slowly being replaced.

[BloodFetish]

^ looks like you're in much the same situation as us, Buff, though our hands are tied of our own laissez-faire/cheapskate attitude :-)

I suppose this is a trickle-down effect of owning vs. leasing. It will be interesting to see if there really are any zero-day exploits just waiting to happen.

[BloodFetish]

Quote:

Originally Posted by Super Nintendo Chalmers

Yeesh. It was just a few years ago that we got rid of our last PC with NT installed.

Lol, we just got rid of our last Windows 2000 machines within the last year. But NT? Wow.

[Resolute 14]

We waited until the last minute to upgrade, but did launch a project to upgrade everything. It is a complicated process for us given we have about 175 locations spread across Western Canada, and the natural delays have meant that while we hoped to be done in time for the end of life date, we're currently only at about 1200/2200 computers done. Should be all on Windows 7 or 8 by early May, however.

[DownInFlames]

My mom was in the Foothills for minor surgery last week. I noticed they had computers that are running XP. I wonder if they plan to upgrade soon.

[BloodFetish]

Quote:

Originally Posted by Resolute 14

We waited until the last minute to upgrade, but did launch a project to upgrade everything. It is a complicated process for us given we have about 175 locations spread across Western Canada, and the natural delays have meant that while we hoped to be done in time for the end of life date, we're currently only at about 1200/2200 computers done. Should be all on Windows 7 or 8 by early May, however.

If you don't mind me asking, how did your IT department "sell" the upgrade to the guys signing the cheques? Earlier I said we have a cheapskate attitude but really that isn't accurate - rather our management is very practical with money and don't part with it lightly.

[CubicleGeek]

Quote:

Originally Posted by BloodFetish

If you don't mind me asking, how did your IT department "sell" the upgrade to the guys signing the cheques? Earlier I said we have a cheapskate attitude but really that isn't accurate - rather our management is very practical with money and don't part with it lightly.

Make them read an article on the recently publicized Heartbleed vulnerability in SSL. Tell them if something similar was discovered in XP, it won't be fixed.

[TorqueDog]

^If the guys who sign the cheques are nerds (or at least one of them), they might already know that Microsoft products weren't impacted because we use SChannel, not OpenSSL.

Then again, if one of the guys in a position to sign cheques was a nerd, they probably wouldn't still be on XP by now. [shrug]

[kn]

Our QA department still needs to test on the platform because we have some customers that will not be upgrading. We'll probably be supporting it for our next release or two (that's roughly a year) and then we too, will drop our support of XP.

[Rathji]

Quote:

Originally Posted by BloodFetish

If you don't mind me asking, how did your IT department "sell" the upgrade to the guys signing the cheques? Earlier I said we have a cheapskate attitude but really that isn't accurate - rather our management is very practical with money and don't part with it lightly.

I would give them one of the many articles like this one, that explain what is likely going to happen now that the patches won't be coming.

http://www.itworldcanada.com/article...t-expert/84013

Quote:

A security expert said it is very likely that cyber criminals will exploit the impending retirement of Microsoft Corp.’s Windows XP operating systems.

Hackers that have developed zero-day exploits for XP will hoard them and sell them for a much higher price when the OS finally loses security free and paid security support from Microsoft in April 8, 2014, according to Jason Fossen, a trainer for the United States-based Internet security training firm SANS Institute.

At the moment, black market prices from a Windows XP exploit cost anywhere from $50,000 to $150,000. When Microsoft finally pulls the plug on XP the price will likely zoom upwards, he said.


Read more: http://www.itworldcanada.com/article...#ixzz2yjIXfwuT
or visit http://www.itworldcanada.com for more Canadian IT News

And, given the fact that any exploits patched in IE9/10/11 or Office 2007/10/13 Win 7/8 will be reverse engineered by people and then they will see if the exploit existed in Windows XP, IE6/7/8 and Office 2003, means that in the next 6 months we are going to see a huge push in the number and severity of zero day exploits that we see.

Its a no brainer, especially if there comes a version of Crypotolocker that exploits a browser flaw and you have people getting it just by opening a webpage.

If you absolutely must remain on Windows XP, I would be insisting that no users run as local administrator. It was shown to reduce infection through exploits dramatically.

From: http://www.avecto.com/documents/repo...port_FINAL.pdf

Quote:

Analysis of Microsoft Security Bulletins from 2013 highlights that 92% of critical vulnerabilities would be mitigated by removing admin rights.

Quote:

The report highlights the following key findings:
Of the 147 vulnerabilities published by Microsoft in 2013 with a Critical rating, 92% were concluded to be mitigated by removing administrator rights
96% of Critical vulnerabilities affecting Windows operating systems could be mitigated by removing admin rights
100% of all vulnerabilities affecting Internet Explorer could be mitigated by removing admin rights
91% of vulnerabilities affecting Microsoft Office could be mitigated by removing admin rights
100% of Critical Remote Code Execution vulnerabilities and 80% of Critical Information Disclosure vulnerabilities could be mitigated by removing admin rights
60% of all Microsoft vulnerabilities published in 2013 could be mitigated by removing admin rights

[Resolute 14]

Quote:

Originally Posted by BloodFetish

If you don't mind me asking, how did your IT department "sell" the upgrade to the guys signing the cheques? Earlier I said we have a cheapskate attitude but really that isn't accurate - rather our management is very practical with money and don't part with it lightly.

No clue. Things like Shawmageddon probably helped. "If we don't upgrade, we could lose our entire ability to sell stuff, and won't have someone else to blame for it."

[SebC]

nm