Windows XP security support extension: what does it really mean?

Posted by: Browsium Tags: , , Posted date:

Global Security Icon (269x269)

We were quite surprised reading the headlines announcing that Microsoft had extended security support for Windows XP. The headlines proclaimed “Microsoft extends XP security updates by 15 months” and “Windows XP anti-malware support extended until 2015, buys IT time”.

Having worked closely with the folks in Redmond for many years, it seemed odd they would suddenly reverse themselves on the April 8, 2014 end of support date. Why would they suddenly offer this ‘salvation’ to companies stuck on Windows XP?

We work with enterprises every day who are still trying to migrate off Windows XP – and with the Microsoft field organization which carries the mandate to minimize the number of XP systems in use. We are all trying to offer solutions to help get these enterprises to Windows 7 (or Windows 8, which we will support in our next release of Ion). But the migration projects have routinely been delayed – often by web application compatibility issues – so now they are getting perilously close to the cliff.

Based on this reality, it’s easy to see how the media might have gotten this wrong. They were hoping, along with many in IT, that Microsoft would reconsider the XP end of support date. But as we’ve all learned “hope is not a plan” (attributed to everyone from Vince Lombardi to Anderson Cooper). Once you get past the headlines proclaiming lifelines or reprieves, it’s clear this isn’t an extension of XP support, it’s an extension of anti-virus and anti-malware signatures for attacks that target the XP platform. That’s a big difference.

Understanding the difference between “security updates” (a.k.a. “patches) and “anti-virus signatures” is critical – and unfortunately the difference has been misunderstood by the media, which in turn could lead customers to the wrong conclusion. The anti-virus signatures Microsoft is offering are certainly helpful, but they are similar to taking antibiotics after you get a bad infection. You will likely get better, but you’re going to be pretty sick for a while first. Security updates (patches) are like the measles vaccine. They keep you from getting sick in the first place.

The reality is that Microsoft is not going to patch anything. There will be no software fixes for XP coming from Redmond. If you are running systems with Windows XP come the morning of April 9, 2014 you are on your own. When something stops working, or a zero-day exploit for Windows XP hits the Internet, you can’t call Microsoft for help without paying a hefty fee for custom support. The anti-virus signatures mean nothing to help the broken business application your users are screaming about.

All isn’t lost however. Many enterprise organizations have already completed their Windows 7 migrations, and we’ve helped quite a few who were blocked by web application compatibility. We can help you too. On average we see customers able to get incompatible legacy web application to the point of end-user testing within 5 days. That’s an average over the wide range of applications we have seen in the past 3 plus years, so it could be a little longer for some and a little shorter for others. And don’t forget that some applications will just work without remediation. Typically only 5-10% need remediation. But those are often the most expensive and most mission-critical applications. If you have a few business-critical web applications that need to work (and be on a supported OS) come April 9, 2014, now would be the right time to give us a shout.

  • Share: