Microsoft is ending its Windows XP support in April 2014, and with recent revelations that a good many public-sector PCs – including those used by GCHQ and even the NHS – are still running the 13-year-old operating system, panic seems to be growing in some quarters.
Antivirus firm Avast’s COO, Ondrej Vlcek, certainly believes, based on data from the 20 per cent of global consumer PCs that the company’s software checks, there could be a considerable problem brewing.
One of the main issues, said Vlcek, is that many of these XP-based PCs are still running Internet Explorer 8. Released in 2009, the software is full of security holes. Next to this, a great many XP users are using pirated versions of the OS, with the Service Pack version 2, rather than the more robust Service Packs 3 and 4.
“Irrespective of whether we want to support those with pirated copies of Windows, the problem is that all of a sudden you will have many machines connected to the global networks with low-hanging fruits for attackers,” Vlcek told Computing.
“This could lead to the creation of much larger botnets with the capacity to take down more global machines. When hackers take over the machines of most XP users, it will be much harder to counter attacks.”
Vlcek believes that many owners of XP-based machines purchased the computer “as an appliance”.
“They don’t think of updating or upgrading the operating system,” he said.
When it comes to the UK public sector, Vlcek attributes its slowness to upgrade not so much to a lack of understanding of the risks, but more to reasons of “cost cutting”.
“They would have to buy full licences for those devices, and also upgrading to Windows 8 or even Windows 7 could challenge the hardware configurations they have,” said Vlcek.
No stranger to bad habits at IT management level is Mark Carter, executive adviser in KPMG’s CIO Advisory division. Carter told Computing that he still has a few clients who he is “trying to encourage” to move away from Windows XP.
He sees risk, for sure, but does not appear overly concerned.
“I’m not sure it’s going to be the complete apocalypse that everyone says it’s going to be,” Carter told Computing.
“I think there is potential exposure to hackers who are waiting out there to swoop on this, but it’s hard to quantify how big a problem it’s going to be,” he said.
But Carter advises CIOs not to “take the risk and leave yourself open”.
“I guess it’s a bit like the Year 2000 issue – everyone prepared for it, thinking the worst was going to come.”
While no planes fell out of the sky on that occasion, risk is risk, reasons Carter. That said, he added that there is an element of hype in all this, with Microsoft understandably keen to shift users away from a platform that’s no longer making it any money.
“Everyone will watch with bated breath, of course, but it’s in Microsoft’s own interests to get people off XP, and they’re maybe culpable for a certain amount of propaganda in this space,” said Carter.
[Please turn to Page 2]