Windows XP: So Long, Old Friend

  • Smaller Small Medium Big Bigger
  • Default Helvetica Segoe Georgia Times

If your IBM i shop still has an enterprise dependency on Windows XP, it's time to stop dragging your feet.


Microsoft is standing firm on its decision to end support for Windows XP on April 8, 2014. The general level of apathy I've encountered as I discuss this issue with IBM i customers has surprised me. This apathy wouldn't surprise me coming from grandmas and grandpas and even small businesses that don't pay much attention to tech news. But IBM i professionals?


How bad can this XP issue really be? The IBM i is 25 years old (much older if you count its substantial S/38 legacy) and is showing few signs of old age. Why should an IBM i professional be worried about a desktop OS that is only 13 years old? If the IBM i is the Keith Richards of our computer world, then Windows XP is hardly even Justin Bieber. Justin has lots of time left, right?


As those of us rapidly moving into middle age know, age is just a number. Who cares how old Windows XP is? It's worked for 13 years; it will surely work for another 13. And it probably will, assuming of course that you don't ever connect it to the Internet or any other network. In less than 43 days, Microsoft will stop issuing critical updates for Windows XP. In less than 43 days, Windows XP's potential for exposure to malware, viruses, Trojan horses, rootkits, and other similar maladies will surely increase.


Another issue to consider is how your vendors will treat Windows XP. Most ISVs will discontinue targeting and testing on Windows XP; the network exposure is just too great. You'll need to worry about disruption not only with your operating system but also with your vertical applications and how their vendors support them.


Assuming you think you can weather the network and vertical application storm, don't forget what the regulators have to say. If your business is governed by regulations such as HIPAA or SOX, keeping Windows XP has the potential to put you in their crosshairs. There is, however, debate as to whether HIPAA mandates the removal of Windows XP. The Health and Human Services Website says its rules don't mandate PC computer operation system requirements, but there are potential exposures if a business doesn't correctly address its use of Windows XP in its written risk analysis.

The Sky Is Falling! Viruses Are Coming!

I know that this all sounds somewhat Chicken Little-esque. The sky is falling! Viruses are coming! Don't open that email! A similar alarm was sounded 14 years ago when we all freaked out over the impending worldwide computer failure that Y2K would surely provide. Alas, on the morning of January 1, 2000, water supplies didn't dry up, elevators didn't tumble from their shafts mid-floor, jets didn't fall out of the sky, and ATM machines kept right on chooglin'. Most of our Y2K fears were overplayed. Will fretting over the demise of Windows XP prove to be as overplayed?


The truth is that no one really knows. My bet is that by early summer, there will be some IBM i shops crying the blues over Windows XP-imposed issues. The target is just too big, and the script kiddies are just too clever.


Between July 2012 and July 2013, Windows XP was an affected product in 45 Microsoft security bulletins. Potential XP infections cropped up for that year nearly four times a month. In computer security parlance, a zero-day vulnerability refers to a software security breach that is unknown to the vendor. Each of these 45 exposures were zero-day occurrences that Microsoft found and then worked quickly to plug. After April 8, 2014, Microsoft won't plug any more zero-day exposures. After April 8, 2014, every day is zero day for Windows XP. Can you afford to run this risk with your enterprise network?


And it's not just IBM i shops facing risk. According to Bloomberg Businessweek, 95% of the ATMs worldwide are powered by Windows XP (and a similar number for the U.S.). Holy cow! The one fragment of good news here is that some ATM companies use Windows XP Embedded, an OEM version of Window XP, and support for it lasts until January 12, 2016.


As you can see, if your IBM i shop still has an enterprise dependency on Windows XP, it’s time to stop dragging your feet!

Whatcha Gonna Do?

If your shop hasn't yet addressed the impending demise of Windows XP, you're not likely to be able to fully pull the plug on those devices before April 8, 2014. But here are a few things you can do:

  • Make a migration plan. Now! You might want Windows 7, or you might want Windows 8. Windows 7 end of support is January 13, 2015, and Windows 8 end of support is January 9, 2018. As things stand right now, you get three more years of breathing room with Windows 8. However, that Windows 7 date may change; Microsoft recently announced a Windows 7 extension for its use by OEMs. I think ZDNet's Ed Bott makes a compelling argument for choosing Windows 8 over Windows 7. Many shops will probably do a little of both. Or, hey, maybe this is when you finally move your business to Linux or maybe even the Mac! I am saying this facetiously, but in a world where most of what you need to do is available in a browser, it's not that far-fetched.
  • Don't forget hardware. For many, moving off of Windows XP isn't just an OS move; it's a hardware move as well. Research this carefully. Think critically about your needs for the future and avoid dead-end purchases (especially as it relates to touch computing and how the influence of mobile technologies will influence how our desktop-bound apps operate). Windows 7 and its hardware doesn't do touch, Windows 8 and its hardware does.
  • Sandbox your Windows XP machines as best you can. Most shops are using Windows XP not because they want to, but because they have to. IT budgets have been tight, a smaller IT staff is doing more things, and some shops have (believe it or not!) enterprise dependence on IE 6 or some oddball COM thing that won't work on Windows 7/8. For whatever reason, shops that have to run Windows XP should do all they can, after April 8, to limit its use to mission-critical, can't-get-done-anywhere-else work. If possible, try to limit Windows XP network exposure as well.
  • Keep third-party virus protection current. Microsoft may be abandoning Windows XP soon, but for the virus protection vendors (Kapersky, McAfee/Intel Security, and Norton, for example) Windows XP zero-day exploits are a business opportunity. I've not seen much from these vendors about any special XP offers, but it wouldn't surprise me to see those offers appear.

Do You Feel Lucky? Well, Do You?

No one knows for sure what's going to happen when Windows XP reaches the end of its road. Many XP boxes will surely continue to work with nary an issue. However, some users and network administrators will experience a lot of grief and trouble within a few months of XP's demise. What you do about your Windows XP installations is up to you. But if you intend to have Windows XP in your enterprise after April 8, 2014, I'd ask myself one question, "Do I feel lucky?"