10

I am hoping someone can explain in simple terms, what it really means that windows XP will be end of life?

It looks like SP2 is already not being patched, but maybe SP3 is going to be patched up until 4/18/2014?

So I assume that means there will be windows update patches available until that date?

What happens after that, no patches at all?

That means the potential for hacks, virus, etc. are greatly increased?

TheCleaner
  • 32,352
  • 26
  • 126
  • 188
Scott Szretter
  • 1,860
  • 11
  • 42
  • 66

4 Answers4

9

I won't speak to WHEN it will happen, since the date has fluctuated...but to answer your questions and help make this question a canonical for this topic that is sure to pop up a lot...

So I assume that means there will be windows update patches available until that date?

MS will continue to release new patches/updates for XP until that date. Existing patches/updates will continue to be available afterwards. See the next answer for more details.

What happens after that, no patches at all?

Microsoft will still allow you to update XP with any patches it has released up to the date that support officially stops.

"This means that after the 8th April 2014, you'll still be able to use Windows Update to download all existing security patches. This is important, as if you re-install Windows XP, you should still apply all of the existing patches in order to make the base operating system as secure as it should be."(1)

The important thing here is to at least get all your existing XP computers patched properly, which should have been happening all along. Don't get hacked with an exploit that came out 2 years ago!

if you are willing to pony up the money, Microsoft does offer "CUSTOM SUPPORT" to companies/governments/etc. willing to pay for it. The price isn't set in stone though, and is pretty exorbitant:

"Microsoft understands that local laws, market conditions, and support requirements differ around the world and differ by industry sector. Therefore, Microsoft offers custom support relationships that go beyond the Extended Support phase. These custom support relationships may include assisted support and hotfix support, and may extend beyond 10 years from the date a product becomes generally available. Strategic Microsoft partners may also offer support beyond the Extended Support phase. Customers and partners can contact their account team or their local Microsoft representative for more information."2

That means the potential for hacks, virus, etc. are greatly increased?

Greatly increased isn't a hard/fast metric. To say it will increase 10%, 20%, 150%, is hard to say. The potential is definitely there for exploits to surface for XP that MS could have the ability to patch but won't after EOL.

However, there are ways to lower the threat risk and help ensure you are safe.(1)

  1. Make sure you have a good antivirus program, hopefully one with a decent malware scanner as well. The choices are numerous, so I'll leave that choice up to you.
  2. Make sure all your software is patched and up to date. It can easily be a software exploit and not an OS exploit that allows for viruses/hacks to occur. Realize though that 3rd party software often won't be patched like an OS will, and worse they will often come back and say "you're still on XP? Our current version isn't compatible with XP now, you'll need to buy an upgrade."
  3. Secure your web browsing as much as possible. This means knowing what sites you are accessing, using web content filtering if possible, using an A/V program that helps scan for issues while you are browsing, and disabling Java and other scripts from running if possible. Switch to Chrome or Firefox if possible, since IE for XP is dated at this point.
  4. Be sure you aren't running with an administrative level account. This is good practice regardless of OS, but especially so after losing the ability to have security updates/patches for any new threats that arise.
  5. Stop using Office 2003 and Outlook Express, which also will no longer be receiving updates/patches.
  6. Upgrade to Windows 7 and use XP Mode for those stingy old apps that refuse to be updated.

Other choices independent of XP that are good security practices regardless of OS also prevail here:

  1. Use both the desktop/client firewall and a "real" firewall(s) within your network, especially at the edge.
  2. Use an IPS/IDS if possible
  3. Keep detailed logs of network activity. Look for suspicious activity ESPECIALLY once an exploit becomes mainstream and starts making tech and news headlines.
  4. Prevent installs of 3rd party software IT doesn't trust. Don't allow your users to install anything they desire (again better stated than implemented).
  5. Keep your servers secure as possible. While an infected XP PC is bad, and hundreds of infected XP machines is worse...don't make it paramount by getting your servers infected/exploited by not securing them properly from virus propagation, etc.
  6. Make sure your wireless and wired network is secure. This means not letting that employee bring in their "personal laptop" running XP with no service packs or a/v onto the network. If you are allowing such things, then all of the above is worthless. Same goes for VPN connectivity from home, USB sticks, etc. Make sure you know what you are letting onto the network.

FINALLY, is there an answer to really make sure you sleep well at night? Sure, it's called "UPGRADE FROM XP". While that may be a daunting task/project to undertake, realize that you aren't alone in this and that everyone else that has waited this long is undertaking the same project. Work through the issues specific to your company, draw up a plan of attack, and implement. There will obviously be costs involved as well as politics and user/culture paradigms, and if management simply decides to hold off even longer there's not much IT can do to force their hand other than list out why it is a bad idea to continue putting it off. There isn't a "one size fits all" approach here and if your company is still running a majority of XP workstations without a migration project already underway then it is likely there hasn't been much regards in terms of lifecycles/best practices/etc. regardless.

FURTHER READING:

Besides the existing footnote links I provided after the italicized quotes above...here are some links and info to help you make the decisions and transitions:

https://www.microsoft.com/en-us/windows/enterprise/end-of-support.aspx

http://windows.microsoft.com/en-us/windows/security-essentials-download?os=winxp&arch=other

http://windows.microsoft.com/en-us/windows/help/what-does-end-of-support-mean

http://www.microsoft.com/windows/en-us/xp/top-questions.aspx

http://technet.microsoft.com/en-us/magazine/ee851564.aspx

http://technet.microsoft.com/en-us/windows/bb264763.aspx

http://technet.microsoft.com/en-us/windows/hh706147.aspx

Community
  • 1
TheCleaner
  • 32,352
  • 26
  • 126
  • 188
  • 2
    With all the years of advance notice we've had, the _planning_ for "UPGRADE FROM XP" should have begun some time ago. Of course many places will not have bothered for various reasons, and those will be the ones hit the hardest. If you have XP boxes anywhere that's remotely sensitive, like [network connected cash registers](http://i.imgur.com/uqlnirS.jpg), this should probably be your top priority. (And yes, I spotted that last weekend at a major office supply chain store. I should have paid cash...) – Michael Hampton Apr 01 '14 at 21:14
  • @MichaelHampton any chance it was a version of [Windows Embedded or CE](https://www.microsoft.com/windowsembedded/en-us/product-lifecycles.aspx)? Embedded/POS SKUs of Windows follow a different support lifecycle due to their nature. Of course, it's entirely possible it was XP and massive fraud with your payment info will begin in about...oh..6 days. – MDMarra Apr 03 '14 at 19:05
  • @MDMarra Doubtful. The screensaver blatantly says "Windows XP Professional"... – Michael Hampton Apr 03 '14 at 20:40
3

Simply put EOL means no patches no support. From http://support.microsoft.com/lifecycle/?LN=en-gb&C2=1173 "Support ends 24 months after the next service pack releases or at the end of the product's support lifecycle, whichever comes first. For more information, please see the service pack policy..."

For service packs:

"Security updates released with bulletins from the Microsoft Security Response Center will be reviewed and built for the supported service packs only. Daylight Savings Time and Time Zone updates are built for fully supported service packs only."

XP SP2 is EOL

XP SP3 has a supported end date of 4/21/2010 that is when mainstream support ended. XP is in the extended support phase, so only security fixes will be available until 2014 (if I read the chart correctly). As always it's best to get information like this from the vendor.

As far as impact, it's a cost to upgrade so businesses need to evaluate whether or not to upgrade. Many companies have realized that newer machines come with win 7 licenses so there is no upgrade price.

Jim B
  • 23,938
  • 4
  • 35
  • 58
  • 2
    The end of security updates is where things get severe. – SpacemanSpiff Jan 12 '12 at 17:25
  • it's already severe as the security updates only affect systems that are not insecure by design. I still don't understand why there are so many XP systems out there, I can get skipping vista, but win7? – Jim B Jan 12 '12 at 17:30
  • 2
    There just happens to be a bad economy at the moment, and some people are holding onto those 4-5 year old machines hoping to squeeze another 2-3 years out of them. – Zoredache Jan 12 '12 at 18:14
  • "I still don't understand why there are so many XP systems out there" Because it still works fine. Why pay $$ and take the time to upgrade when XP works and Win7 doesn't really add much? – Ward - Reinstate Monica Jan 13 '12 at 05:09
  • @ward-because unless you are using a 4-5 year old machine, you already bought win7. I can certainly see zoredache's point. – Jim B Jan 13 '12 at 05:54
  • @JimB (checks bottom of laptop...) Yep, says Win Vista Business, not Win7. We've got lots of 4 year old machines still in use. – Ward - Reinstate Monica Jan 13 '12 at 08:42
  • @ward, so you could at least go to Vista business for free if security was a concern – Jim B Jan 13 '12 at 17:49
  • Another reason for lots of XP machines, non-profit businesses that can not afford to upgrade hundreds of machines - at least unless there is some solid documentation as to why they MUST and WHEN (which is what I am trying to find). – Scott Szretter Feb 01 '12 at 17:14
  • @ScottSzretter So one thing you have to understand is that you will never HAVE to upgrade unless you want to be supported by Microsoft. – Jim B Feb 01 '12 at 21:18
  • @ScottSzretter Additionally most non profits get crazy discounts on that stuff (http://home.techsoup.org/pages/default.aspx) – Jim B Feb 02 '12 at 08:13
  • But you have to upgrade because there will be security holes that will no longer be patched, correct? Yes, you can receive crazy discounts, but it's a limited number of licenses - a much smaller number than we would need. – Scott Szretter Feb 02 '12 at 16:47
1

This Microsoft Table and the revelant article to crossmatch with Extended Support,Mainstream support etc. In windows XP terms it means upgrade where possible.

It looks like SP2 is already not being patched, but maybe SP3 is going to be patched up until 4/18/2014?

That's not the case for Service Packs and I quote from the link

Support ends 24 months after the next service pack releases or at the end of the product's support lifecycle, whichever comes first. For more information, please see the service pack policy at http://support.microsoft.com/lifecycle/#ServicePackSupport .

Windows XP is now on the Extended Support. Basically no warranty-claims,charging for incidents,etc.

user
  • 1,408
  • 8
  • 10
  • I think you misread the table, only XP sp3 is in extended support, everything pre sp3 is EOL – Jim B Jan 13 '12 at 05:56
  • I think my main concern is the statement "Without Microsoft support, you will no longer receive security updates that can help protect your PC from harmful viruses, spyware, and other malicious software that can steal your personal information" – Scott Szretter Jan 13 '12 at 12:46
1

Just some further information, many vendors only provide support for their products when they are used in a supported environment. For example JoeAccounting is the software your accounting department uses on their Windows XP computers. Say something happens and you have to re-install JoeAccounting on their computers, but you run into an issue. Right now you can call JoeAccounting support and they can help you solve the problem, in a few days from now if their policy is to only support their product on operating systems that are in support from their own vendor, then they will not be able to help you with the issue.

Many vendors utilize this policy and for good reason. If the source of the issue is something with the operating system itself, the vendor can work with the OS vendor to resolve the issue. If the OS isn't supported they can't do that.

If you are still running XP machines its not too late to upgrade, but to be honest even though the out of pocket is less to just buy Windows 7 and install it on the XP computers, it is better in the long run to buy new computers, a $1000 computer would pay itself off with increased productivity and decreased support cost in a year. Its very important even for small businesses to have life cycle's on their IT hardware and software. If you still have XP machines odds are they are 4 or more years old and that old in the business world for a computer.

Siggy
  • 31
  • 5