by CIO New Zealand

Nearly 400,000 PCs in NZ running XP vulnerable to attack

Nov 06, 20135 mins
CareersE-commerce Services

New Zealand businesses and consumers with PCs still running old Windows XP software have less than six months to upgrade their operating system, before the likelihood of their PC getting a virus or some other outside attack significantly increases.

Microsoft will end support for the XP operating system on 8 April 2014. From that date onwards there will be no further security updates or patches released, no number to call for technical assistance, and no online technical content updates from Microsoft. Essentially, XP users in New Zealand and around the world will be on their own, says Microsoft New Zealand in a press statement.

“We estimate that up to 377,000 PCs in New Zealand running Windows XP could be vulnerable to malware attacks after 8 April 2014 and we want to make sure that Kiwis upgrade before Microsoft stops supporting Windows XP,” says Dean Edwards, Windows business group manager, Microsoft NZ.

Much like other technology such as your mobile phone or digital camera, after 13 years XP is outdated. It can no longer handle people’s expectations around data privacy and productivity, or the types of sophisticated cyber-attacks that now exist, says Microsoft.

The security risks for New Zealanders using XP will significantly increase, and both businesses and personal computers running XP will be impacted.

Microsoft says in New Zealand, around 18.8 percent of all personal PCs and over a quarter (25.3 percent) of PCs used by all types of businesses run on Windows XP.

“We’re well and truly at the stage where businesses and personal computer users need to upgrade to Windows 7 or Windows 8 – both to protect against risk, and to get the benefits of running a modern operating system,” says Edwards. “For businesses, upgrading an operating system takes time. Depending on complexity, small businesses could take three to six months to upgrade, and larger businesses can take six months or more. We are really worried that some New Zealand companies are cutting it too close to the end of support date,” says Edwards.

Beyond security implications, hardware support for Windows XP and the availability of hardware drivers will continue to diminish, making the operating system progressively more difficult and costly to support. In addition to this, an increasingly long list of modern software, such as Adobe Photoshop and Microsoft Office 2013, cannot be installed on Windows XP.

Microsoft says a local organisation that has recently upgraded from Windows XP is House of Travel, which is number 83 in CIO100, the list of top ICT using organisations in New Zealand.

“We had 1,100 computers running XP in all our offices and branches, and migrating them to Windows 8 caused little disruption to the business,” says Dave Veronese, House of Travel CIO.

“It was something we delayed doing for so long, but we’ve already noticed the benefit of using more up to date software and would highly recommend upgrading for the advantages of the new operating system.”

Analyst firm Gartner estimates more than 15 percent of midsize and large enterprises will still have Windows XP running on at least 10 percent of their PCs after Microsoft support ends next year.

Gartner analysts Michael Silver and Steve Kleynhans have listed three recommendations for organisations to ensure they will either be off these products or have considered the risks of continuing to run them.

Understand the risks involved

Not having support means PCs could be vulnerable to attack. New vulnerabilities are always being found, and new vulnerabilities that are found in more current products could affect Windows XP and Office 2003. Any unpatched device can be vulnerable to attack. Even if a device is only a private network and has no internet access, another device, even one running a supported product, can be infected with malware outside the private network and can bring it onto the private network, infecting other devices.

Many applications will no longer be supported while running on Windows XP. Organisations may be on their own to resolve issues and problems, which could result in system downtime.

Assess position

Organisations that are not almost or completely finished migrating off Windows XP and/or Office 2003 should review their project plans and ensure they are on target to meet the deadline. Those that believe they’re unlikely to complete their migration projects by April 2014 should prioritise their applications and users and reduce the risks by addressing critical resources first.

Classify applications and users — work on critical ones first

Most organisations have far too many applications. Organisations where users are administrators typically have one application for every 10 users, with about half of these requiring Windows to run. Gartner defines a critical application (or the user of critical applications) as one where if the application fails or the user can’t do his or her job, there could be financial or legal consequences.

Organisations must conduct several analyses on their application portfolios to help safeguard the organisation after XP support ends, and in preparation for Windows 7 or 8 migrations.

Follow CIO New Zealand on Twitter:@cio_nz

Sign up for CIO newsletters for your regular updates on CIO news, views and events.

Join us on Facebook.