Forgot your password?
typodupeerror
Windows IT

Ask Slashdot: Preparing For Windows XP EOL? 423

Posted by timothy
from the stock-up-like-y2k dept.
An anonymous reader writes "As most of us working in IT may know, Microsoft will stop supporting Windows XP on April 8th, 2014. Although this fact has been known for quite some time, XP is still relatively popular in companies and also enjoys noticeable marketshare for home users. Even ATMs are running XP and will continue to do so for some time. A lot of companies/users don't want to change because they see no additional benefit to do a costly upgrade, no reason to change a running system, and they may in some cases be right with their assumptions. So what is the best way to secure this remaining Windows XP systems? Installing the latest security patches, checking firewall status and user permissions etc. should be fairly obvious, as Microsoft Security Essentials may also not receive updates anymore, changing antivirus programs seems a sensible thing to do."
This discussion has been archived. No new comments can be posted.

Ask Slashdot: Preparing For Windows XP EOL?

Comments Filter:
  • No.
  • Must keep running XP (Score:4, Interesting)

    by Anonymous Coward on Thursday March 27, 2014 @04:49PM (#46596159)
    We have mission-critical software that must be run under XP. The software checks the OS somehow and reports Operating System Not Supported if we try to install it under Win7. It *does* run under Win7 in the XP virtual machine, however the software has a hardware security key that attaches to the parallel port, and the VM doesn't let it access the LPT at the low level it needs to (apparently) to recognize the key. It's XP for us for a while, damn the torpedoes.
    • by kthreadd (1558445) on Thursday March 27, 2014 @04:51PM (#46596203)

      So what's your plan going forward? Will you use XP ten or twenty years from now? If not then you should start a migration now rather than later.

      • So what's your plan going forward? Will you use XP ten or twenty years from now?

        They probably will, if there are motherboards that still support it.

        • by BobMcD (601576)

          But chances are, there won't be. The Intel rep said that they will no longer be developing drivers for it, and their new chipsets do not support it.

      • by Mashiki (184564)

        So what's your plan going forward? Will you use XP ten or twenty years from now?

        Why not? We've still got mission critical systems that use fortran and cobol in use.

        • by kyrsjo (2420192)

          There are still tons of software being *written* in FORTRAN. COBOL I don't know, I don't work for a bank... But when I (2-3 years ago) where digging into the depths of the website of our local equivalent of IRS to try and figure out some piece of tax law, I found a link named "program for calculating tax" or somesuch. Clicked it - and got my screen filled with what I eventually identified as COBOL code!

      • by Darinbob (1142669)

        If it was me, my plan for the future would be to never again buy equipment that requires a closed source operating system to run, or even never buy equipment that requires a computer, stick with analog or mechanical devices. Also instill heavy doses of cynicism, and realize that if you buy the least available OS that the next day they will announce the end of life data for it.

        Or just go with a whole startup mentality and pretend that your business will never last more than 5 years anyway and never plan on

        • by dbIII (701233)

          If it was me, my plan for the future would be to never again buy equipment that requires a closed source operating system to run

          That's why the stuff at my workplace that requires SunOS 5.6 or Win98 is steadily getting rewritten in python. Don't like linux/Win7 ? Run it on whatever you do like. A nice side effect is being able to run it on dirt cheap tablets standing right next to the gear it's testing.

    • That is some "bleeped up "software

    • by mark-t (151149)

      You better hope that either a) no remote exploits for XP get discovered after april 8th, or b) your systems do not need any kind of connection to the internet.

      Certain types of infected computers which have an impact on network usage (zombies, in particular) can be detected by the ISP and disconnected from their network (and it is usually in their best interests to do so)

  • MSE (Score:5, Informative)

    by theheff (894014) on Thursday March 27, 2014 @04:50PM (#46596167)
    MSE will have definitions for a year after the EOL: http://blogs.technet.com/b/mmp... [technet.com]
    • by RR (64484)

      MSE will have definitions for a year after the EOL: http://blogs.technet.com/b/mmp... [technet.com]

      I think that is a grave mistake on Microsoft's part. It makes people think that they can still run Windows XP securely, just intercepting viruses that match the signatures, instead of patching the underlying vulnerabilities.

      I also think continuing to let OEMs install Windows XP until Windows 7 was also a grave mistake. In the short term, it slowed people from fleeing to Linux, especially for the early-model netbooks. In the long term, it has delayed the end of Windows XP by years, making it more painful whe

  • by Collective 0-0009 (1294662) on Thursday March 27, 2014 @04:51PM (#46596189)
    Other than your one embedded example, that I don't think pertains to the other 99% of computer you are discussing, I question that it is really that expensive to upgrade to Win 7... [aventissystems.com]

    I realize there is more than hardware costs, but did you really expect your software to work for more than 10-15 years without needing an upgrade? Most people in this situation are there because they have deferred the (most likely needed) updates until now. And now they have an unusual number of computers to upgrade. My employer is squarely in this position.

    Bite the bullet and upgrade. If you really want to stand firm against M$ or something, simply install any number of old-hardware-friendly linux distros. Knoppix is my current favorite.
  • by MikeRT (947531) on Thursday March 27, 2014 @04:55PM (#46596267) Homepage

    A lot of companies/users don't want to change because they see no additional benefit to do a costly upgrade, no reason to change a running system, and they may in some cases be right with their assumptions.

    How about this one. All of your software options are better on 7 than XP. Firefox and Chrome are moving away from supporting it. Microsoft is moving away from supporting it too. You know what that means, Mr. Super Conservative Executive/IT guy? It means your threat vectors are now starting to approach "everything installed on this workstation" instead of just the OS.

    • Re:See no benefit? (Score:4, Insightful)

      by multimediavt (965608) on Thursday March 27, 2014 @07:45PM (#46598225)

      A lot of companies/users don't want to change because they see no additional benefit to do a costly upgrade, no reason to change a running system, and they may in some cases be right with their assumptions.

      How about this one. All of your software options are better on 7 than XP. Firefox and Chrome are moving away from supporting it. Microsoft is moving away from supporting it too. You know what that means, Mr. Super Conservative Executive/IT guy? It means your threat vectors are now starting to approach "everything installed on this workstation" instead of just the OS.

      You've never worked with specialized equipment that costs hundreds of thousands or millions of dollars have you? Either that or you work for a DoE lab with deep pockets. Businesses, universities and private research labs usually don't get to replace equipment costing that much on a four to five year cycle. They get the equipment and use it until it just flat out doesn't work anymore then they spend the money to get something new. If the machine that interfaces with the equipment requires a 16-bit DOS or older version of Windows and has a proprietary dongle or need for some 16-bit ISA card then that's what stays. You buy replacement computers that will support the equipment at auction or on eBay and you keep the thing running. If the equipment can still be used, you use it. Like was said above, the computer's only job is to interface with the equipment. It's not networked, doesn't need to be. Modern malware can't effect it because it won't run on it, dummies! You can't run 32-/64-bit malware on a 16-bit machine! XP maybe, but there are very good ways around the security issues. You don't obsolete $250,000 plus machine that still gets used because the OS needed to interface with it is "old". Why is this so hard for some people to understand? You just don't treat capital expenses like that unless you have a ridiculous amount of money to burn. There really isn't a good analogy for this. It is what it is. I am sure you know the common euphemism, "If it ain't broke, don't fix it." That saying isn't just a saying, just like stereotypes exist because there are people that fit them.

      • Seriously, why don't I have mod points when a comment like this comes up. Seriously, +5 Insightful

        I work at a university. Around here, lots of investigators have aging but perfectly serviceable equipment of all flavors. Some of it is tied to XP (or Win9x, or DOS) because the software to run the equipment hasn't been updated to run under a newer OS. Some of the equipment is one off or made by a company that's been out of business for years, or there is a newer and fancier instrument so they won't upgrade sof

  • Migrate your apps, fork the code, invest some cash. And next time, write up a long term strategy regarding on how to live with well known product lifecycles.
  • by almitydave (2452422) on Thursday March 27, 2014 @04:56PM (#46596283)

    I plan to clone my hard drive on April 8th and just restore from that backup whenever I get hacked. No fail in this plan!

    In all seriousness, I've been gradually transitioning to Linux Mint as my primary OS, with XP as a dual-boot option (basically for games). I also have a XP VM running under Mint that I'll be able to use if I need XP and don't want to reboot. Everything's installed on a single 1TB platter drive so I really do have 2 cloned backups (on- and off-site) available.

    I hadn't planned on getting a Windows OS after XP due to draconian DRM, although I haven't had a problem with XP licensing since I bought it retail in '04; I'm considering getting Win7+SSD since that's what I have at work and it's actually quite nice. That being said, most of the programs I use are cross-platform FOSS, so it's not a strong need (notable exceptions are rFactor and Visual Studio).

    • Re:CloneZilla (Score:5, Interesting)

      by operagost (62405) on Thursday March 27, 2014 @05:55PM (#46597051) Homepage Journal
      I kind of wonder whether activation is going to work after April 8. No one has brought this up in years. Microsoft's servers have to still answer to requests from XP machines; if they don't, the software is unusable. Really, they should activate any request with any key since it's unsupported and it would take more effort on their part to continue maintaining the database.
  • by Jody Bruchon (3404363) on Thursday March 27, 2014 @04:57PM (#46596287)
    Use Firefox. Keep the biggest attack vectors up to date (Adobe stuff in particular). Get rid of Java entirely unless you desperately need it; in that case, keep it up to date religiously. Use Adblock Plus (or equivalent) to block ads which sometimes carry malicious code. Don't do stupid things online. Don't run executables unless you absolutely know they're safe. Don't install pirated software since pirated software sometimes comes with lovely surprise infections. Use a limited user account for your daily activities and an administrator account only for maintenance tasks or to run software that won't work under the limited account. Always use a NAT router between the computer and the Internet, and don't run any open wireless network with that PC attached.

    It's largely just a matter of (A) don't do obviously dumb things and (B) don't run everything as an administrator in the first place. Remember that antivirus and security software is a final line of defense; everything else is basically a problem with the user's behavior or knowledge, and if you are careful and follow good security practices in the first place, you aren't at any significantly greater risk than you are now.

    One more thing: if someone really wants to break in, they will. XP or 7 or 8 or 8.1 and all the updates in the world won't matter in such a case, so my final piece of advice: don't piss anyone off that might want to come after you.
  • 10 year old laptop now runs Lubuntu and 5 year old desktop "server" is going in the trash, replaced by an ARM SBC running debian.

  • Take 'em offline (Score:5, Insightful)

    by browndizzle (2709539) on Thursday March 27, 2014 @05:02PM (#46596367)
    For many of my clients that run milling machines that still run XP, I am just making sure that they are not connected any longer. In that scenario, continuing XP is sensible and cost effective, with little to no risk. I'm sure most of the IT world is going to see the flare up of exploits that people have been hanging on to waiting for MS to no longer be willing to patch. Anyone of my other clients - law firms, non profits etc. - I am forcing the upgrade. No need to be so tied to such a clunky and difficult to recover OS anymore. Embrace the already 4 year old future, get on the update bandwagon and move on. None of my clients are seeing this as the end of the world like the media and others are describing it.
  • Relatively safe (Score:5, Informative)

    by JBMcB (73720) on Thursday March 27, 2014 @05:06PM (#46596419)

    There hasn't been a root exploit in XP for a couple of years now, which means if you are running as a user and not root, and you know what you are doing, XP should be fairly safe.

    1. Run as a regular user and only elevate permissions when you need to
    2. Make sure your directory permissions are locked down properly (there are guides to help you do this)
    3. Turn off all unnecessary services
    4. Run a 3rd party antivirus app - BitDefender Free is excellent
    5. Regularly run rootkit detectors and a second on-demand scanner (I use Trend Micro)
    6. Don't use IE, use Firefox with NoScript turned on
    7. Don't use Flash, Adobe Reader or Java. Use Sumatra PDF for PDF viewing.

    I keep a VM of XP around for running some old apps and reading my junk email account. I've been sent virii and all sorts of junkware, and running the above config is pretty impervious to anything thrown at me. I can revert the image to it's original state if something bad happens, and I've yet to have to do that.

  • We were scouring the lab here and noticed that our traffic generator had an embedded OS and it was of course XP. It took a LOT of back and forth with the vendor (whom we pay a big fat support contract to each year) to get a Win 7 disc. Apparently they don't have a plan for XP migration because they don't want to buy a ton of new license keys. This is a problem for people who can not have unpatched systems on the network. Technically the embedded edition is not going EOL yet, but we have concern about Mi
  • Windows SteadyState (Score:5, Informative)

    by benjymouse (756774) on Thursday March 27, 2014 @05:12PM (#46596493)

    Windows SteadyState [cnet.com] from Microsoft is available for Windows XP.

    SteadyState virtualizes the OS directories transparently on the disk. File writes/updates are directed to a secluded area. You can set it to simply delete those journaled updates upon restart/signoff. Any malware will be effectively gone. Windows Update would still be possible when signing in as the SteadyState administrator (creating an updated image), but that's kind of moot at this point.

    • by Krishnoid (984597)

      File writes/updates are directed to a secluded area.

      But what if the malware directly modifies disk sectors? Is there malware that can attack in this way?

      • From Steve Gibson and Leo Laporte [grc.com]:

        Now, it's not quite as onerous in my experience as Jim's letter indicates because it does not
        make an entire copy of your system partition and/or drive. Instead you set aside a block of
        hard drive space. And using a feature, basically it's file system filtering, this is able to capture
        any changes which are made to the system drive. And essentially it caches the changes. So, for
        example, when any application, installer, literally anything you do, I mean, this thing is global.
        You cannot turn it off without restarting Windows. So it's not something that just sort of easily
        comes and goes. I mean, this is meant to be bulletproof.
        And I discovered the hard way that it even protects the partition table, and that first track of
        the drive which we were talking about recently could be prone to preboot kernel rootkits. I was
        using something else that did deliberately change that first track, very much in a kernel rootkit
        fashion. And that'll be the subject of an upcoming podcast because it involves performing whole
        drive encryption. And it turns out that SteadyState uninstalled this thing, even though I had
        SteadyState sort of in a mode where it was supposed to allow changes to be saved. So, I
        mean...

  • That's what's going to happen to all the XP machines (that haven't been air gapped already) where I work.

    Most of the XP holdouts are lab equipment. (Oscilloscopes, Arbitrary Waveform Generators and the like.) They were already air gapped, anyway.

    There are a few machines that run old development tools needed for production. (As in factory, not web services.) They will be left connected long enough to catch the last batch of updates, then relegated to USB storage and optical media for data dransfer. (With sen

  • by Sloppy (14984) on Thursday March 27, 2014 @05:32PM (#46596717) Homepage Journal

    they see no additional benefit to do a costly upgrade, no reason to change a running system .. So what is the best way to secure this remaining Windows XP systems?

    Don't. Don't secure it. Just let the chips fall where they may. Failure is an option, and you've presented things such that it's the best option.

    Before you reply with "that's crazy" (or "that's lazy") let me remind you, that you there's "no .. benefit" to being more secure, and "no reason" to worry about the consequences. The submission has already stated that solving the security problem has zero value. So why are you working on it? Just let it go. Security is a don't-care condition. Every hour spent on it, is an hour wasted for no benefit.

    If you change your mind about it being a don't-care condition, then you open the door to upgrading to a maintainable OS. But you can't do that, until you decide that upgrading does have benefits, and there is reason to change a running system.

    So .. have you changed your mind? Are you still sure there's no benefit to an upgrade and no reason to change a running system? Or have you realized that's TOTALLY FUCKING ABSURD yet? Because I think once you realize that it's TOTALLY FUCKING ABSURD then you're going to see some options appear.

  • The virus writers who have been holding back XP payload might have vectors that also hit Vista/7/8. With all the juicy XP targets to compromise, they can do more effective random IP address attacks like the days when XP Service Pack 2 wasn't around. So I'm not totally concerned, but just a little bit concerned that this could hose more than just the XP installations.
  • End of support for XP is no real problem at all! Just downgrade to Windows 2000! It doesn't even need activation!
  • I'll trying to get an Installfest setup at the local library to help XP users migrate to Ubuntu.

  • That's easy:

    fromdos *.txt

  • "What's our iceberg preparedness response again?"
  • by funwithBSD (245349) on Thursday March 27, 2014 @06:36PM (#46597549)

    Word came down today that running any XP images is a security violation.

    Security violations are potentially an immediate termination offense.

  • by Sir Holo (531007) on Thursday March 27, 2014 @09:42PM (#46599113)
    The UCLA Medical System, a gigantic organization, required all hospitals, providers, etc. to standardize on a single, integrated medical record-keeping system. Medical history, diagnoses, prescriptions, appointments — the works. This was within the last 12 months.

    It runs on XP.

    Happy privacy!

The sooner you fall behind, the more time you have to catch up.

Working...