Running XP? Tick-tock, you’re on the clock

Marc Thaler

How long would you drive a car built with parts the manufacturer decided to stop making? One day? One week? One month? One year? Whatever your answer, there’s a certain amount of risk you assume upon hopping behind the wheel.

The fast-approaching “end of life” for Windows XP SP3 and Office 2003 – specifically how it affects small to mid-sized businesses using them – is often illustrated with that analogy. Industry giant Microsoft® will no longer support or update the 13-year-old desktop operating system (OS) or office suite starting April 8, a decision designed to steer users toward a more modern Windows system and version of Office.

“I also don’t believe Microsoft will do any favors for businesses that stay on XP – and don’t pay the hefty costs for custom support agreements with a locked and loaded exit plan in place,” Wes Miller, an analyst for Directions on Microsoft, told InformationWeek.

So where does that leave XP users yet to deploy a modern OS? Just because Microsoft will soon hit the brakes on XP security efforts hardly means cybercriminals will shift focus elsewhere. It’s widely believed they’ll go into overdrive to exploit unpatched vulnerabilities. December figures from NetMarketShare show nearly one-third of PCs run XP, ranking the system’s global presence second only to Windows 7 and well ahead of Windows 8.

The breakdown includes:

  • Windows 7 – 47.52%
  • Windows XP – 28.98%
  • Windows 8 – 6.89%
  • Windows Vista – 3.61%
  • Windows 8.1 – 3.60%
  • Mac OS X 10.9 – 2.79%
  • Linux – 1.73%
  • Other – 4.88%

As this topic relates to small to mid-sized businesses, Microsoft estimates 30% of them still use XP, according to the Washington Post. The newspaper also reported:

“In surveying enterprise customers with five to 250 employees, Microsoft found that only 55 percent of them knew about the forthcoming end of support for XP. And of that group … almost 70 percent didn’t know what the change will entail.”

Does your business count toward the unaware 45%? If so, it’s extremely late to the OS upgrade party. But as the adage goes: “Better late than never.”

In fact, GFI Software™ Product Manager Ian Bugeja said it’s “not the end of the world” if you’re running XP on deadline day. The OS will still work. But, he added: “My suggestion would be to start planning (a move to a modern OS). If not for April 8, start planning to migrate anyway. If you have a network of PCs, it takes time.”

Microsoft says migrating to a modern OS, on average, “can take 18 to 32 months from business case through full deployment.” It’s a process, for sure. And for businesses whose XP experience continues to be positive, or cite time and cost as roadblocks, migration may seem like a low- or “no-”priority project.

But make no mistake: There’s a high price for holding out. In fact, you may already be burning your budget.

Consider these numbers from Mitigating Risk: Why Sticking with Windows XP Is a Bad Idea. Published more than a year ago by the International Data Corporation (IDC), the report states that:

“IDC’s analysis shows that supporting older Windows XP installations, compared with a modern Windows 7-based solution, saddles organizations with a dramatically higher cost. Annual cost per PC per year for Windows XP is $870, while a comparable Windows 7 installation costs $168 per PC per year. That is an incremental $701 per PC per year for IT and end-user labor costs.”

In terms of IT productivity, the IDC reported that migrating from XP to Windows 7 annually saved nine hours of time spent per PC (11.3 versus 2.3) – a change of 79%. Users, meanwhile, regained nearly eight hours of lost time (9.0 versus 1.2) – a change of 87%.

All told, the IDC found that over a three-year period, migrating from XP to Windows 7 generated a 137% return on investment.

Those numbers address the key reasons that migrating to Windows 7, at minimum, is worthwhile: cost, employee productivity and system performance. Conversely, why cut ties with XP?


As noted earlier, 30% of small to mid-sized businesses still use XP. Once Microsoft ends support, zero-day vulnerabilities that have been created – and banked for April 8 and beyond – are expected to be released. Keep in mind: As viruses and other forms of malware continue to grow more sophisticated, an unpatched system doesn’t stand a chance.

“There could be some (third-party anti-virus) vendors that try to patch, but it wouldn’t be the preferred way (to move forward),” GFI’s Bugeja said. “If the platform is dying, the number of investments going into it would surely be reduced.”


Security is most commonly associated with XP’s end of life. However, meeting compliance in heavily regulated industries is equally critical. Failing to comply with the Health Insurance Portability and Accountability Act, better known as HIPAA, as well as the Payment Card Industry Data Security Standard, or PCI-DSS, can be costly.


Expect the effects of XP’s death to also impact hardware. Manufacturers won’t continue making office equipment – think printers and scanners, for instance – compatible with XP. Remember, they also want to make money. Why spend to make products compatible with a system that’s no longer supported?

Which modern OS is best for your business? It’s time to do your research, learn what distinguishes Windows 7 from Windows 8.1, and map out a migration plan.

“Did you know the technology you use has an impact on what current and potential customers think of your business?” Cindy Bates, Vice President of Microsoft’s U.S. SMB group, recently blogged. “Those are the findings of a survey we recently conducted, in which 90 percent of respondents said they would – or would consider – taking their business elsewhere if a company uses outdated technology.”

Tick-tock. You’re on the clock.