Windows XP’s open invitation to hackers
By Parija Kavilanz @CNNMoney March 26, 2014: 12:42 PM ET
The death of Windows XP is just days away, and experts say businesses that don’t upgrade are basically sending an open invitation to cybercriminals.
On April 8, Microsoft (MSFT, Fortune 500) will no longer provide security updates, or “patches,” for its Windows XP operating system. This means computers running on XP — and even machines like ATMs — will be largely unprotected against viruses and cyber attacks.
While Microsoft declined to disclose how many small businesses currently use Windows XP, Forrester Research estimates about 6% of companies’ PCs will still be using it by the April deadline. Experts say those are predominately small and medium-sized firms.
“A year ago, 35% of machines for our small business customers [about 1 million machines] were still on XP,” said Sergio Galindo, general manager with GFI Software, which provides IT support to small and mid-sized businesses. “I couldn’t believe it.” (That’s since dropped to about 23%.)
Related: Microsoft is about to take Windows XP off life support
What does this mean for those businesses on April 9? Not a lot — at first, said Galindo. XP will keep working, and businesses that rely on it will keep functioning.
But the risks will compound over time.
“It’s like expired milk,” said Galindo. “If you drink it one day after it expires, you’re OK. But after a month, the risk is exponentially greater.”
The risk can’t be overstated, said Thomas Hansen, vice president of small and medium business at Microsoft (MSFT, Fortune 500). In fact, Microsoft’s own research has shown that Windows XP, released in 2001, is five times more susceptible to viruses and cyberattacks than Windows 8, its newest operating system.
Microsoft announced in September 2007 that it was planning to phase out Windows XP in order to give people plenty of time to prepare.
“The world and technology has moved on,” said Hansen. “This is a decade-old technology that doesn’t fit in the modern world.”
Related: Tax season unleashes cyberattacks
Migrating to the new platform requires firms to invest in new software and hardware. Upgrades could run from several hundred dollars to thousands, depending on the size of the firm and the age of the machines.
“If you’re still running XP, chances are that your computer is at least 10 years old,” said Galindo. “Businesses might be better off updating their devices anyway.”
On average, small businesses spend more than $400 on repairs for PCs that are four years or older, said Hansen.
“Running old technology is costly, and it hampers productivity,” he said. “But you can get a new PC that’s running Windows 8 for about the same price.”
Dr. Omar Ibrahimi is bracing to spend much more than that to upgrade the systems at his dermatology practice in Stamford, Conn.
“All of our computers run Windows XP, and we’ve invested a lot of money in our systems,” he said. “Microsoft’s decision to pull support for it has upset a lot of people.”
Ibrahimi expects to spend between $15,000 and $20,000, which will include buying new machines and hiring IT consultants to help with setup and training.
Related: 6 most dangerous cyberattacks
Eric Marcus has seen both sides of the issue. His IT firm, Marcus Networking in Tempe, Ariz., caters to small and medium-sized businesses and has updated more than 1,400 workstations in the last five months.
He also spent $20,000 replacing 15 laptops at his own business with machines that run Windows 7.
It’s a cost he budgeted for, but many of his clients have struggled with the expense. “They have to pay for new equipment and our time. It adds up,” he said.
And some businesses, he’s discovered, run proprietary programs that are only compatible with XP.
Microsoft’s Hansen said the company is aware of that problem and is working with software developers. “We don’t have the perfect answer yet on how to solve that situation,” he said.