Firms using XP SP2 imperiled as retirement deadline looms

Three out of four companies will soon face more security risks because they continue to run the soon-to-be-retired Windows XP Service Pack 2 (SP2), a report published today claimed.

The report is based on a survey done by Toronto-based technology systems and services provider Softchoice Corp.

The firm looked at a total of 278,498 corporate and public sector PCs from 117 organizations across Canada and the U.S. in education and the financial, health care and manufacturing industries.

Nearly half of them (45 per cent) are still running Windows XP SP2. This data was collected and analyzed by Softchoice from January to June of 2010.

Related news

How to select the Windows 7 version that’s best for you

Forget Windows 7 – How to cling on to Windows XP forever

Softchoice is encouraging customers to deploy Microsoft Windows XP Service Pack 3 (SP3) or Windows 7 as end of support for Service Pack 2 (SP2) draws near.

On July 13, 2010, Windows XP SP2 – as well as Windows 2000 Professional and Windows Server 2000 – will reach end of support.

“This is a red alert,” said Dean Williams, services development manager at Softchoice. “This isn’t something you can safely ignore, like you might have before.”

Williams was referring to the impending end-of-support deadline that Microsoft Corp. has set for Windows XP SP2, a service pack that debuted in the fall of 2004.

After July 13, Microsoft will stop issuing security updates for SP2, a move that has users scrambling to update to Windows XP SP3, which will be supported until April 2014.

“Windows XP SP2 is deployed in 100 per cent of the companies [surveyed] to some extent,” said Williams.

“But that doesn’t tell the whole story. On average, 36 per cent of the PCs in every organization run SP2.”

Softchoice obtained its data from customers of its IT assessment services, which include asset, hardware life cycle and licensing management.

When analyzing survey data, Softchoice weighted the number of XP SP2 systems in each polled organization to arrive at the average usage mark of 36 per cent.

Most companies have work to do, Williams said, citing the 10 per cent threshold of Windows XP SP2 systems.

“It’s unrealistic to expect them to execute a deployment of Windows 7 in the next three weeks,” he said. “But they should determine who is affected and get them updated to Windows XP SP3 immediately.”

Windows XP SP3, which Microsoft released in May 2008, is available as a free upgrade to all Windows XP users. Microsoft has promised to support XP SP3 with security updates until April 8, 2014.

Softchoice’s data is similar to numbers produced last month by Qualys Inc., which said that approximately half of all enterprise PCs running some version of XP were using SP2.

According to Web metrics company Net Applications, 62.5 per cent of all personal computers worldwide ran Windows XP in May. Net Applications has tracked an 11-point drop in XP’s usage share in the past 12 months.

Williams expects that number to fall even faster with Windows XP SP2’s retirement. “This represents the death knell of XP,” he said. “[SP3] is only a stay of execution.”

Williams urged users and companies still running XP SP2 to update immediately, and he said there’s little risk in doing so.

While enterprises may have put off deploying XP SP2 shortly after it launched in 2004 — in large part because it was a major overhaul of the operating system — XP SP3 is essentially just a collection of already-released fixes and patches.

“There’s no compelling reason to delay the move to SP3,” Williams said.

Microsoft has been beating the same drum, reminding users each month’s Patch Tuesday of the looming retirement.

In April, the company also made minor concessions on Windows XP SP2 support, announcing that it would take calls from customers running outdated service packs, such as SP2. Previously, it turned those people away.

Windows XP SP3 can be downloaded at Microsoft’s Web site. It can also be obtained via XP SP2 PCs through the Windows Update service.

Meanwhile, in a previous interview with our sister publication, CDN, Elliot Katz, senior product manager for Windows client at Microsoft Canada(NASDAQ:MSFT), said with end of support, Microsoft would no longer provide support or updates for Windows XP SP2, Windows 2000 Professional and Windows Server 2000 will also reach end of support, unless customers install the latest service packs or upgrade to Windows 7.

“The main impact on end-users when a product reaches end of support is that updates, which include security patches, are no longer delivered to the operating systems,” Katz said.

“We want customers to know they can upgrade to SP3 (with Windows XP) or Windows 7. SP3 is a free download, but if customers don’t have the bandwidth, they can order the DVD from us and just pay the shipping and handling.”

Dean Williams, services development manager at Softchoice, said based upon findings from its most recent research note around Windows XP SP2, Softchoice is taking on a mission of education to help spread awareness to its customers that the end of support date is drawing near.

“This becomes less of a nice to know and more of a need to know,” Williams said. “This is a mission of education for us and our customers.

In our opinion, the problem doesn’t stem from people not wanting to deploy SP3, it’s just that they don’t know what service pack they’re currently using. This then becomes a problem involving people and processes.”

With no more security patches or updates after July 13, Williams said the customers that fail to migrate to the new service pack or new operating system will be exposed to potential security risks and attacks. In addition to this, those customers also won’t have access to software development kits and the functionality that goes along with it.

Customers and partners should start taking a look at their environments to see what operating system they’re currently running, Williams advises.

“The time isn’t now, it was yesterday,” Williams said. “The opportunity for us, as a partner, is to make sure customers are aware of what end of support means and letting them know the impact it’ll have on them and then to help our customers put things like policies and processes in place.”

Source: Computerworld.com

Share on LinkedIn Share with Google+