Goodbye Windows XP; Hello IsXP?
Goodbye Microsoft Windows XP, you have had your time. You are now obsolete at the ripe old age of 13. It doesn’t matter that there are tens of millions, even hundreds of millions, of you still out there. It doesn’t matter that you are running ATMs and point-of-sale terminals, and are in thousands of production facilities. It doesn’t matter that you are running in critical infrastructure and mission critical systems. It doesn’t matter that these systems are keeping our water, food, and medicine safe, and keeping our water, natural gas, and gasoline flowing. Your time had passed on April 14, 2009, at the ripe old age of 8, but you have been on extended life support since them. None of these things matter; your final time has now passed, and on April 8, 2014, you will no longer be a supported product.
Because Windows XP was the first truly reliable commercial multi-windowed system, it became the "go-to" standard for control, human machine interface (HMI), and instrumentation systems. Companies have invested billions of dollars in these systems and expected them to have the same multi-decade lifetime of other industrial systems. Lifetimes of 15 to 30 years are common in industrial systems.
If Windows XP had been built on an open source model, there would probably still be an active community to support the operating system, just as other open source software has lasted 30 or more years. However, the Windows XP system is Microsoft’s property and the only support is through Microsoft. Microsoft may continue to offer extended support, but that seems unlikely given the move to the "one-size-fits-all" approach for PCs, notepads, and phones. If support is offered, the cost per PC will probably be high with limited support, and could still be stopped any time at Microsoft’s discretion.
A better solution would be for Microsoft to outsource Windows XP support to an independent third party, to provide Lifetime Support XP (lsXP). That organization could then provide critical and important security patches on a subscription basis. It could quickly respond to zero day attacks, and help protect the millions of XP systems in critical infrastructure or mission critical systems. This approach is a win-win for Microsoft and users. Eventually the Windows XP systems will be replaced, and if industrial and financial companies feel that they will have long-term support organizations for commercial Windows operating systems, then they will look favorably upon Microsoft for replacements. Because so many XP systems are in critical infrastructures in multiple countries, the whole world would be well served to encourage Microsoft to outsource Windows XP support, and plan for the same outsourced support for future obsoleted software.
3 things to remember after XP
If lsXP doesn’t develop, then there are only three things to remember to keep your XP systems running: protect, protect, and protect. With zero day attacks continually being discovered, many that affect operating systems and services, there will be an ongoing need to protect your XP systems from infection. This means stronger firewall rules, stronger password rules, severely limited outside access, white listing tools, root kit inspections, tightly constrained external device (USB, CD) connections, and additional security training for system users.
Unfortunately, there is no easy answer to the upcoming loss of support for Windows XP. These systems will become more expensive to maintain and replace. This is the hidden future cost of using commercial software on systems that have lifetimes of 15-30 years. If this is not a wakeup call for vendors to take a long, hard look at the systems they use for their systems, then it is a wakeup call for end users to demand software that lasts as long as the hardware.
– Dennis Brandl, president of BR&L Consulting www.brlconsulting.com in Cary, N.C., writes "Engineering and IT Insight" for Control Engineering. His firm focuses on manufacturing IT. Edited by Mark T. Hoske, content manager, CFE Media, Control Engineering and Plant Engineering, email@example.com.
At www.controleng.com, search related topics.
See other articles for 2013 at www.controleng.com/archive.
This file, originally posted March 31, 2014, was updated on April 14, with answers to reader feedback, below.
1. Do you know if a Lifetime Support XP (lsXP) has become available?
Unfortunately, Lifetime Support is not available. This was an idea, thrown out in the hope that someone will pick up the concept and run with it. Of course, that someone would probably have to be someone at Microsoft. The idea only works if Microsoft is ready to give up the XP source code to an independent 3rd party, and allows the organization to hire former and current Microsoft employees. This may work if the third party is a non-profit (it gives Microsoft a tax write-off and would raise fewer issues about gouging license fees) and the current or former employees are those nearing retirement but that want to stay active. Maybe Bill or Steve would be willing to part with a couple million to make it work? Unfortunately, I don’t have their phone numbers to call.
2. We have McAfee and Verizon anti-virus software on our computers. Is this enough to protect us from attacks or computer virus?
This is a good start, but zero-day attacks, which are vulnerabilities that are exploited before the anti-virus vendors can respond, are still a problem. To help in those attacks, the systems should also be protected behind firewalls, all unused programs and application removed, any unused accounts removed, and make sure that you are not using default passwords on any applications. These changes will reduce your risk, and if the systems have no direct connection to the intranet, or even your company’s business network, then this reduces your risk about as low as it can get for an XP system.
3. What are “white listing tools” and “root kit inspections” mentioned in the article?
White listing tools are extensions to the operating system that checks that only approved (white listed) programs are running, and that the running programs have the signature. This means that have not been modified by a virus or hacker.
Root kit inspection tools check that the startup parts of the computer have not be modified or changes by a virus or hacker. The changes are made in the “root” of the operating system, so that they are not seen by anti-virus tools. With a root kit attack, the system is compromised as soon as it starts up. Root kit inspections read the boot sectors on the disk and check the BIOS to make sure that these are correct and not infected.