According to reports in The Daily Telegraph today over 3/4 of British businesses are running Windows XP, the operating system that Microsoft moves to “end of life” status next week.

The headline is obviously misleading. 77% of UK businesses using XP isn’t anything like 77% of British business PCs using the old OS which estimates within the article put down at around 13%. There is also a heady whiff of “survey done for PR purposes” about the whole piece.

What it does make me think, though, is that with the remainder of devices left on the old OS increasingly in niche tasks, is there really any greater risk of security from not migrating?

My hunches are based on two assumptions:

Firstly that if a company still has Windows XP knocking about the place, then what are the chances it is meticulously keeps those devices patched and up to date? My guess would be that many of the remaining XP devices are already horribly out of date and so therefore won’t be any less secure next week or beyond than they are already.

But the second assumption is that many of those XP devices will be being used for non-PC type  applications, where they aren’t connected to the full, internet-connected network. To be frank, if say something like the bank ATM network is generally connected to the general PC network of your average financial institution, there are far bigger worries than an old operating system that should be being examined. Is every cash register using XP similarly at risk because of being on a major business network? I’d be surprised…

I’ve no doubt that there are some security concerns for the remaining XP machines in circulation, but I wonder now if we need to keep in mind that not all “PCs” are created equal.

3 thoughts on “Any worse at end of life?

  1. True. My previous employer still had a lot of XP machines, but they generally weren’t attached to any network. If they were on a network, they were tightly locked down and isolated behind their own hardware firewall/router, allowing only certain, very limited types of data transfers. In general, these XP machines were single-purpose machines, used only to control highly specialized machines and instruments.

    1. I’m sure that there are even pre-XP machines in similar controlled environments knocking about the place.

      Actually changing such isolated devices probably means more of a security risk than less in the long and short terms.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s