I thought I was done talking about Windows XP's end of life, but something has come to my attention about desktop administrators at SMBs.
Everywhere I look, I still see Windows XP. Not in large enterprises -- those numbers are dwindling quickly -- but in small and medium-sized businesses. And these businesses aren't just trying to get by without buying new hardware; they're blissfully unaware of the freight train of vulnerability bearing down on them.
What really angers me is that so many of these companies have IT contractors that they call for problems, and those contractors haven't mentioned to them that they desperately need to upgrade their systems. It's their responsibility as IT people, and, frankly, it would be additional income for them to do the upgrades.
Medium-sized businesses tend to have an idea of what's to come, and some have already dealt with some of the issues of application compatibility by offloading their apps to Windows Server 2003 Terminal Services. At least that buys another 15 months. But even then, so many one-person IT departments are overwhelmed to the point where they can't handle it on their own. It sounds like FUD, but the potential consequences of not getting off this system before the Windows XP end of life comes around are too drastic to ignore.
Microsoft injects more confusion
Adding to the problem is that Microsoft has announced that it will continue to release anti-malware signatures for Windows XP through July 14, 2015 (the end-of-life date for Windows Server 2003), giving stragglers false hope that they have extra time.
In reality, Windows XP will still reach the end of its life on April 8, 2014, and it will be subjected to any zero-day vulnerabilities that spread after that. Microsoft will not release security patches, just antivirus and malware signatures for what is arguably not the best security product. (Although, I guess if it's the only security product, it would be both the best and the worst, so it has that going for it.)
More on Windows XP end of life
Windows XP anti-malware support extended
What to do about Windows XP end of life
Developing a Windows XP migration strategy
Apart from IT contractors informing their clients, Microsoft and the PC vendors could do more to call attention to the problem as well. (I'm guessing not many small business owners read TechNet blogs.) Online marketing on widely visited websites would help, not to mention the odd TV spot. Imagine a Super Bowl ad that says in an ominous voice, "On April 8, every day becomes a zero-day," with some explosions and the like, followed by a message to buy a new Dell, HP or Lenovo.
Desktop-as-a-Service providers could seize the opportunity, too, especially the ones that are using server-based computing (as opposed to a virtual desktop infrastructure). Small businesses are excellent candidates to offload desktop delivery and management to service providers that exist solely for that purpose. VDI is still a tough sell for them because of licensing costs and the lack of an inexpensive multi-tenancy solution for desktop operating systems, but server-based computing is fine for many of these cases. Amazon is in an excellent spot to market and deliver a DaaS product like that.
Of course, this probably won't happen because none of these will result in huge contracts. That means that the onus falls to IT guys and contractors to spread the word. In many situations, there are no high-tech ways to accomplish the goal. It simply means replacing an old desktop with a new one, but you can also use some of the technology that wasn't available a few years ago to make your life easier.
Dig deeper on Virtual desktop management