July 13, 2010. It is less than a month away, and it is the date that Microsoft will end support for Windows XP SP2. That means that Microsoft will no longer be testing newly discovered vulnerabilities to determine if Windows XP SP2 is affected, nor will it be developing any more patches or updates in support of Windows XP SP2. You have T-minus 29 days and counting to install SP3, or make the move to a newer OS, like Windows 7.
Businesses that aren't already actively engaged in an OS migration from Windows XP to Windows 7 have little hope of starting that process now and finishing in less than a month. The testing, logistics, and support involved in upgrading operating systems requires significant planning and preparation to avoid costly mistakes and down time.
The end of life of Windows XP SP2 will impact a huge segment of the desktops in the world. According to recent data from Net Applications, Windows XP still holds nearly 63 percent market share, compared with about 15 percent for Windows Vista, and just under 13 percent for Windows 7.
Wolfgang Kandek, CTO of Qualys, noted in a recent blog post that more than half of the Windows XP systems encountered are still Windows XP SP2. Combining that stat with the Net Applications market share data suggests that more than 30 percent of the desktops in use are still running Windows XP SP2.
Kandek notes that--even with a significant increase in the rate of migration from SP2 to SP3--"we are still over a year away from having all machines migrated, threatening to leave many machines exposed to exploits for the vulnerabilities that we expect in the second half of 2010."
Organizations can buy nearly four more years of life support for Windows XP by simply deploying the SP3 update. Microsoft is not scheduled to end all support for Windows XP until April of 2014. Of course, like a person living on life support in a hospital, the quality of life of those additional four years is questionable. Perhaps it's better to pull the plug?
Making the switch to Windows XP SP3 will ensure your systems are still supported by Microsoft--which is good because you might need a lot of support. Windows XP SP3 is more secure than Windows XP SP2, but significantly less secure than Windows 7. The longer your organization goes without upgrading to Windows 7, the more your organization is going to have to manage the increased support and remediation costs of an operating system that has more critical patches, and is more vulnerable to compromise and exploit.
The Microsoft Security Incident Report Volume 8, released in April of this year, found that Windows XP SP3 systems were compromised by malware only half as much as Windows XP SP2, and a quarter as often as Windows XP SP1. However, it also found that Windows XP SP3 is infected twice as often as the 32-bit versions of either Windows Vista and Windows 7.
Cling to Windows XP SP3 if you must, but buckle up. It's going to be a wild ride.