Goodbye Windows XP; Hello IsXP?

Microsoft Windows XP support ends April 8. What happens April 9? Three things to remember. NEW: Updated with answers to reader feedback on April 14.

04/14/2014


Goodbye Microsoft Windows XP, you have had your time. You are now obsolete at the ripe old age of 13. It doesn't matter that there are tens of millions, even hundreds of millions, of you still out there. It doesn't matter that you are running ATMs and point-of-sale terminals, and are in thousands of production facilities. It doesn't matter that you are running in critical infrastructure and mission critical systems. It doesn't matter that these systems are keeping our water, food, and medicine safe, and keeping our water, natural gas, and gasoline flowing. Your time had passed on April 14, 2009, at the ripe old age of 8, but you have been on extended life support since them. None of these things matter; your final time has now passed, and on April 8, 2014, you will no longer be a supported product.

Stranded investments

Because Windows XP was the first truly reliable commercial multi-windowed system, it became the "go-to" standard for control, human machine interface (HMI), and instrumentation systems. Companies have invested billions of dollars in these systems and expected them to have the same multi-decade lifetime of other industrial systems. Lifetimes of 15 to 30 years are common in industrial systems.

If Windows XP had been built on an open source model, there would probably still be an active community to support the operating system, just as other open source software has lasted 30 or more years. However, the Windows XP system is Microsoft's property and the only support is through Microsoft. Microsoft may continue to offer extended support, but that seems unlikely given the move to the "one-size-fits-all" approach for PCs, notepads, and phones. If support is offered, the cost per PC will probably be high with limited support, and could still be stopped any time at Microsoft's discretion.

A better solution would be for Microsoft to outsource Windows XP support to an independent third party, to provide Lifetime Support XP (lsXP). That organization could then provide critical and important security patches on a subscription basis. It could quickly respond to zero day attacks, and help protect the millions of XP systems in critical infrastructure or mission critical systems. This approach is a win-win for Microsoft and users. Eventually the Windows XP systems will be replaced, and if industrial and financial companies feel that they will have long-term support organizations for commercial Windows operating systems, then they will look favorably upon Microsoft for replacements. Because so many XP systems are in critical infrastructures in multiple countries, the whole world would be well served to encourage Microsoft to outsource Windows XP support, and plan for the same outsourced support for future obsoleted software.

3 things to remember after XP

If lsXP doesn't develop, then there are only three things to remember to keep your XP systems running: protect, protect, and protect. With zero day attacks continually being discovered, many that affect operating systems and services, there will be an ongoing need to protect your XP systems from infection. This means stronger firewall rules, stronger password rules, severely limited outside access, white listing tools, root kit inspections, tightly constrained external device (USB, CD) connections, and additional security training for system users.

Unfortunately, there is no easy answer to the upcoming loss of support for Windows XP. These systems will become more expensive to maintain and replace. This is the hidden future cost of using commercial software on systems that have lifetimes of 15-30 years. If this is not a wakeup call for vendors to take a long, hard look at the systems they use for their systems, then it is a wakeup call for end users to demand software that lasts as long as the hardware.

- Dennis Brandl, president of BR&L Consulting www.brlconsulting.com in Cary, N.C., writes "Engineering and IT Insight" for Control Engineering. His firm focuses on manufacturing IT. Edited by Mark T. Hoske, content manager, CFE Media, Control Engineering and Plant Engineering, mhoske(at)cfemedia.com.

ONLINE

At www.controleng.com, search related topics.

See other articles for 2013 at www.controleng.com/archive.

- See other Manufacturing IT articles

This file, originally posted March 31, 2014, was updated on April 14, with answers to reader feedback, below.

1. Do you know if a Lifetime Support XP (lsXP) has become available?

Unfortunately, Lifetime Support is not available. This was an idea, thrown out in the hope that someone will pick up the concept and run with it. Of course, that someone would probably have to be someone at Microsoft. The idea only works if Microsoft is ready to give up the XP source code to an independent 3rd party, and allows the organization to hire former and current Microsoft employees.  This may work if the third party is a non-profit (it gives Microsoft a tax write-off and would raise fewer issues about gouging license fees) and the current or former employees are those nearing retirement but that want to stay active.   Maybe Bill or Steve would be willing to part with a couple million to make it work?  Unfortunately, I don’t have their phone numbers to call. 

2. We have McAfee and Verizon anti-virus software on our computers.  Is this enough to protect us from attacks or computer virus?

This is a good start, but zero-day attacks, which are vulnerabilities that are exploited before the anti-virus vendors can respond, are still a problem.   To help in those attacks, the systems should also be protected behind firewalls, all unused programs and application removed, any unused accounts removed, and make sure that you are not using default passwords on any applications.  These changes will reduce your risk, and if the systems have no direct connection to the intranet, or even your company’s business network, then this reduces your risk about as low as it can get for an XP system.  

3. What are “white listing tools” and “root kit inspections” mentioned in the article?

White listing tools are extensions to the operating system that checks that only approved (white listed) programs are running, and that the running programs have the signature.  This means that have not been modified by a virus or hacker.   

Root kit inspection tools check that the startup parts of the computer have not be modified or changes by a virus or hacker.  The changes are made in the “root” of the operating system, so that they are not seen by anti-virus tools.  With a root kit attack, the system is compromised as soon as it starts up.  Root kit inspections read the boot sectors on the disk and check the BIOS to make sure that these are correct and not infected. 



WILLIAM , MN, United States, 05/09/14 09:23 PM:

Windows-XP evolved to become Windows-7 and now Windows-8. Code developed using Visual Studio 2005 and greater is supported under Visual Studio 2012. If the software was designed correctly, then it can be ported quickly to Windows-7 and newer versions that have better User Interfaces.

What happened to "Continuous Improvement" and "Lean/Agile" ways of thinking? The same thing happened to the old VAX/VMS and Unix system 15-20 years ago.
David , Bangladesh, 05/09/14 09:26 PM:

The problems will arise more from the average user not doing bugger all proactively until something occurs. That will happen to XP as it always has and any newer versions out there. The only real loss from this is going to be someone trying to do system integration using XP. In other words if you want to make your new widget work with it as far as drivers and such you are going to be SOL.
Luiz , Non-US/Not Applicable, Brazil, 05/20/14 08:18 AM:

My father was a builder. The lesson I learned from his profession was the aversion to waste - every nail, every screw was carefully separated and stored neatly.
But from some decades ago, what we're seeing is an absurd obsolescence in all areas. It is the new going over old like a steamroller.
We hardly see companies with more than fifty years. Companies last a life time.
So our products are not meant to last, it can be seen in the reduction of the guarantees offered by manufacturers worldwide. Of course, this philosophy is present also in the Microsoft. Thus, for each new version of Windows, we need a new engine, more powerful, discarding equipment whose useful life was far from over.
If this planet will endure or not so much waste, so much garbage, only time will tell (in my opinion it will not hold).
Consulting-Specifying Engineer's Product of the Year (POY) contest is the premier award for new products in the HVAC, fire, electrical, and...
Consulting-Specifying Engineer magazine is dedicated to encouraging and recognizing the most talented young individuals...
The MEP Giants program lists the top mechanical, electrical, plumbing, and fire protection engineering firms in the United States.
Water use efficiency: Diminishing water quality, escalating costs; Lowering building energy use; Power for fire pumps
Building envelope and integration; Manufacturing industrial Q&A; NFPA 99; Testing fire systems
Labs and research facilities: Q&A with the experts; Water heating systems; Smart building integration; 40 Under 40 winners
Maintaining low data center PUE; Using eco mode in UPS systems; Commissioning electrical and power systems; Exploring dc power distribution alternatives
Protecting standby generators for mission critical facilities; Selecting energy-efficient transformers; Integrating power monitoring systems; Mitigating harmonics in electrical systems
Commissioning electrical systems in mission critical facilities; Anticipating the Smart Grid; Mitigating arc flash hazards in medium-voltage switchgear; Comparing generator sizing software
As brand protection manager for Eaton’s Electrical Sector, Tom Grace oversees counterfeit awareness...
Amara Rozgus is chief editor and content manager of Consulting-Specifier Engineer magazine.
IEEE power industry experts bring their combined experience in the electrical power industry...
Michael Heinsdorf, P.E., LEED AP, CDT is an Engineering Specification Writer at ARCOM MasterSpec.