The last few weeks have really felt like déjà vu.
If you were around in the waning years of the 1990’s you will remember the discussion, hype, fear and general confusion that reigned concerning what would happen at midnight on 31 December 1999.
The Year 2000 Problem, Y2K for short, was creating concern because historically we had always abbreviated the current year from 4 to 2 digits to save space in software programs, forms, etc.
As New Year’s Day 01 January 2000 approached the concern was that electronic programs and equipment would either cease to function gracefully or catastrophically. Either way a significant amount of money was poured into efforts to correct these problems and upgrade both the software and hardware components of systems to prevent everything electronic failing as the clock struck midnight.
According to sources referenced on the Y2K WikiPedia article here is what it cost the US alone:
The total cost of the work done in preparation for Y2K is estimated at over US$300 billion ($400 billion in 2013 US dollars. IDC calculated that the U.S. spent an estimated $134 billion ($179 billion) preparing for Y2K, and another $13 billion ($17 billion) fixing problems in 2000 and 2001. Worldwide, $308 billion ($411 billion) was estimated to have been spent on Y2K remediation.
I was in the Navy during that time and was stationed overseas in Italy. Our concerns were doubled because we not only had our US based communications systems but also depended upon the local Italian infrastructure and there were concerns on how things would go at the shift from 1999 to 2000 all across Italy.
Of course entrepreneurs across the country left no stone un-turned when it came to marketing to the Y2K scare with some serious and not so serious offerings. There were plenty of software programs to test if your computer was vulnerable to the bug and of course upgrades to both hardware and software were labeled “Y2K Proof” or “Y2K Verified “ to help with sales.
There were also stuffed Y2K Bugs, Christmas ornaments and even one person who labeled spray bottles filled with water as “Y2K Bug Spray” which sold like crazy. It was so popular that when another individual decided to sell something similar the original Y2K bug spray “developer” sent them a cease and desist letter to pull the product and shut down their website.
I am not kidding about that one at all!
So anyway, back to my feeling of déjà vu relating to what is happening with the upcoming expiration of support for Windows XP in April 2014.
Just like during the approach to Y2K the noise level is ratcheting up as April 2014 gets closer.
You have all the pundits, experts, professionals, journalists, bloggers, Tweeters and Facebookers reminding everyone about the death kneel of Windows XP and making suggestions on how to move forward with the impending end of official Windows XP support from Microsoft.
Another element that is starting to become more prevalent is the offer of software solutions, both paid and free, to help folks avoid moving off of Windows XP due to the cost of new hardware, software, etc.
In the last few weeks two things have caught my attention in this area.
Windows XP post April 2014: Non-Microsoft support emerges – This story over on ZD Net discusses a company based in Paris called Arkoon that is going to offer, as Arkoon describes it, a product based on their StormShield technology which includes an 8MB security agent that is installed on the XP machine.
The monitoring service will employ a variety of resources to spot new vulnerabilities and then apply updates to the XP security template sitting on a company’s server. It will automatically update all the protected agents and continue with this ongoing protection as long as long as they want to use XP. There’s the agent component and then there’s the monitoring team that’s supporting that.
96% of US schools facing huge cost of Windows XP upgrades – this one is from Avast! the company that makes anti-virus and anti-malware software. This tactic employs a possible financial impact, specifically on schools, that would make upgrading from Windows XP a costly evolution. So it offers a Free for Schools program that provides free licensed anti-virus/anti-malware software to qualifying institutions. It looks like a great program to make sure computers are covered and protected but I am not sure I agree with the Windows XP tie in from their blog post about it. Some schools are possibly going to be mislead into thinking that by participating in the Free for Schools program that it means they are further protected on Windows XP following the end of official support from Microsoft.
I am pretty sure that your vulnerability will increase on Windows XP after April 2014 no matter what type of overlay or security software you are using. Since the OS and new vulnerabilities will not be getting updated that means newly discovered exploits will be accessible to those who want to use them because Microsoft will not be fixing those issues anymore.
Bottom line is, just like I said the other day, it is time to rip that band-aid off and do the right thing.
Upgrade, Upgrade, Upgrade.
It is going to hurt in the wallet, manpower, time, etc. but protecting the sensitive and critical information that resides on those machines should not be negotiable or trusted to a third party solution that hopes to help you out?
I mean do you expect that these companies will be there with full support when a breach happens and you lose control of that important data?
You might want to read those terms of service as you install that software on your XP systems to know that answer.
Do you plan on riding it out after April 2014 with Windows XP or do you have plans for an upgrade to your system?