Xplore Tech – Windows XP End of Life Articles
Microsoft: Upgrade from Windows XP or risk infinite
"zero-days"
August 19, 2013
http://www.scmagazine.com/microsoft-upgrade-from-windows-xp-or-risk-infinite-zerodays/article/307937/#
Microsoft is asking users who haven't already migrated to a newer operating system to do it now.
Microsoft is intensifying its efforts asking users to scrap Windows XP, the 12-year-old operating system
for which the software giant is ending support next April.
Tim Rains, director of Microsoft Trustworthy Computing, authored a blog post last week reminding
customers of the perils that could await them should they continue running XP, which debuted in 2001,
once Redmond stops patching the platform. Users should upgrade to Windows 7 or 8.
"There is a sense of urgency because after April 8[, 2014], Windows XP Service Pack 3 (SP3) customers
will no longer receive new security updates, non-security hotfixes, free or paid assisted support options or
online technical content updates," Rains wrote. "This means that any new vulnerabilities discovered in
Windows XP after its 'end of life' will not be addressed by new security updates from Microsoft."
Rains said that when a vulnerability is patched in one of Microsoft's supported operating system versions,
attackers typically reverse engineer the fix in hopes of creating an exploit that could target users who failed
to apply the update.
When Microsoft ends support for XP, it will be likely that such as vulnerability would affect even outdated
Windows versions. And without any possibility for a patch, attackers will essentially have free reign on XP
endpoints.
"Since a security update will never become available for Windows XP to address these vulnerabilities,
Windows XP will essentially have a 'zero day' vulnerability forever," Rains wrote.
In addition, customers shouldn't rely on the hope that anti-exploit functionality will prevent a successful
attack, he said.
"The challenge here is that you'll never know, with any confidence, if the trusted computing base of the
system can actually be trusted because attackers will be armed with public knowledge of zero-day exploits
Page 1 of 18
in Windows XP that could enable them to compromise the system and possibly run the code of their
choice," Rains wrote.
So what's holding up the migrations?
According to a study conducted in April by VMware, 64 percent of enterprise-size companies
still haven't migrated off XP. The same goes for 52 percent of midsize firms and 61
percent of SMBs.
"Common challenges such as end-user downtime, data loss, migration failures and effort to upgrade remote
employees can all be avoided if you plan ahead," wrote Sarah Semple, VMware's director of product
marketing, in a blog post.
In addition, cost is an impediment. Gartner has estimated that, based on a 10,000-PC environment, the
expense of migration is between $1,205 and $1,999 per machine.
The Risk of Running Windows XP After Support Ends April 2014
Tim Rains - Microsoft
15 Aug 2013 1:00 AM
Back in April I published a post about the end of support for Windows XP called The Countdown
Begins: Support for Windows XP Ends on April 8, 2014. Since then, many of the customers I have
talked to have moved, or are in the process of moving, their organizations from Windows XP to
modern operating systems like Windows 7 or Windows 8.
There is a sense of urgency because after April 8, Windows XP Service Pack 3 (SP3) customers will
no longer receive new security updates, non-security hotfixes, free or paid assisted support
options or online technical content updates. This means that any new vulnerabilities discovered
in Windows XP after its “end of life” will not be addressed by new security updates from
Microsoft. Still, I have talked to some customers who, for one reason or another, will not have
completely migrated from Windows XP before April 8. I have even talked to some customers that
say they won’t migrate from Windows XP until the hardware it’s running on fails.
What is the risk of continuing to run Windows XP after its end of support date? One risk is that
attackers will have the advantage over defenders who choose to run Windows XP because
attackers will likely have more information about vulnerabilities in Windows XP than defenders.
Let me explain why this will be the case.
Page 2 of 18
When Microsoft releases a security update, security researchers and criminals will often times
reverse engineer the security update in short order in an effort to identify the specific section of
code that contains the vulnerability addressed by the update. Once they identify this vulnerability,
they attempt to develop code that will allow them to exploit it on systems that do not have the
security update installed on them. They also try to identify whether the vulnerability exists in
other products with the same or similar functionality. For example, if a vulnerability is addressed
in one version of Windows, researchers investigate whether other versions of Windows have the
same vulnerability. To ensure that our customers are not at a disadvantage to attackers who
employ such practices, one long standing principle that the Microsoft Security Response Center
(MSRC) uses when managing security update releases is to release security updates for all
affected products simultaneously. This practice ensures customers have the advantage over such
attackers, as they get security updates for all affected products before attackers have a chance to
reverse engineer them.
But after April 8, 2014, organizations that continue to run Windows XP won’t have this advantage
over attackers any longer. The very first month that Microsoft releases security updates for
supported versions of Windows, attackers will reverse engineer those updates, find the
vulnerabilities and test Windows XP to see if it shares those vulnerabilities. If it does, attackers
will attempt to develop exploit code that can take advantage of those vulnerabilities on Windows
XP. Since a security update will never become available for Windows XP to address these
vulnerabilities, Windows XP will essentially have a “zero day” vulnerability forever. How often
could this scenario occur? Between July 2012 and July 2013 Windows XP was an affected product
in 45 Microsoft security bulletins, of which 30 also affected Windows 7 and Windows 8.
Some of the people I have discussed this scenario with are quick to point out that there are
security mitigations built into Windows XP that can make it harder for such exploits to be
successful. There is also anti-virus software that can help block attacks and clean up infections if
they occur. The challenge here is that you’ll never know, with any confidence, if the trusted
computing base of the system can actually be trusted because attackers will be armed with public
knowledge of zero day exploits in Windows XP that could enable them to compromise the system
and possibly run the code of their choice. Furthermore, can the system’s APIs that anti-virus
software uses be trusted under these circumstances? For some customers, this level of confidence
in the integrity of their systems might be okay, but for most it won’t be acceptable.
As for the security mitigations that Windows XP Service Pack 3 has, they were state of the art
when they were developed many years ago. But we can see from data published in the Microsoft
Security Intelligence Report that the security mitigations built into Windows XP are no longer
sufficient to blunt many of the modern day attacks we currently see. The data we have on
malware infection rates for Windows operating systems indicates that the infection rate for
Page 3 of 18
Windows XP is significantly higher than those for modern day operating systems like Windows 7
and Windows 8.
Figure 1: Infection rate (CCM) by operating system and service pack in the fourth quarter of 2012 as reported in the
Microsoft Security Intelligence Report volume 14
I recently wrote about the findings of a new study on exploit activity that we just published:
Software Vulnerability Exploitation Trends - Exploring the impact of software mitigations on patterns of
vulnerability exploitation. This seven-year study indicates that attackers have evolved their attacks
to overcome one of the key security mitigations that Windows XP has: Data Execution Prevention
(DEP). Figure 3 shows the number of common vulnerabilities and exposures (CVEs) that had
exploits that would have been mitigated if DEP were enabled compared to the number of CVEs
that had exploits that bypassed DEP. With the exception of 2007 and 2008, there appears to be a
clear downward trend in DEP’s ability to retroactively break exploits. This trend is not because
DEP is no longer effective; rather, it is an indication that attackers have been forced to adapt to
environments in which DEP is already enabled—at increased cost and complexity. The evidence is
the increasing number of CVEs that had exploits that bypassed DEP.
Figure 2 (left): The number of CVEs that were exploited using specific exploitation techniques; Figure 3 (right): The
number of CVEs for which exploits were written that could have been mitigated by enabling DEP as compared to the
number of CVEs that had exploits that bypassed DEP
Page 4 of 18
This new data shows us that the predominate threats that individuals and organizations face are
now much different than they were when Windows XP Service Pack 3 was released. Turning on
the Windows Firewall in Windows XP Service Pack 2 and later operating systems forced attackers
to evolve their attacks. Rather than actively targeting remote services, attackers now primarily
focus on exploiting vulnerabilities in client applications such as web browsers and document
readers. In addition, attackers have refined their tools and techniques over the past decade to
make them more effective at exploiting vulnerabilities. As a result, the security features that are
built into Windows XP are no longer sufficient to defend against modern threats. Windows 8 has
significantly superior security mitigations compared to Windows XP as Figure 4
illustrates. Detailed information on the new security mitigations built into Windows 8 is available
in the aforementioned research paper.
Figure 4: The table below compares the mitigation features supported by Internet Explorer 8 on
Windows XP Service Pack 3 with the features supported by Internet Explorer 10 on Windows 8. As
this table shows, Internet Explorer 10 on Windows 8 benefits from an extensive number of
platform security improvements that simply are not available to Internet Explorer 8 on Windows
XP.
Page 5 of 18
Organizations need a level of certainty about the integrity of their systems. Minimizing the
number of systems running unsupported operating systems is helpful in achieving that. End of
support for Windows XP is April 8, 2014.
Tim Rains
Director
Trustworthy Computing
Windows XP's retirement could spark a hacker
feeding frenzy
Gregg Keizer, Computerworld@gkeizer
Page 6 of 18
Aug 13, 2013 7:07 AM
Gregg Keizer, Computerworldgkeizer@computerworld.com, Computerworld
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news.
More by Gregg Keizer, Computerworld
Cyber criminals will bank their Windows XP zero-day vulnerabilities until after Microsoft stops patching the
aged operating system next April, a security expert argued today.
Jason Fossen, a trainer for SANS since 1998 and an expert on Microsoft security, said it's simply economics at
work.
"The average price on the black market for a Windows XP exploit is $50,000 to $150,000, a relatively low price
that reflects Microsoft's response," said Fossen. When a new vulnerability—dubbed a "zero-day"—is spotted in
the wild, Microsoft investigates, pulls together a patch and releases it to XP users.
If the bug is critical and being widely used by hackers, Microsoft will go "out-of-cycle," meaning it will issue a
security update outside its usual monthly Patch Tuesday schedule.
But after April 8, 2014, Microsoft has said it will retire Windows XP and stop serving security updates. The
only exceptions: Companies and other organizations, such as government agencies, that pay exorbitant fees for
custom support, which provides critical security updates for an operating system that's officially been declared
dead.
"Suppose we get to a date post the end of Extended support, and a security problem with XP suddenly causes
massive problems on the Internet, such as a massive [denial-of-service] problem?" asked Michael Cherry.
Because Microsoft will stop patching XP, hackers will hold zero-days they uncover between now and April,
then sell them to criminals or loose them themselves on unprotected PCs after the deadline.
"When someone discovers a very reliable, remotely executable XP vulnerability, and publishes it today,
Microsoft will patch it in a few weeks," said Fossen. "But if they sit on a vulnerability, the price for it could
very well double."
Minus any official patching from Microsoft, XP zero-days and their associated exploits could remain effective
for months, maybe even years, depending on how well security software detects and quarantines such attacks.
Page 7 of 18
If Fossen's thesis is correct, there should be signs of bug banking, most notably a sharp reduction in the number
of publicly-disclosed or used-in-the-wild XP vulnerabilities during the fourth quarter of 2013 and the first
quarter of 2014.
"[Hackers] will be motivated to sit on them," Fossen stressed.
Looking back to look ahead
There really aren't precedents to back up Fossen's speculation, he acknowledged, because the last time
Microsoft pulled the plug on an edition was July 2010, when it retired Windows 2000. But according to metrics
firm Net Applications, at the time Windows 2000 powered just four-tenths of one percent of all PCs.
Windows XP will have a much larger share when it's retired next year: Based on XP's current rate of decline,
Computerworld has projected that the old OS will still run between 33% and 34% of the world's personal
computers at the end of April 2014.
That would be 80 times the share of Windows 2000 when it retired.
But even with Windows 2000's minuscule share when it left support, there were reports that an edition-specific
zero-day was created and sold.
"I heard rumors of a new zero-day being found and sold after the support period expired [for Windows 2000],"
said HD Moore, creator of the popular Metasploit penetration testing toolkit and the chief security officer of
security company Rapid7. "But there were few if any examples that ended up in the public eye."
Moore agreed with Fossen that XP bugs would be more valuable after April 2014, but contended that all
Windows vulnerabilities would jump in value.
"Something more common [three years ago] was backporting new security advisories into functional exploits
on Windows 2000," said Moore in an email. "Every time a server-side vulnerability was found in Windows XP
or 2003 Server, quite a few folks looked at whether this would also work against Windows 2000. My guess is
that the retirement of Windows XP will result in all Windows vulnerabilities being of slightly higher value,
especially given the difference in exploit mitigations between XP and newer platforms."
Very vulnerable
Page 8 of 18
It's far easier to exploit flaws in Windows XP than in newer editions, such as Windows 7 and Windows 8, noted
Moore, because of the additional security measures that Microsoft's baked into the newer operating systems.
Microsoft has said the same. In the second half of 2012, XP's infection rate was 11.3 machines per 1,000
scanned by the company's security software, more than double the 4.5 per 1,000 for Windows 7 SP1 32-bit and
triple the 3.3 per 1,000 for Windows 7 SP1 64-bit.
"Windows XP vulnerabilities will be valuable as long as enterprises utilize that version of the operating
system," said Brian Gorenc, manager of HP Security Research's Zero Day Initiative, the preeminent bug bounty
program. But Gorenc also argued that any XP zero-days would be outweighed by higher-priority hacker work.
"Researchers are primarily focused on the critical applications being deployed on top of the operating system,"
said Gorenc in an email reply to questions today. "Attackers and exploit kit authors seem to rely on the fact that
the update process and tempo for applications are not as well defined as those for operating systems."
Fossen, convinced that XP would be a big fat target after April 8, wondered whether Microsoft might find itself
in a tough spot, and back away from the line in the sand it's drawn for XP's retirement.
"If hackers sit on zero-days, then after April use several of them in a short time, that could create a pain
threshold [so severe] that people organize and demand patches," said Fossen.
The consensus among analysts and security experts is that Microsoft will not back down from its decision to
retire XP, come hell or high water, because it would not only set an unwelcome precedent but also remove any
leverage the company and its partners have in convincing laggards to upgrade to a newer edition of Windows.
But a few have held out hope.
"Suppose we get to a date post the end of Extended support, and a security problem with XP suddenly causes
massive problems on the Internet, such as a massive [denial-of-service] problem?" asked Michael Cherry, an
analyst with Directions on Microsoft, in an interview last December. "It is not just harming Windows XP users,
it is bringing the entire Internet to its knees. At this time, there are still significant numbers of Windows XP in
use, and the problem is definitely due to a problem in Windows XP. In this scenario, I believe Microsoft would
have to do the right thing and issue a fix."
Jason Miller, manager of research and development at VMware, had some of the same thoughts at the time.
"What if XP turns out to be a huge virus hotbed after support ends? It would be a major blow to Microsoft's
security image," Miller said.
Page 9 of 18
[Now read: Should you keep using Windows XP?]
Another option for Microsoft, said Fossen, would be to take advantage of a post-retirement disaster to do what
it's been doing for years, push customers to upgrade.
"They might also respond with a temporary deal on an upgrade to Windows 8," said Fossen, by discounting the
current $120 price for Windows 8 or the $200 for Windows 8 Pro. "Then they could say, 'We're aware of these
vulnerabilities, but you should upgrade.'"
Windows XP's End Of Life: Readers Respond
Jul 25, 2013 (05:07 AM EDT)
Read the Original Article at InformationWeek
You could fool yourself into thinking that people who still use Windows XP are just laggards, a bunch of
change-fearing folks stuck in the age of flip phones and Web 1.0. You could also buy into a theory that XP
usage stats are inflated by PCs that will never be upgraded or replaced; those machines will simply grow
old and die, and tablets and smartphones will rule the world.
Neither perspective would adequately explain why so many of the world's computers still run on XP. It's a
dozen years old and nearing the end of its so-called life -- which just means that Microsoft will soon end
support for the operating system. No more security patches, bug fixes, driver updates, you name it -- all of
that goes away on April 8, 2014, which poses potential risks for businesses and individuals who plan to
stick with XP beyond that date.
Yet less than nine months from XP's retirement party in Redmond, one in three PCs still run the OS,
give or take. OS usage statistics tend to vary based on a variety of factors. Microsoft estimates
around 30% of its small and midsize business (SMB) customers still use XP; recent market
share data from Net Applications said XP accounts for 37% of PCs around the world. These aren't
exactly "margin of error" numbers.
Recent emails and story comments from InformationWeek readers shed some light on the Catch-22 that
XP has become for Microsoft. XP has a been a whopping, enduring success -- so much so that its most
loyal users have little interest in buying newer versions of Windows nor, in many cases, newer hardware.
[ What's holding back Windows 8 tablets? Read Windows 8 Tablets' Big Flaw: Hardware Compromise. ]
Page 10 of 18
Here's what those readers have to say. (Note: Minor changes have been made to some responses to ensure clarity
without altering content.)
We Just Like XP Better -- So Why Change?
Reader "sholden334" wrote in a recent story comment: "When I got my new Windows 7 PC, I loaded Parallels and
transferred my whole XP work environment to a virtual machine. I find Access 2000 and Borland's C++ very
productive, Excel 2010 handles bigger spreadsheets and XP is rock solid. Why should I change?"
The Honda Civic Of Operating Systems
Likewise, Lee, an IT pro, wrote via email that he can't foresee any good reason to stop using his XP machine,
especially when it's more reliable than his newer PC. "I still have an XP computer that is running fine. The original
hard drive was dying and it was ghosted onto the current drive," Lee said. "It boots faster than my Windows 7
computer. Everything runs fine. Why should I get rid of it?"
In a piece a while back on my own Windows 8 hesitations, I felt oddly compelled to mention that I drive a 2002
Honda Civic. There might be something to the Civic mentality -- and some common ground with XP in terms of longterm reliability. By way of explaining his XP usage, Lee wrote: "I had a 1988 Honda Civic for 19 years and 140,000
miles because I turned the key and the engine started."
We'll Move When We Must (And Not A Moment Sooner)
"Moonwatcher" wrote in a story comment: "Businesses will move when they HAVE to. I'm still running XP on my
main home machine. Why? Because I've spent hours and hours configuring programs to work as I want them. I'm
not looking forward to repeating the process just to make Microsoft some money. I did have to buy a new PC recently
to run a computer-aided design (CAD) program for work and unfortunately at the time, Dell would not allow me to get
Windows 7, so I got stuck on (and hate) Windows 8. I only use that PC to run my CAD program. For all other things I
use the old, reliable XP box."
We'd Love To Upgrade -- If Only It Weren't So Difficult
Some businesses would like to upgrade but find themselves stuck in a constant tug-of-war for resources. Roy
Atkinson shared this hypothetical scenario in a story comment:
"If I am an application developer at a large, say, healthcare institution and 80% of the PCs there are running XP,
when we institute electronic medical records (EMR) software, what OS am I developing and testing for? XP, of
course. The project managers and hospital administration are likely pressuring me to complete the EMR rollout, so I
cannot stop now and then begin developing and testing for Windows 7 or 8, as much as the desktop support folks
would like me to. So, now we have a larger problem. I can't test for Win7 because I'm on a deadline, but I can't stay
on XP because it's on a deadline. My speed is holding up deployment of new equipment and OS.
Page 11 of 18
Many desktop support groups I talk to are losing sleep because they are stuck in this situation. They know exactly
how vulnerable XP will be once the patching stops, and they'd love to get a new OS rolled out, but they can't."
Firms not ready for Windows XP end-of-life could
face compliance risks
Archana Venkatraman Monday
13 May 2013 13:52
http://www.computerweekly.com/news/2240183957/Firms-not-ready-for-Windows-XP-end-of-life-couldface-compliance-risks
With less than a year left before Microsoft pulls the plug on its still-widely used operating system (OS)
Windows XP, companies must have a migration plan or risk facing compliance issues, warn analysts.
Microsoft will end support for Windows XP and Office 2003 by 8 April, 2014. The software giant warned
on its website that “If your organisation has not started the migration to a modern desktop, you are late.”
According to Microsoft, the average enterprise deployment can take 18 to 32 months from business case
through full deployment.
“To ensure you remain on supported versions of Windows and Office, you should begin your planning and
application testing immediately to ensure you deploy before end of support,” it said on its website.
Research firm Gartner has predicted that more than 15% of medium and large enterprises will still have
Windows XP running on at least 10% of their PCs after Microsoft support ends in April 2014. [
“Organisations must conduct several analyses on their application portfolios to help safeguard the
organisation after XP support ends, and in preparation for Windows 7 or 8 migrations,” advised Michael
Silver and Steve Kleynhans, vice-presidents in Gartner’s client computing team.
“For critical applications that can run on Windows 7, consider moving these users first. If Windows 7 can't
be used, prioritise these applications and users so that you can move them as soon as possible,” they further
advised.
According to Kevin Beadon, head of workspace & mobility at GlassHouse Technologies,the next two
months will be a tipping point for businesses that need to migrate applications.
“Those that fail to implement a migration or contingency plan over the next couple of months will risk not
being able to move their applications in time and come next April’s cut off point, may face compliance
issues,” warned Beadon.
Page 12 of 18
Companies need to guarantee that they are keeping pace and adapting their workplace to suit legalisation
requirements and new IT environments, experts said.
“This means ensuring they have the most effective tools in place to carry out the migration and to maintain
any new technology following deployment,” said Beadon.
End of support for Windows XP also means that Microsoft will stop developing security patches for it and
new vulnerabilities will continue to impact Windows XP on a regular basis. These vulnerabilities could
include critical flaws that could allow an attacker to take over or cripple a PC running it bringing new risks
to the business, Beadon said.
In addition, companies that made software for XP will also stop developing applications for it.
“Why would companies such as McAfee, Symantec, Kaspersky or Trend Micro bother maintaining a
product for an OS that is, for all intents and purposes, dead?” asked Gabe Knuth, a Microsoft application
and desktop virtualisation blogger on Computer Weekly’s sister site.
“The bottom line is that running Windows XP in your organisation on anything other than a desktop with
no network connection, floppy drive, USB ports, or CD drive is an outright liability, bordering on
irresponsible,” Knuth warned.
Some enterprise customers such as Jaguar Land Rover have already started migrating to Microsoft
Windows 7. The upgrade is part of JLR’s multi-million pound five-year IT project.
“We have decided to upgrade to Windows 7 instead of Windows 8 because a majority of our engineering
apps are still built for Windows 7," said Gordon McMullan, its chief technology officer (CTO).
Many applications will no longer be supported while running on Windows XP. Organisations may be on
their own to resolve issues and problems, which could result in system downtime, according to Silver and
Kleynhans from Gartner.
Glasshouse’s Beadon also highlighted legal issues around Data Protection Act which requires businesses to
use up-to-date software to protect information.
“If companies are using outdated operating systems with no support, then this could be deemed as a breach
of the Act,” he said.
“Companies should use the next 12 months as an opportunity to evaluate the benefits of a flexible
workplace strategy, while at the same time making the migration away from XP in good time before the
2014 cut-off date.”
Five Key Considerations Before Starting Your Windows XP
Migration
Page 13 of 18
Posted on
April 23, 2013 by Sarah Semple
http://blogs.vmware.com/euc/2013/04/five-key-considerations-before-starting-your-windows-xp-migration.html
by: Betty Junod, Director Product Marketing
If your organization still needs to move from Windows XP to Windows 7, you are not alone. According to a recent
study commissioned by VMware that surveyed 322 desktop IT professionals globally



64 percent of enterprise companies still need to migrate off of Win XP
52 percent of mid-sized companies still need to migrate off of Win XP
61 percent of SMBs still need to migrate off of Win XP
If you are starting to feel stress as we move closer and closer to the Win XP support expiration date of April 8, 2014, rest assured
that there is an easy way to tackle a company-wide OS migration project.
Migration and migraine do not have to go hand-in-hand as long as you take the time to prepare and use the right software tools to
simplify and speed up the process.
Common challenges such as end-user downtime, data loss, migration failures and effort to upgrade remote employees can all be
avoided if you plan ahead. To help guide you along the way, here are five key considerations to think about as you start to tackle
this project.
What does success look like? Moving all users to a new OS isn’t the only measurement of success. Consider what is important
with your migration plans to help you measure and prioritize. Are you most concerned with how quickly you can complete a
migration, cost of the project or the impact to productivity as in minimal downtime.
Know your landscape to help your migration planning.



What devices are out there today and how is that changing? Macs and BYOD really change how IT organizations need to
think about delivering and managing corporate Windows systems. Also many older PCs cannot run Windows 7 so an
audit will help you understand if you need new hardware
Understand your application landscape: Application compatibility can be a barrier to OS migration projects. Do you know
what applications will or will not work on the new operating system and what is the amount of work required to remediate
them? Application virtualization can help package and isolate some of those applications. Also running apps that require
XP inside of a secure VDI session helps to reduce the XP impact while supporting your business app while you remediate.
Who is impacted by this change and where are they? Have any users been updated already and of those remaining are
there any logical ways to group the end-users either by location or types of apps they are using to help you stage your
project. For employees at remote sites, what sort of network bandwidth and local IT support do they have?
Consider the upgrade approach. Traditionally there have been just two methods; in-place migration on the same hardware or
hardware refresh. However, virtualization and image layering technologies allow new ways of deploying the Windows 7 image
and applications to your end-users. If your device landscape is changing, this may be the right time to consider something
different.
A system change like Windows 7 presents an opportunity to re-evaluate how your organization delivers Windows-based systems
to the workforce and modernize its desktop strategy. Combined with the massive changes in end-user computing with device and
platform diversity, bring your own tech policies and increasing mobility are changing the way IT thinks about delivering services.
Page 14 of 18
Virtualization and image layering are modern strategies that offer added flexibility in an increasingly complex tech landscape to
easily segregate between personal and corporate services, enable corporate standardization, while quickening the pace of
delivery and reducing the cost of desktop support.
Virtual desktop infrastructure (VDI) allows you to deliver those desktops in the data center to allow roaming access to the same
desktop from any type of device regardless of platform. VDI allows for tablets, phones, thin clients and computers to interact with
a desktop without the hardware centric restrictions and thus extends Windows desktops and applications to new locations. IT
organizations can seamlessly deploy, update and patch virtual desktops without any impact to the endpoint devices.
Conversely image layering and local desktop virtualization allows for the image to execute locally but inside of a virtual
machine. Because the image is managed in layers, IT can selectively update the base OS layer to Windows 7 for in place
migration or selectively migrate the end-user personalization to a new Windows 7 endpoint. This option allows for an employee or
company owned computer to have the Windows image running inside a virtual machine isolated from the native system and
unlike VDI, the system runs locally so is also available offline.
So where are you in your migration process? What approach did you choose or plan to choose?
Windows XP users dismiss concerns over April
2014 End of Life
News 10
Apr, 2013 Caroline Donnelly
Read more: http://www.itpro.co.uk/operating-systems/windows-xp-windows-7-migration/19585/windows-xp-users-dismissconcerns-over-april#ixzz2czSkCIco
Windows XP users should not feel under pressure to ditch the aging OS, just because Microsoft is pulling support for the software
next April.
That’s the view put forward by market watcher Ovum, who claims
around 28 per cent of corporate Windows users are
still on XP.
Richard Edwards, principal analyst at Ovum, said the time and cost
better spent elsewhere.
that goes into a company-wide rollout of a new OS could be
XP is the daddy and I don’t understand why Microsoft just don’t release a SP4 and charge
for it.
“The cost of upgrading hundreds or thousands of desktop and laptop computers to a new operating system is significant in terms
of time and money, so organisations should consider how their IT budgets might be invested in more innovative projects,”
Edwards suggested.
“If we assume that Windows XP systems have the latest patches, fixes and up-to-date security software installed (and Internet
Explorer 6 has been replaced with a more modern web browser), there is no reason to believe that life after [April 2014] will be
any different than before it," added Edwards.
Page 15 of 18
Final countdown There were renewed calls this week for business users to upgrade to Windows 7, as Monday marked the start
of the one-year countdown until Microsoft stops rolling out XP security and technical updates.
According to recent industry estimates, around
600 million of the world’s PCs are still
thought to run the software more than a decade after its release.
XP users will be given the option to pay Microsoft for custom support of the platform post-April 2014, but some IT Pro
readers think the software giant could do more to help those that want to stick with it.
An IT Pro reader, going by the name of Shakeel, said Microsoft should consider offering other forms of paid-for XP
support once it reaches End of Life.
“XP is the daddy and I don’t understand why [Microsoft] just don’t release a [service pack 4 patch] and charge for it, if
they want money from businesses [using] XP,” Shakeel commented.
“People don’t want to have to reprogram their software for Windows 7 and Windows 8 [and] it’s just not [financially]
feasible in the current [economic] climate.”
This view won the backing of another member of the IT Pro reader community, Petrolmaps, who claimed upgrading
to Windows 7 was a cost few users can justify.
“I know for certain that one of the software packages that I use regularly at home will not run in Windows 7 and will
cost another £200 to upgrade or replace,” Petrolmaps added.
“There are freeware alternatives...but I can't say that I am anywhere near as productive with it as I am in the XPbased package. So, essentially, Microsoft's decision is costing me the thick end of £1,000.”
However, the official line from Microsoft is, "using XP after April 2014 is an 'at your own risk' situation for any
customers choosing not to migrate."
Gartner Says Demand for Highly Qualified Windows 7
Migration IT Personnel Will Exceed Supply in 2011 and 2012,
Leading to Higher Service Rates
August 26, 2010 http://www.gartner.com/newsroom/id/1427413
The need to migrate from Microsoft Windows XP and Windows 2000 to Windows 7 in a tight time frame will
create an extra budgetary and resource burden on companies from 2011 to 2012, according to Gartner, Inc.
During that period, demand for highly qualified Windows 7 migration IT personnel will exceed supply, leading to
higher service rates.
Gartner analysts said most organizations will need to find extra funds or redirect budgets away from other
projects to complete the Windows migration on time.
Page 16 of 18
“Corporate IT departments typically prefer to migrate PC operating systems (OSs) via hardware attrition, which
means bringing in the new OS as they replace hardware through a normal refresh cycle,” said Charles Smulders,
managing vice president at Gartner. “Microsoft will support Windows XP for four more years. With most
migrations not starting until the fourth quarter of 2010 at the earliest, and PC hardware replacement cycles
typically running at four to five years, most organizations will not be able to migrate to Windows 7 through usual
planned hardware refresh before support for Windows XP ends.”
Faced with this need to accelerate migration in 2011 and 2012, organizations have three options:
Accelerate PC Replacement Plans
Buying new PCs with the OS upgrade ensures that machines have a full set of compatible drivers and a basic
input/output system (BIOS). This course of action also reduces the number of times the machine is touched
during its life and ensures that it will have a reasonably long operational life with the new OS over which to
amortize the costs of the migration.
Assuming a 10,000 PC environment, where all PCs are replaced, Gartner estimates that the migration cost per PC
will be between $1,205 and $1,999, depending on how well-managed the environment is. While the overall cost
to migrate is lower than other scenarios, the down side is that the capital costs account for about 60 percent of
the total replacement cost, so the capital budget will be larger than in the upgrade case.
Upgrade Installed PCs
Using existing PCs will reduce the capital costs of migration, but will not reduce the labor costs of migration.
Assuming the same setup as above — a 10,000 PC environment, where all PCs are upgraded — the migration
cost per PC will be between $1,274 and $2,069, depending on how well-managed the PC environment is. This
assumes that 25 percent of the machines will need a hardware upgrade to run the OS.
While the capital costs are reduced in this case, upgrading an installed PC simply postpones the inevitable
replacement for two to three years. Users will need to be migrated twice, rather than once, during a four-year
period.
Evaluate Partial Migration
For task workers, such as data-entry roles (these account for about 15 percent of the population in a typical
organization), migrating from a PC to a hosted virtual desktop (HVD) environment is an alternative to PC
migration. It would potentially speed up deployment, because it is one image deployed centrally. However, an
HVD does not solve the budget issues, because of the incremental cost of the data center and network
infrastructure needed to run an HVD. Also, it does not solve the IT support staff issue, since they will be involved
in the HVD rollout.
The Cost of Labor
"Whether replacing or upgrading PCs, it is clear that Windows 7 migration will have a noticeable impact on
organizations' IT budgets," said Steve Kleynhans, research vice president at Gartner. "Based on an accelerated
upgrade, we expect that the proportion of the budget spent on PCs will need to increase between 20 percent as a
best-case scenario and 60 percent at worst in 2011 and 2012. Assuming that PCs account for 15 percent of a
typical IT budget, this means that this percentage will increase to 18 percent (best case) and 24 percent (worst
case) which could have a profound effect on IT spending and on funding for associated projects during both those
years."
Gartner expects the cost of IT labor to increase during 2011 and 2012 as demand for Windows 7 migration
services spikes. These cost hikes are likely to continue in 2013, as organizations recognize that they are behind
in their migrations.
“We estimate that large and midsize organizations worldwide will migrate approximately 250 million PCs to
Windows 7, during the migration timeline, so it makes sense for organizations that plan to leverage external
services to line up service providers early,” Mr. Smulders said. “Begin talks with suppliers now about putting in
place contracts that can deliver flexible levels of resources at a fixed rate over the migration period.”
Page 17 of 18
Additional detail is available in the Gartner report “Prepare for Your Windows 7 Migration Crunch". The report is
available on Gartner’s website at http://www.gartner.com/resId=1390130.
About Gartner Symposium/ITxpo
Gartner analysts will provide more detailed analysts regarding Windows 7 migration issues at the upcoming
Gartner Symposium/ITxpo, October 17-21, in Orlando, Florida. Celebrating its 20th anniversary, Gartner
Symposium/ITxpo is the world's most important gathering of CIOs and senior IT executives. This event delivers
independent and objective content with the authority and weight of the world's leading IT research and advisory
organization, and provides access to the latest solutions from key technology providers. Gartner's annual
Symposium/ITxpo events are key components of attendees' annual planning efforts. IT executives rely on
Gartner Symposium/ITxpo to gain insight into how their organizations can use IT to address business challenges
and improve operational efficiency. Additional information is available at www.gartner.com/symposium/us.
Members of the media can register for the event by contacting Christy Pettey at christy.pettey@gartner.com.
Contacts


Christy Pettey
Gartner

+1 408 468 8318 begin_of_the_skype_highlighting
8318 FREE end_of_the_skype_highlighting
christy.pettey@gartner.com

+1 408 468
Page 18 of 18