The drumbeat of Windows XP end of life got louder this month, sparked in part by the CDW PC hardware vendor. A tech talk from Spiceworks, the social network of the tech professional, focused on the practical needs of any company that plans to rely on Windows beyond Microsoft's end date. There's a deep set of forum questions being discussed on the Spiceworks site. The commentary echoed the situation that MPE/iX managers muddled through from 2006 to 2010, those grey years when HP seemed to want to exit the 3000 market, but changed its course a few times.
And it has some distinct similarities. Microsoft will sell Custom Support -- at about $200 per PC -- after XP's end of life. This recalls the two years of custom MPE vintage support sold by HP in 2009-10. So naturally, the XP-using community hopes this bodes well for an extension of Microsoft's XP life. From PC World:
Because Microsoft sells Custom Support agreements, it's obligated to come up with patches for critical and important vulnerabilities. And it may be required to do so for years: The company sells Custom Support for up to three years after it retires an operating system. Participants receive patches for vulnerabilities rated "critical" by Microsoft. Bugs ranked as "important," the next step down in Microsoft's four-level threat scoring system, are not automatically patched. Instead, Custom Support contract holders must pay extra for those. Flaws pegged as "moderate" or "low" are not patched at all.
Users are trading their lore and wishes on the Spiceworks site. One question that came up was "what happens on the day that Microsoft support ends?" The answer is similar to the one for the MPE world: XP will continue to operate beyond a vendor's "end of life," in this case, April, 2014.
I'm assuming no one knows for sure what will happen to XP machines that remain in use after the EOL, but I have my guesses. I'm thinking that a week or two after the EOL, a malware or virus will be released, and since there's no OS patch for it, it will easily spread in the wild. Windows XP machines will then be either useless or very hard to use.
The situation could be more dire for the millions of companies using Windows XP, because malware is aimed at these systems constantly. One theory, however, proposed that the XP community would shrink in size and become less of a target than more current Windows releases.
If the virtual desktops have no Internet access they'll be fine. The only real issue with XP after April will be the lack of patches. If your machines aren't exposed, I don't see why you should be concerned.
There's sometimes sensible logic that can be traced through the security-via-obscurity argument. It helps if your environment was never targeted to begin with. HP's own Unix continues to draw malware breeches every week, while the diminishing MPE installed base has had no new security problems. "Potential security vulnerabilities have been identified in Java Runtime Environment and Java Developer Kit running on HP-UX," HP reported this month. "These vulnerabilities could allow remote unauthorized access, disclosure of information, and other exploits."
We're in no hurry at all and we have easily over 100 systems on XP.
Problem is, XP works just fine with all our contemporary apps (Office 365, various SQL clients, etc) so transitioning upward only translates to Accounting as a hardware cost without any obvious benefits. Somehow I am unable to sell the idea that email or Excel sheets will be created/sent or edited any faster with a fleet of shiny new PCs using the interface formerly known as Metro.
That said, we will be slowly leaving this low orbit, just without any panic. Maybe if the Microsoft-promised XP targeting malware surfaces on April 15th we'll speed it up. This is no Y2K, replace all your computers or die moment, not by any stretch of the imagination.
And as HP 3000 customers learned, not even Y2K was the calamity that some feared. Replacing computers wasn't necessary in that situation. On the other hand, putting Windows 7 or 8 on systems built 12 years ago will have its performance challenges.
And yes, HP still maintains a code for MPE's software products, included as part of the legend in its Security Bulletins.