Navy, Others still Struggle with Ditching Windows XP

On April 8 when the company officially stopped distributing routine updates and security patches for XP, at least one in four of the world’s desktop computers were still relying on the operating system.

by Robert McCabe, McClatchy News Service / June 16, 2014

For years, Microsoft warned users of its popular XP operating system to start looking for another way to run their computers.

XP’s days were numbered, the software giant said.

But on April 8 when the company officially stopped distributing routine updates and security patches for XP, at least one in four of the world’s desktop computers were still relying on the operating system.

And not just any computers. Some of America’s biggest companies hadn’t yet completed the switch. Neither had the U.S. military, including the Navy.

“It’s a big Navy problem and we’re trying to get our hands around it still,” Steve Dunn, executive director of the Atlantic operations of the Space and Naval Warfare Systems Command, said in an interview.

Dunn said at a lunch briefing with contractors last month in Norfolk that the Navy is using XP widely throughout the fleet, including in critical weapons systems.

That necessitated a deal with Microsoft to continue getting support for a while.

“Given the scale and scope of Windows XP’s use, the Department has a Custom Support Agreement with Microsoft that provides support for all critical security hotfixes and helps maintain our security posture for both ashore and afloat networks,” the Navy said in an emailed response to a query from The Pilot.

The agreement is good for the next three years and is expected to cost about $3.6 million for the first year, according to the Navy.

The sea service is far from alone.

XP’s market share of more than 25 percent makes it the world’s second-most-used desktop operating system, according to Windows 7, the system to which most users are converting, has about half of the market.

Other large XP customers that weren’t able to transition to another system by April 8 are being offered continuing support, a Microsoft spokesman said in an emailed statement. But that service, which customers pay for, is only as a “temporary, last resort to help bridge the gap during a migration process to a modern OS, as the newest technologies provide the optimal chance to be and stay secure.”

With Microsoft’s support for XP waning, users are increasingly vulnerable to holes that Internet criminals can exploit, IT experts have warned.

A quick survey of some big Hampton Roads companies found that they had generally beaten the clock, having successfully transitioned the vast majority of their computers to Windows 7.

Huntington Ingalls Industries Inc., parent of Newport News Shipbuilding, said it finished migrating roughly 17,000 computers to Windows 7 in April.

After an effort that took about 2 1/2 years, Norfolk Southern Corp. for the most part is done.

It had about 12,000 computers to convert from XP. As of early this month, less than 2 percent remained in line for conversion to the newer operating system.

“We’re still waiting on some vendors to make the necessary changes to their software so we can convert the application to Windows 7,” the Norfolk-based railroad said.

The process involved the remediation and testing of about 800 applications and required “an entirely new deployment and desktop management toolset,” it added.

Cox Communications Inc. in Virginia said it finished upgrading more than 2,000 computers to Windows 7 in March.

Most of Sentara Healthcare’s users are no longer using Windows XP, and, for the few that are, “we have a remediation plan and the necessary safety protocols in place,” Beth Hickman, a spokeswoman for the Norfolk-based health system, wrote in an email.

The switch has been a boon to Tidewater Community College’s Computers for Student Success program, a Microsoft-certified refurbisher that takes old computers, upgrades them with copies of Windows 7 it gets for $6 and then donates them to students in need and nonprofits.

It’s recycled about 5,170 computers since the fall of 2009, including 1,800 last year.

“We’re still getting a lot of computers from companies,” said Gary Noah, the coordinator. “It’s been a gradual build since last fall.”

Bigger companies with information technology departments, help desks and deeper pockets have had an edge in dealing with the XP situation, said Warren Marcelino, desktop support manager at Old Dominion University, which has moved all but a trace of its computers – less than 1 percent – to Windows 7.

“I think the biggest hurt would be on smaller businesses who don’t have IT,” he said. “They may not have the budget for all these things. Some of them may not realize this is a problem for them.”

“It’s a bit of a tightrope that they have to walk,” said Martin Joseph, president of 360IT PARTNERS, a Virginia Beach-based IT company with clients using from 10 to 300 computers.

Doing nothing, though, is not an option because companies that suffer data breaches are more likely to go out of business, he said.

“The head-in-the-sand thing isn’t going to work,” agreed Jeri Prophet, president and CEO of IntellecTechs Inc., a managed IT service provider based in Virginia Beach that has about 375 clients of all sizes.

“If you’re browsing the Internet, you’re vulnerable; if you’re connected to a network, you’re vulnerable,” she said.

Prophet has found that small companies are where “making the switch, just pulling the trigger” has been an issue.

It can cost hundreds of dollars to upgrade or replace a computer, which translates into potentially tens of thousands of dollars for a company with a few hundred of them.

“To buy 250 computers for a large small business – that’s a lot of money,” she said.

Industry experts say the issue of who’s still on XP and who isn’t is somewhat sensitive.

“It’s probably not advisable to advertise that some Company X is 30 percent completed with their XP-to-7 migration,” said Mick Vollmer, executive vice president/technology innovation at Suffolk-based TowneBank. “You know, a 15-year-old sitting at home, reading a newspaper, might go, ‘Well, I think I want to go out there and see if I can hack their site or hack some of their computers, see what I can do.’ ”

Vollmer, who also is chairman of a Hampton Roads roundtable of chief information officers, said he couldn’t say accurately where most of the region’s businesses stand regarding the Microsoft issue.

“It’s one of those things that would be a closely held data point for most of them,” he said.

In use since October 2001, Windows XP dominated the operating system market.

XP had nearly 84 percent of global usage market share in November 2007 and it’s been declining ever since, according to the website, whose data history began the same month.

A website spokesman said it’s almost certain that XP’s global market share was even higher sometime prior to that.

Microsoft released its Vista software to businesses in November 2006 and to the general consumer market in January 2007, according to the company.

Though it never really caught on, with most users choosing to stick with XP, in September 2007 Microsoft announced that it planned to end XP support.

So its demise hasn’t exactly been a surprise.

“Plenty of time to get off the product; plenty of time to move to Windows 7 or Windows 8,” Vollmer said.

“People refused to make that move because they like the product and it works for them. Well, now they’re using a product that’s not being patched,” he said.

The patches are code vulnerability updates, fixes that mend weaknesses found in operating systems that if not repaired could, over time, allow hackers to exploit them, said Rizwan Bhutta, an IT official at ODU.

The problem, he said, is that all of the Microsoft operating systems, even the newer ones, have some common code among them.

As vulnerabilities are found in the newer systems, Microsoft will identify them and release patches to fix them.

The concern is that hackers will be able to “reverse engineer” and try to exploit unprotected XP machines based on the patches sent out to fix the newer systems, Bhutta said.

“There’s a very high chance that they will succeed in doing that,” he said. “So that is the biggest concern everybody has.”

Prophet said work-arounds to the XP support problem can be easily found through Google searches, though she acknowledged that an IT-savvy person might be needed to assist.

And any of these fixes should be viewed only as temporary, she added.

“It’s a short-term solution to allow you a little bit more time to get those replacements in, but it’s definitely not a long-term solution.”

There seems to be general agreement that upgrading to a new computer that has Windows 7 on it is the most cost-effective choice in the long run.

While XP machines generally can support Windows 7, the cost of a new license as well as any IT help needed to make the transition gets one within range of the cost of a new computer.

©2014 The Virginian-Pilot (Norfolk, Va.)