This is my experience being a Sysadmin working in the UK, trying to convince the CIO and CEO of our urgent need to replace our XP machines with Windows 7 workstations
Despite writing this report for the CEO he still said that we can not justify the need at present... We will no longer be in compliance of the Data Protection Act due to our Windows XP Custom Service Agreement with Microsoft expiring on 8th April 2014 as one of the features of the Act is that all software must be kept up-to-date. Due to the possibility of the users having accessing to financial data, there is another set of finance related compliance laws that we may be no longer compliant with - Payment Card Industry guidelines. Only Microsoft Premier Customers are permitted to buy a continued CSA to ensure they remain compliant.
By not upgrading the computers running Windows XP they will be prone to more serious virus attacks, malware attacks, man in the middle attacks, and potential data theft from external sources as Microsoft will no longer be providing updates for known and newly discovered vulnerabilities.
AVG have confirmed that they will continue to provide antivirus definitions until April 2016, but will not be updating the software packages. Microsoft will continue to provide definition updates for its own Microsoft Security Essentials package until 14th July 2015 but only to computers that had Microsoft Security Essentials installed before 8th April. We will not be able to download Microsoft Security Essentials for Windows XP workstations after the End of Life date, but what is not clear is whether it will allow a previously downloaded version to be installed.
Despite the continued use of antivirus software across all Windows Platforms, Microsoft have said in their latest Microsoft Security Intelligence Report, that Windows XP workstations suffer the most infections of any platform. As the below illustration shows, most attempts to infect workstations are targeted at Windows 7 but most of these will fail due to its increased resilience to attack. While Windows XP will allow most of these attempted attacks to successfully infect the workstation.
Microsoft Security Intelligence Report Graph: http://uktechblogger.tumblr.com/image/80765389822
Other concerns with continuing to use Windows XP is that the browser support is up to Internet Explorer 8 meaning that all the security vulnerabilities that have been left exposed with not be plugged like they would be for Internet Explorer 9 and above. This would result in an increased risk of triggering denial of service attacks, remote access and monitoring, falling victim to man in the middle attacks, and not being protected from spam email orientated attacks.
Based on all this information, including the below References document verifying all the above points, I believe we are opening ourselves up too much to all the different risks of using an expired operating system and I would strongly recommend upgrading from Windows XP as soon as feasibly possible.
One last thing to consider is the age and state of the physical computers, based on the records of the XP workstations the computers were setup in 2004. They have a 1.6Ghz dual core processor with 1GB of RAM. The software we use requires a minimum 2Ghz processor with 2GB of RAM.
Click the following link for the references details used to create this document.
http://uktechblogger.tumblr.com/post/80764855181/reference-reasons-why-you-should-move-away-from-windows













