The end of Windows XP support: what it really means for businesses and their health & safety management systems
5 February 2014 - SHE Software Ltd
April 2014 sees the end of support for Windows XP, Windows Server 2003, Exchange Server 2003, Small Business Server 2003 and Office 2003.
By then, the 2003 wave of products will be 11 years old, and Windows XP will be 13. Office XP ran out of support in December 2011, but Windows XP’s lifecycle was extended a couple of times because people stubbornly refused to move away from it. Anyway, at T-minus two months and counting, what exactly does "end of support" entail? Should you be worried?
With about a third of all PCs in the world still running Windows XP, it’s highly unlikely that Microsoft will remove all the patches for it from Windows Update yet, but there won’t be any more arriving. If anyone in a black hat finds a new security hole to exploit, Microsoft isn’t going to be doing anything about it in future. Security holes in Windows and Office aren’t rare, as you can tell from the regular stream of patches that appears on the second Tuesday of every month. Once Windows XP and Office 2003 go out of support, there won’t be any more patches for those products, and the likelihood of your PC catching something nasty will increase, no matter how good your antivirus software.
We can’t know by what factor it will increase, but around a third of malware infections can be traced to missing security patches; that is, if the computer had been kept up to date, it wouldn’t have become infected. Even though infections and virus threats are increasingly common – up 182% year on year in 2012 – Windows 7 is still far less likely to be infected than Windows XP if you’re running anti-malware protection; if you don’t have real-time malware protection in place, Windows XP and Windows 7 are about on a par for infection rates.
Windows 8 comes with real-time protection built in and turned on by default, so its infection rates are incredibly low – you’d have to consciously turn off Windows Defender to reach any significant infection rate.
Security patches that are released for more up-to-date versions of Windows and Office will probably be reverse-engineered by malware writers to see whether Windows XP and Office 2003 share the same vulnerabilities; if they do, those old products will become even more at risk, since their now-known holes will surely be exploited.
Eventually, there will be fewer computers in the field using this obsolete operating software. Fewer pieces of malware will be written to target their vulnerabilities, and fewer instances of that malware will be in circulation. This kind of "security by obscurity" (which is often claimed by Mac aficionados) is a long way off yet, however, and you shouldn’t be sitting on your hands in the meantime.
Many personal users and small businesses belong to the "if it ain’t broke, don’t fix it" school of thought. Why should they spend money on new computers, software or operating systems when what they have works perfectly well for them?
You can understand and sympathise with this attitude, but we’re rapidly reaching a point where the risks aren’t worth it. If a fire took out your company’s offices and destroyed your paper records – the only records you had – you wouldn’t know, and certainly couldn’t prove, who owed you what money, and you’d go out of business. If you had computer records, you’d be in the same boat if you lost those computers in a fire and didn’t have off-site backups.
The bad news is that a serious malware infection can wreak much the same havoc: it can hold your data to ransom by hiding your files, only giving them back if you pay the malware’s writers for "support". It can also infect your backup files so that the infection will return after you’ve rebuilt your computers and reinstalled your backups. Such an infection can slow your machine to a crawl, and if it starts sending spam or virus emails from your machine, your legitimate emails risk being refused by the recipients’ email servers because you’ve been blacklisted as a spammer. All these things can hamper or cripple your business for days or weeks.
Good antivirus software can only do so much, and fully patched software and operating systems are essential to keep your computers and business running. You must move off Windows XP, Server 2003, Small Business Server 2003 and Office 2003 before the April deadline. In order to upgrade to Office 2013 you must move to Windows 7 or 8 anyway, and if you’re running a version of Office before 2003 – Office XP, 2000, 97, or 95 – then you’re already way beyond support.
A computer is far more like a car than a filing cabinet, in the sense that it needs regular maintenance and servicing: you can’t expect it to keep working year after year if you don’t look after it properly. Think of it this way – you have around six months before your garage says they won’t be servicing your car any more. It’s steering and brakes might be knackered, its seatbelts frayed and its air bags absent, but since the manufacturer isn't making the parts anymore, you’re going to have to do something or take the risk of crashing and losing everything.
How does this affect your health & safety management?
With your staff, customers and the general public relying on your organisation to keep them safe and a rigorous regulatory framework to keep you legally compliant, running an unsupported safety management system just isn't an option.
You may be using a paper based system that is supported by Excel spreadsheets or an Access database. Alternatively, your system may have been developed by your internal IT department utilising Microsoft Office. If the version of Microsoft Office being used is XP, 2000, 97, or 95 then your safety system will be running on unsupported software as of 8th April.
Should your safety system be utilising the soon to be Microsoft Office products, you will be leaving yourself open to the security holes and malware attacks as discussed earlier that could render your data and back-ups unusable. This could result in your safety management system being non-complaint and, should the worst happen, the company would face the direct and indirect costs of accidents (including Fees for Intervention) and those Directors who are personally liable could face prosecution.
Why Assure is different and you are protected
Assure is not an installed product. Assure is a hosted ‘cloud based’ solution meaning the software is available via any web enabled device. This means that we are able to work with a single instance of our software making maintenance simpler and cheaper and the software more robust and reliable. This also means that our software can be reconfigured…by you, with support from us as required to meet your changing needs. This eliminates the need for the future expensive upgrades, including unsupported software products that bedevil bespoke and in-house developed systems.
You automatically benefit from product improvement with updates to your hosted solution happening regularly and behind the scenes. Assure has evolved over a period of 17 years guided by our dialogue with experts across our customer base and user group. We constantly update our solution to meet the latest regulations, add new features and take advantage of useful changes in technology. We drive relentlessly to make our software even easier to use.
Towards a better understanding: supporting mental health in the workplace
10 October 2019 - SHE Software Ltd
When we talk about health and safety, do we consider the importance of supporting employees’ mental health in the workplace? As World Mental Health Day comes around, we look at the importance of..
A Wee Dram of Whisky in the Big Easy: SHE Software at Safety 2019
28 May 2019 - SHE Software Ltd
Did you know that a Scot named John Law, while serving as finance minister for France’s Duke of Orleans, was granted Louisiana in a charter in 1717? And, just three days later, his resolution to..