A 2002-vintage PC of mine resides in my parent’s basement. My dad boots it to check Italian newspaper websites, then shuts it down when he’s done.
That PC runs Windows XP, which is fine for him. But lawyers whose computer use extends beyond my dad’s need to move beyond Windows XP.
Actually, they needed to stop using XP on their work computers before April 8 of this year. Microsoft put it best on its website: “After 12 years, support for Windows XP will end on April 8, 2014. There will be no more security updates or technical support for the Windows XP operating system.” Support for Office 2003 also ended on April 8.
Of the two, Windows XP is the more crucial. Again, from Microsoft’s site: “PCs running Windows XP after April 8, 2014, should not be considered to be protected…from malicious attacks.”
An explanation: malicious hackers often seek information they can profit from. That drive makes law firm computer systems very appealing targets, with their client ID information, case management files and other confidential data that hackers could use or sell.
An outdated operating system makes a hacker’s work easier. Since untold millions of lines of code go into an OS like Windows XP, “it’s normal, unfortunately, for mistakes to creep in,” says Ben Sapiro, a senior manager in risk consulting for KPMG. “These mistakes sometimes turn into defects that could allow criminals to gain unauthorized access.”
Even after more than a decade of widespread commercial use, it’s safe to assume that not all of XP’s vulnerabilities have been found. Those that are found after April 8 won’t be fixed, so hackers will have a perennially open door on any Windows XP system.
“Custodians of client data must ask themselves what in their risk management process let them continue to run XP after the announcement that it would be retired,” Sapiro says. “Microsoft has not been quiet about Windows XP being retired. In fact, they extended the date quite significantly because there was an initial outcry.”
Sapiro notes that applications (like those in Office 2003, which will also not be updated any longer) can also contain security defects. Opening just one deliberately corrupted file on a target computer could trigger an exploit and open a system to unauthorized remote access.
Despite the dangers of continuing with XP, various estimates on the web suggest it still ran about 30 per cent of all PCs in early 2014. “It was a great operating system for its time, as evidenced by its longevity,” says Marc Aubé, Windows consumer marketing leader at Microsoft Canada. “There’s lots of affinity
for it even years after” it was released in 2001.
Where Microsoft goes, other technology companies tend to follow. You might find that the software you want to use is not supported on XP. Any peripherals (printers, scanners, etc.) you buy might not work with XP.
Law firms can choose from several migration paths. If you shop around, you can buy new PCs with Windows 7 installed. (According to its website, Microsoft will provide mainstream support for Windows 7 until 2015 and extended support until 2020.) Smaller firms may find themselves restricted to Windows 8.1, whether they update their existing computers or buy new hardware.
You can also leave Windows, which runs more than 90 per cent of the world’s computers. Other computer operating systems include Linux, Apple’s Mac OSX and Google Chrome. You may need to spend time
learning them, but many people find that Windows 8.1 is different enough that it also takes some getting used to.
Before you switch to another OS, ensure that your software works on it and you can get support. The application hurdle might not matter for firms that work from cloud-based systems, most of which require little more than standards-compliant web browsers to function.
Aubé lists a number of benefits 8.1 offers, including increased speed, better security and a wide range of modern hardware that offers features — like Touch UI — that weren’t around when XP hit the market.
Do you plan to stick with XP? I wish you luck, and suggest the following.
- Reconsider your choice to stick with XP. Your computer system will be less prone to malicious hacking if you upgrade from Windows XP.
- Get XP off the network. Consider unplugging the network cable and shutting down WiFi permanently. If that isn’t possible, at least don’t browse the web or send and receive e-mail using XP.
- If you can’t isolate an XP machine, restrict the traffic flowing to it using a firewall.
- Keep an anti-malware system installed and up to date. Anti-malware protection may not be supported for much longer, but use it and update it for as long as possible.
- Use a limited user account. Any malware that tries to make changes to your computer will likely need administrative privileges, so don’t sign in to your PC as an administrator.
- Switch web browsers. Internet Explorer 8, the last browser to work on XP, won’t be supported forever. Make another browser the default. Windows-friendly choices include Google Chrome, Mozilla Firefox, Opera and Apple Safari. They’ll be kept current for as long as they’re supported on XP.
- Remove unneeded software. If you don’t use certain software on your computer, remove it. Limit use of browser plugins like Adobe Flash, Adobe Reader and Java.
- Limit use of XP. If you need XP to run specific systems, use only those systems in XP. Do the majority of your computing, especially e-mail and web browsing, using another operating system. Meanwhile, look for replacements for the systems that oblige you to hang on to XP.
- Get all the latest patches. Make sure Windows XP and Office 2003 (if you use it) have every last patch available. Those were publicly distributed on April 8, 2014.
- Consider “virtualizing” XP. You can run XP on another computer much as you would another piece of software. To do so, you first install virtualization software, then install XP inside that software, and finally install the programs you absolutely need within XP.
This article originally published in Lawyers Weekly Magazine. To view a print version of this article, click here.