Now in Legal Rebels:
Posted Mar 01, 2014 08:59 am CST
It’s a day PC users always knew would be coming: On April 8, all Microsoft support for the Windows XP operating system ends, leaving XP users vulnerable to new security breaches.
“We are advising our clients to move away from XP,” says Peter Coons, senior vice president at D4, an e-discovery and computer security firm headquartered in Rochester, N.Y. “Currently, XP bugs that are uncovered by hackers can be sold on the open market for $50K or more. When these bugs are exploited, they can cause major headaches—and losses—for corporations and users.” John W. Simek, vice president at Sensei Enterprises in Fairfax, Va.—a computer consulting firm for law firms—agrees, though he adds that some observers may be overstating the threat.
“I’m not sure what amount of effort is being exerted in trying to discover new flaws in XP for future exploit,” he says, “but I don’t think it is nearly as big as what some report. Having said that, I do believe that there will be attempts to compromise XP systems after the security updates stop.”
Other IT security analysts predict hackers could have a field day poking holes in XP’s security after Microsoft abandons the OS, knowing full well that any security vulnerabilities they find will no longer be patched by the software maker.
“One can assume that hackers may be hoarding such knowledge today in the hope it can be sold for more after April 8,” Coons says.
More than 12 years old, the extremely popular Windows XP is still used at 37 percent of law firms, according to a 2012 survey by the International Legal Technology Association.
For law firms—with both their ethical responsibility to protect client privacy and their high visibility as targets for hacker mayhem—a change in OS only makes sense. So the reluctance of law firms (and other businesses) to migrate from XP has been a source of much consternation at Microsoft, which for years has been beseeching companies to move to more current versions of the operating system.
The problem, in part, is that XP was—and is—a home run for Microsoft. Over the years, the OS has earned a reputation as very stable and very reliable. Plus, XP runs many software programs that are simply not compatible with later versions of Windows, a major sticking point for law firms.
Even so, amid all the reluctance and grimacing over Microsoft’s newest—Windows 8—law firms still running XP are staring at a hard truth: Either migrate to a newer version of Windows (or another operating system such as Linux, Apple’s iOS or Android) by early April or make preparations to take a seat in what might be called the Windows XP next-victim shooting gallery.
There are also compliance issues. “Some states may consider an attorney’s continued use of XP to be a violation of their ethical duties and potentially subject to disciplinary action,” Sensei’s Simek says. “In addition, there is probably some exclusion in their malpractice insurance policy if they continue to use an unsupported operating system.”
The starting cost to upgrade from XP is relatively inexpensive: $199.99 for the Windows 8.1 professional version on the Windows website. But buying the software is only the beginning. Some XP programs don’t work on Windows 7 or 8, so law firms might need to buy newer versions of those programs. And there could be significant training costs to get staff familiar with a new version of Windows, as well as new versions of any applications that need to be upgraded, says D4’s Coons.
Tools to Ease the Transition
• HP also offers a comprehensive migration service at XP Migration with HP.
• XPMigrations is a nationwide group of independent, certified IT pros who specialize in migrating businesses from XP to Windows 7, Windows 8 and other operating systems. Small to medium-size law firms may want to check out this co-op community.
• Virtual XP: More expensive versions of Windows 7 and 8 enable users to run a “virtual copy” of XP—along with all your XP-compatible programs—on top of Windows 7 or 8. Warning: XP reportedly sometimes runs slow on Windows 7. And on Windows 8, it’s sometimes tricky to install. And a virtual copy of XP running on the Internet will expose you to the same vulnerabilities a regular XP machine faces.
This article originally appeared in the March 2014 issue of the ABA Journal with this headline: “Your next ex: Microsoft is ending XP support in April; Windows 7 and 8 await.”