According to John Steven, CTO of Cigital, this is largely due to the time and effort invested in the platform and a willingness to gamble rather than start from scratch, evaluating and refining a new operating system and applications. "Ultimately, firms tend to choose to stay with devil they know--even without prayer of improvement--over moving to the devil they don't."
Despite his skepticism about an April 8 assault on Windows XP, Storms believes there will be some notable attack after that date. But he stresses that businesses and individuals have had years to prepare for this moment. He warns that anyone who insists on continuing to use Windows XP should do the sensible thing and isolate it--disconnect it from their network and from the public Internet to minimize its exposure to risk.
Lancope's Keanini is more blunt. "If you have an XP variant that is coming to end of support on April 8, you need to treat it as if it were already dead and move that quickly to get it replaced," he says. "Pretend it caught fire, and you will be moving with the right amount of urgency."
Keanini also warns that businesses need to think beyond their own "four walls." They need to understand the end-of-life/support schedules for their IT assets--hardware and software--and proactively migrate, update, or replace assets rather than wait for it become a crisis.
But Bryce Schroeder, senior director of systems engineering for Tripwire, points out that it may not be inevitable doom for Windows XP holdouts. He says many security vendors have committed to supporting protection for Windows XP for another two years. He also notes you can run Windows XP in a virtual environment on newer operating systems if you want to run legacy applications, while also gaining the peace of mind of using a more secure platform.
Proceed at your own risk
Whether Windows XP support ends with a bang or a whimper, there's no question infection rates will rise, maybe by as much as two-thirds. And with no more rescues from Microsoft, users will be at greater risk with each passing month. Will it be Zero Day every day? Are you feeling lucky?
Sign up for CIO Asia eNewsletters.