The End of Windows XP – What it Means for Your Firm

• It is what Microsoft calls, “Zero Day Itself.”  Tim Rains, director of Trustworthy Computing for Microsoft, sums it up: “The very first month that Microsoft releases security updates for supported versions of Windows, attackers will reverse engineer those updates, find the vulnerabilities, and test Windows XP to see if it shares those vulnerabilities.” He wrote in Microsoft’s Security Blog: “If it does, attackers will attempt to develop exploit code that can take advantage of those vulnerabilities on Windows XP. Since a security update will never become available for Windows XP to address these vulnerabilities, Windows XP will essentially have a ‘zero-day’ vulnerability forever.”
• Nearly 30 million of the computers connected to the Internet are running WinXP, according to PC Magazine.  That means the best that you can do is protect your accounting firm, and those of its small business clients.  The rest of the world will not upgrade, particularly in Third-World countries, which means the rest of us are still vulnerable.
• The crazies have been waiting for this date.  Hackers have been keeping quiet behind major holes in the operating system.  The day support is stopped will be the system is taken offline and the attacks will begin.  The respected Tom’s Hardware site reports that WinXP machines could be attacked within 10 minutes of the deadline at which support ceases.
• Microsoft began (on March 8 of this year) running pop-up windows to users of its WinXP operating system who utilize the automatic Windows Update system to keep their systems current, but you may have turned that off years ago and be blissfully unaware of the damage. 
• It’s not just business computers at risk.  CNN Money reports that, “Major Banks are now cutting special deals with Microsoft to extend life support for their Windows XP machines while they replace their fleet of ATMs. JPMorgan bought a one-year extension of service and plans to start upgrading ATMs to Windows 7 at Chase banks in July. Citibank and Wells Fargo said they're also upgrading ATMs, but they wouldn't provide details about their plans.
• ATM machines run Windows XP.  In the United States, there are 210,500 bank ATMs, about 200,000 of which run on Windows XP, according to Retail Banking Research in London. In most cases, banks must upgrade the software one ATM at a time, and some will need the entire computer inside replaced too. Labor included, it's a process that experts in the ATM industry say could cost anywhere between $1,000 and $3,500 apiece.”

How does the average accounting firm (or its Luddite client base) protect itself?  Here are five essential steps:

• See if you are running Windows XP:
  • Click the Start button .
  • Click Run.  Type winver, and then press Enter.
  • It will identify if your computer is computer is running WinXp.
• Upgrade your web browser. 
  • Internet Explorer 8, the most recent version available for Windows XP, is already several generations old and will no longer receive security patches.   But you need not run that. Running Windows Version 7 and Windows Internet Explorer Version 11.0 is better and sufficient.
  • Google Chrome will continue supporting Windows XP until at least April 2015, while Mozilla Firefox has no announced plans to stop supporting Windows XP.
• Run a complete virus scan to insure you are not too late.  Microsoft has such a tool here.
• Upgrade right now at Windows upgrade site.
• Pass this information to all clients.

I am not one to call that the sky is falling, but for those still running Windows XP, the time to upgrade is now.  Or else. 

Really.  You.