In use since 2001, XP survived three generations of software upgrades and now Microsoft is urging users to upgrade to Windows 7 or Windows 8. Post D-Day , there won’t be anyone to fix bugs on XP, offer patches, monitor hacker activity , and using XP could potentially cripple systems. “It’s less than 30 days to go for the support to end,” points out Karan Bajwa , managing director, Microsoft India . “We supported XP for 12 years while the average in the technology industry is five years. There will be no updates or software patches available for XP after April 8,” he adds.
More than 4 million personal computers (PCs) in large enterprises — using at least 1,000 PCs each — depend on Windows OS. Of this about 84% have migrated to either Windows 7 or 8 or are currently in the process of doing so. The remaining 16% or about 650,000 computers are using XP, without any upgrade plans as of now. Public sector enterprises mainly in the banking and financial services (BFSI) space lead the list of those yet to migrate, followed by manufacturing companies and telcos.
Says Tarun Kaura, director, sales, India , Symantec, a computer security company : “XP has been in use for 12 years and Microsoft today has three operating systems in the market. It’s not possible to support all three. Also the new operating systems offer updated features.” Symantec , the maker of Norton antivirus software , will continue to offer antivirus solutions , but will be unable to check vulnerabilities of XP. “Those are at best patched by Microsoft and not by antivirus makers ,” adds Kaura.
Not like a Y2K bug
Michael Menor, a US-based military computer specialist and network engineer, says in a blog post that hackers will pounce on Windows XP within 10 minutes of Microsoft withdrawing support and this could impact 29% of the world’s PCs that still use XP. While computers will be impacted, experts concur the situation is not as alarming as the Y2K bug.
“It’s a terminal level issue and not a life threatening problem,” says the strategy head of the banking vertical of an IT services major, who wished not to be named as his customers include both BFSI companies and Microsoft. Adds Sainath Gawde, assistant vice-president , IT operations , HDFC Standard Life: “Once the support goes off, the system is at risk.”
Windows software is the dominant OS on the client side, though not on the core banking side. In that sense, while lack of support will impact front-end terminals, there are no risks to core banking software (centralised software that enables such functions like deposit accounts, loans, mortgages, ATMs etc across a bank’s branches). Core banking runs largely on Unix and Linux and other similar software. For instance HDFC Life uses Life Asia core insurance software, while Syndicate Bank uses FlexCube from Oracle , and the State Bank of India uses Bancs from TCS which runs on Unix.
XP dominates on the front-end network side — more than 65,000 bank branches with over 7 lakh computers use Windows. When XP was launched in 2001 migration did not happen in a hurry and it took a few years for enterprises to move to the new system then. When Windows Vista was launched in 2006, users had just about settled down with XP and given the new hardware needs of Vista and its cumbersome user interface, migration was practically non-existent . The current version of XP, its third generation, called Windows XP Service Pack 3 (with bug fixes and updates to earlier versions of XP) launched in 2008 is three generations behind Windows 8 in terms of features like enabling touch and biometric reading capabilities.
However, shifts to new versions are happening . Says Kiran Kumar, research manager , client devices, at research firm IDC India: “Migration signs among Indian enterprises have increased in the past six months.”
Cost of migration
While it benefits Microsoft if users upgrade fast, as they pay for the new software, for companies the cost of migration (i.e. buying new hardware) could explain their glacial progress in shifting to the new OS.
Says Bajwa: “The risk of not migrating is that there will be no software updates to XP. Cost of maintaining an OS that is not supported doubles every two years.” According to IDC, it will cost $300 a year per PC to maintain an unsupported XP computer compared with $75-100 for one with support. IDC estimates that the overall annual maintenance bill for unsupported systems in the BFSI sector would be about 1,200 crore. Bajwa also cites Section 43A of the (Indian ) IT Act 2000 which states that banks may be held liable for losses to their customers if they are found lacking in data security and privacy norms.
While not migrating can prove expensive, even migrating to the new OS comes at a cost. For instance, XP could run with cheaper hardware like 500 MB RAM while Windows 8 needs at least 1GB RAM, besides faster processors.
Says Bajwa: “A third of those who have not migrated have the hardware — they bought Windows 7 hardware and downgraded the software to XP. Now we are working with them to upgrade. For such customers there won’t be any additional costs.” Besides, companies buying new hardware now by default will have systems capable of running both Windows 7 and 8.
The IT services strategy head quoted earlier explains that “there’s a cost implication that results in lethargy among users. The past few years of the economic slowdown resulted in PSUs deferring buying decisions. Besides, in a bank the new IT buying process takes at least two years. Also, Microsoft itself has not pushed the value proposition of Windows 8 hard enough.” Microsoft declined to state the share of Windows 7 and 8 in computers that have migrated from XP. However, experts believe more than 90% of the upgrades have been to Windows 7 and not the latest OS, Windows 8.
For instance HDFC Standard Life has migrated 95% of its 11,000 computers to Windows 7 in the past six months. Over the past few months Syndicate Bank has migrated 27,000 terminals to Windows 7. Says Atul Kumar, general manager, IT, Syndicate Bank: “Windows 8 was not available when we decided to migrate. Our migration kicked in due to a refresh cycle — the existing systems were five year old.”
However, the BFSI sector is slower to migrate compared with, say, IT-BPO . Says Kaura : “PSU bank branches are spread out to tier 2, 3 cities and rural areas as well. Hence the migrations are much slower, compared with IT companies or telcos which have far more centralised systems.” On migrations happening more to Windows 7 rather than the 8 version, Kaura adds: “Large enterprises will wait for an OS to stabilise before migrating . Here Windows 7 is a better option.”
Can you live with XP
At the current pace large enterprises, including banks, will take much longer than April 8 to upgrade. So, will using XP bring down the banks? Says Kumar: “It definitely exposes systems to risks and makes it vulnerable to virus attacks. Antivirus can partly address the issue but will not be able to offer software updates and patches.” Adds Gawde: “In non-critical areas like archived records or scanning devices, XP can be used. Any system that is not connected to the internet can continue to use XP. Else there could be security issues.”
Another reason why enterprises are slow to migrate is that some applications are written for the browser front-end and those written for Internet Explorer 6 (IE6) or XP will not run on IE8 or Windows 7. So a BFSI company could have a certain loan application written for XP and not compatible with Windows 7 or 8. Software maker VMware recommends virtualising applications that cannot be migrated to Windows 7. VMware’s application virtualization software takes an old app and encapsulates it with all the software components it needs to run on the new system. It’s a short-term arrangement that can be used while migration is on after the support deadline expires.
In cases where touch and biometrics capability is needed there’s little option but to move to Windows 8. XP does not support biometrics and could hamper authenticating users of say Aadhaar or any new know your customer (KYC) norms that may need users to offer biometrics as well. Says Bajwa: “Windows XP users are six times more likely to be infected by malware. Windows 8 represents the future of software.”
That future is also one that looks set to be dominated by smartphones and tablets, where Google’s Android and Apple’s iOS are the dominant systems and not Windows. However opinion remains divided on this. Due to security reasons, BFSI companies don’t want employees running around with sensitive data on mobile devices.
Says Kumar of IDC: “Large enterprises will continue to remain on PCs and the transition to smart phones or tablets would come with associated business risks and security issues. So, they are likely to prefer a Windows over an open OS like Android.” Kaura points out that “iOS is secure. It will be a slow shift to newer systems, but in future smartphones and tablets will be a viable user options for large companies.” Even as Microsoft wants companies to migrate from XP to its own Windows 7 or 8, in future it may have to worry about smart enterprises migrating out of Windows itself.