Is it finally time to dump XP?

Plan your Windows 7 migration now, says analyst Gartner. But what are the risks in sticking with XP for the moment?

It is thought that 50 per cent or firms are still running Windows XP SP2

IT departments need to dump Microsoft's Windows XP operating system (OS) before the software vendor ends support for it in April 2014, says research firm Gartner, and the sooner the better as many new versions of applications are not expected to support XP beyond 2012.

And those running Windows XP with service pack 2 (SP2) rather than SP3, which according to some estimates is 50 per cent of all enterprise XP users, should patch the OS even faster before SP2 support runs out on 13 July this year.

But is there really any rush to install Windows 7 given that the final XP cut-off date is almost four years away, and is it ever worth upgrading legacy hardware anyway?

Simple XP SP2 to SP3 upgrades aside, few companies will choose to manually upgrade XP to Windows 7 (or the much-maligned Vista) on existing PCs, most preferring to adopt new OSs by default whenever their desktop PC hardware is refreshed. In the past, this has tended to happen by attrition on a 3-5 year cycle, though that period has been extended in many organisations due to recent budgetary restraints.

Inevitably, there are exceptions to the rule, and some organisations will want or need to run the Windows 7 upgrade program on XP systems nevertheless. For those that do, there are a few things to bear in mind however, not least the cost and complexity involved.

Even with the launch or the first Windows 7 service pack (SP1) due this summer, compatibility with existing hardware and software is not 100 per cent assured, for example. And the XP to Windows 7 upgrade process itself requires a complete wipe and re-installation of the applications on each PC, meaning IT managers will need original CDs and licence details to hand, as well as access to OEM drivers and updates.

Wolfgang Kandek, chief technology officer at security software vendor Qualys, says that of the business Windows XP installations his company is monitoring, 50 per cent are still running Windows XP SP2.

"XP SP2 to SP3 is the smoothest and easiest thing to do in these cases, whereas going to Windows 7 is a big disruption," he said. "SP3 has the advantage that you would not expect hardware incompatibilities whereas Windows 7 may see problems with different components like graphics cards or something else. If they have an accurate inventory the IT department can certify it and do it themselves, otherwise it is a major process."

Microsoft will continue to offer extended support for Windows XP updated with SP3 until April 2014, while third-party software developers will also continue to update individual applications running on Windows XP.

Vendors argue that continuing to run any version of XP beyond Microsoft's support cut-off date will leave systems open to security breaches because they will no longer receive Microsoft patches and updates to plug newly discovered vulnerabilities.

In some cases, this can be solved by upgrading individual applications rather than the entire OS (such as the latest version of Microsoft Internet Explorer or Office, for example).

"In some cases it might be possible to install and update IE 8.0 and should shield systems against some vulnerabilities, but there might be others within Media Player or WordPad which will not get addressed," said Kandek. "And sometimes vulnerabilities are covered by third-party software, particularly anti-virus engines, but they tend only to cover high profile threats like the Conficker virus, for example."

Unlike (or perhaps because of) Vista, XP still inhabits anywhere from 56 to 63 per cent of PCs globally, depending on which set of statistics you prefer to believe, with Windows 7 taking around 13 per cent market share (figures for XP2 XP systems as opposed to XP3 are more difficult to find).

Gartner estimates that 80 per cent of IT managers have skipped Windows Vista, and advises that with Windows 8 nowhere in sight, businesses should now be planning their Windows 7 migrations, and winding down Windows XP.

"These organisations should take into account when their ISVs will provide sufficient Windows 7 support for their applications and when they will have enough time to test applications, build images and pilot Windows 7. This will give them their start date," said Gartner research vice president Steve Kleyhans in a research note.

The cost of upgrading existing hardware from XP to Windows 7 may prove prohibitive for some. Gartner’s model shows that migration costs could be $1,035 (£708) to $1,930 (£1,320) depending on a company's individual set-up and approach. These figures include not only the licensing costs (for firms which haven't signed up to the Microsoft Software Assurance volume licensing scheme), but also the price of replacing any old hardware or software which may no longer work following a Windows 7 upgrade.

"The length of time for the actual [Windows 7] migration should take into consideration the cost of supporting an environment with multiple versions of Windows, as well as the cost to deploy a new OS to every user," wrote Kleyhans.

This is not to say that an early Windows 7 upgrade on existing XP systems should be avoided completely - only that companies need to think long and hard about whether it is either needed and/or cost effective in the first place.

"We know that it is easier to find vulnerabilities in Windows 7 than Windows XP due to the way the new OS is architected and there are other benefits in upgrading," said Kandek. "So it makes sense to at least start thinking about the new OS now."