We see Microsoft will stop supporting Windows XP next year. The PC-based controls we've deployed over the years — some with RT kernels, some without — range from Windows CE to Windows 7 and more than a few NT in between. We don't have any real problems with the systems we have out there, and we don't worry too much about installing updates that might upset an old, but stable system. We'll suggest an updated OS usually when a customer buys a new machine or has a hardware failure or performance reason to upgrade. Have we missed something?
—From September ‘13 Control Design
SEE ALSO: eBook: Industrial Guide to the End of XP
Think You're OK
It sounds like you have considered all the options with respect to operating system updates and are taking a reasonable approach.
Let's consider what "lack of support" really means. Lack of support for Windows XP means no software updates. The scope of software updates includes security updates for virus and malicious software prevention, bug fixes and drivers. If your system is already thoroughly tested, is stable and running fine — and you have good security measures in place — no longer receiving updates in this case is not necessarily a problem.
It's very important to not confuse the consumer PC experience with the industrial controls experience. On consumer PCs, a common way for malicious software infection to occur is from opening spam email attachments, downloading materials from untrustworthy sites or by simply surfing the Internet. These are not typical activities on an industrial PC (IPC), which is usually not directly connected to the Internet anyway. Industrial PCs on machines don't normally run applications such as email, which are notorious in the consumer PC world for spreading malicious software. Even in cases where an IPC makes use of email communications, it's typically only used to send data out to plant personnel, and not to open or process email.
Of course, industrial PCs should be kept up-to-date with the latest possible security updates. In less than six months for older systems with Windows XP Professional, this no longer will be possible. Fortunately, Windows XP Embedded has a longer lifecycle than Windows XP Professional.
In any case, if a PC is not scheduled to be updated to a newer operating system before support for it ends, there are steps that can be taken to help secure these aging systems. It might be helpful to conduct a thorough audit of the security measures already in place to help assess a system's vulnerability. For example, has the write filter been activated? By default, our embedded PCs with Windows XP Embedded and Windows Embedded Standard 7 come with an enhanced write filter that can be turned on to protect the whole partition from write access. This reduces the wear of drives, but it also enhances security because write accesses are redirected to RAM. After a reboot is done, changes are cleared and any potential security threat is automatically deleted.
The reality of it is that not all systems can or will be upgraded. Still, it's not necessarily a problem as there are things engineers and technicians can do to help mitigate the risks. Windows XP is not the first operating system to be phased out from Microsoft support nor will it be the last.
As a final bit of perspective, consider that there are many industrial PCs in the field still running DOS and performing reliably without problem. Similarly, I suspect that 10 years from now, there will be many industrial PCs out there still running Windows XP, and they will not be bogged down by the kinds of security problems that might affect their consumer PC cousins.
No, you haven't necessarily missed something. When it comes to lifecycle management, the factors you've outlined are often drivers for a software update. Fundamentally, there are two camps: 1) those in more regulated industries or with very large-scale operations, and 2) those in less-regulated industries or with much smaller-scale operations.
Larger, more-regulated entities tend to change gradually and have more processes in place to resist change. This is because change introduces risk and often carries the cost of re-validation and system downtime, which can be prohibitively expensive. If a system is stable and running, there's a large financial incentive to maintain the status quo. Smaller entities take on added risk to stay competitive with larger, more mature operations. Smaller firms are flexible enough to make changes and invest more in order to continuously evolve their software stack. As a result, their clients can more readily benefit from software updates that enable new functions and performance improvements.