We see Microsoft will stop supporting Windows XP next year. The PC-based controls we've deployed over the years — some with RT kernels, some without — range from Windows CE to Windows 7 and more than a few NT in between. We don't have any real problems with the systems we have out there, and we don't worry too much about installing updates that might upset an old, but stable system. We'll suggest an updated OS usually when a customer buys a new machine or has a hardware failure or performance reason to upgrade. Have we missed something?
—From September ‘13 Control Design
Answers
Think You're OK
It sounds like you have considered all the options with respect to operating system updates and are taking a reasonable approach.
Let's consider what "lack of support" really means. Lack of support for Windows XP means no software updates. The scope of software updates includes security updates for virus and malicious software prevention, bug fixes and drivers. If your system is already thoroughly tested, is stable and running fine — and you have good security measures in place — no longer receiving updates in this case is not necessarily a problem.
It's very important to not confuse the consumer PC experience with the industrial controls experience. On consumer PCs, a common way for malicious software infection to occur is from opening spam email attachments, downloading materials from untrustworthy sites or by simply surfing the Internet. These are not typical activities on an industrial PC (IPC), which is usually not directly connected to the Internet anyway. Industrial PCs on machines don't normally run applications such as email, which are notorious in the consumer PC world for spreading malicious software. Even in cases where an IPC makes use of email communications, it's typically only used to send data out to plant personnel, and not to open or process email.
Of course, industrial PCs should be kept up-to-date with the latest possible security updates. In less than six months for older systems with Windows XP Professional, this no longer will be possible. Fortunately, Windows XP Embedded has a longer lifecycle than Windows XP Professional.
In any case, if a PC is not scheduled to be updated to a newer operating system before support for it ends, there are steps that can be taken to help secure these aging systems. It might be helpful to conduct a thorough audit of the security measures already in place to help assess a system's vulnerability. For example, has the write filter been activated? By default, our embedded PCs with Windows XP Embedded and Windows Embedded Standard 7 come with an enhanced write filter that can be turned on to protect the whole partition from write access. This reduces the wear of drives, but it also enhances security because write accesses are redirected to RAM. After a reboot is done, changes are cleared and any potential security threat is automatically deleted.
The reality of it is that not all systems can or will be upgraded. Still, it's not necessarily a problem as there are things engineers and technicians can do to help mitigate the risks. Windows XP is not the first operating system to be phased out from Microsoft support nor will it be the last.
As a final bit of perspective, consider that there are many industrial PCs in the field still running DOS and performing reliably without problem. Similarly, I suspect that 10 years from now, there will be many industrial PCs out there still running Windows XP, and they will not be bogged down by the kinds of security problems that might affect their consumer PC cousins.
Debra Lee,
software specialist,
Beckhoff Automation
Sound Thinking
No, you haven't necessarily missed something. When it comes to lifecycle management, the factors you've outlined are often drivers for a software update. Fundamentally, there are two camps: 1) those in more regulated industries or with very large-scale operations, and 2) those in less-regulated industries or with much smaller-scale operations.
Larger, more-regulated entities tend to change gradually and have more processes in place to resist change. This is because change introduces risk and often carries the cost of re-validation and system downtime, which can be prohibitively expensive. If a system is stable and running, there's a large financial incentive to maintain the status quo. Smaller entities take on added risk to stay competitive with larger, more mature operations. Smaller firms are flexible enough to make changes and invest more in order to continuously evolve their software stack. As a result, their clients can more readily benefit from software updates that enable new functions and performance improvements.
Looking ahead, the test, measurement and controls industries are moving toward platform-based solutions, much like the mobile devices market did, as platforms provide value to both camps. Large organizations benefit from a more managed upgrade path, which minimizes risk, and smaller organizations can get to market faster by leveraging the ecosystem of tools available to bootstrap their efforts.
Sanjay Challa,
embedded software product manager,
National Instruments
Update Hardware If You Can
Waiting until you have a failure to review operating system (OS) upgrade options will only add pressure for a quick fix that might not provide the best solution for your long-term business needs. Depending on how well the application vendor planned for migration, application redeveloping and testing could be a lengthy process.
With Microsoft dropping support of Windows XP, it will become more difficult to find PC hardware that runs Windows XP. A hardware failure could result in equipment being down while applications are ported to new Microsoft operating systems.
In addition, Microsoft no longer will provide patches and updates for the operating system, meaning new security holes in XP will not be fixed. This could leave systems open to attack from outside parties with no fixes from Microsoft or third-party vendors to fix any vulnerabilities.
There are some important things to consider when updating an OS. Will the hardware support an upgrade to a new OS? Will my current applications support the new OS? If these applications will run on Windows 7 or Windows 8, then a hardware upgrade might be the easiest way to go because the application will not need to change.
However, lots of the Windows XP systems were in service long before Windows 7 came out and are using applications that don't support Window 7 OS. These applications would need hardware, OSs and application software updates, requiring conversion and adaptation of the application.
While not everyone must update today, it's something that you need to consider to reduce the chance for future problems.
Alan Cone,
product marketing manager,
Siemens Industry Sector
Don't Neglect Future Needs
There are two things to remember about Microsoft ending support of XP. First, the good news is XP won't magically stop working on April 9. Second, the bad news is that without support, MS will no longer issue any updates, patches or service packs, and XP has a bunch of "perpetual 0-days" on the way (see bit.ly/1ePU17j.)
To those who find XP's end of life (EOL) a moot point due to an "if it's not broken, don't fix it" mentality, realize that by not taking action, you could be preventing future action. If your company abides by a Kaizen strategy, where there is momentum towards continual improvement, realize that changing the computer image would be an extremely sensitive matter, as you would need to ensure that you don't submit yourself to new vulnerabilities and threats. Presumably, most users that would continue to use XP after the EOL would not be on an open network subject to outside threats, but if that were to ever change, there would be an imminent threat of attacks. A new theme within the control segment is this exact concept, known as future-proofing, by which a company makes decisions today that could potentially impact decisions a few years from now.
While this theme could more easily be exhibited with a computer feature such as multi-touch, it is still just as applicable with operating systems. However, we understand that continual improvement isn't necessarily a KPI, and there are costs, support and uncertainty paired with such an upgrade. The question at that point becomes whether or not the current stability outweighs the future potential of added functionality, efficiencies and long-term cost savings.
Dan Schaffer,
business development manager,
Eric Reichert,
product marketing specialist,
Phoenix Contact USA
Could Be Trouble If You Wait
If you choose to wait until your systems need to be replaced to migrate your OSs, you could be forced to support a mixed environment.
In the event that your hardware fails, you might have to perform a full system replacement, since many new components will not support XP. Both of these outcomes can be quite challenging and costly. Also, some sources have reported that malware and virus writers are hoarding their newest XP exploits until after April 8 — potentially causing serious security issues that could put your systems at risk.
Since Microsoft announced that April 8, 2014, will mark the end of extended support for Windows XP, all companies still using this outdated OS need to prepare for this change. After this date, no additional patches, bug fixes or service packs will be released, and users no longer will have access to free or paid technical support.
Systems running XP won't suddenly stop working on April 8, but they will become increasingly vulnerable and the source of additional problems — centered around security, cost, performance and sustainability. To raise awareness of this issue and educate the public on how to avoid the potential issues this could cause, CCS created a guide to help.
