Sign up for our newsletter.

I agree to this site's Privacy Policy.

Security Advisor

The Cost of Keeping Windows XP

EDIT: I originally blogged that the XP study was done by Gartner. It was actually conducted by IDC. Apologies for the confusion.

Microsoft hasn't been shy about the fact that Windows XP will be losing support (which means no more monthly fixes for the newest batch of bugs) in a little less than two years. The company has been very forward about it, even making a point to highlight the 1000-day mark until its death. I'm actually surprised that there's not a running "death" clock on its home page.

Microsoft isn't in the business of making friends. It's in the business of taking your money. So, of course there is an ulterior motive to these constant XP death reminders: It wants you to upgrade to Windows 7.

And the next phase of Microsoft's nagging attacks? Paying for an IDC study that says keeping XP is more costly than upgrading to Windows 7.

According to IDC's analysis, titled "Mitigating Risk: Why Sticking With Windows XP Is a Bad Idea," it costs $870 for a shop to keep an XP machine running in a year's span. Counter that with $168 annual maintenance fee for Windows 7, and you could see how upgrading may be in your company's best interest.

IDC (with Microsoft looking over its shoulder, just to remind you) said this huge gap between maintenance costs come from XP lacking security and the loss of productivity from users working from older machines.

It's not only users who are losing precious working time -- Windows 7 is reportedly able to reduce the amount of time IT needs to patch by 82 percent.

What do you think of IDC's totally unbiased assessment? Do you find yourself spending more time with XP issues than Windows 7 problems? Share your thoughts with me at

Iran Flamed With Surveillance Malware
In what is more than likely being shopped to Hollywood studios for a summer 2013 release, security firm Kaspersky has lifted the veil off of the "Flame" virus, saying it's the "most sophisticated cyber weapon yet."

According to the company, Flame has been running rampant in the Middle East the past two years, with the majority of infected computers located in Iran. But unlike most malware, which aims to steal your credit card info (which Flame can technically do), this worm has been just watching those that have been compromised.

This includes eavesdropping on Skype calls, rummaging through cell phone data that's connected to a Bluetooth device and watching every click of the user.

And like the Stuxnet and Duqu worms, Flame may be the work of a government body. Rumors have been circulating that Israel, Iran's unfriendly neighbor, could be behind this cyber attack.

Here's what Israel had to say about it: "Whoever sees the Iranian threat as a significant threat is likely to take various steps, including these, to hobble it," said Israeli Vice Premier Moshe Yaalon. "Israel is blessed with high technology, and we boast tools that open all sorts of opportunities for us."

I don't know about you, but that sounds like Israel is fessing up to being involved, without explicitly saying so.

Employee Social Network Monitoring On the Rise
Let's double up on the industry analysis. Although this one doesn't look like it was sponsored by Microsoft.

According to Gartner, IT's monitoring of those using Facebook and other social networking sites is posed to skyrocket.

It found that currently 10 percent of enterprises like to see what its employees did over the weekend. That number is projected to increase by 60 percent by 2015, thanks to the explosion of monitoring software in the market.

"The growth in monitoring employee behavior in digital environments is increasingly enabled by new technology and services," said Andrew Walls, research vice president of Gartner. "Surveillance of individuals, however, can both mitigate and create risk, which must be managed carefully to comply with ethical and legal standards."

Enterprises must balance using said technology to stop the loss of time and money that could be caused by increased security risks and loss of productivity, while at the same time making sure it's not pissing off its employees by creating an Orwellian work environment.

What are your thoughts on social networking monitoring? And what is the solution for balancing security and privacy? Let me know at

About the Author

Chris Paoli is the site producer for and

comments powered by Disqus

Reader Comments:

Wed, Jun 6, 2012 Dustin Harper

In the article, they claim that support costs are higher because of time wasted with older machines. Up until 3 months ago, we were putting Windows XP on new machines (Core i5, 4 GB RAM, fast HDD, etc.). The speed of the machine has gotten faster, but we were on the older OS. We are now moving to Windows 7 with the same hardware. There was no time wasted with the XP machines. They were fast and responsive. This is from the client support view, not the patch and server support. That said, I prefer supporting Windows 7 machines versus the much older XP installs. Not from a speed standpoint but from a functionality standpoint. 7 is easier to support, period. If I need to download anything, I need to visit the 'legacy' section of the site. Drivers are getting difficult to find for the older OS. It's time to put XP to rest. We need to have more people moving to Windows 7. A decade old OS is a pain to work on from a support perspective, but end users have to downgrade when they come to work. They've all upgraded at home to newer PC's running Windows 7. I believe it's time for businesses to do the same.

Thu, May 31, 2012 steve baltimore, md

Regarding your comment that Israel was fessing up without admitting it was behind Flame, let me observe that (a) the seemingly blunt statement is quite ambiguous, which moves it into the category of diplomatic speech - a different form of communication with its own rules and (b) that if Israel didn't sponsor Flame, it probably wishes it had. In which case the same utterance would have been fully appropriate, to create the impression without actually taking credit. In short, so many choices, so little time.

Thu, May 31, 2012 Bill Fellner

You keep mentioning that this is a Gartner study but it is in fact IDC and not Gartner. They are two different companies.

Thu, May 31, 2012

First, Israel is not Iran's neighbor - they share no common border. But both countries are in the Middle East. Second, Israel was once friendly with Iran, when it was called Persia and ruled by the Shah. When Khomeini and his Islamic revolutionaries took over Persia, the relationship ended. I don't know if Israel has anything to do with the Flame virus, but what Vice Premier Yaalon meant was that if Iran is indeed working towards deveoping a nuclear weapon in order to wipe out Israel, as Iran's leaders have threatened many many times, then any steps that Israel takes to neutralize that threat is legitimate. Iran has threatened to destroy Israel, but Israel has never threatened to destroy Iran.

Add Your Comment Now:

Your Name:(optional)
Your Email:(optional)
Your Location:(optional)
Please type the letters/numbers you see above