by clicking on the page. A slider will appear, allowing you to adjust your zoom level. Return to the original size by clicking on the page again.
the page around when zoomed in by dragging it.
the zoom using the slider on the top right.
by clicking on the zoomed-in page.
by entering text in the search field and click on "In This Issue" or "All Issues" to search the current issue or the archive of back issues respectively.
by clicking on thumbnails to select pages, and then press the print button.
this publication and page.
displays a table of sections with thumbnails and descriptions.
displays thumbnails of every page in the issue. Click on a page to jump.
allows you to browse through every available issue.
GCN : August 2015
IT'S BEEN ONE of the longest retirement parties in the IT world, but we should finally be able to say that Windows XP is gone. Except that it isn't, and what that means for the security of a large slab of government users is an open question. Microsoft officially ended its support for XP in April 2014, meaning it would not provide any more versions of the venerable operating system that was introduced way back in 2001. Last year, it also stopped providing security patches for XP, though it continued to deliver anti-malware sig- nature updates for a time. That last grace period finally came to an end on July 14 when Microsoft finished with XP signature updates and the use of its Malicious Software Re- moval Tool for XP. If your XP machine gets infected with malware from now on, that's just too bad. OK, you say, every agency must have figured this out a long time ago and ditched XP in favor of another operating system that is regularly updated. If only that were so. Un- fortunately, there still seem to be plenty of these old systems around. Earlier this year, market analyst Net Applications said XP makes up nearly 17 percent of the total worldwide desktop operating system market. Other analysts have cited a lower percentage, but they still say more than 10 percent of desktop users work with XP. There are no overall figures for government use, but occasional revelations indicate that the number is not insubstantial. The Labor Department's CIO was quoted earlier this year as saying there were still some 10,000 XP users at her agency, while the two-year, $9.1 million contract the Navy recently signed with Microsoft for direct support of 100,000 mission-critical systems included thousands of XP computers. Labor and the Navy are trying to transition away from those kinds of legacy systems, and so must the other agencies still running the aged operating system. However, no one knows how vulnerable the ma- chines are. In the wake of the re- cently announced breaches at the Office of Personnel Management, OPM execu- tives admitted the attacks on their systems could have been going on for at least a year, which means there's a good chance that some XP systems have been successfully penetrated. And attackers need only one infected machine to access other systems in the enterprise. So, you say, at the very least agencies must be tar- geting those old XP systems as a priority for replace- ment. Again, that's hard to say. And some recent reports and surveys indicate that it's hard to unite desire and reality in government IT. In a recent survey, the Professional Services Coun- cil reported that cybersecu- rity remains the top priority for government CIOs, but modernizing the IT environ- ment in a way that could aid their cybersecurity efforts remains a challenge for many because the pre- dominant portion of their IT budgets goes to maintaining legacy systems. The Defense Department, for example, said only 20 percent of its budget is available for investing in next-generation solutions. The situation is no better at the state and local level. In a study of state IT invest- ment management strate- gies, a National Association of State CIOs report states that nearly half of its mem- bers spend 80 cents of every IT dollar on maintaining existing systems. What all this suggests is that old Windows XP sys- tems could be a problem for cybersecurity for some years yet, particularly if replac- ing them gets lost in the intense competition among IT priorities. According to Microsoft, Windows XP is now dead, dead, dead. Except when it’s not. • Windows XP: The operating system that just won't die BY BRIAN ROBINSON CYBEREYE 8 GCN AUGUST 2015 • GCN.COM