I am hoping someone can explain in simple terms, what it really means that windows XP will be end of life?
It looks like SP2 is already not being patched, but maybe SP3 is going to be patched up until 4/18/2014?
So I assume that means there will be windows update patches available until that date?
What happens after that, no patches at all?
That means the potential for hacks, virus, etc. are greatly increased?
Best Answer
I won't speak to WHEN it will happen, since the date has fluctuated...but to answer your questions and help make this question a
canonical
for this topic that is sure to pop up a lot...MS will continue to release new patches/updates for XP until that date. Existing patches/updates will continue to be available afterwards. See the next answer for more details.
Microsoft will still allow you to update XP with any patches it has released up to the date that support officially stops.
"This means that after the 8th April 2014, you'll still be able to use Windows Update to download all existing security patches. This is important, as if you re-install Windows XP, you should still apply all of the existing patches in order to make the base operating system as secure as it should be."(1)
The important thing here is to at least get all your existing XP computers patched properly, which should have been happening all along. Don't get hacked with an exploit that came out 2 years ago!
if you are willing to pony up the money, Microsoft does offer "CUSTOM SUPPORT" to companies/governments/etc. willing to pay for it. The price isn't set in stone though, and is pretty exorbitant:
"Microsoft understands that local laws, market conditions, and support requirements differ around the world and differ by industry sector. Therefore, Microsoft offers custom support relationships that go beyond the Extended Support phase. These custom support relationships may include assisted support and hotfix support, and may extend beyond 10 years from the date a product becomes generally available. Strategic Microsoft partners may also offer support beyond the Extended Support phase. Customers and partners can contact their account team or their local Microsoft representative for more information."2
Greatly increased isn't a hard/fast metric. To say it will increase 10%, 20%, 150%, is hard to say. The potential is definitely there for exploits to surface for XP that MS could have the ability to patch but won't after EOL.
However, there are ways to lower the threat risk and help ensure you are safe.(1)
Other choices independent of XP that are good security practices regardless of OS also prevail here:
FINALLY, is there an answer to really make sure you sleep well at night? Sure, it's called "UPGRADE FROM XP". While that may be a daunting task/project to undertake, realize that you aren't alone in this and that everyone else that has waited this long is undertaking the same project. Work through the issues specific to your company, draw up a plan of attack, and implement. There will obviously be costs involved as well as politics and user/culture paradigms, and if management simply decides to hold off even longer there's not much IT can do to force their hand other than list out why it is a bad idea to continue putting it off. There isn't a "one size fits all" approach here and if your company is still running a majority of XP workstations without a migration project already underway then it is likely there hasn't been much regards in terms of lifecycles/best practices/etc. regardless.
FURTHER READING:
Besides the existing footnote links I provided after the italicized quotes above...here are some links and info to help you make the decisions and transitions: