Just in case you don't get to the bottom or notice the link, would you mind taking a moment to complete my anonymous 5 Second Windows XP Survey? It will help us understand the actual impact of the things I talk about in this article.
We've talked at length about how Windows XP is reaching it's ultimate ending, and how your job depends on you moving to Windows 7 (or 8?) by April 8, 2014, but we haven't really talked about the implications of that date. I mean sure, it sounds alarming, but Windows XP will continue to work after that date, right? We just don't get any new support from Microsoft. They put XP on cruise control after Service Pack 3, surely we can handle it after thirteen years of managing it. What's the big deal if Microsoft takes their foot off the gas altogether? Hopefully, April 8, 2014 is the day people stage fake funerals for the death of XP, put the finishing touches on their rollouts, and throw a party for a job well done, just in the nick of time. It will be like Y2K, or a few days later after you come out of the bomb shelter.
What worries me are the unknowns that occur after Microsoft washes their hands of their longest-tenured OS.
What worries me is April 9.
To this day we are dealing with exploits for Windows XP. There are new security updates every month, and every one of them is to address a vulnerability that exists in some forgotten line of code. At last count, there were 115 updates (thanks @FlippyTheClown), and that number goes up all the time because there are no more service packs coming out to consolidate the old ones as new patches are created. So, what happens on April 8, 2014? Microsoft will stop supporting Windows XP, but do you think the hackers and script kiddies will stop doing what they're doing? I don't, and that's why I think April 9th is the real red letter day in our history with Windows XP.
If Microsoft gets a call on April 9, 2014 about some new zero-day exploit wrecking havoc across the world from financial markets to health care, they'll simply wave their hands dismissively and say "you had four years to get off of this, what have you been doing?" When people beg and plead, they'll just point to the product lifecycle document and say "Sorry, Charlie. See the date?" And they'll be allowed to do it, because we've all had fair warning.
We've seen the netherworld of the interwebs operate in a somewhat organized way before, and I think it's reasonable to assume that somewhere, someone will discover an exploit and wait until after support ends before releasing it into the wild. What a perfect scenario! (well, for the hackers...) Essentially, every exploit will be a zero-day exploit. Since most of the them are at such a core level that only Microsoft has the ability to get into the source code and develop patches, it's not like you'll see any third-party solutions to help out. You'll still have the ability to get patches, but you'll have to buy support from Microsoft to the tune of $200,000/yr if you have SA, or $500,000/yr if you don't, according to this Redmond Mag article.
The bottom line is this: Running Windows XP after April 8, 2014 is a liability for your organization, your customers, and your employees.
There's hope! (sort of)
I've written on our sister site, SearchVirtualDesktop.com, about how you can move stubborn Windows apps to Server 2003 to help get you off of Windows XP on the desktop. In it, I talk about how you can leverage the fact that Windows Server 2003's End of Life date is July 14, 2015, a full fifteen months after Windows XP gets buried. If, for instance, you have an application that will not work on anything but XP machines, the chances are really good that you can move that application to Windows Server 2003. That frees up the desktop to be upgraded to Windows 7, and still lets you run the app on a supported operating system.
Since Windows Server 2003 is essentially XP Server, there's also a chance that any security updates for it will be unofficially supported on Windows XP until Windows Server 2003 also reaches it's End of Life. It might take some prodding or some ingenuity from the community, but it could be possible.
Enough talk about extending the life of XP, though! The point is, April 8, 2014 is coming, and that day will be followed by an unsupported wasteland of exploits and general badness. You have 18 months to get off of XP or you put your company and everyone attached to it at risk. Use Windows Server 2003 if you have to, just get going!
If you don't mind taking a moment to take my anonymous 5-Second Windows XP Survey, your input would be helpful for determining how big of a deal this really is. I talk to some people who are far away from getting rid of Windows XP, and just as many that are almost entirely on Windows 7. I'll post the answers here in a week or so.