White Haven wrote:Tribble wrote:If it's working, why upgrade it?
Because it's WINDOWS XP, are you new here? The OS went out of support always three years ago, and was already a security nightmare even before that. Exploits don't get patched. Modern browsers increasingly don't work on it. That's even more dire in business environments, where use of Internet Explorer is often mandated by short-sighted idiots in charge, leaving users to the tender security mercies of Internet Explorer 8. Guess what else doesn't get exploits patched anymore.
Tribble wrote:Is there anything particularly important on it?
Without getting too technical, it doesn't matter. Having one or more extremely vulnerable systems (as Windows XP
very much is so long after going out of support, and even before that) on your network allows a potential attacker to compromise the low-hanging fruit and then use that access to penetrate more secure systems. The concept is calling pivoting.
Tribble wrote:Do you need access to the internet?
Actually a good question. There are, in small businesses especially, legitimate reasons to be shackled with ancient operating systems, largely when industrial hardware control systems or wildly-overpriced proprietary software is concerned. These are still
bad reasons, because they mean that nobody ever bothered budgeting for replacements out of the past decades of profits, but they're still reasons that IT staff have to live with. These reasons go up in smoke, however, if the system can't do its job as a standalone computer.
Does the system require internet access to perform whatever legacy task it's still performing? If yes, replacement is mandatory. If not, get it offline sooner rather than later, and then start budgeting.
Even offline, a system old enough to be running XP in the first place is also old enough that it should be replaced in all but the smallest business environments anyway. Everything in there is likely as old as the operating system itself; you do not want to get stuck in a situation where something finally gives out and you have to scramble to find a fix to get <whatever shitty reason XP was still being run> back in operation only to find out that it's 2020 and nobody can even find an XP box anymore. Controlled replacement is infinitely preferable, and avoids downtime.
Perhaps I should have put the "does it require internet access" first, since I agree that upgrading from Windows XP is mandatory in those cases.
I happen to know of a small-business which was using
Windows 2000 up until recently when finally made the big move to Windows XP just a couple of years ago! Agreed that there should have been updates along the line, but it's one of those cases where they delayed things so long that it would cost tens of thousands of dollars to replace all of their propriety software (and some of it doesn't even exist anymore). Fortunately none of the computers are on the internet.
They are also in a position where the owner is likely to just close up shop when he's had enough, so in this particular case it probably isn't worth spending that kind of money on upgrades.
An even more ridiculous example is Starbucks, which used
MS-DOS up until ~2010 in their cafes when they finally made the move over to... Windows XP! Unfortunately, they didn't replace the computers along with the software (the computers were ~mid 1990s or so) and as a result were they prone to crashing multiple times per day due to not having a CPU / RAM that were
quite up to the job. This was finally rectified in 2015 when they swapped out all of their computers for new ones... running Windows 7. To be fair, a lot of companies made the move to Windows 7 instead of 8 / 10, but still...
I would say that the reasons to upgrade are:
Much better security,
especially if the computer is connected to the Internet
Newer computers are faster, have more storage space, have more features, etc.
Easier to maintain both the hardware and software
Inexpensive; seriously they can easily pick up a new desktop for a couple hundred bucks, barring proprietary software / hardware that only runs on Windows XP. Even then if the company is planning on staying around for the foreseeable future they are eventually going to have to bite the bullet and upgrade, so why not do it now rather than wait until something breaks?
If its a standalone computer that's not connected to the Internet and at most it's being used for things like MS Word and Solitaire then I don't really see the need to upgrade. As long as the files are backed up on a separate hard drive, it'll be easy enough to swap out when it croaks.
Apart from that I'd say upgrading is worth it.