The UK government's National Technical Authority for Information Assurance recently published short-term guidance for organizations that are unable to fully migrate off Windows XP prior to its end of support in April 2014, "Windows XP End of Support: Reducing Risk During Migration". The advice is meant for public sector organizations, but is applicable to many private companies that will still have XP systems running after the cut off this spring. One suggestion that was particularly interesting was the idea of using Virtual Desktop Infrastructure to isolate the XP operating system and limit it's access to the internet. Here is an excerpt from the publication;
"Mitigation: Convert Windows XP devices to thin clients
Convert any Windows XP machines to "dumb" thin client devices and use them only as an access mechanism to get access to trusted internal services, such as a VDI environment. By using them as a thin client it is possible to avoid the need for the device to directly process untrusted content, for example, web browsing can be performed via a VDI environment which is running a patched modern browser, and business productivity applications are accessed in a similar way. This allows the remote session to run supported, patched software, even if the Windows XP device used to access services cannot. The remote system should be configured to prevent transfer of data back to the Windows XP device using features such as clipboard sharing and file transfers."
Transitioning to VDI could be an effective way of protecting your older XP computers from being compromised by hackers, but is only a Band-Aid. The real solution to mitigating risk of XP is to have a migration plan to upgrade all your systems.
Learn strategies for successful Virtual Desktop Deployments, download the "Desktop Transformation: Start Right, to End Right" white paper today to learn more.