HP Blogs

If XP is alive and well in your school, so are the chances of lawsuits

The 2014-2015 school year will go down in record as “Year of Big Data”….well at least the fear of big data in schools. Educational experts, private citizens and politicians all expressed concern, fear and even hysteria towards an effort to standardize how data was shared between databases. The nonprofit inBloom, based on a valid need and idea for K-12 schools, ultimately ceased operations for – depending the side of the fence you sit upon – rational or irrational fears on how the data could be exposed and used for inappropriate purchases.Microsoft-Deutschland-Bye-Bye-XP-Ballon-Aktion-1373130883-0-0.jpg


If these bloggers and experts were sincere in their efforts to protect data in schools, I wonder why all of them are silent on an issue impacting the majority of school systems across the U.S. potentially exposing confidential student data and personal information into the waiting hands of hackers worldwide. If a recent survey of New York State school board members is true, and 75% oppose data sharing, then why are they all silently allowing an almost certain threat to security in their districts continue into the 2014-2015 school year?


Very simply, schools are continuing to leverage computer operating systems that leave their schools and districts vulnerable to attack, where personal information on students and employees may easily occur. While Windows XP comes to mind, I’m not surprised when I still see even older versions of Windows and Mac operating systems from prior decades still in use. As long as those machines remain connected to your network and internet, they serve as gateways to your confidential information.


What Happens When Your System is Breached?

The most common result of a breach is the insertion of some form of malware into the computer. Malware is a catchall term for malicious software, and it can take on forms too numerous to adequately cover in any one blog post. The type of malware inserted very much depends on the attacker’s intentions, however. I will focus on two, most likely to be sensitive to use in schools:

  • Espionage-driven attacks are generally rare until you get into state-sponsored or state-run cyberattacks and aimed at gaining access to sensitive or classified information. This can also include students, looking to penetrate the student information systems to view or alter grades, as well as access sensitive data on themselves or other children.
  • Theft-driven attacks are the most common and aimed at, well, theft, be it information theft, identity theft, or financial theft. Malware such as Trojan.zbot – aka “Zeus” – and the Blackshades Remote Access Tool (RAT) give cybercriminals extensive access to an infected computer and its online activity. Zeus, for example, uses keystroke logging and form grabbing to steal login credentials and financial information. Blackshades works a bit differently and gives hackers easy access to infected computers, allowing them to view files, take screenshots, log keystrokes and even turn on a computer’s webcam. In fact, in a different kind of theft, last year a U.S. college student used Blackshades to take nude pictures of Miss Teen USA, Cassidy Wolf, through her computer’s webcam.

Thank you Windows XP

Windows XP first came into education in 2001 and, although later replaced by Vista and Windows 7, continued to be used in low-power netbooks until 2010. But in 2001, long before Facebook even existed, internet use in schools was still limited mostly to labs and controlled searching. Windows XP has served millions of students for well over a decade, and was able to make low-cost netbooks the first truly accessible and affordable modern technology for schools. Adopting 1:1 computing as a trend, no longer a fad, was made possible by your low-processing needs. We, as educators, are truly grateful for its contributions to ICT. But this spring, Microsoft ended support for XP, but an impressive run of over 12 years for an operating system is quite an accomplishment.


But XP, much like my dream car from the 1960s, its age is showing. XP joins a group of many older operating systems that have become too difficult and expensive to maintain. Security threats are newer, more complicated. It has become just too hard to keep these devices safe when attached to networks and the internet. Too many vulnerabilities exist that could expose XP devices to attack.


And while many feared security was a concern with inBloom, the real security threat leveraging an obsolete operating system is far more dangerous to a school system. Should personal data be exposed to third parties, the Federal Education Rights and Privacy Act (FERPA) allows for schools to be subject to civil litigation. And unlike the fears with inBloom, school districts will be the ones footing the legal bills if their decision to continue to use obsolete operating systems is the cause for security breaches.


Schools need to take time this summer to conduct a classroom inventory of devices and operating systems, helping to identify what potential security issues exist. The priority should be to remove those devices from the district, or upgrade the operating system to take advantage of more modern security. At the very least any Windows XP or comparable outdated devices found in your schools should be disconnected from the internet and your school’s network. They can still leverage older applications and CD-ROM based activities they were initially designed for. 

on ‎06-28-2014 12:50 AM

No matter how bad this author claims XP is, it is far better to use than Windows 8!! I pity any teacher trying to use the user unfriendly Windows 8 in their classroom or lab.  Seems Microsoft should offer updates to patch security breeches to XP and not force School Districts to engage in a very expensive change to W indows 8 which in turn requires all computers to use Word 2013, which is extremely expensive, and again not very user friendly.


Schools operate on money from taxes or private funds if not a public school district.  It seems Microsoft gains to make millions on forcing these new programs on the schools by not securing data on the programs already purchased.  The least Microsoft could do would be to donate the new programs to the schools instead of making huge profits on the backs of taxpayers and students.

on ‎06-28-2014 02:16 AM

Has anyone noticed that the balloon is misspelled.......

on ‎07-19-2014 08:23 AM

Very well written and stated , but not just Education many homes and offices need to upgrade right away.

by Elliott
on ‎07-22-2014 08:48 AM

Hi Cap, the balloon is from Denmark. Smiley Happy

on ‎07-27-2014 08:59 AM

The schools can't afford to be constantly buying new computer hardware and software.  Since I am in industry, my company offered to replace my XP laptop.  I turned them down to avoid losing the printer and serial ports that I need and to avoid dealing with new, incompatible software designed for running cell phones.  At home, I inherited two computers from an inlaw with Vista installed.  After several attempts to do something with them, I unplugged them and left them gathering dust in a corner until Windows 7 came out and the reviews made clear that it was viable.  Windows 8 is, by reputation, another failure and there is no point in buying a system with it installed and suffering with it until it gets replaced.

Showing results for 
Search instead for 
Do you mean 
About the Author
  • Jim Vanides is responsible for the vision, strategy, design, and implementation of education technology innovation initiatives. His focus is the effective use of technology to create powerful learning experiences that help students around the world succeed. He has been instrumental in launching over 1200 primary, secondary, and higher education projects in 41 countries, including the HP Catalyst Initiative - a 15-country network of 60+ education organizations exploring innovations in STEM(+) learning and teaching. In addition to his work at HP, Jim teaches an online course for Montana State University on the Science of Sound, a masters-level, conceptual physics course for teachers in grades 5 through 8. Jim’s past work at HP has included engineering design, engineering management, and program management in R&D, Manufacturing, and Business Development. He holds a BS in Engineering and a MA in Education, both from Stanford University.
footer image