Software // Operating Systems
News
3/12/2014
09:50 AM
Connect Directly
Twitter
RSS
E-Mail
50%
50%

Windows XP Security Issues: Fact Vs. Fiction

Are you prepared for the end of Microsoft support for Windows XP next month?

Windows 8.1 Update 1: 10 Key Changes
Windows 8.1 Update 1: 10 Key Changes
(Click image for larger view and slideshow.)

In less than a month, Microsoft will stop supporting Windows XP, still the second most widely used PC operating system in the world. The company announced the OS's April 8 termination date years ago, but with as many as 500 million XP systems still active last month, not everyone is going to make a move in time.

XP users have vocally protested Microsoft's abandonment of such a popular product. Objections include upgrade costs, application compatibility concerns, and whether customers should be effectively forced to leave a product that they are happy with. Despite Microsoft's increased efforts, which now include daily pop-up notifications on XP systems, almost one in three computers still ran the 12-year-old OS in February, according to web-tracking firm Net Applications. More alarming for Microsoft, Windows XP's market share hasn't decreased since last year and Windows 8.1's has barely grown. Both trends imply the company's escalating messaging has fallen largely on deaf ears.

[Will Microsoft win back users with Windows 8.1 Update 1? Read Microsoft Windows 8.1 Update Surfaces.]

So what will happen when April 8 passes and millions of people are still running Windows XP?

"We're into panic time," Michael Silver, a VP at the research firm Gartner, said in an interview. He said the amount of risk depends to some extent on what XP laggards can accomplish in a hurry.

"The ones we're speaking to now are the ones that have done barely anything." If companies haven't already taken action, Silver said, they probably don't have time to even replace XP systems with virtual machines, let alone migrate their operations to Windows 7. Silver told us many late-comers are removing admin rights, restricting permissions, and otherwise locking down any XP systems that can't be retired.

"The reality is, the absence of patches for Windows XP just exposes companies to risk," Forrester analyst David Johnson said, noting that companies must be mindful, not only of security concerns, but also of compliance obligations.

For its part, Microsoft has been trumpeting for months that Windows XP is six times more likely than Windows 8.1 to contract malware. Some InformationWeek readers labeled the statistics as a scare tactic, pointing out that Microsoft has newer products it wants to sell. This cynicism isn't without merit-- but don't be too quick to label Microsoft a fearmonger. Security experts agree: You stick with XP at your own peril.

"It appears a lot of organizations don't realize or don't care how porous Windows XP will become after it ceases being patched in April. It isn't a war-hardened OS, as some customers believe," Wes Miller, research VP with IT consulting firm Directions on Microsoft, said last fall in a blog post. "XP systems will be ripe for an ass-kicking beginning next spring, and they can, and will, be taken advantage of."

Indeed, zero-day exploits are a major IT headache even today, with Microsoft supplying patches and support. The situation could get worse after April, especially if criminals are stockpiling new exploits in anticipation of the deadline, as some have speculated. Silver warned that attackers might also be able to use future Windows 7 and Windows 8 patches to reverse-engineer

Michael Endler joined InformationWeek as an associate editor in 2012. He previously worked in talent representation in the entertainment industry, as a freelance copywriter and photojournalist, and as a teacher. Michael earned a BA in English from Stanford University in 2005 ... View Full Bio

Previous
1 of 2
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
<<   <   Page 4 / 4
Laurianne
100%
0%
Laurianne,
User Rank: Author
3/12/2014 | 3:30:07 PM
Re: Healthcare scare?
I also see XP running widely in retail and hospitality settings. Given the current data breach climate for retail, this seems extra worrisome.
jagibbons
0%
100%
jagibbons,
User Rank: Ninja
3/12/2014 | 3:17:27 PM
Re: Healthcare scare?
Most ATMs do run Windows XP. It's the version for embedded devices which has far fewer security holes to begin with, but that is the predominant operating system. At some point, they will have to be replaced. I don't envy those who will be responsible for the logistics on that. Sadly, all of us who bank or use healthcare will end up paying for the inevitable upgrades.
danielcawrey
50%
50%
danielcawrey,
User Rank: Ninja
3/12/2014 | 1:44:08 PM
Re: Healthcare scare?
I will be glad to see this OS fade from relevance. But it is true, many ATMs and security devices still use Windows XP. That's scary these devices have not innovated on the level that needs to be done. 

My thinking now is: How soon will we hear about a security breach in relation to Microsoft pulling support for Windows XP?
moonwatcher
50%
50%
moonwatcher,
User Rank: Strategist
3/12/2014 | 12:45:15 PM
Does Microsoft REALLY care?
A quote from the article states, "Anyone connecting a Windows XP computer to the Internet after Microsoft drops its support in April 2014 is not only putting themselves at risk, but also endangering all of us on the Internet -- as their computers may be hijacked into botnets and used to spread malware and spam attacks."

Well, if Microsoft REALLY cared about the Internet getting flooded with a bunch of compromised XP machines doing denial of service and other sorts of mischief, they'd offer everyone running XP a nearly FREE upgrade to Windows 7 Home Premium. It isn't like they'd be losing money doing so.

Why Windows 7? Because most XP machines still running could fairly easily run Windows 7, but NOT Windows 8.1 because it requires a motherboard with a BIOS supporting a feature called Data Execution Prevention. Throwing 500 million perfectly good PCs into the landfill ought to be a crime, so giving an upgrade would be a good solution for many of them.

I set my neighbor up on Ubuntu (an easy to use flavor of Linux) and after about 20 minutes of instruction she was good to go. At least she will not have to buy a new PC just to do things she was already doing. Linux is not just for geeks only these days.
jagibbons
100%
0%
jagibbons,
User Rank: Ninja
3/12/2014 | 12:26:40 PM
Healthcare scare?
The dominance of XP in the healthcare and banking industries is worrisome. I know those industries have great security folks working to protect critical data, but there's a real target there. Hopefully, once reality hits, enterprises will find ways to move off XP when they previously thought it wasn't possible or just not a high priority.
<<   <   Page 4 / 4
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest September 18, 2014
Enterprise social network success starts and ends with integration. Here's how to finally make collaboration click.
Flash Poll
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
The weekly wrap-up of the top stories from InformationWeek.com this week.
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.