Software // Operating Systems
09:50 AM
Connect Directly
The Rise of Ransomware: 3 Critical Steps to Prevent an Infection
Jul 20, 2016
Ransomware is on the rise. But your organization does not have to become a victim. Automated preve ...Read More>>

Windows XP Security Issues: Fact Vs. Fiction

Are you prepared for the end of Microsoft support for Windows XP next month?

Windows 8.1 Update 1: 10 Key Changes
Windows 8.1 Update 1: 10 Key Changes
(Click image for larger view and slideshow.)

In less than a month, Microsoft will stop supporting Windows XP, still the second most widely used PC operating system in the world. The company announced the OS's April 8 termination date years ago, but with as many as 500 million XP systems still active last month, not everyone is going to make a move in time.

XP users have vocally protested Microsoft's abandonment of such a popular product. Objections include upgrade costs, application compatibility concerns, and whether customers should be effectively forced to leave a product that they are happy with. Despite Microsoft's increased efforts, which now include daily pop-up notifications on XP systems, almost one in three computers still ran the 12-year-old OS in February, according to web-tracking firm Net Applications. More alarming for Microsoft, Windows XP's market share hasn't decreased since last year and Windows 8.1's has barely grown. Both trends imply the company's escalating messaging has fallen largely on deaf ears.

[Will Microsoft win back users with Windows 8.1 Update 1? Read Microsoft Windows 8.1 Update Surfaces.]

So what will happen when April 8 passes and millions of people are still running Windows XP?

"We're into panic time," Michael Silver, a VP at the research firm Gartner, said in an interview. He said the amount of risk depends to some extent on what XP laggards can accomplish in a hurry.

"The ones we're speaking to now are the ones that have done barely anything." If companies haven't already taken action, Silver said, they probably don't have time to even replace XP systems with virtual machines, let alone migrate their operations to Windows 7. Silver told us many late-comers are removing admin rights, restricting permissions, and otherwise locking down any XP systems that can't be retired.

"The reality is, the absence of patches for Windows XP just exposes companies to risk," Forrester analyst David Johnson said, noting that companies must be mindful, not only of security concerns, but also of compliance obligations.

For its part, Microsoft has been trumpeting for months that Windows XP is six times more likely than Windows 8.1 to contract malware. Some InformationWeek readers labeled the statistics as a scare tactic, pointing out that Microsoft has newer products it wants to sell. This cynicism isn't without merit-- but don't be too quick to label Microsoft a fearmonger. Security experts agree: You stick with XP at your own peril.

"It appears a lot of organizations don't realize or don't care how porous Windows XP will become after it ceases being patched in April. It isn't a war-hardened OS, as some customers believe," Wes Miller, research VP with IT consulting firm Directions on Microsoft, said last fall in a blog post. "XP systems will be ripe for an ass-kicking beginning next spring, and they can, and will, be taken advantage of."

Indeed, zero-day exploits are a major IT headache even today, with Microsoft supplying patches and support. The situation could get worse after April, especially if criminals are stockpiling new exploits in anticipation of the deadline, as some have speculated. Silver warned that attackers might also be able to use future Windows 7 and Windows 8 patches to reverse-engineer

Michael Endler joined InformationWeek as an associate editor in 2012. He previously worked in talent representation in the entertainment industry, as a freelance copywriter and photojournalist, and as a teacher. Michael earned a BA in English from Stanford University in 2005 ... View Full Bio

1 of 2
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
<<   <   Page 4 / 4
Charlie Babcock
Charlie Babcock,
User Rank: Author
3/12/2014 | 5:27:25 PM
How is this going to work out again?
I know many IT organizations have done everything they can do, short of replacing Windows XP machines, but 500 million XP users and we're hoping most of them won't go out on the Internet? The police forces of IT organizations better get a tremendous infusion of manpower.
User Rank: Author
3/12/2014 | 3:30:07 PM
Re: Healthcare scare?
I also see XP running widely in retail and hospitality settings. Given the current data breach climate for retail, this seems extra worrisome.
User Rank: Ninja
3/12/2014 | 3:17:27 PM
Re: Healthcare scare?
Most ATMs do run Windows XP. It's the version for embedded devices which has far fewer security holes to begin with, but that is the predominant operating system. At some point, they will have to be replaced. I don't envy those who will be responsible for the logistics on that. Sadly, all of us who bank or use healthcare will end up paying for the inevitable upgrades.
User Rank: Ninja
3/12/2014 | 1:44:08 PM
Re: Healthcare scare?
I will be glad to see this OS fade from relevance. But it is true, many ATMs and security devices still use Windows XP. That's scary these devices have not innovated on the level that needs to be done. 

My thinking now is: How soon will we hear about a security breach in relation to Microsoft pulling support for Windows XP?
User Rank: Ninja
3/12/2014 | 12:45:15 PM
Does Microsoft REALLY care?
A quote from the article states, "Anyone connecting a Windows XP computer to the Internet after Microsoft drops its support in April 2014 is not only putting themselves at risk, but also endangering all of us on the Internet -- as their computers may be hijacked into botnets and used to spread malware and spam attacks."

Well, if Microsoft REALLY cared about the Internet getting flooded with a bunch of compromised XP machines doing denial of service and other sorts of mischief, they'd offer everyone running XP a nearly FREE upgrade to Windows 7 Home Premium. It isn't like they'd be losing money doing so.

Why Windows 7? Because most XP machines still running could fairly easily run Windows 7, but NOT Windows 8.1 because it requires a motherboard with a BIOS supporting a feature called Data Execution Prevention. Throwing 500 million perfectly good PCs into the landfill ought to be a crime, so giving an upgrade would be a good solution for many of them.

I set my neighbor up on Ubuntu (an easy to use flavor of Linux) and after about 20 minutes of instruction she was good to go. At least she will not have to buy a new PC just to do things she was already doing. Linux is not just for geeks only these days.
User Rank: Ninja
3/12/2014 | 12:26:40 PM
Healthcare scare?
The dominance of XP in the healthcare and banking industries is worrisome. I know those industries have great security folks working to protect critical data, but there's a real target there. Hopefully, once reality hits, enterprises will find ways to move off XP when they previously thought it wasn't possible or just not a high priority.
<<   <   Page 4 / 4
Register for InformationWeek Newsletters
White Papers
Current Issue
Top IT Trends to Watch in Financial Services
IT pros at banks, investment houses, insurance companies, and other financial services organizations are focused on a range of issues, from peer-to-peer lending to cybersecurity to performance, agility, and compliance. It all matters.
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on for the week of June 19, 2016. We'll be talking with the editors and correspondents who brought you the top stories of the week to get the "story behind the story."
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.