Software // Operating Systems
News
3/12/2014
09:50 AM
Connect Directly
Twitter
RSS
E-Mail
50%
50%

Windows XP Security Issues: Fact Vs. Fiction

Are you prepared for the end of Microsoft support for Windows XP next month?

Windows 8.1 Update 1: 10 Key Changes
Windows 8.1 Update 1: 10 Key Changes
(Click image for larger view and slideshow.)

In less than a month, Microsoft will stop supporting Windows XP, still the second most widely used PC operating system in the world. The company announced the OS's April 8 termination date years ago, but with as many as 500 million XP systems still active last month, not everyone is going to make a move in time.

XP users have vocally protested Microsoft's abandonment of such a popular product. Objections include upgrade costs, application compatibility concerns, and whether customers should be effectively forced to leave a product that they are happy with. Despite Microsoft's increased efforts, which now include daily pop-up notifications on XP systems, almost one in three computers still ran the 12-year-old OS in February, according to web-tracking firm Net Applications. More alarming for Microsoft, Windows XP's market share hasn't decreased since last year and Windows 8.1's has barely grown. Both trends imply the company's escalating messaging has fallen largely on deaf ears.

[Will Microsoft win back users with Windows 8.1 Update 1? Read Microsoft Windows 8.1 Update Surfaces.]

So what will happen when April 8 passes and millions of people are still running Windows XP?

"We're into panic time," Michael Silver, a VP at the research firm Gartner, said in an interview. He said the amount of risk depends to some extent on what XP laggards can accomplish in a hurry.

"The ones we're speaking to now are the ones that have done barely anything." If companies haven't already taken action, Silver said, they probably don't have time to even replace XP systems with virtual machines, let alone migrate their operations to Windows 7. Silver told us many late-comers are removing admin rights, restricting permissions, and otherwise locking down any XP systems that can't be retired.

"The reality is, the absence of patches for Windows XP just exposes companies to risk," Forrester analyst David Johnson said, noting that companies must be mindful, not only of security concerns, but also of compliance obligations.

For its part, Microsoft has been trumpeting for months that Windows XP is six times more likely than Windows 8.1 to contract malware. Some InformationWeek readers labeled the statistics as a scare tactic, pointing out that Microsoft has newer products it wants to sell. This cynicism isn't without merit-- but don't be too quick to label Microsoft a fearmonger. Security experts agree: You stick with XP at your own peril.

"It appears a lot of organizations don't realize or don't care how porous Windows XP will become after it ceases being patched in April. It isn't a war-hardened OS, as some customers believe," Wes Miller, research VP with IT consulting firm Directions on Microsoft, said last fall in a blog post. "XP systems will be ripe for an ass-kicking beginning next spring, and they can, and will, be taken advantage of."

Indeed, zero-day exploits are a major IT headache even today, with Microsoft supplying patches and support. The situation could get worse after April, especially if criminals are stockpiling new exploits in anticipation of the deadline, as some have speculated. Silver warned that attackers might also be able to use future Windows 7 and Windows 8 patches to reverse-engineer

Michael Endler joined InformationWeek as an associate editor in 2012. He previously worked in talent representation in the entertainment industry, as a freelance copywriter and photojournalist, and as a teacher. Michael earned a BA in English from Stanford University in 2005 ... View Full Bio

Previous
1 of 2
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
<<   <   Page 3 / 4   >   >>
mak63
0%
100%
mak63,
User Rank: Ninja
3/13/2014 | 3:16:06 AM
Can Microsoft come up on top?
If so many important systems still running XP, (ATMs, healthcare, electric/gas utilities, etc) will be at risk after April, can Microsoft offer an almost free upgrade to Windows 7 Home Premium, and show that they care what happens after the end of the support?

(As moonwatcher correctly pointed out, many XP machines can't run Windows 8)

Another point.  "Silver told us many late-comers are removing admin rights, restricting permissions, and otherwise locking down any XP systems that can't be retired."
Shouldn't business, corporations, industries, etc have done that a long time ago, regardless of the end of the XP's support? No wonder why so many systems get hacked.
Michael Endler
50%
50%
Michael Endler,
User Rank: Author
3/12/2014 | 7:00:24 PM
Re: The issue is no one trusts Microsoft
No doubt. Last I'd heard, Apple actually has more market share than anyone else in the $1000+ PC market. But virtually all Apple computers (certainly the ones that sell in greatest volume) fall in that category. Nice machines, but expensive. Given that so many companies say they're sticking with XP due to upgrade costs, I don't imagine many of them are going to jump to Apple.
PaulS681
50%
50%
PaulS681,
User Rank: Ninja
3/12/2014 | 6:56:25 PM
Re: The issue is no one trusts Microsoft
I think there are many people who say they are going to jump to a Mac but do not. Cost is an issue with the Mac. You can still get a entry level PC for a fraction of the price of a Mac.
PaulS681
IW Pick
100%
0%
PaulS681,
User Rank: Ninja
3/12/2014 | 6:51:56 PM
XP.. Is it Safe?
I gave been asked that a few times this week. People think they have to upgrade, that what they are using isn't safe. If your definition of not being safe is running an OS that isn't being patched then yes. When I think of not being safe I think of sitting in the middle of a busy road or txting while driving... things that will harm you physically.

If you just use your computer for email and web browsing with some office apps mixed in and run anti virus I think you can rest comfortably. You don't need to run out and upgrade to 7.

If you are a business and those XP machines will not touch the internet then your ok. If they do then you better at least have a plan to upgrade. Those machines will be security holes in your network.
Michael Endler
50%
50%
Michael Endler,
User Rank: Author
3/12/2014 | 6:41:21 PM
Re: The issue is no one trusts Microsoft
You know, it's interesting; not all XP users are going to upgrade over the next few months, but tens of millions of them will-- and all of that market share has to go somewhere. It could mean Windows 7 gets a boost, but it could shake down some other ways too.

That said, no one I interviewed for this story felt that a major shake-up is in the cards. Mike Silver said consumers are certainly turning away from Windows but that corporate environments are unlikely to experience a major OS shift. Dave Johnson said Mac OS X is gaining market share in the enterprise at around 1% annually, and that both Macs and Chromebooks could receive more enterprise attention after XP goes dark-- but he also didn't feel businesses are about to drop Windows en masse. Apps and services are moving from the OS to the browser and cloud, and both analysts mentioned that trend as significant to the future of Windows, however. Personally, I have no doubt that Windows 7, OS X, Chrome and Linux will all gain share, and I suspect Windows will fall below 90% PC market share-- but beyond that, it's tough to say how quickly bigger changes might unfold.


What do readers think? A lot of those XP licenses are going to get replaced by something. What OS do you see gaining? Are some of you moving to Windows 7 or 8? Jumping to Mac? Shifting to tablets for most things? Sticking with XP?
Gary_EL
IW Pick
100%
0%
Gary_EL,
User Rank: Ninja
3/12/2014 | 6:21:57 PM
Re: Healthcare scare?
This going to be the calamity what Y2K never was. Why? Because every one was prepared for Y2K, and responsible people who should know better are burying their heads in the sand this time around. I wonder where the responsibility is going to lie for the catastrophes that will be sure to occur. I plan on having an extra supply of cash, my prescriptions, and ready-to-eat food that doesn't need to be cooked by April 8.

I winder, would it be legal for another organization to take control of this abandoned operating system, still adequate for those of us who aren't software developers, and supply updates and such?
Somedude8
50%
50%
Somedude8,
User Rank: Ninja
3/12/2014 | 6:15:58 PM
Re: Huh?
Ah good deal. I thought maybe I was having a moment there. Its been a day of moments!
Michael Endler
50%
50%
Michael Endler,
User Rank: Author
3/12/2014 | 6:13:37 PM
Re: Huh?
Nope, you're not missing anything; it was just phrased ambiguously. I wasn't trying to convey degree of difficulty but rather degree of XP removal--i.e. keeping it around in virtual environments represents a lesser degree of removal than moving wholesale to Windows 7.
Somedude8
50%
50%
Somedude8,
User Rank: Ninja
3/12/2014 | 5:27:57 PM
Huh?
"... they probably don't have time to even replace XP systems with virtual machines, let alone migrate their operations to Windows 7."

Its easier to replace systems with VMs than to upgrade the OS? Am I missing something here?
Charlie Babcock
50%
50%
Charlie Babcock,
User Rank: Author
3/12/2014 | 5:27:25 PM
How is this going to work out again?
I know many IT organizations have done everything they can do, short of replacing Windows XP machines, but 500 million XP users and we're hoping most of them won't go out on the Internet? The police forces of IT organizations better get a tremendous infusion of manpower.
<<   <   Page 3 / 4   >   >>
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest - September 17, 2014
It doesn't matter whether your e-commerce D-Day is Black Friday, tax day, or some random Thursday when a post goes viral. Your websites need to be ready.
Flash Poll
Video
Slideshows
Twitter Feed
InformationWeek Radio
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.