Software // Operating Systems
News
3/12/2014
09:50 AM
Connect Directly
Twitter
RSS
E-Mail
50%
50%

Windows XP Security Issues: Fact Vs. Fiction

Are you prepared for the end of Microsoft support for Windows XP next month?

Windows 8.1 Update 1: 10 Key Changes
Windows 8.1 Update 1: 10 Key Changes
(Click image for larger view and slideshow.)

In less than a month, Microsoft will stop supporting Windows XP, still the second most widely used PC operating system in the world. The company announced the OS's April 8 termination date years ago, but with as many as 500 million XP systems still active last month, not everyone is going to make a move in time.

XP users have vocally protested Microsoft's abandonment of such a popular product. Objections include upgrade costs, application compatibility concerns, and whether customers should be effectively forced to leave a product that they are happy with. Despite Microsoft's increased efforts, which now include daily pop-up notifications on XP systems, almost one in three computers still ran the 12-year-old OS in February, according to web-tracking firm Net Applications. More alarming for Microsoft, Windows XP's market share hasn't decreased since last year and Windows 8.1's has barely grown. Both trends imply the company's escalating messaging has fallen largely on deaf ears.

[Will Microsoft win back users with Windows 8.1 Update 1? Read Microsoft Windows 8.1 Update Surfaces.]

So what will happen when April 8 passes and millions of people are still running Windows XP?

"We're into panic time," Michael Silver, a VP at the research firm Gartner, said in an interview. He said the amount of risk depends to some extent on what XP laggards can accomplish in a hurry.

"The ones we're speaking to now are the ones that have done barely anything." If companies haven't already taken action, Silver said, they probably don't have time to even replace XP systems with virtual machines, let alone migrate their operations to Windows 7. Silver told us many late-comers are removing admin rights, restricting permissions, and otherwise locking down any XP systems that can't be retired.

"The reality is, the absence of patches for Windows XP just exposes companies to risk," Forrester analyst David Johnson said, noting that companies must be mindful, not only of security concerns, but also of compliance obligations.

For its part, Microsoft has been trumpeting for months that Windows XP is six times more likely than Windows 8.1 to contract malware. Some InformationWeek readers labeled the statistics as a scare tactic, pointing out that Microsoft has newer products it wants to sell. This cynicism isn't without merit-- but don't be too quick to label Microsoft a fearmonger. Security experts agree: You stick with XP at your own peril.

"It appears a lot of organizations don't realize or don't care how porous Windows XP will become after it ceases being patched in April. It isn't a war-hardened OS, as some customers believe," Wes Miller, research VP with IT consulting firm Directions on Microsoft, said last fall in a blog post. "XP systems will be ripe for an ass-kicking beginning next spring, and they can, and will, be taken advantage of."

Indeed, zero-day exploits are a major IT headache even today, with Microsoft supplying patches and support. The situation could get worse after April, especially if criminals are stockpiling new exploits in anticipation of the deadline, as some have speculated. Silver warned that attackers might also be able to use future Windows 7 and Windows 8 patches to reverse-engineer

Michael Endler joined InformationWeek as an associate editor in 2012. He previously worked in talent representation in the entertainment industry, as a freelance copywriter and photojournalist, and as a teacher. Michael earned a BA in English from Stanford University in 2005 ... View Full Bio

Previous
1 of 2
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Page 1 / 4   >   >>
boardhead
50%
50%
boardhead,
User Rank: Apprentice
4/7/2014 | 6:43:56 PM
Cloud printing
Michael,

I've replaced my XP pc with a Chromebook for internet use.  However I don't have a cloud based printer and can't print directly from Chromebook so my pc must be on and connected to the printer.  Am I at risk if the pc is connected to wifi to recieve print but not connected to the internet?
Michael Endler
100%
0%
Michael Endler,
User Rank: Author
3/17/2014 | 4:16:50 PM
Re: on the menu at Milwaukee Vietnamese restaurant ...
Thanks for sharing the story. I'm sure others are in the same boat. Personally, I've run into several people who were running XP and unaware of the impending support termination deadline.
IMjustinkern
IW Pick
100%
0%
IMjustinkern,
User Rank: Strategist
3/17/2014 | 4:02:28 PM
on the menu at Milwaukee Vietnamese restaurant ...
... the restaurant I went to this weekend was running their reservations & sales on XP. I asked the bartender/owner they he anything about the end of life. He didn't, laughed said "we're probably too busy to care." After, he said he'd have his IT guy look at it. Just an anecdote, but certainly worth remembering that not everyone has expiring tech anywhere close to the top of their concerns. 

P.S. And no, just because it was a Vietnamese restaurant in Milwaukee doesn't mean brats were on the menu. The High Life and donuts, however, were delicious with the pho. 
Michael Endler
100%
0%
Michael Endler,
User Rank: Author
3/17/2014 | 3:35:58 PM
Re: Probably not as serious as is made out.
I don't doubt that someone who knows what she/he is doing can safely lock down an aging machine. But isn't there some presumption here that user patterns will never change? Some people don't want to upgrade because their current computer meets their current needs. As long as those needs don't change and precautions are taken, perhaps these people can get away without upgrading. But "needs," including the need to be protected while computing, involve a lot of gray areas, especially as more and more essential activities move to the browser. Tech savvy Windows XP holdouts might recognize that seemingly slight changes in behavior present larger changes in malware risks. But tech savvy people aren't the only ones using computers. Some people who say "Windows XP is good enough for me" undeniably have a valid point. But I'm not so sure about others.
Michael Endler
50%
50%
Michael Endler,
User Rank: Author
3/17/2014 | 3:26:33 PM
Re: Linux could be a great option
Thanks for the Linux resources, but I don't think I can agree that Windows 8.1 imposes a "near vertical learning curve," especially if the alternative is jumping from XP to Linux. Windows 8.1 can be baffling to a first-time user, but I think 15 minutes of guided training is probably enough for most people to get the general idea, and to learn how to tweak settings to their preferences. That's not to say that Windows 8.1 doesn't include some silly/stubborn UI elements-- it does. But while the "learning curve" talking point isn't irrelevant, I think it's become a bit mythologized. Whether people like using the OS is a different (albeit related) factor than whether people can learn how it works. For at least some IW commenters, the former issue seems to be as big or bigger than the latter.
CraigHerberg
50%
50%
CraigHerberg,
User Rank: Strategist
3/17/2014 | 2:14:06 PM
Re: Healthcare scare?
Y2K was a little more complicated than checking PCs BIOS to see if they would behave on and after January 1, 2000.  There were millions of programs, many of which were used to run hospitals, universities, banks, airplanes, etc., coded as if [19]99 were the end of time.  Using a two-digit year made good sense in the 1970s, when storage was expensive and the year 2000 was a quarter century away, but it became very tedius and expensive to fix before the turn of the century.  Even worse, the practice of using a two-digit year continued well into the 1990s.
robzilla
IW Pick
100%
0%
robzilla,
User Rank: Strategist
3/14/2014 | 5:53:50 PM
14 years of support not enough?
I do not understand how people could not have taken action to switch operating systems? If you only use xp for email and browsing then a couple hundred dollars will get you a laptop or tablet that will run so much better. To complain about support ending is unbelievable in my opinion. What other OS has ever been supported for so long. Just bite the bullet and switch. Also Windows 8 is not nearly as bad as all the people are complaining about. Windows 7 is a great desktop OS but it is a resource hog and slow to boot up compared to win 8. I am not a windows lover either but I give credit where it is due and Windows 8 is really awesome on the right device. If you really can't get a new tablet or pc then Linux is the best alternative you have. It just won't run too well on 512mb of ram. Modern Linux had evolved and it needs modern hardware. I really so no option for people other than getting a new device unless it is some business setting and using special software and even then there should be some alternative.
ShadyBuffalo64
50%
50%
ShadyBuffalo64,
User Rank: Apprentice
3/14/2014 | 12:04:47 PM
Re: The issue is no one trusts Microsoft
There are couple of options - The best is a new PC running Windows 7 - There are plenty around HP is actively selling new machines with Windows 7. (https://shopping.hp.com/desktops%20&%20all-in-ones/windows+7)

If it's out of your budget, you can consider going to Linux, take a look at this - http://www.pcworld.com/article/2107641/3-easy-linux-alternatives-for-windows-xp-refugees-who-dont-want-a-new-pc.html

Staying on XP will be like driving without a seatbelt, it's only a matter of time before something BAD is going to happen.
ShadyBuffalo64
50%
50%
ShadyBuffalo64,
User Rank: Apprentice
3/14/2014 | 11:57:38 AM
Linux could be a great option
For many, the cost of a new PC and near vertical learning curve of Windows 8 is a major issue. However I have tried a number Linux distros and I have to say that they are definitely a good option. THe setup process is a bit challenging and you need to know that Windows applications wont run, but there are numerous replacements that are just as good and often better. For most, Libre Office and Linux versions of software will do just fine.

Here are some alternatives :

http://www.pcworld.com/article/2107641/3-easy-linux-alternatives-for-windows-xp-refugees-who-dont-want-a-new-pc.html


My personal favorie distro is Mint Linux because it's the closest to the Windows style UI.

http://www.linuxmint.com/
SaneIT
50%
50%
SaneIT,
User Rank: Ninja
3/14/2014 | 8:57:40 AM
Re: Probably not as serious as is made out.
@ianmacdonald

This is great advice.  I have in-laws who still use a Window 2K desktop, they absolutely refuse to upgrade because it still does what they need it to.  Years ago I locked it down as tightly as I could to prevent any attacks because they are far from computer savvy.  That desktop is going on 14 years old and still humming along.  The only issues they every have is the occasional lost password for email or an issue with their ISP.  IF it a very lightly used XP box and you can lock it down then you can be reasonably safe.  

 
Page 1 / 4   >   >>
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest - August 27, 2014
Who wins in cloud price wars? Short answer: not IT. Enterprises don't want bare-bones IaaS. Providers must focus on support, not undercutting rivals.
Flash Poll
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Howard Marks talks about steps to take in choosing the right cloud storage solutions for your IT problems
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.