Support for Windows XP is ending: after today there will be no new security updates, non-security hotfixes, free or paid assisted support options or online technical content updates.
Is this a problem? After all, it’s a 12-year old operating system.
It wouldn’t be, if it weren’t for the fact that there are still a lot of people running Windows XP – our data indicate that around 18 per cent of our customers are still running Windows XP. That’s a lot of people wide open to attack once the security patches dry up: effectively, every vulnerability discovered from now will become a zero-day vulnerability – that is, one for which there is no chance of a patch.
The problem will be compounded once application vendors stop developing updates for Windows XP – every un-patched application will become another potential point of compromise, further increasing the potential attack surface.
Switching to a newer operating system might seem like a straightforward decision. But though Microsoft has given plenty of notice about the end of support, it’s not so difficult to see why there might be difficulties for some businesses. On top of the cost of switching operating system, it may also mean investing in new hardware and even trying to replace a bespoke application developed specifically for the company – one that will not run on a later operating system. So it’s not so surprising to see somelarge organisations paying for continued support for XP .
So if you don’t switch right now, can you stay secure? Will your anti-virus software protect you?
Certainly it will provide protection. But this only holds good if by ‘anti-virus’ we mean a comprehensive Internet security product that makes use of proactive technology to defend against new, unknown threats – in particular, functionality to prevent the use of exploits. A basic anti-virus product, based largely on signature-based scanning for known malware, is insufficient. Remember too that, as times goes by, security vendors will implement new protection technologies that may well not be Windows XP-compatible.
At best, you should see this as a stop-gap, while you finalise your migration strategy. Malware writers will undoubtedly target Windows XP while significant numbers of people continue to run it, since an un-patched operating system will offer them a much bigger window of opportunity in which to exploit vulnerabilities they find. And any Windows XP-based computer on a network offers a weak point that can be exploited in a targeted attack on the company – if compromised, this will become a stepping-stone into the wider network.
There’s no question that switching to a newer operating system is inconvenient and costly – for individuals and businesses. But the potential risk of using an operating system that will become increasingly insecure might well outweigh the inconvenience and cost.