First released to consumers in 2001, the days are finally numbered for the Windows XP Operating System. Microsoft has confirmed that, after April 8, 2014, technical assistance for Windows XP will no longer be available, including automatic updates that help protect PCs. For anyone still running XP, it’s decision time.
Amar Singh, ISACA UK Security Advisory Group chair, speaks to security experts from WhiteHat Security and AppRiver to find out the risks of running an unsupported operating system.
Updates and Patches
There will be many who feel that if it’s not broken, why fix it especially when money is a scarce commodity. However, once support is withdrawn that’s exactly the situation you face.
Microsoft routinely patches its systems with Windows Updates as vulnerabilities are discovered and, while many love Windows XP it’s fair to say it’s had its problems. A major bug bear has been the fact it’s been ripe with vulnerabilities in past years. In fact, XP is arguably one of the most targeted Operating Systems connected to the Internet, which will make it an enormous liability after the deadline.
While Microsoft may no longer support the software, it doesn’t mean that cyber-criminals will dismiss its validity too. In fact, quite the reverse is true. Troy Gill, security analyst for AppRiver encourages users to make the move to a newer operating system as he fears unpatched machines could be left vulnerable. Troy warns, “After the final April patch, there will be a huge gaping hole between you and relentless cybercriminals bent on stealing your personal and financial information. These criminals often attack vulnerable systems to access your machine and infect it with the malware of their choosing. What’s more, the longer you continue to use XP, the more significant the threat will become.”
Open Windows
As in the real word, an open window is a very tempting proposition to criminals and the cyber variety isn’t any different. As already mentioned, the reality is vulnerabilities discovered in Windows XP after the April deadline will remain unpatched offering an open window, if you’ll pardon the pun, for criminals to slip through.
A sentiment shared by Robert Hansen, Technical Evangelist at WhiteHat Security. He believes, “It seems a bit like speculation that hackers will take any particular action, however, if they were thinking about when to release a Windows XP vulnerability, they may decide to hold tight based on Fossen’s theory. This may be a good example of a self-fulfilling prophecy. It’s a valid theory though, and it does make sense.”
Jeremiah Grossman, founder and CTO of WhiteHat Security adds, “I think Cyber Criminals and Nation-State sponsored activists will indeed bank vulnerabilities, and only use them when they have to. That said, my prediction will be that they’ll do this, as they do with many types of software, regardless of when or if Microsoft end-of-lives WinXP.”
The Chain Reaction
A further consideration is the peripherals being used – printers, apps, etc., which many not work with older operating systems. Troy warns, “Many companies have already stopped developing software for Windows XP and many more will soon follow suit, as they begin to wind down their support of XP-based applications. This will mean more unpatched vulnerabilities as some companies shift focus away from software designed for an OS at its end of life.”
As well as a decreased focus on patching of XP applications, some companies will no longer support those applications at all. This could disrupt business operations so, if you’re an organisations affected in this manner, don’t delay. Plan accordingly so that there are no surprises that affect mission-critical software following the April deadline.
What will you do?
Today, nothing has changed but that’s not going to be true for much longer. In fact, the longer you wait the less options you will have as Troy’s final piece of advice attests, “Casual home users have roughly seven months to save up for that new machine. And if you’re not keen on Windows 8, you can still get one shipped with Windows 7 – but that won’t be true indefinitely.”
For those of you that really can’t bear to be separated from your XP machine you have a choice. Continue to use the operating system in the hope and blind belief that it will stay safe from malicious software. Or, be realistic. Upgrade or your OS or as a last resort disconnect the machine and get a new one with a supported OS