Microsoft reminds us of the risks of not moving on from Win XP

by Mark Tyson on 20 August 2013, 12:15

Tags: Windows XP, PC

Quick Link: HEXUS.net/qabzwb

Add to My Vault: x

We’ve mentioned a few times about the end of support for Microsoft’s Windows XP operating system. Once a year before the date the OS (and Office 2003) is set to lose support and in several other articles where Microsoft expresses its hope that people will rush to adopt Windows 8 as time ticks away for ye olde OS. Microsoft has decided to remind us again and senior executive Tim Rains, Director of Trustworthy Computing, was enlisted to write a blog post about the risk awaiting those remaining running Windows XP systems after 8th April 2014.

The main problem with people who stick with XP is, according to Rains, that the attackers will then have the upper hand as they “will likely have more information about vulnerabilities in Windows XP than defenders”. Apparently when any version of some software is updated to fix a vulnerability some people will test to see if the vulnerability exists in other versions of the software which are not yet patched. Software security updates are thus released by Microsoft simultaneously across all affected products. This service will end for Windows XP and Office 2003 next April.

“The very first month that Microsoft releases security updates for supported versions of Windows, attackers will reverse engineer those updates, find the vulnerabilities and test Windows XP to see if it shares those vulnerabilities.  If it does, attackers will attempt to develop exploit code that can take advantage of those vulnerabilities on Windows XP.  Since a security update will never become available for Windows XP to address these vulnerabilities, Windows XP will essentially have a ‘zero day’ vulnerability forever,” wrote Rains. He goes on to explain that Windows XP, Vista and Windows 7 have historically been affected by a many overlapping Microsoft security bulletins.

Infection rate (CCM) by operating system and service pack in the fourth quarter of 2012
as reported in the Microsoft Security Intelligence Report volume 14.

Despite this, Rains says that many Microsoft customers won’t manage to make the transition from Windows XP in time and some others said they won’t upgrade Windows XP until the hardware it is running on fails. Also Rains points out that even now, while XP still receives security updates and hotfixes, it still suffers from a “significantly higher” malware infection rate than more modern OSes such as Windows 7 and 8. Windows XP’s support for Internet Explorer versions only up to v8 doesn’t help matters either.

HEXUS Forums :: 48 Comments

Login with Forum Account

Don't have an account? Register today!
Posted by sirtrouserpress - Tue 20 Aug 2013 12:25
Shame, Windows XP was always my favorite OS, although I did move to windows 7 with my later builds and its comparable but a few too many features that aren't needed
Posted by Saracen - Tue 20 Aug 2013 12:37
Microsoft have a point.

But …. I have several machines running XP and they are going to stay running XP. I have enough spare hardware, including spare processors and RAM, and even mobo's, to keep them running pretty much indefinitely, and that is precisely what I will do, while they still do the job I have them for. And I am NOT putting Win8 on those machines, now or ever, not least because they would either struggle to run it, or simply not run it.

And in, oh, 10 years or whatever, not one of those machines has contracted a virus, or been hacked, or even attacked. Why? Simplez, no internet connection. They don't need it, so don't have it.

I did recently upgrade another machine, hardware and software wise, from XP and Office …. to Ubuntu and Libre.
Posted by 3dcandy - Tue 20 Aug 2013 12:55
For the majority of users though Win 7 is such a better choice. IE9+ when they think that IE IS the internet for starters…
Posted by kompukare - Tue 20 Aug 2013 13:02
While Microsoft have a point they do make a living out of forcing people to upgrade.

Not being connected to Internet works fairly well of course, but wonder how secure a business LAN would be if it is protect by a decent UTM (Unified Thread Management)?

I can see an opening for custom Linux UTM/Firewalls distro here. The upgrade pushers Intel and Microsoft won't like that though but the landfills might. Core2 performance is plenty enough power for a few more years anyhow.
Posted by 3dcandy - Tue 20 Aug 2013 13:28
Saracen
Microsoft have a point.

But …. I have several machines running XP and they are going to stay running XP. I have enough spare hardware, including spare processors and RAM, and even mobo's, to keep them running pretty much indefinitely, and that is precisely what I will do, while they still do the job I have them for. And I am NOT putting Win8 on those machines, now or ever, not least because they would either struggle to run it, or simply not run it.

And in, oh, 10 years or whatever, not one of those machines has contracted a virus, or been hacked, or even attacked. Why? Simplez, no internet connection. They don't need it, so don't have it.

I did recently upgrade another machine, hardware and software wise, from XP and Office …. to Ubuntu and Libre.

But the majority of people have their pc internet connected and don't understand the risks. Yes, I agree it can be done, but most people I end up fixing pc's for have really no clue what to do or how to go about it. XP is just what they are used to. I also find most of the time that their pc's are infected big style because they have no idea…

SEE NEWER »