Windows XP Security Issues: Fact Vs. Fiction - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

CIO Insights & Innovation
Security & Risk Strategy
Team Building & Staffing
IT Strategy
Digital Business
Project Management
Programming Languages
Dr. Dobb's
Enterprise Applications
Operating Systems
Productivity/Collaboration Apps
Network Security
Careers & People
Threat Intelligence
IoT
Attacks & Breaches
Application Security
Cloud Security
Endpoint Security
Mobile Security
Perimeter Security
Risk Management
Operations Security
Analytics
Vulnerabilities & Threats
Security & Risk Strategy
Infrastructure as a Service
Platform as a Service
Software as a Service
Cloud Storage
Data Centers
Mobile Applications
Mobile Devices
Mobile Business
Enterprise Mobility Management
AI/Machine Learning
Big Data Analytics
Hardware/Architectures
Software Platforms
IoT
Networking
Wireless Infrastructure
Data Centers
Cloud Infrastructure
Careers and Certifications
Network Security
Government
Healthcare
Wall Street & Technology
Bank Systems & Technology
Insurance & Technology
Industries
Government
Healthcare
Wall Street & Technology
Bank Systems & Technology
Insurance & Technology
IT Life
Careers
Mobile
Mobile Applications
Mobile Devices
Mobile Business
Enterprise Mobility Management
Software
Enterprise Applications
Operating Systems
Productivity/Collaboration Apps
Software // Operating Systems
News
3/12/2014
09:50 AM
Michael Endler
Connect Directly
Twitter
RSS
E-Mail
36 comments
Comment Now
50%
50%

Windows XP Security Issues: Fact Vs. Fiction

Are you prepared for the end of Microsoft support for Windows XP next month?

Windows 8.1 Update 1: 10 Key Changes
Windows 8.1 Update 1: 10 Key Changes
(Click image for larger view and slideshow.)

In less than a month, Microsoft will stop supporting Windows XP, still the second most widely used PC operating system in the world. The company announced the OS's April 8 termination date years ago, but with as many as 500 million XP systems still active last month, not everyone is going to make a move in time.

XP users have vocally protested Microsoft's abandonment of such a popular product. Objections include upgrade costs, application compatibility concerns, and whether customers should be effectively forced to leave a product that they are happy with. Despite Microsoft's increased efforts, which now include daily pop-up notifications on XP systems, almost one in three computers still ran the 12-year-old OS in February, according to web-tracking firm Net Applications. More alarming for Microsoft, Windows XP's market share hasn't decreased since last year and Windows 8.1's has barely grown. Both trends imply the company's escalating messaging has fallen largely on deaf ears.

[Will Microsoft win back users with Windows 8.1 Update 1? Read Microsoft Windows 8.1 Update Surfaces.]

So what will happen when April 8 passes and millions of people are still running Windows XP?

"We're into panic time," Michael Silver, a VP at the research firm Gartner, said in an interview. He said the amount of risk depends to some extent on what XP laggards can accomplish in a hurry.

"The ones we're speaking to now are the ones that have done barely anything." If companies haven't already taken action, Silver said, they probably don't have time to even replace XP systems with virtual machines, let alone migrate their operations to Windows 7. Silver told us many late-comers are removing admin rights, restricting permissions, and otherwise locking down any XP systems that can't be retired.

"The reality is, the absence of patches for Windows XP just exposes companies to risk," Forrester analyst David Johnson said, noting that companies must be mindful, not only of security concerns, but also of compliance obligations.

For its part, Microsoft has been trumpeting for months that Windows XP is six times more likely than Windows 8.1 to contract malware. Some InformationWeek readers labeled the statistics as a scare tactic, pointing out that Microsoft has newer products it wants to sell. This cynicism isn't without merit-- but don't be too quick to label Microsoft a fearmonger. Security experts agree: You stick with XP at your own peril.

"It appears a lot of organizations don't realize or don't care how porous Windows XP will become after it ceases being patched in April. It isn't a war-hardened OS, as some customers believe," Wes Miller, research VP with IT consulting firm Directions on Microsoft, said last fall in a blog post. "XP systems will be ripe for an ass-kicking beginning next spring, and they can, and will, be taken advantage of."

Indeed, zero-day exploits are a major IT headache even today, with Microsoft supplying patches and support. The situation could get worse after April, especially if criminals are stockpiling new exploits in anticipation of the deadline, as some have speculated. Silver warned that attackers might also be able to use future Windows 7 and Windows 8 patches to reverse-engineer

Michael Endler joined InformationWeek as an associate editor in 2012. He previously worked in talent representation in the entertainment industry, as a freelance copywriter and photojournalist, and as a teacher. Michael earned a BA in English from Stanford University in 2005 ... View Full Bio

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Previous
1 of 2
Next
Comment  | 
Print  | 
More Insights
Webcasts
More Webcasts
White Papers
More White Papers
Reports
More Reports
Comments
Newest First  |  Oldest First  |  Threaded View
Page 1 / 4   >   >>
LADave
50%
50%
LADave,
 User Rank: Apprentice
9/12/2015 | 1:15:13 PM
Can't run anything beyond XP. Really now?
Regardless of operating system, the current practical rock-bottom minimum probably is Pentium 4 and 2GB.  Earlier CPUs lack SSE2 instructions increasingly required by high-priority applications (Skype for one), making older setups unacceptably constraining for primary use.  Few P4 motherboards won't accept at least 2GB. By that point you're ready for Windows 7 or a reasonably up-to-date Linux. 

The hardware expense is trivial because business-oriented Dell, HP and Lenovo P4 systems are being cycled out of corporations by truckloads and oversaturate the market.  For a few dollars more you can even find Core Duos that will run in 64 bit mode as well as 32 bit with a considerable speed boost over P4.
boardhead
0%
100%
boardhead,
 User Rank: Apprentice
4/7/2014 | 6:43:56 PM
Cloud printing
Michael,

I've replaced my XP pc with a Chromebook for internet use.  However I don't have a cloud based printer and can't print directly from Chromebook so my pc must be on and connected to the printer.  Am I at risk if the pc is connected to wifi to recieve print but not connected to the internet?
Michael Endler
100%
0%
Michael Endler,
 User Rank: Author
3/17/2014 | 4:16:50 PM
Re: on the menu at Milwaukee Vietnamese restaurant ...
Thanks for sharing the story. I'm sure others are in the same boat. Personally, I've run into several people who were running XP and unaware of the impending support termination deadline.
IMjustinkern
IW Pick
100%
0%
IMjustinkern,
 User Rank: Strategist
3/17/2014 | 4:02:28 PM
on the menu at Milwaukee Vietnamese restaurant ...
... the restaurant I went to this weekend was running their reservations & sales on XP. I asked the bartender/owner they he anything about the end of life. He didn't, laughed said "we're probably too busy to care." After, he said he'd have his IT guy look at it. Just an anecdote, but certainly worth remembering that not everyone has expiring tech anywhere close to the top of their concerns. 

P.S. And no, just because it was a Vietnamese restaurant in Milwaukee doesn't mean brats were on the menu. The High Life and donuts, however, were delicious with the pho. 
Michael Endler
100%
0%
Michael Endler,
 User Rank: Author
3/17/2014 | 3:35:58 PM
Re: Probably not as serious as is made out.
I don't doubt that someone who knows what she/he is doing can safely lock down an aging machine. But isn't there some presumption here that user patterns will never change? Some people don't want to upgrade because their current computer meets their current needs. As long as those needs don't change and precautions are taken, perhaps these people can get away without upgrading. But "needs," including the need to be protected while computing, involve a lot of gray areas, especially as more and more essential activities move to the browser. Tech savvy Windows XP holdouts might recognize that seemingly slight changes in behavior present larger changes in malware risks. But tech savvy people aren't the only ones using computers. Some people who say "Windows XP is good enough for me" undeniably have a valid point. But I'm not so sure about others.
Michael Endler
0%
100%
Michael Endler,
 User Rank: Author
3/17/2014 | 3:26:33 PM
Re: Linux could be a great option
Thanks for the Linux resources, but I don't think I can agree that Windows 8.1 imposes a "near vertical learning curve," especially if the alternative is jumping from XP to Linux. Windows 8.1 can be baffling to a first-time user, but I think 15 minutes of guided training is probably enough for most people to get the general idea, and to learn how to tweak settings to their preferences. That's not to say that Windows 8.1 doesn't include some silly/stubborn UI elements-- it does. But while the "learning curve" talking point isn't irrelevant, I think it's become a bit mythologized. Whether people like using the OS is a different (albeit related) factor than whether people can learn how it works. For at least some IW commenters, the former issue seems to be as big or bigger than the latter.
CraigHerberg
100%
0%
CraigHerberg,
 User Rank: Strategist
3/17/2014 | 2:14:06 PM
Re: Healthcare scare?
Y2K was a little more complicated than checking PCs BIOS to see if they would behave on and after January 1, 2000.  There were millions of programs, many of which were used to run hospitals, universities, banks, airplanes, etc., coded as if [19]99 were the end of time.  Using a two-digit year made good sense in the 1970s, when storage was expensive and the year 2000 was a quarter century away, but it became very tedius and expensive to fix before the turn of the century.  Even worse, the practice of using a two-digit year continued well into the 1990s.
robzilla
IW Pick
100%
0%
robzilla,
 User Rank: Strategist
3/14/2014 | 5:53:50 PM
14 years of support not enough?
I do not understand how people could not have taken action to switch operating systems? If you only use xp for email and browsing then a couple hundred dollars will get you a laptop or tablet that will run so much better. To complain about support ending is unbelievable in my opinion. What other OS has ever been supported for so long. Just bite the bullet and switch. Also Windows 8 is not nearly as bad as all the people are complaining about. Windows 7 is a great desktop OS but it is a resource hog and slow to boot up compared to win 8. I am not a windows lover either but I give credit where it is due and Windows 8 is really awesome on the right device. If you really can't get a new tablet or pc then Linux is the best alternative you have. It just won't run too well on 512mb of ram. Modern Linux had evolved and it needs modern hardware. I really so no option for people other than getting a new device unless it is some business setting and using special software and even then there should be some alternative.
ShadyBuffalo64
100%
0%
ShadyBuffalo64,
 User Rank: Strategist
3/14/2014 | 12:04:47 PM
Re: The issue is no one trusts Microsoft
There are couple of options - The best is a new PC running Windows 7 - There are plenty around HP is actively selling new machines with Windows 7. (https://shopping.hp.com/desktops%20&%20all-in-ones/windows+7)

If it's out of your budget, you can consider going to Linux, take a look at this - http://www.pcworld.com/article/2107641/3-easy-linux-alternatives-for-windows-xp-refugees-who-dont-want-a-new-pc.html

Staying on XP will be like driving without a seatbelt, it's only a matter of time before something BAD is going to happen.
ShadyBuffalo64
0%
100%
ShadyBuffalo64,
 User Rank: Strategist
3/14/2014 | 11:57:38 AM
Linux could be a great option
For many, the cost of a new PC and near vertical learning curve of Windows 8 is a major issue. However I have tried a number Linux distros and I have to say that they are definitely a good option. THe setup process is a bit challenging and you need to know that Windows applications wont run, but there are numerous replacements that are just as good and often better. For most, Libre Office and Linux versions of software will do just fine.

Here are some alternatives :

http://www.pcworld.com/article/2107641/3-easy-linux-alternatives-for-windows-xp-refugees-who-dont-want-a-new-pc.html


My personal favorie distro is Mint Linux because it's the closest to the Windows style UI.

http://www.linuxmint.com/
Page 1 / 4   >   >>
Editors' Choice
Commentary
The Best Way to Get Started with Data Analytics
John Edwards, Technology Journalist & Author,  7/8/2020
Slideshows
10 Cyberattacks on the Rise During the Pandemic
Cynthia Harvey, Freelance Journalist, InformationWeek,  6/24/2020
News
IT Trade Shows Go Virtual: Your 2020 List of Events
Jessica Davis, Senior Editor, Enterprise Apps,  5/29/2020
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
Key to Cloud Success: The Right Management
This IT Trend highlights some of the steps IT teams can take to keep their cloud environments running in a safe, efficient manner.
Download This Issue!
Slideshows
Flash Poll