The clock is ticking. On April 8, 2014, Microsoft will end support of its Windows XP operating system. No more software updates, no more security updates. What does this mean? It means that hacking attacks on machines running XP will increase exponentially, as cybercriminals turn their attention to finding holes in the operating system’s security armor.
The risks of running XP
Windows XP is already a highly vulnerable platform. Data from Microsoft on malware infection rates for Windows suggests that the infection rate for Windows XP is significantly higher than subsequent releases. The coming attacks and infections will eclipse the current rates, though, for a couple of reasons:
- First, Windows XP’s long life has given hackers plenty of time to work around its main defense lines. Attacks have evolved and surpassed XP’s ability to defend against them. Security mitigations in Windows 8—and even Windows 7—are far more sophisticated.
- Second, as Microsoft patches newly-discovered vulnerabilities in its supported operating systems, they go back and look for the same vulnerabilities in other versions and issue updates. They will no longer do that with Windows XP.
Hackers will watch the exploits being discovered and patched in supported versions of Windows, and will go back to XP and see if the same vulnerabilities exist there. If they do, it will be open season, as Microsoft will not patch XP.
Ripe for the picking
Microsoft representatives have repeatedly gone on record as saying that they fully expect significant increases in malware infection rates on XP systems once the April 8 date has passed. Even though Microsoft is offering updates to its anti-malware signatures and engine for Windows XP products until July 2015, these updates don’t resolve the fundamental vulnerabilities within the operating system itself. Further, if Windows XP is vulnerable, will you be able to fully trust the services, processes and APIs that antivirus and antimalware solutions depend upon?
And therein lies the problem: According to Forrester, Windows XP “once was installed on over 80% of enterprise desktop devices.” With this level of market penetration, chances are your business has run or is currently running Windows XP. When the data thieves attack, they won’t be looking for a specific size or type of business; they’ll be seeking out any XP machine that’s connected to the Internet.
Your next steps
If you don’t know whether you have Windows XP in your environment, you need to find out quickly.
If you DO have Windows XP in your environment, hopefully you have a plan for removing it. Unfortunately, subsequent versions of Windows run very poorly (or worse, not at all) on most hardware that was put in place with Windows XP. Upgrading to a supported version of Windows will probably involve upgrading the computer running it.
If you don’t have a plan yet, it’s time to start formulating one. There are a number of options and resources that will help you fend off the coming attacks, but it’s time to act now. Look for upcoming posts that describe options to help you get past April 8th and the end of life of Windows XP!