Focus: Security matters - migrating from Windows XP

Microsoft EMEA chief security officer Monika Josi wrote about security and Windows XP migration in the latest edition of Touch. We consider some of the key points

Amber Stokes
Amber Stokes
By Amber Stokes on 10 February 2014
Focus: Security matters - migrating from Windows XP

There are now just under two months until Microsoft ends support for Windows XP.

After 8 April 2014, technical assistance for Windows XP will no longer be available, including automatic updates that help protect your PC. Microsoft will also stop providing Microsoft Security Essentials for download on Windows XP on this date.

Microsoft is warning that this will mean a machine running Windows XP after this date will be more vulnerable to security risks and viruses. Also, as more software and hardware manufacturers continue to optimise for more recent versions of Windows, users may encounter greater numbers of apps and devices that do not work with Windows XP.

In an article in Touch magazine, Monika Josi, Microsoft’s EMEA chief security advisor, explains the enhanced security capabilities in newer operating systems. “As the threat landscape has evolved over the past twelve years since the release of Windows XP, so has software security and Microsoft has adapted to this changing landscape,” Josi said. “There are many new security features today in more modern operating systems that can better protect users from criminal activity.”

Josi highlighted some of the risks that businesses may encounter:

  • Unsupported business software: with security fixes and support for Windows XP ending on 8 April 2014, ISVs have already stopped testing new software versions on Windows XP and new releases of critical business software may require Windows 7 at minimum
  • Unsupported hardware: hardware vendors and OEMs have also stopped testing new devices on Windows XP. Many currently shipping computers will not support XP and device drivers are not available
  • Increased support costs: software assurance will not provide support past 8 April 2014, so customers needing support on XP will be required to have XP Custom Support Agreement in place. Additional costs incurred will include an enrolment fee and a per device fee. IDC is predicting that the costs for supporting older operating systems will continue to increase from an end user productivity perspective as well as from an IT labour cost perspective. IDC also advises that organisations should spend their budget on moving to a modern operating system instead of trying to support older ones.

Josi also explained that newer operating systems include significant security enhancements, including:

  • Kernel improvements: recent versions of Windows include a number of security-related improvements to the Windows kernel, making it harder for cybercriminals to use standard hacking techniques, such as exploiting buffer overflows or predict memory location of code
  • Real-time malware protection: in Windows 8, Windows Defender provides real-time protection against malware and potentially unwanted software out of the box
  • BitLocker Drive Encryption: introduced in Windows Vista, BitLocker Drive Encryption enables users and administrators to encrypt entire hard drives, protecting data on lost or stolen computers from unauthorised access. Windows 7 introduced BitLocker To Go, providing full disk encryption for removable volumes. In Windows 8, BitLocker can more easily be deployed and managed
  • User account control (UAC): introduced in Windows Vista, UAC helps prevent unauthorised changes to a computer by enabling user accounts to run without administrator permissions except when needed to perform administrative tasks. UAC was streamlined in Windows 7 and later versions, providing an improved user experience
  • AppLocker: introduced in Windows 7, AppLocker can be used by IT departments to restrict the programs users can execute by defining powerful and flexible rules. In Windows 8, administrators can restrict Windows Store apps in addition to legacy Windows applications
  • UEFI Secure Boot: introduced in Windows 8, UEFI Secure Boot is a hardware-based feature that is required on all Windows 8 certified devices. It helps prevent unauthorised operating systems or firmware from running at boot time by maintaining databases of software signers and software images that are preapproved to run on the individual computer
  • Trusted Boot: the Trusted Boot feature in Windows 8 verifies the integrity of Windows start-up files, and includes an early launch anti-malware (ELAM) capability that enables the anti-malware software to start before any third-party software. By starting the anti-malware solution early and within the protected boot process, its operation and integrity can be better guaranteed. As part of the boot process, Windows also runs Measured Boot, which allows third-party software on a remote server to securely verify the security of every start-up component in a way that would be very difficult for malware to forge. If any tampering with the Windows boot process or the anti-malware’s ELAM driver is detected, Trusted Boot will repair the system by restoring the original files.

Read the full article by Monika Josi.

Number of views (6541)/Comments (-)

Comments are only visible to subscribers.

Theme picker