Windows XP end of support: why it concerns you

Reto Haeni explores the risks of running Windows XP after its end of service and the benefits of migrating to newer operating systems

By Guest on 01 April 2014
Windows XP end of support: why it concerns you

This article was first published in the Spring 2014 issue of Touch

Windows XP Service Pack 3 (SP3) and Office 2003 will reach end of extended support on 8 April 2014. After this date, Microsoft will not provide public support for these products, including security patches, non-security hotfixes, incident support or online technical content updates. Microsoft will also stop providing Microsoft Security Essentials for download on Windows XP.

Organisations that already have Microsoft Security Essentials installed, will continue to receive antimalware signature updates fora limited time, but this does not mean that computers will be secure, because Microsoft will no longer be providing security updates to help protect them. Running Windows XP SP3 after its end of support date may expose organisations to potential risks, such as security and compliance risks or lack of ISV and hardware manufacturer support.

To mitigate the risk of cyberthreat and to protect their IT infrastructure, organisations are strongly recommended to migrate away from Windows XP to Windows 7 or Windows 8 and to implement an appropriate patching regime to ensure good security hygiene. It has been twelve years since the release of Windows XP and the world has changed so much since then. Internet usage has grown from 361 million to more than 2.4 billion users. We have witnessed the rise of the internet citizen with members of society connected through e-mail, instant messaging, video-calling, social networking and a host of web-based and device-centric applications. As the internet becomes more woven into the fabric of society, it has also become an increasingly popular destination for malicious activity, as evidenced in the Microsoft Security Intelligence Report.

To help protect users from rapid changes in the threat landscape, Microsoft provides support for business and developer products for ten years after product release, and most consumer, hardware, and multimedia products for five years. And so, after 8 April 2014, Windows XP SP3 users will no longer receive new security updates, non-security hotfixes, free or paid assisted support options or online technical content updates. This means that any new vulnerabilities discovered in Windows XP after its end of service will not be addressed by new security updates by Microsoft. Moving forward, this will make it significantly easier for attackers to successfully compromise Windows XP-based systems using exploits for unpatched vulnerabilities. In this scenario, anti-malware software and other security mitigations are severely disadvantaged and over time will become increasingly unable to protect the Windows XP platform.

Designed in a different era

Computers running Windows XP routinely experience a significantly higher malware infection rate than computers running any other supported version of Windows. Much of the elevated infection rate on Windows XP can be attributed to the fact that some of the key built-in security features included with more recent versions of Windows are not present in Windows XP. Windows XP, designed in a different era, simply can’t mitigate threats as effectively as newer operating systems, like Windows 7 and Windows 8. As the threat landscape has evolved over the past twelve years since the release of Windows XP, so has software security.

There are many new security features today in more modern operating systems that can better protect users from criminal activity including kernel improvements, which make it harder for cybercriminals to use standard hacking techniques. Other features include real-time malware protection, BitLocker Drive Encryption, User Account Control, AppLocker, UEFI Secure Boot and Trusted Boot. Over and above all the security mitigations and features that are available in more modern operating systems, security development practices have also evolved greatly over the past decade, but so has the threat landscape.

The risks of not being supported

Cybercriminals are aware of Windows XP end of service and the fact that there will no longer be security updates, so it can be assumed that exploits will be targeted and leveraged quickly. Windows 8 offers new opportunities for telecommuting, sharing of documents and information, working with mobile solutions and connecting with cloud services without impacting security. This means today’s cyberthreats are significantly better contained in Windows 8 than in Windows XP. Further risks include possible unsupported business software and hardware and increased support costs. Software assurance will not provide support past 8 April 2014 so customers needing support on XP will be required to have XP Custom Support Agreement in place. Additional costs will include an enrolment fee and a per-device fee. Organisations that have migrated to Windows 7 or 8 are enjoying the benefits of a much improved user and management experience. One of the great advantages of the migration is the opportunity to transform outdated, manual processes. Real, tangible cost savings are realised as a natural outcome of the capabilities of Windows 8 Enterprise.

• Anywhere connection: gives people secure, hassle-free access to data, applications and colleagues to enable them to remain productive anywhere, any time and on a variety of devices

• Personalised experience: enhances productivity by giving people personalised experiences that anticipate their needs, remember their preferences, and adapt to their unique workstyle

Intelligent infrastructure: deliver enterprise-grade solutions designed to help maintain security, streamline management and cut costs

• Desktop Deployment Planning Services: plan and prepare for an efficient and successful Microsoft Office deployment by taking advantage of comprehensive planning services delivered through prequalified partners

Microsoft App Accelerate Program: test the product and service capabilities in a lab environment, define requirements for the new deployment, conduct a pilot, and then fully deploy the solution for flexible workstyle

Windows To Go: as bring your own device and mobility scenarios become increasingly common, businesses need new and more flexible ways to help users be productive wherever they are. Windows To Go is a new feature of Windows 8 that enables users to boot a full version of Windows from external USB drives on host PCs. Windows To Go drives can use the same image that enterprises use for their desktops and laptops and can be managed the same way

Reduced cost: Analysis shows that supporting older Windows XP installations, compared with a modern Windows 7-based solution, saddles organisations with a dramatically higher cost. According to IDC’s Mitigating Risk: Why Sticking with Windows XP is a Bad Idea, the annual cost per PC per year for Windows XP is US$870, while a comparable Windows 7 installation costs US$168. That is an incremental US$701 per PC each year for IT and end-user labour costs.

There may be many challenges with the transition to new systems and have therefore developed a number of tools that will make it easier to migrate solutions to a modern platform Microsoft can help organisations protect their information and their own IT infrastructure by improving the health of their IT ecosystem. Microsoft can support to create a more secure, healthy IT ecosystem through a complementary two steps approach that are built on Microsoft’s unmatched expertise:

1) Conducting Microsoft Security Risk Assessment (MSRA) through which customers can obtain an overview over their current risk status

Helping organisations to understand their current threat landscape is a good start to discuss XP migration. One of the assessments to consider is the MSRA, which is designed to help determine the security risks in an application and the infrastructure supporting it. Using a formal methodology, the offering helps organisations understand their risk of exposure to security breaches in critical applications and measure their security controls and processes against industry practices, thereby establishing a security baseline from which to measure progress.

2) Help with deployment of Windows 7 or 8 and ensuring new functionality can be used efficiently

The Windows XP to Windows 7 Migration Guide provides many different tools that can be downloaded. The Windows XP Mode for Windows 7 and 8 enables a user to install and run Windows XP applications directly from a Windows 7-based PC. XP Mode is an integrated environment with a number of productivity features including Folder integration to allow access to the hosting Windows disk drives within XP Mode, seamless applications to access XP Mode application in the ‘All Programs’ menu from the hosting Windows machine, USB support for XP Mode, clipboard sharing between a hosting Windows machine and XP Mode and printer redirection for XP Mode. Windows XP was a great operating system in its time and provided value to a large number of people and organisations around the world for over a decade. But all good things must come to an end. We hope this information reinforces the importance of migrating to a modern operating system with increased protections, and instils a sense of urgency onto organisations that are behind schedule on their migration projects. In conclusion– the clock is ticking very fast.

This article is taken from a whitepaper written by Reto Haeni, Microsoft’s chief security advisor for Western Europe: Windows XP–Support stops on 8 April 2014, Elements to a Secure Environment – Becoming Resilient Towards Modern Cyberthreats.

Number of views (13569)/Comments (-)

Comments are only visible to subscribers.

Theme picker