As many of our customers know, Windows XP is coming up on End of Life on April 8th, 2014. For many businesses we serve, it won’t be a problem – not even a blip in the radar. For others, it means migrating their remaining XP systems to more stable environments and ensuring security risks are tended to before that date. Of course, that’s not always easy.
Regardless, we’re recommending that all XP-based systems be removed from every network we manage. There’s always a solution for moving away from dying platforms, it’s just a matter of finding the right one for the business.
Lots of people have asked us whether its truly necessary and, to be honest, it can be difficult to put into relatable terms just how detrimental this change can be for even smaller businesses. The fact of the matter is, XP will be vulnerable the very first minute it’s taken off of support (not that it isn’t already). Worse still, is that the risk presented to a network with XP still deployed increases each and every minute thereafter.
From the moment Microsoft finally pulls the plug, it’s every XP machine for itself, as crackers work to find as many holes as possible before vulnerable systems are taken offline. Their task becomes easier each and every time Microsoft releases an update for their other operating systems, too. If the security holes patched by future updates for Windows 7 and Windows 8 also exist in Windows XP, the newly released patch essentially acts as a treasure map – pointing directly to a vulnerability in XP that simply will not be fixed.
For example, if Microsoft releases a security update for Windows Server, a hacker can grab the update files, break it apart, and see just what it patches up. For systems under careful monitoring and management, it shouldn’t be a problem, as they will be quickly patched and secured. What will happen next is said hacker will test to see if that same vulnerability exists in previous version of the Windows OS, like Windows XP. If it does, they can then focus their time and energy on generating malicious code to exploit that vulnerability and move forward targeting systems that happen to be still online – and with roughly 29% of all worldwide computers still running the aged OS, it’s sure to become a very hot-button topic over the next year or so.
What’s the chances of that happening though? Higher than one would think. Between July 2012 and July 2013, out of a total of 45 security updates for Windows XP, 30 patches shared fixes for Windows XP, 7, and 8. It wouldn’t be wrong to assume the same ratio might continue down the line – that over 60% of patches for Windows 7 and 8 in the short term also identify holes for Windows XP. That’s an insane risk profile.
Some will say that Windows XP Service Pack 2 introduced better security through enabling the Windows firewall by default – features that were expanded even further in SP3 – as a justification for delaying a painful migration. While that’s true and most XP systems still in rotation will have their firewall up and likely have AntiVirus software installed, the security risk inherently lies in how much you can really trust that system. With so much of the underlying operating system itself open to attack, it really comes down to how much trust the user is able to place in the Windows Firewall and their AntiVirus solution. After all, Symantec and other AV leaders have stated they intend to continue releasing their virus definitions for the dated OS as long as their users continue to operate with it.
The fact is, there are just too many unknowns abound to really say how third-party security products will cope with the intense vulnerability increase. New vulnerabilities could essentially allow code execution that those services don’t detect or even believe to be unsafe – masked within normal Windows operations. Again, the issue comes down to how much trust the user places in their system and the acceptable risk they’re willing to endure.
For us and for our customers – it’s none.
Here comes the shameless plug. If you or a company you know are still working to remove Windows XP systems from your business networks, we can help. Get in touch today to schedule a FREE consultation to talk about your migration project and get it solved once and for all.