Windows XP nears end of life


Microsoft will cease supporting its Windows XP operating system on 8 April 2014, leaving millions of enterprise users with no protection against new security vulnerabilities if they fail to upgrade to a supported OS.

Microsoft first said it was planning to end support for Windows in 2007. It has since been warning consumers and businesses an upgrade is necessary to keep their computers from being run over by a train of malicious software, or malware. That's because once support ends, the company will no longer issue patches for newly-identified security holes in the system, leaving it vulnerable to hackers.

About 30 per cent of Australian computers still run on XP, according to NetMarketshare statistics.

Tim Rains, director of product management in Microsoft's Trustworthy Computing group, said any new vulnerabilities discovered in Windows XP after its 'end of life' would not be addressed by new security updates from Microsoft.

"After April 8, Windows XP ... customers will no longer receive new security updates, non-security hotfixes, free or paid assisted support options or online technical content updates,'' Rains wrote in a blog post.

Joseph Sweeney, analyst with research firm IBRS, said cyber criminals might be ''stockpiling'' XP attacks and waiting for Microsoft to end support.

"There are indications that there has been a slowdown in the number of new attacks and malware for XP," Sweeney said.

"I would find it unlikely there would be some grand global conspiracy to hold anything back, but there are a lot of crime syndicates involved in malware today."

Brian Walshe, general manger of Microsoft integration at Dimension Data, suggested many people still running XP were in denial about its imminent demise or had put the transition into the too-hard basket and were suffering from ''planning paralysis''.

"I've heard people say that Microsoft can't possibly end support for XP because there are too many people using it, but Microsoft have been very consistent with their messaging for several years.'' According to Walshe the biggest upgrade hurdle faced by enterprises is applications that will not run under later versions of Windows.

"So we are advising people, rather than getting bogged down in planning, start looking at their application remediation today," he said. "That is the most time-consuming part and that is what's needed to understand what they have to do move from XP."

He warned enterprise users who have not already started migration that they will likely run out of time.

"I think there are some people out there that have probably put themselves into a bit of a hole. The closer we get to April 8 the less resources will be available to help with the migration, because there is likely to be a rush on those towards the end.

''There will be some very interesting conversations between some CIOs and their board as to why they've left things so late."

Walshe said that users attacked after 8 April might be able to remediate, but would have limited options for preventing repeat attacks.

"Microsoft offers a version of XP that runs as a virtual machine under Windows 7. While it will not be supported, the host operating system will offer some protection," Walshe said.

Microsoft will offer extended support to organisations. "There are people we have spoken to who have looked at that and been pretty horrified at the cost. It its extraordinarily expensive," he said.

According to Dimension Data's national manager, security, Jason Ha, other solutions for XP laggards include virtual patching (also known as web application firewall) and privilege management products, such as Avecto's Privilege Guard. Privilege Management solutions enable an administrator to prevent the OS from running any executable code other than that specified, he said.

Microsoft Australia's local Windows Upgrade Centre website can help customers move from XP, a spokeswoman said.

Some companies using XP will get a bit of a reprieve though, as some devices make use of a stripped-down version known as Windows XP Embedded, which is less susceptible to viruses and which Microsoft says support for will last until early 2016. But for many devices support ceases April 8. 

Reprinted from SMH