Support for Microsoft Windows XP ends of April 8 2014. After this date no hotfixes or Security updates will be available for this 12 year old operating system.
This means any vulnerabilities found for the OS after this date will result in a free for all for any hacker with access to a vulnerable system or an infected website that is accessed from a vulnerable computer.
XP devices are “going to be targeted” aggressively after this date. It is likely that a number of vulnerabilities may have been identified by criminals and a “waiting game” is being played that will only reveal these issues after 8 April, when the holes cannot be filled. Large scale attacks could then ensue and users will have no option to guard against them except for upgrading or replacing ageing systems.
It should also be noted that Microsoft will still patch vulnerabilities in Vista and later versions of Windows after the XP cut off date. Therefore it is highly likely that malicious researchers will reverse-engineer these updates, to see if they affect Windows XP (and most will), and then write exploits to target XP machines.
Whilst Antivirus (a necessity on any computer) will help protect against many attacks, it is important to recognise two things:
- The infection rate statistics for older windows operating systems
- The date that your Antivirus on your XP operating system will stop working
The following chart, found on the latest Microsoft Security Intelligence Report highlights the lack of security in older operating systems. It can be clearly seen that the infection rate for Windows XP is significantly higher than that of Windows Vista and Windows 7. Windows 8 has a significantly lower infection rate than all previous operating systems and is substantially lower than Windows XP. This is due to newer operating systems not being vulnerable to several common exploits that are widely used against the older ones. It should be noted however that these figures are based on data whilst: Patches for vulnerabilities and threats are still available for Windows XP; and Antivirus vendors continue to support and provide updates for systems running Windows XP.
The encounter rate difference between operating systems is significantly smaller. This is due to AV products that are designed to block threats that are encountered even if the threats are not designed to affect that computer. Therefore a Windows 8 device that encounters a threat that is only applicable to Windows XP will be counted in the statistics below. (Click on the image to enlarge).
Antivirus end of life for Windows XP
Microsoft has announced that following April 8 2014, they will continue to provide virus definitions for Windows XP until July 14 2015. (Find out what they said, here). For enterprise customers, this applies to System Centre Endpoint Protection, Forefront Client Security, Forefront Endpoint Protection and Windows Intune, running on Windows XP. For consumers, this applies to Microsoft Security Essentials.
If you are going to brave using Windows XP after April 2014, then you have a far better chance of surviving the fall out if you have a decent AV program installed. Be aware however, it won’t last forever. In a recent survey by AVTEST, a number of products have been listed as confirmed to support Windows XP at least for the short term. (View the full Survey, here). At the time of writing, other major players such as Symantec and McAfee have not yet announced when their end of life decision will be made. Highly recommended products, such as Bitdefender will continue support until January 2016 for home-user products and 2017 for corporate.
In summary, due to the associated security risks to your business, we highly recommend any business running Windows XP devices, look to replace or upgrade these at the earliest opportunity. This will ensure your business is not at risk from un-protected security vulnerabilities and un-budgeted support costs, as a result of vulnerable systems.