Skip to navigation
Analysis
Windows Logo

Windows XP: Microsoft’s ticking time bomb

Posted on 19 Dec 2013 at 13:47

Shona Ghosh examines the security threat posed by Microsoft’s decision to end support for its 12-year-old OS in April

The final deadline for Windows XP support will act as a starting pistol for hackers, as they target hundreds of millions of users on unpatched systems.

Microsoft has already granted the 12-year-old OS several stays of execution, but the firm has said it will finally end extended support on 8 April 2014 – despite the fact that XP remains the second-most popular OS, with almost a third of PCs running it.

These hundreds of millions of desktops and laptops will be vulnerable to hackers once XP stops receiving security updates, with Microsoft warning earlier this year that hackers could use patches issued for Windows 7 or Windows 8 to scout for XP exploits.

"The very first month that Microsoft releases security updates for supported versions of Windows, attackers will reverse-engineer those updates, find the vulnerabilities and test Windows XP to see if it shares [them]," wrote Tim Rains, the director of Microsoft’s Trustworthy Computing group.

The very first month that Microsoft releases security updates for supported versions of Windows, attackers will reverse-engineer those updates

"If it does, attackers will attempt to develop exploit code that can take advantage of those vulnerabilities on Windows XP," Rains added. "Since a security update will never become available for Windows XP to address these vulnerabilities, Windows XP will essentially have a zero-day vulnerability forever."

Microsoft noted that XP shared 30 security holes with Windows 7 and Windows 8 between July 2012 and July 2013, giving hackers ample opportunity to reverse-engineer vulnerabilities.

Ed Shepley, solutions architect at migration specialist Camwood, said users don’t seem convinced by the threat. He added that he’s surprised Microsoft’s warning didn’t lead to "hundreds of people phoning us that day". According to Shepley, the end of XP support poses a "significant risk".

Other risks

Failure to migrate could leave businesses open to infections, denial-of-service attacks and data theft, according to Camwood. Aside from the inconvenience and costs to address the attack, companies can also face fines.

For example, American regulators have warned that banks that fail to upgrade their software from XP will be liable if, for example, customer credit-card data is stolen. In the UK, the Information Commissioner’s Office hasn’t issued such clear-cut guidance, but it has the power to fine institutions that don’t hold credit-card information securely in their systems under data-protection laws.

Try three issues of PC Pro for just £1 (UK only) or buy a digital subscription.

1 2
Subscribe to PC Pro magazine. We'll give you 3 issues for £1 plus a free gift - click here
User comments

5 to 6 years?

My last employer had a 10 year replacement policy! I had to keep original Windows XP boxes with 256MB RAM running! Most of them hand't even had SP2 installed when I started working for them. I started replacing the boxes with Windows 7 when they failed - although my successor had to make do with refurbished XP boxes!

The sad thing was, they only used MS Office and MS Navision on most machines, so there was no technical reason not to upgrade, just beancounting.

XP has already had 2 stays of execution. It is time it was put to rest.

By big_D on 19 Dec 2013

Most people are oblivious to the risks

Unless the end user sees a message that tells them their computer has a virus or something (not the annoying web ones).

They are under the illusion that everything is fine.

Then you have businesses with users that have no clue how to use a computer outside of the software's they use.

Whatever happens it's MS fault even if they are guilty.

By firstsin on 20 Dec 2013

@firstsin

It isn't just the cost of XP it is the pain of upgrading all of those applications and then applying updates. For a small company it takes a day to rebuild a machine and reinstall Office, far too much of which is taken installing updates. Then add the retraining costs and include a Windows 7 Pro licence and you can see why companies are reluctant to ditch an apparently working product.

By tirons1 on 23 Dec 2013

@Tirons

"For a small company it takes a day to rebuild a machine and reinstall Office" - No, sorry, it doesn't take a day to install Office and Windows.

There are also a whole raft of Dell Optiplex core 2 machines on ebay with valid Pro licences and keys.

There's also XP Mode for difficult XP machines or Hyper-V under Windows 8.

When it comes down to it it's simply, pretty much, just people being LAZY.

P.s. Even a small company can use WSUS to update all their machines.

By rhythm on 23 Dec 2013

Windows XP

Has it entered any techs mind that most people still on XP do not like the way Vista, Win 7 and especially Win 8 responds and does things. I know people who have to use XP because in their work, the programs they MUST have will not run on anything else, even VMware. Then there is the cost of replacing everything; monitor, printer, scanner, ECT. I can already hear the closed minded say they must migrate, but in the worlds economy as it stands now, there are too many people who cannot afford to. I still know people who run 98, ME, NT with no problems even online, they removed JAVA and seem to have no problems rendering what they need online. Computer security is a triple edge sword. If you want security you have to pay for it, The family 2 doors down have most of their bills paid, and since there is a medical need for it a online computer, Windows XP, they have some sort of program that monitors the mothers health issue and it will only work on XP. Now tell me, who wants to tell them the mom is going to have to die because XP is no longer secure?

By Vitrbjorn on 24 Dec 2013

Windows XP

Has it entered any techs mind that most people still on XP do not like the way Vista, Win 7 and especially Win 8 responds and does things. I know people who have to use XP because in their work, the programs they MUST have will not run on anything else, even VMware. Then there is the cost of replacing everything; monitor, printer, scanner, ECT. I can already hear the closed minded say they must migrate, but in the worlds economy as it stands now, there are too many people who cannot afford to. I still know people who run 98, ME, NT with no problems even online, they removed JAVA and seem to have no problems rendering what they need online. Computer security is a triple edge sword. If you want security you have to pay for it, The family 2 doors down have most of their bills paid, and since there is a medical need for it a online computer, Windows XP, they have some sort of program that monitors the mothers health issue and it will only work on XP. Now tell me, who wants to tell them the mom is going to have to die because XP is no longer secure?

By Vitrbjorn on 24 Dec 2013

Windows XP

I think people should have acted in a reverse manner. Everyone should have tried really hard to keep using XP instead of voluntarily moving to something else. If XP was still being used more than any other version MS would be forced to support it indefinitely.

By prov6yahoo on 27 Dec 2013

XP.

As Far As I Am Concerned, XP Will Be Here For A Looooong Looooong Time.

By A41202813GMAILCOM on 23 Jan 2014

XP.

As Far As I Am Concerned, XP Will Be Here For A Looooong Looooong Time.

By A41202813GMAILCOM on 23 Jan 2014

SORRY.

RELOADING THE PAGE CAUSED MY POST TO BE SENT 2 TIMES.

PLEASE DELETE THE FIRST 1.

THANK YOU.

By A41202813GMAILCOM on 23 Jan 2014

You buy it, and then it costs you more...

Windows -- you paid for it when you bought it, and now it's costing you again. Microsoft's business model is based on planned obsolescence. If you're on XP, now's a good time to seek alternatives.

By bobbiecb on 19 Feb 2014

Leave a comment

You need to Login or Register to comment.

(optional)

For more details about purchasing this feature and/or images for editorial usage, please contact Jasmine Samra on pictures@dennis.co.uk

advertisement

Most Commented Features
Latest News StoriesSubscribe to our RSS Feeds
Latest Blog Posts Subscribe to our RSS Feeds

advertisement

Sponsored Links
 
SEARCH
Loading
WEB ID
SIGN UP

Your email:

Your password:

remember me

advertisement


Hitwise Top 10 Website 2010
 
 

PCPro-Computing in the Real World Printed from www.pcpro.co.uk

Register to receive our regular email newsletter at http://www.pcpro.co.uk/registration.

The newsletter contains links to our latest PC news, product reviews, features and how-to guides, plus special offers and competitions.