Sophos Cloud Optix
In a blog post, a senior Microsoft executive has warned users of Windows XP to get a move on and upgrade to shinier, newer versions of Windows.
The post, by Microsoft’s Trustworthy Computing Director Tim Rains, points out that after the end of official support for XP, on 08 April 2014, the company will be basically forced to pass on details of likely XP vulnerabilities to potential attackers, without providing users with the means to defend themselves.
One risk is that attackers will have the advantage over defenders who choose to run Windows XP because attackers will likely have more information about vulnerabilities in Windows XP than defenders.
The problem is, of course, that once patches stop being provided for newly-discovered vulnerabilities, any problems that are found for more recent versions may well be backwards-compatible with XP.
As details of these issues will be widely publicised, for very good reasons, there’s bound to be plenty of research going on into which ones can be used to penetrate the systems of anyone still clinging on to XP.
Indeed, some people have already speculated that the bad guys will soon be stockpiling newly-found bugs until after the patch deadline, building up an arsenal of woes to unleash on those too lazy, poor, or stuck in their ways to upgrade.
Once the April 2014 deadline has passed, the world of Windows XP will be a perpetual zero-day, with no hope of relief from danger.
It’s clearly in Microsoft’s interest to spread maximum fear, to squeeze as much revenue as they can out of Windows users who will have to pay to step up to Windows 7 or 8. But their warnings do carry considerable weight.
In operating system terms, XP is pretty ancient, having been released in 2001 and reaching the end of its standard back in 2009. When the five-year extended support phase ends the platform will have very nearly reached its teens.
It remains remarkably popular though, with the best available stats putting it on anywhere from 13 to 30% of systems browsing the web – well overtaken by Windows 7 nowadays, but still streets ahead of Windows 8. Its stability, simplicity and familiarity will make it hard to dislodge from a huge residual user base.
This has led to some speculation that Microsoft might relent and extend the support period further, but this seems unlikely. As Rains also points out in his blog piece, even with regular patching, the security provisions in XP just don’t cut it any more, leaving its users open to all sorts of dangers they would be immune from out-of-the-box with less creaky platforms.
In general, we always recommend keeping everything fully patched and updated. So, when that is no longer a viable option, I guess the advice will have to be to upgrade to something which is actually patchable.
That’s not going to be easy though, and not just for sentimental reasons.
The financial impact of mass upgrading is likely to play a major factor here. In the home user world, a lot of people upgrade their operating systems by default when they upgrade their hardware.
Those on more limited budgets may have been keeping the same rickety old machines wheezing along for years though. If all you’re doing is browsing Wikipedia, emailing and occasionally Skype-ing the grandkids, you’re not going to need the latest super-speedy machine with 8GB of RAM and 2TB of storage.
The same goes for business users too; if something has been doing the job just fine for years and shows no sign of needing replacing, there’s got to be a considerable reason to spend money replacing it. With a lot of businesses struggling to survive in tough markets, these additional costs are going to have very low priority.
Bigger firms may have policies in place to ensure legacy systems are updated promptly, but even some of them are likely to lag in places, to say nothing of the huge numbers of smaller, less organised firms running from a few to a few hundred PCs with only the most basic IT skills to support them.
It seems almost certain that there will be a large number of people left exposed to all kinds of threats once the patches run out. Their infected systems may be old and creaky, but they’ll contribute all they can to a glut of spamming, DDoS and other botnet activity and thus impact the rest of us.
Until the last die-hard users fade away, it looks like the world’s going to be a little bit grimmer for us all.
So, if your IT department isn’t showing any signs of getting a move on upgrading, give them a nudge to make sure they’re on the case.
And if you’re at a loss what to get granny for Christmas, and you don’t think a Macbook would suit her chintzy pad, maybe a copy of Windows 7 (or some help installing and learning to use Ubuntu) would be just the ticket.
Image of crystal ball, malware, and laptop viruses courtesy of Shutterstock.
Typo: it says 2013 instead of 2014 in the opening of this post
Thanks! Fixed it.
Perhaps MS should considering pushing an update in the final months of support reminding people of the implications.
I have two WinXP machines here at home. The desktop XPPro machine is on its last legs and will be retired. My little netbook will be turned into a Linux machine.
The new desktop will also be Linux.
It is unfortunate as both OSs are rock solid and stable.
Anyone know whether good old Quicken 3 for Windows (from 1995 – still rocks!) can run on any free OS eg via WINE ?
You could always keep running Quicken 3 on XP in a virtual machine with no network access. That way any vulnerabilities will be hidden away from the bad guys on the Internet
Perhaps if Microsoft upgraded its versions of Windows instead of doing a complete new version each time, it would be less trouble for everyone–including Microsoft.
Regards
Ubuntu, or variations thereof such as Linux Mint, are easy to install (probably easier than WIndows) and use – probably an easier jump from XP to e.g. Linux Mint than from XP to Windows 8. Plus, of course, Linux is free, so trying it costs nothing.
I think I will try Linux Mint – about time I got away from relying on Microsoft anyway. Free versions of their programs – made by others – are always better too! 🙂
That's a pretty DB move on MS's part, to release vulnerabilities to the bad guys.
It’s not so much that, but that they will release the fixes for (eg) Windows 7. Once you’ve seen the fix, it’s easy to work out the vulnerability it’s fixing, and then the bad guy checks if it still applies to Windows XP.
I know. Right? It's as if some people only read the title and first paragraph before they comment rather than reading the whole article…
Machine still does what I bought it for extremely effectively. Frankly this ever-updating scam stinks. But you guys are all fixated on new new new too so I don't expect much dissent from you. O well.
"the company will be basically forced to pass on details of likely XP vulnerabilities"
Well, not really. It is their business decision to drop support so the only one "forcing" their hand is Microsoft themselves.
That said, IMO it is the right decision. There's no revenue to be derived from continued support; only support costs. Convince people to upgrade or buy new machines and they get revenue. Especially if the new machines see a new version of Office to go along with them.
XP has had a fine, long life for an endpoint OS. Something like 13 years from GA to retirement. It is well past time to move on.
It seems to me that when I bought my computer no notice that win XP would become redundant.It should be up to the seller or indeed Microsoft to simply give us an OS free of charge that will enable us to continue using the computer for what we bought them for.
I would not expect any other tools I use to be effectively rendered unsafe to use after just 5 years.
Redundant does not fit in that sentence.
Also, this would be like a car company giving you a new car once the one you bought goes out of production.
You can still use the software you bought, it just isn't being updated anymore. Personally, I'd rather they put their resources in their newer products.
Microsoft never promised unlimited free updates. You obviously did not read the end user license agreement (EULA), which states:
“Microsoft warrants that the Product will perform substantially in accordance with the accompanying materials for a period of ninety days from the date of receipt.”
If you want unlimited free updates, use Linux.
So far as I can see, for the average user Linux is the superior alternative, and for these reasons:
0) Everything is free, and you never need copyright violations and the attendant conscience problems.
1) Way lower footprint, e.g. 2 GB of RAM is way plenty for Ubuntu or Mint.
2) OpenOffice and LibreOffice are excellent and free alternatives to the M$ Office suite.
3) Bitnami does free clouds, meaning that you can get to your documents from anywhere.
4) Base is a viable alternative to Access, and while it does not offer a built-in programming language, it will suffice for the average end-user.
Down side:
None of the Office alternatives offer VBA, but that is of interest only to developers, not end users.
While it's not 100% VBA, the Office alternatives do offer a form of it; trivial VBA modules should convert without too many headaches.
The B52 Bomber is 50 plus years old and not scheduled to be gone until 2040. I think Microsoft is missing a great opportunity by not simply coming up with an XP upgrade that would include some of the new bell and whistles in later versions of windows but leave the look and feel of XP alone. And they could charge for it. Upgrading to newer versions of Windows is akin to buying a newer car where the designers, in their infinite wisdom, have moved the AC controls into the glove compartment to make the dash look neater.
You state "the company will be basically forced to pass on details of likely XP vulnerabilities to potential attackers" – not true! They do not have to tell anyone at all so they are not 'forced' to pass anything on to malicious hackers, etc.
But it is wise to have a plan for what to do shortly prior to April 8th 2014, no action is actually needed before that date and Microsoft are digging further holes for themselves with scare statements such as this.
I plan to buy, in about February/March 2014, and install Windows 8.1 with modifications to make it operate and look much more like XP Pro – complete with a working Start button and desktop. It will not have the unpopular and awkward 'Metro' (or whatever they are calling it now) user interface that might work on a smartphone but is hated by desktop and laptop users alike. Then I can use nearly all my existing software with minor exceptions and few changes.
"… the company will be basically forced to pass on details of likely XP vulnerabilities to potential attackers…"
That's a confusing semantic structure. Surely it can't mean "pass on" in the sense of "forward to" or "send to", in the same sense that another of today's NakedSecurity articles says…
"UK police routinely pass on personal information…to the Royal Society for the Prevention of Cruelty to Animals (RSPCA)…"
I thought it might mean "pass on" as in "take a pass on" fixing vulnerabilities, as in "decline to" fix those vulnerabilities…but the "to potential attackers" doesn't fit that interpretation. So I've ended up not understanding exactly what that sentence is trying to say…in case it matters to NakedSecurity.
Apologies for the confusion – you were right in your first try though, I did mean pass on in the sense of "send to" (I guess that's an Anglicism? The second option would be quite rare over here I think)
When I say they'll have to pass on the data, I don't mean to imply that they'll deliberately pick out the bad guys and directly email them useful data – rather, that they will have to make the information public (so that it can be used to fix issues in later versions of Windows), so the bad guys can get it by simply reading the MS website.
Perhaps "allow access to" would have been less open to misinterpretation, but it's not really like the data is sitting around MS HQ and people can get a look at it through an open window, it's being deliberately pushed out to the world as useful information.
Hope that helps…
My laptop runs XP, is completely stable, does everything I need to do, and spends the majority of its time off. It's there for me when I'm on the road and need to check email or look something up quickly, to write a quick article, or to back up a batch of photos in the field. There is no way that it's powerful enough to run a newer OS.
So obviously I need to drop several bills that could be used for something frivolous, like paying the mortgage, and buy a new machine that would leave my old one in the dust. And with it I can check email and back up photos.
Count on it.
If MS wants people to upgrade regularly, they need to stop with the cycle of crap OS, crap OS, good OS, crap OS, crap OS, good OS…
I will install linux and make a windows8 virtual machine instead. I'll use the virtual machine whenever I will need to run any software that i cannot run on linux.
This is essentially my plan too – run a VM containing XP+SP3 on the same hardware but with a flavor of Linux controlling it.
I can see a niche market opening up for consultants to migrate systems similarly. Every dark cloud has a silver lining 🙂
Nice thought, but not possible II beleive unless you already own a copy of W"indows 8 and it still won't run the ageing Silverlight. DRM authentication.
Silverlight is the only reason I'm not fully Linux. Despite everyone knowing it's rubbish, and MS planning to dump it , it's ubiquitous for on-line film and TV hire. The providers won't give it up because they don't trust the DRM in HTML5 and MS won't make it available for Linux users. So if you want to hire an online movie you're stuck with Windows.
I've got Win7 for most of my computing needs but I have XP on two other machines that allow me to use software/hardware that just won't play nice with Win7. Next April I'll probably just unplug the two XP units from the Internet and use the applications as usual. I should be safe.
Or move to Mac, as I did. Never looked back.
I'm sure Macs are wondeful but anyone who's going to buy a Mac could buy a new Windows PC for less, with Windows 7 or 8.1 pre-installed. If your old WIndows XP PC is still working well then Linux will give it an extra lease of life at no extra expense. Most will run from a LiveCD so can be tried without installing (i.e. without wiping out XP).
What made XP so popular is that it would pretty much upgrade any previous version. Sadly MS got away from this functionality and now the only way to upgrade from XP is to do a clean install and reload programs, which is fine, if you still have the programs, or can afford to buy the latest versions of programs.
RIght now I have a restaurant chain who use a POS system thats runs on XP. Sure they could upgrade to Windows 7, but the upgrade of the POS software is $40k, and in this economy, that's just not in the budget.
As a final thought, last night I was at an ATM, and the screen was out of alignment, and to my amazement there was the green start button in the bottom left corner of the screen. So, against my better judgement I touched the button and yes, up came the normal XP menu.
That’s not quite true. You can upgrade to Vista. You could then upgrade from Vista to Windows 7.
If you ask your friendly local geek, they probably have a Vista 32-bit DVD you could use as the intermediate step of that upgrade.
On the matter of POS, POSReady 2009 is based on XP and ends support in 2019. When WEPOS SP2 ended support after XP SP2 itself, they just put up the custom support patches without any checks at all. I wonder what MS will do about it this time.
My chunky powerful system is a workhorse that runs on XP and my Photoshop CS5, Wacom tablet and other necessary soft and hardware are happy with that. I work several hours each day with photographic images, comic book pages and presentations in other formats. I've been told that to install 7 would likely mean that some or even all of these tools would not have compatible drivers available for them. Sigh….. the only thing I can think of is to do my work on the desktop, save it to a thumb drive, and send it to clients from my laptop which IS 7. How ponderous!
XP has been just fine for me, but come April 2014, it will become the last version of Windoze I will ever use as I'm upgrading to Ubuntu. MS can cram Windows 7 & 8 where the sun don't shine.
I'd love to upgrade from XP but I am trapped by the fact that MS made sure that the later systems would not run a legacy application that I wrote when XP first came out, and will not support some of my peripherals. I'm too old at 71 to contemplate re-writing the application so I will carry on with XP to the bitter end.
If my present system falls over I have a number of other XP systems that could be brought back into service for the one application and run my other applications (email and web based) on a Linux system. If MS had run a policy of ensuring ongoing compatibility I would have been happy to pay for an upgrade. They have cut their own throats really. In fact I can't see them lasting many more years – the industry has moved on and they will become part of history.
Windows 7 has a feature called XP mode (windows 8 doesn’t) which can run an isolated copy of Windows XP in a window. You could run the application in XP mode and run everything else in Windows 7.
What will happen to the Windows XP mode in Windows 7 after April 2014? AFAIK it's Windows XP virtual machine image running in Win 7.
Same as any other Windows XP: still there, still licensed, not supported.
I will continue using win XP and I see no problem. I have it one one hard drive and Win 7 on another hard drive set up in dual boot mode a third hard drive just with my programs and a forth hard drive with saved data. When I go online I use the drive with Win 7 and if I want to save anything from that , it goes onto my "save" drive. At the present time all of my offline work is done on the drive with Win XP.
The problem is 3rd party manaufacturer’s. My Toshiba laptop is perfectly fine, and I can see no reason to replace it. However, there are no drivers for the graphics card beyond XP. Since there is nothing wrong with the graphics card, I have no intention of replacing it.
My multi-function printer, which cost quite a lot of money, is perfectly fine, but in no longer supported bey9ond Vista. I therefore control it from my laptop, since I am running WIndows 7 on my desktop. Even if I could afford to replace it, why should I when it works perfectly and does what i need.
This software lark is a gravy train, and it’s time we ripped up the tracks. This is basically blackmail!
Win7 and Vista support the XP display driver model.
I would gladly pay for extended support for XP instead of "upgrading" to one of the more modern time bombs, and I have lots of critical software that does not like later operating systems.
The issue for a great many is not that they are "too lazy, poor, or stuck in their ways to upgrade", though thank you for the arrogant and condescending attitude. Sort of like Micro$soft's usual attitude, in fact. The problem is the lack of backward compatibility of post-XP M$ OSs.
I have a film scanner that is for my requirements the best tool there is, and I cannot use it with anything later than XP. I have some software and a colorimeter in the same situation. So I must operate my main image processing system as XP, and dual boot any-time I want to email from it – what a stupid and clunky situation.
Or I could switch to Mac. Hmmm, not looking like M$'s 'take it or leave it' approach is such a good business strategy after all.
I love the idea of paying for continued XP support. It's like the stupidity of outlawing all the old types of light bulbs. Just tax them until people can finally afford to replace the fixtures.
Microsoft is not the only bad guy out there, I have a Epson scanner that works on XP but not Windows 7, software publishers are just as eager to make a buck.
The issue is that software is not written to enable broad operating parameters.
I have games software from 1998 running on Windows 7 and others from 2005 to 2009 that doesn’t want to know.
Upgrading of Windows effects everyone in differing ways.
XP security when Microsoft ends support, will only be achieved by not going on line and you do not install any new software and data.
So if you have an XP setup that runs specific type of hardware or you use it to wright novels, that’s fine, just keep it away from the Internet, for emails and browsing, buy a Tablet.
I have no problem with Windows creating a new OS since there is no other option in supporting new technologies and security standards. XP lasted an era compared to most operating system’s lifetimes, but I just really wish they wouldn’t have made such a drastic change and expected the majority of users to be receptive to it. Even Windows 7– it would have been smart to follow their most successful “blockbuster” operating system that many agree was user-friendly, stable, and people were invested in XP through their personal and business programs and data management, electronic files, even just the benefit of being assured pretty well that files formatted, created, or transferred from XP to a friend or business associate would work on their system.
I don’t understand why Microsoft didn’t take advantage of the universal presence of XP and if nothing else, name Win7 something that incorporated “XP” in the name- same necessary upgrades and x64 architecture (the majority at least, and moving towards it becoming standard).
But they jumped the gun on 8! The interface was never going to be well-accepted. I had a Windows phone so I was familiar with it, and I still haven’t found the time at work to go anywhere but the desktop!! It’s not that I’m not willing to explore and learn it, but the transition was way too fast- they should have continued a line of XP as well as from service packs or upgrades. If they wanted to release 8 as an alternate (not that it would’ve been successful on a desktop-perhaps it should’ve been implemented on tabs & touch-screen laptops first under a diff name?… ESPECIALLY when it comes to their business customer base– they don’t need apps or entertainment and stylish displays– they need a desktop that new applicants will know and not have to be trained on- who expect a “Start” button” and are stumped when they click there to see a screen which makes no sense to them… MS should at the very least incorporate some way to boot into a “XP-Desktop mode” (though retain the improvements, ex-8 runs x86 and x64 programs simultaneously, so the user doesn’t have to invoke virtualization or even know that software is being run through an emulator, but can use both what they are used to as well as the newer technology and explore it at their own pace– but to make it the only available OS to promote to a generation of computer users who have been accustomed to XP for over a decade!!– No clue why someone didn’t just think about it…
I know I’ll adjust to Windows 8 (though I’m finding things that irritate me in display customization such as not being able to customize appearance to the degree I can in XP-such as different fonts for icons, menus, windows, etc.- not in 8- AT ALL,)
I certainly could have reasoned an expected reaction from Windows users accurately… Is anyone really surprised people don’t want anything to do with 8? that they don’t want to give up XP? IMO, Microsoft screwed themselves by not extending the XP “brand” of Windows into their new operating systems- could’ve made a LOT more money and kept more customers!!