Sophos Cloud Optix
Don’t get too excited.
Windows XP will still officially fall off the edge of the world in April 2014 when Microsoft ends support.
Strictly speaking, of course, once you have applied the April 2014 Patch Tuesday updates to your XP computers, you’ll be no less secure than usual for another month.
But when 13 May 2014 rolls around, being the second Tuesday in May, all other versions of Windows will get patches, and you won’t.
The bad news about that is that many of the vulnerabilities that can be exploited in recent versions of Windows are also present in – indeed, were probably inherited from – the Windows XP codebase.
As a result, cybercriminals may be able to work backwards from information that has been innocently disclosed about bugs in Windows 7 and 8 – bugs that no longer matter very much once they’ve been spotted and patched – and to use that information to help them attack XP computers.
Why not keep XP going?
“Why then,” you might ask, “doesn’t Microsoft simply retrofit all the new security features from Windows Vista, 7 and 8 into XP, and keep churning out the patches?”
Part of the answer is that it would be a big economic burden to Microsoft, which can hardly be said to have a moral imperative to keep on sinking time and money into an operating system for which most users paid less than $100, and from which many users have already extracted ten years of life.
But the most important part of the answer is that continuing to patch XP would be like trying to cross a technological chasm for Microsoft.
Many of the deep internal changes that Microsoft made in its more recent operating system versions were put there precisely to create a better security substructure than XP – in other words, to bring a touch of software revolution in order to bypass the crevasses that evolution alone wouldn’t be able to cross.
Starting again
Some of us who want to get rid of XP have made it clear that we just aren’t going to make it by April (or May, if we allow ourselves that bonus final month).
Microsoft has therefore caved in just a bit, and announced that it will still provide updates to its various anti-virus tools on XP after the deadline.
Let’s be clear: no new security updates, no non-security hotfixes, no free or paid assisted support options, and no online technical content updates from Microsoft.
But Microsoft Security Essentials on XP, and various other Microsoft antimalware tools, will keep ticking over: support will continue until 14 July 2015. (Yes, that’s a Patch Tuesday – the latest day of the month it can happen.)
Note. Sophos Endpoint Security and Control (SESC) will officially support Windows XP Service Packs 2 and 3 until at least 30 September 2015. SESC will support Windows Server 2003 until at least 31 Jan 2017. (Our support knowledgebase has a complete platform support list.)
Does this mean I can postpone the inevitable?
Is this a signal from Microsoft, or, for that matter, from Sophos, that it’s perfectly OK to keep using XP past the deadline?
There are some good reasons (and plenty of bad ones) why you might need to keep XP alive, but if you do so then there are various steps you should take to reduce the risk of having weak spots in your network.
For some practical advice on the subject, why not listen to our informative podcast, The End of XP?
As mentioned above, if you are a Sophos customer then your legacy XP computers will be covered by Sophos Anti-Virus until late 2015 (early 2017 for your 2003 servers).
That means you can use Sophos’s Application Control features, allowing you not not only to regulate malware, but also to prevent the use of software that might put your already-risky XP computers even further into harm’s way.
That way you can keep those old XP lathe controllers alive, for example, while making sure they are used only to run the lathes, and not used “off shift” for tasks such as browsing, reading PDFs or watching cat videos!
Image of ship sailing over the edge of the earth courtesy of Shutterstock.
A lot of people are using machines that WON’T run later OS than XP. Hell, I’ve still got some kicking around that won’t run XP, only 98SE. There is no solution to that other than throwing the hardware away, which is not ok as I use some of it to support radio equipment that has DOS or 95/98 only programming software – running it on a megaquick Win7 or 8 box is not an option. Is it hard to keep that going? Well, not really, I have a stack of old hardware that will probably keep me going until the radios eventually die, but that might take another 20 years. Businesses might move on by drinking the Microsoft KoolAid – frankly I wouldn’t ‘upgrade’ to Win8x if you paid me – it’s still a klunky pain if you don’t have a touchscreen – just getting to safe mode or repair mode is something of an adventure. This is apparently known as progress.
You don’t have to upgrade from Windows XP to another version of Windows…plenty of free OS choices out there 🙂
And you’d be surprised at the esoteric range of hardware that Linux supports. Of course, if the hardware isn’t supported by recent OSes because the vendor kept it secret how to write a driver for the hardware…that’s not Microsoft (or Linus’s) fault.
My aging old Dell netbook won’t run much more than XP – heck, it could barely run XP – but it runs recent Linux distros quite well.
The problem for some is that the manufacturer’s BIOS will not allow installation of another OS! I have a Dell of some vintage that cannot be upgraded to anything other than the original Dell OEM version of XP Pro. Even changing the hard disk does not resolve the problem as it is hard-wired into the BIOS and that’s in a non-flashable chip on the MB!
So for many it will mean replacing hardware (at least the MB) first and then choosing which OS you want.
But XP will still be vulnerable if that is ever used as ‘the duck’ explains.
Mike, I wish I knew what you’ve found out about Dell/Linux incompatibility. I have 3 of the older (almost identical) Dell XP towers I’ll have to scrap if I can’t change to Linux.
There’s a power & video card problem with upgrading to Windows 7 from XP. No room in the cabinet for a bigger power supply that will power the needed video card for Windows 7.
If you read this later, leave a note about your model, and what you know about Dell incompatibity with non-XP software.
Thanks.
I have installed Linux on a wide variety of old dell machines and never run into any issues (from memory the oldest was an L60 tower) I have never come across a single old computer I couldn’t install another OS on but I guess I might have just got lucky.
Paul, what’s the learning curve look like for Linux distros to Windows users? I heard Puppy Linux was a simple easy one to use, but don’t have any idea if it will support as many “functions” as Distros.
Can you elucidate?
BTW, got my Sophos Lab T-shirt yersterday! I’m proudly wearing it now, and am quite impressed with the quality and good looks. Pre-shrunk heavy weight cotton is rare these days, and doesn’t come cheap.
The shirt is much like Sophos’ many services to the public: Valuable, heavy duty and built to last, ha ha…
I’ll of course continue to support what you guys do at my news websites in the future, as I have been.
Thanks Paul.
A fun place to start (though I just went there and their ads have become superannoying – autopopup over the whole screen, but, hey, it’s a free world) to find out about distros (Linux and the BSDs, which are also free) is distrowatch.org.
Top spot these days is “Mint.”
Enjoy the shirt…
I agree that we should look outside the MS system instead of going along with its future. So far W8 seems like a Vista.. in short, a problem rather than a solution for us. And yes, my own experiments with Linux have been good.. Red Hat at one time, Debian at another… my favorite I am working into now will be Mint… either Debian based or Ubuntu based.
I’ve heard a lot of negative comments about Windows 8 since it came out. Have they fixed the flaws in Windows 8.1 or is Windows 7 a better option for the upgrade. Does anyone have any suggestions? Thanks
Depends what you mean by “the flaws” in Windows 8.1. (If you mean the metro/modern UI, that’s pretty easy to kick into touch).
Why not give it a try? You can get a free eval download from Microsoft. Lasts 90 days. There’s a Windows 7 eval to compare it with. Buy the one you like the most.
I didn’t know about the free evals, excellent idea. Thanks Paul, always great knowledge & advice from the Sophos Team.
There are also some non-MS add-ons that allow you to get rid of the ‘Metro/modern’ interface that a great many don’t like and have a Start menu again sitting on a fairly ‘traditional’ desktop. So it looks and works rather more like W7 or even XP if you choose. But that does not resolve the underlying conceptual problems that Windows developers think are advances – such as you can’t configure some applications the way you want (the latest version of Opera for W8.1 will not let you set your home page! – unless they have changed it since the New Year!).
I’m planning a move from XP Pro to W7 Pro plus Ubuntu.
i don’t think you can find the regular windows 7 package, to purchase it, so that is out.. and i an NOT going to use windows 8, which seems to be an immitation of an apple iphone.. so i guess i will have to switch to a linux distro.. using linux seems to be a lot more complicated than using windows, but it seems that i have no choice, not unless-and-until microsoft replaces windows 8 with a half-way normal windows operating system..
Look on Amazon or Ebay
A very simple search will reveal that you can still buy Windows 7 in any format…..
it is probably no coincidence it matches the date Server 2003 ends support.
Drivers are a problem. In XP, someone could just whip up some code that worked. Modern OS requires an approval process which has obsoleted many devices which used to be fine. For example, I have discarded some old Logitech cams because they will never be supported.
Some music software I use stopped working when I upgraded XP (DLL naming conflicts) and there is no fix, and undoing the upgrade (dot NET) doesn’t make sense either.
Upgrading software can be painful, and going back can be nearly impossible. Keeping it working, without tampering unnecessarily just feels best.
Yes, I read and heard all of the security concerns (above). Using a computer daily, and hating it, because of a forced upgrade causes many of us to just live in the past, and take our chances.
Some older hardware cannot support Windows 8, so upgrading to the latest MS OS isn’t an option. A quick search says SSE2 is needed, so socket A based systems for example cannot run it. There maybe other requirements that also disqualify older but perfectly servicable hardware.
I should have said that the processors have to support PAE/NX/SSE2.
You can still buy Windows 7, however. (Good job you didn’t but a Mac during XP’s life – two “older hardwares” have been disowned by Apple in that time, namely computers with PowerPC or 32-bit Intel chips 🙂
For recent fresh installs download WSUS offline update and make an ISO file of all the current updates. Then if you need to nuke or re-install your XP machine, you will already have an update disc!!!