Sophos Cloud Optix
There are 31 days in March.
So, counting from when this article was written, that gives almost exactly one month left until Windows XP gets its Goodbye, Farewell and Amen moment.
XP users will get security updates on Tuesday, 11 March 2014, as they have for just over ten years.
They’ll get scheduled security updates again on 08 April 2014.
And then that’s it.
No more updates, neither scheduled nor emergency, no support, no nothing.
From then on, as we’ve pointed out many times, if someone finds an vulnerability in XP they’ll be able to exploit it for ever.
It also means that the fixes that will be coming out for Windows 7 and 8 may end up helping hackers to zoom in on exploits in XP.
After all, a lot of code in the current versions of Windows has been carried forward, albeit with modifications, from XP.
Anyone who doubts the possibility that forthcoming fixes might act as “exploit signposts” for XP should take note of Apple’s recent troubles with SSL/TLS.
An important security fix for iOS got people asking, “Hey! I wonder if this hole is in OS X as well?”
It very quickly became obvious that OS X had exactly the same bug, forcing Apple to accelerate the release of waiting-in-the-wings OS X 10.9.2, and no doubt making Cupertino’s coders wish they had simply pushed out the iOS and OS X updates at the same time.
But Microsoft has no such option for Windows XP, which is officially retiring from public duty next month after 12 years of front line service.
So, Redmond has announced that from Saturday 08 March 2014, XP will openly start talking itself out of a job on your PC:
You’re probably wondering how XP knew, way back when it was first released, that it would be stepping down in April 2014.
It didn’t, of course: the popup is actually a side-effect of Windows Update.
Indeed, if you aren’t running Windows Update, or if updates on your computer are handled by your company from a locally-managed update server, you won’t see the dialog.
You can check for yourself, however, just in case you aren’t sure whether you still have XP or not – Microsoft has also announced a very focused-in-purpose website named amirunningxp.com.
Mac users can have hours, or at least seconds, of fun by visiting the site with Safari and grabbing a comedy screenshot:
XP users get a slightly different picture that will probably spur hoots of derision from diehard “We Shall Not Be Moved” XP fans.
The website wryly (or insultingly, depending on your point of view) depicts an abacus, a mechanical typewriter, a CRT (vacuum tube) monitor and a computer fitted – if you can believe it! – with a floppy disk drive:
Microsoft is also offering a free download of a cut-down version of Laplink’s PCMover software to help you migrate your data from your old XP PC to your new Windows 7 or 8 computer.
→ As far as we can tell, the PCMover tool requires you to have two computers already set up and connected to a network, so you can’t stage the data to a removable disk and load it to your new computer later. It handles your data, but not your apps – you’ll need the paid version for that.
If you install the PCMover software, you’re soon presented with a dialog like this:
That dialog is legitimate, and the numbers match those offered by Laplink itself on its official website.
But please watch out, and urge your friends and family to do the same.
You can well imagine that the crooks behind the fake support call scams – the guys who call up pretending to be “with Microsoft” to badger you into paying to get rid of a virus you don’t have – might try to take advantage of inexperienced users trying to make the move from XP.
If you’ve been using XP for years, and are going to make the switch to a newer version in the next month or so, then it’s likely you haven’t done an operating system upgrade or reinstall before.
So if you find yourself needing help, take advice on where to get it from someone you know and trust.
Don’t let yourself be badgered into accepting assistance from someone you don’t know who just happens to be on hand to provide it.
Letting unknown outsiders connect to your computer over the internet – on their say-so – is always a bad idea.
Here’s a podcast with some advice on how and why to say, “No!” to unsolicited offers of computer support:
What if you’re stuck with XP?
We know and accept that some of you will need to stick with XP even after it officially retires, at least on some of the computers in your organisation.
But you can reduce the ever-increasing security risk posed by those legacy computers in a number of ways, including:
- Segregating your network so you can fence off and lock down your XP computers more strictly. (You might like: Sophos Network Protection Guide.)
- Limiting the software you allow on your XP computers to reduce their exposure to danger. (You might like: Sophos Application Control.)
Here’s a podcast to help you consider all the issues and decide on the safest way forward:
Note. Sophos Endpoint Security and Control (SESC) will officially support Windows XP Service Packs 2 and 3 until at least 30 September 2015. SESC will support Windows Server 2003 until at least 31 Jan 2017. (Our support knowledgebase has a complete platform support list.)
An obvious, simple solution would be that Microsoft makes their abandoned (netbook oriented) slimmed down Windows 7 version, “Windows Starter” freely available to their faithful XP customers.
That solution would be excellent, but not very profitable. Not going to happen.
If you were a faithful XP customer you would have already spent the money to upgrade. Faithful XP users are probably “worthless” in Microsoft’s eyes.
> An obvious, simple solution would be that Microsoft makes their abandoned (netbook oriented) slimmed down Windows 7 version, “Windows Starter” freely available to their faithful XP customers.
This is a bad idea. Users of the slimmed down Win 7 would be on forums stating how Win 7 is horrible, doesn’t work, blah blah, without ever stating that it was the slimmed down version. Microsoft would get tons of bad press over it.
Microsoft has made no secret that XP was being EOL’d. If the users did not plan ahead (or didn’t care) to replace XP then that is their problem. As many people have stated: If you have the money and like MS then upgrade to Win 7/8 or switch to Mac if you do not like MS, and if you do not have the money switch to Linux. Whatever option you choose just stop using XP to access the internet!
A very cynical reply. But there is a very good alternative in UBUNTU.
The problem is that most of us are more concerned with the work we do not the systems we use. If someone kept re-inventing the alphabet we would have no work done. XP is a robust, economic and simple system for people needing basic service for small businesses and organisations. This is just a money making exercise. XP can be readily repaired and maintained by anyone with basic computer skills and its operating system doesn’t need the computer power of the MIR Space Station to work. It sounds almost like another scam in an industry which is riddled with them. An enterprising company (perhaps like Norton et al) should offer to take over XP updates at a fee – then we should see just how many XP users there really are – knowing that Health, Police, military and LA’s use it, I think people will be amased!.
From what I can see, a lot of the people who are sticking with XP are doing so at least in part because they resent the fact that they will have to pay for the new version of Windows (one way or another – for the OS alone or for a new PC that includes it).
Even in your comment you suggest the end of XP is “a money making exercise.” So users who feel this way are hardly likely to pay for unofficial updates issued by a third party…
If basic IT services on an old PC at no charge are what you need, why not try Linux? (If you can’t get on with it, or decide that Windows is what you want after all, perhaps the $100 to $200 for a new version of Windows will seem worth it in the end?)
Its the final coutdown!!
Doo dooo…ba da dooo do do doooo!
This is the first article I’ve seen that made me realize that XP is soon going to stand for eXPloit.
I bought my computer used with a fresh XP install on it, however I have no XP install CD so I am just going to stick with if it ain’t broke don’t fix it for as long as I can.
Problem is, it is going to be broken pretty soon…
And you are best off sorting it before it is, rather than after.
Lack of an xp disk is no problem, That would only be useful if you wanted to instal xp again. Which you don’t I hope!
I do understand Windows operating systems are expensive, and while free, Linux et al isn’t for everyone. But the expense is less than if someone manages to sneak out your card details due to an insecure pc.
“I do understand Windows operating systems are expensive, and while free, Linux et al isn’t for everyone. But the expense is less than if someone manages to sneak out your card details due to an insecure”
This ( and some of the other replies ) smacks of fear mongering and a hard sell.
Guess it depends on whether you think your PII is worth more or less than, what is it, $199? That’s if you want the Pro version of Windows 8.1, which includes full disk encryption. If you don’t, I think it’s $119.
Where does your “hard sell” stop and the price become palatable? $49? $19? $9?
Microsoft probably turned over, what, $10 from the average XP user (bundled-with-computer deal)? Enough to make Bill Gates the richest man in the world, sure, but if you got a decade of use out of it…is $1/year *really* an excessive fee?
(Think of it this way: is the battery that was in your mobile phone ten years ago – you are still using the same phone, right? – still holding charge for as long as it did? Or have you had to buy a new one? Things do “wear out,” for a range of reasons. Software included. 12 years of XP isn’t really a ripoff, and if you think it is, there is, after all, Linux…)
I hope you are trolling but just in case you are not –
I suggest you do not use it for any secure purpose – banking, shopping, accessing any online accounts, etc. It will work great to view sites like Sophos 🙂 Unfortunately, it will probably become a bot very quickly (if it isn’t already) and you will help criminals harm others by having it connected to the internet.
If you are not going to connect your XP machine to the internet then it will have a long healthy life and hopefully bring you joy.
If by “broken” you mean that the operating system works fine and doesn’t crash, then you are right. BUT, that is not the reason Sophos, Microsoft, and everyone else is urging you to upgrade. The reason is that your computer will soon be vulnerable to attackers (aka Hackers) because nobody is fixing vulnerabilities anymore. Windows, like any other OS, is always vulnerable. But when a vulnerability is found, the people in charge of it fix it. Nobody will be fixing these vulnerabilities on XP any more. Your computer can be hacked and your data/identity can be stolen VERY easily.
We started seeing that unwanted pop-up yesterday, Thursday 6th March! Since it appeared on one PC we have prevented it downloading on all the others. Sadly, despite what M$ say you cannot remove it using Add/Remove Programs in our experience.
Best way to avoid this unwanted pop-up is to use a different setting for updates that allows you to decide what will be downloaded and installed instead of the automatic updates that create havoc with some systems and uses. That way you get to chose what is updated but remember to do it manually when you are prompted that an update is available.
Reason we don’t want this pop-up is that there is a Windows 7 Pro install disk sitting next to each computer, ready to be run once all the required data has been successfully transferred to external disk and the M$ Windows Easy Transfer to Windows 7 utility has been run (it’s available free from M$) and easy to use plus it lets you prepare stuff for transfer via an external disk if wanted, or by network/Server options. We’ll be done by April 8th b ut in our own time and not before.
I think you’re being a bit harsh. How late should Microsoft have left it before starting the countdown?
Is the popup really *that* intrusive? It isn’t forcing you or your users to do anything, just giving a reminder. Couldn’t you just click in the “Don’t show this again” box?
Many jurisdictions give you a one-month reminder that your vehicle rego is about to expire, for example, and that’s for an annually renewable licence. Tax offices do something similar for annual tax returns.
A month seems a reasonable sort of time scale to me, at least for computers configured for standalone updates directly from Microsoft…
Yikes! I can recall when we all thought the world was gonna end when support for Win95 came to an end.
XP has worked well for me so I am keeping it, just taking the computer offline
Is a virtual XP application on windows 7 computer just as much at risk?
Yes
just get a free OS I have Linux its fantastic never looked back.
How does one find Linux sorry not a computer guru both our laptop run it
You might like to start here: http://distrowatch.com/
Warning: to say there are a lot of options when choosing a flavour of Linux is an understatement 🙂
One of my favorite Ubuntu distros is Lubuntu-easier for me to transition from XP by using this distro.
Also received the pop-up on my XP machine yesterday. Put my wife on Linux about 18 months ago, don’t think she’d know it wasn’t Windows if I hadn’t told her what Linux was. She’ll never be a Linux guru any more than she’d ever be a Windows guru but it’s a breeze for her to use for what she wants to do.
The only update I’ve ever applied to my XP system is SP3.
SP3 was more of an upgrade than an update.
You do realise that with *no* patches since XP3, you’re rather a liability to yourself and others around you on the internet, at least if you’re browsing regularly?
Go near a hacked website (and you can’t tell by looking – indeed, looking alone is enough to get you infected) that contains even a 5-year-old exploit and…you’re pwned.
(Unless you’re trolling…if so, I fell for it 🙂
does this mean my computer wont work with out support?? or can i still use windows xp to access the internet, i’m illiterate about computers
Your computer will still work, but any security holes that criminals find out about in XP will never be patched. (You DO have Windows Update turned on, right?)
So, over time, it will be easier and easier for crooks to take over your PC with malware, and more and more likely that will happen.
That means your personal data is more likely to be stolen and sold on the underground, and your computer is more likely to be abused by the crooks as a jumping off point to commit cybercrimes against other people.
Running XP will become more are more a “beacon” to crooks saying, “Start here! You won’t have much trouble breaking in here!”
Hi All,
I have had computers running 3.1 Windows, Windows ME, Windows 95, Windows Vista, Windows 7. Now I am running Windows 8.1. So after all these which do I prefer? Windows 8.1. Just seems easier and a more productive system. Small learning curve to start learning 8.1 but which after 2 weeks is a breeze to use. I downloaded a e-book about Windows 8.1 from the Kindle site which was a great help to get me started.
I still use my iMac but I give Microsoft full marks for Windows 8.1 and their effort and hard work giving you a more secure operating system.
I just wish all the bad guys would just go and live on a island some where and stop trying into break into the Windows operating systems. Just remember it is easy to pull down then it is to build. Good Luck to all.
hi i installed ubuntu linux, and in ONE day i had it all worked out, why should i get windows 8.1 pay for it then spend TWO weeks learning to use it, i did linux in one day for FREE.
Right on bro. And the support for Linux is awesome. The community forums and the people contributing to them far surpass any Windoze forums by a long shot.
Do virus protectors help at all?
Yes, they do. That’s one reason why Sophos Anti-Virus will continue to support XP well past the deadline (see the end of this article for details). But a computer that is properly patched as well is even safer – the buzz-phrase you’ll hear to describe this is “defence in depth.”
Some folks have XP hardware that won’t support later MS OSes, but still works. Dual-booting with a UNIX variant is an option. To reduce the risk if going online with XP, consider going only to trusted sites and using a sandboxed browser (Comodo Dragon or similar) to resist running unsafe code while online. (Comodo Internet Security, free, includes Dragon. There may be other similar products, free or paid.)
I think one of the important points to consider is that XP was developed and released during the transition from dial-up to broadband, i.e. when an Internet connection was still the preserve of the more affluent and middle-class, and IT people were contending largely with destructive viri.
XP was released before Microsoft (and the industry as a whole) could learn, over the course of a decade, how sites would commonly be hacked, how exploits loaded themselves into victims’ browsers, and the characteristics of different forms of malware. Looking at the memory protections and exploit prevention measures added into Windows 7 and 8, you’ll notice Microsoft had tailored its security model to current threats.
The point is XP wasn’t designed for today’s Internet. Windows 7 and 8 were.
Good thing I use Windows 98.
Still using OS/2 Warp with no issues.
If you have to continue running XP I’d do the following;
Install EMET (and configure it)
Install a HIDS/HIPS
Install a Host Firewall
Install an AV solution (or two)
Run everything with Limited User access (only elevate when absolutely necessary).
Upgrade to the latest possible IE version (is it 8?)
Use a different internet Browser that is still supported and patched.
Continue with 3rd party app patching and limit the apps installed.
Most of the above is free (if not all).
Or buy premium support with custom XP patches for a cool $1,000,000 ;0D
One problem is all old applications and drivers not workimg under win7/8. I guess some people will have problems after an upgrade…
I’ve cancelled my Internet service as of April 8th in protest of Microsoft’s ending XP support. I resent being forced to buy more products to stay online and I resent having to spend more time on the computer to make upgrades, do downloads, do research to figure out how to do all this stuff. NO! No more! I’ve got a well functioning library 2 minutes from my house and that’s where I’ll be going to do Internet work. Microsoft’s just bleeding us dry and sticking glue to our bottoms to prevent us from leaving our computers! Let me breath the air, even if it is only from my car to the library doors! Their computers work faster than mine ever did anyway! It will take me half the time to get things done there, so phooey to Microsoft.