who’s afraid of April 8, 2014? #MicrosoftXP

No, April 8, 2014 isn’t the new date of the apocalypse as predicted by the Aztecs, Incas or Eskimos. It’s just the date on which Microsoft will cut all support for XP. Translation? After this date, Microsoft will no longer release security patches or bug fixes for this operating system and a few other dated versions of its flagship products. Should you be worried about this? Absolutely!

Windows XP will go out with at least one record under its belt: it’s the longest-running operating system (OS). Ever. Remember when it first launched back in late 2001? And now over 10 years and three service packs later, it’s still kicking, though its days are numbered. According to Netmarketshare, Windows XP currently powers over 28% of all desktops, despite a 10-point drop over the last year. Just six months ago, one in three PCs in China still operated on Windows XP (data from August 2013). Considering China is the most populated nation in the world, that’s a lot of computers! In fact, some believe XP is still installed on several hundred million computers worldwide.

an imminent threat to XP work stations

As I pointed out in this article, many security developers believe that zero-day vulnerabilities have already been discovered. They also believe these vulnerabilities haven’t been made public, as some third parties harbor hopes of monetary gain after April 8. Attackers could use these vulnerabilities to target computers still running XP to steal or destroy data (direct threat), and also form botnets (indirect threat).

Imagine the disaster if a security weakness enabled attackers to infect hundreds of thousands of computers with no hope of Microsoft ever releasing any patches or fixes. The battle against botnets would get that much more difficult, since infected users and businesses cut off by Microsoft would have to work with third parties at much higher costs and for less certain results.

XP won’t be the only one to go

Support will also end for Office 2003 on April 4. Microsoft was slated to halt support for Security Essentials on the same date, but conflicting information has surfaced. What we know for sure is that Security Essentials will no longer be available for download after April 4. This means that any PC running Microsoft’s outdated OS and office suite will be vulnerable to threats on two fronts: attackers will be able to exploit weaknesses in both of these major products to invade PCs.

For consumers, the only protective measure available will be to update their Security Essentials signatures, which will be published until July 14, 2015. They can also download the anti-malware signature updates, though how effective this will be remains uncertain since the PC’s signatures may no longer work. That’s why several developers have put out new products designed specifically for Windows XP based on user behavior analysis. Of course, the jury is still out over the general security level, actual effectiveness and long-term support these solutions would provide.

migrate, but where?

While Microsoft has published several logical arguments concerning the security risks of not migrating, some will still cling to XP and others simply cannot migrate to a new platform. Most businesses have already migrated, albeit slowly. This may be due to the fact that massive migrations of work stations simply do not take place very often anymore. Do you remember switching from Windows NT or 2000 to XP? No? Me neither!

First, make sure all your computers and applications are compatible with the new platform (not a trivial matter). And migrating applications isn’t always a piece of cake since some specific developments may be lost along the way. In these cases, you should analyze your equipment and the risks associated with not migrating. Then ask yourself the next most important question: to which OS should you migrate? Windows 8 and its tablet interface are deterring. So should you go with Windows 7? It’s a more classic OS, but it has already been replaced. And then there’s the price… I can understand why some people may prefer to just risk it and keep what they have, even though it’s not very reasonable. Our blog has already talked ad nauseam about the need to keep your system as updated as possible. It goes without saying that you should avoid working with antiquated equipment! Whenever possible, of course.

hope from the East?

There’s some hope: China has asked Microsoft to keep XP alive for security reasons and also to help fight against pirated software. Beijing also recently spent over a billion dollars replacing pirated OS with official versions, significantly lowering its appetite to invest in new and more costly software.

So there’s plenty of cause for concern, since XP isn’t dying alone. For now, it’s hard to say if it will go out with the bang of an earthquake or fizzle out like a wet firecracker, like the Y2K bug. In any case, it’s best to be prepared as the end date is now less than two months away. I fully recommend migrating your PCs as soon as possible to a system that will still be supported after April 8, 2014. While waiting for that fateful day, one eye glued on the countdown clock, I’m going to save the contents of an old PC left in the office and see what I can use to replace my now obsolete copy of Windows XP SP3…


The French version of this blog post was published here.

Photo credit: © FiCo74 - Fotolia.com

Philippe Macia

After previously working as a training manager, on-site IT officer, pre-sale technical officer, and customer service manager, I joined the Orange Business security team as a product manager. I’m very committed to the user experience and easy administration of the solutions we create. My watchwords: knowledge sharing, logic, pragmatism and simplicity.