Microsoft will be ending extended support for Windows XP on April 8, 2014. After supporting this version of the Microsoft operating system for 12 and a half years, it has reached end of life. Microsoft has gone out of their way to extend support on several occasions, but the deadline this year looks like the final one. This means Microsoft will not be releasing any new security updates past the April 8th deadline.
Most serious technology experts will tell you it’s well past time to get rid of Windows XP and upgrade to a newer, safer operating system. It can be tough to explain, so keep I’ll give you a few real world reasons upgrade:
- The technology is old and security techniques and technologies have changed. Newer operating systems are much more secure.
- Windows XP will no longer get security patches from Microsoft. Once there is a vulnerability in the wild, you will have to address any security issues without any help from Microsoft
- More and more software companies no longer make supported versions of their software that will work correctly on Windows XP
- There are several options today, including upgraded versions of Windows (We have seen Vista, Windows 7, Windows 8 and now Windows 8.1 since Windows XP was originally released) as well as Apple Mac, Linux, etc.
Windows XP is statistically more dangerous than any other OS in the market, and there is more malware developed for it than any other operating system. It also has security holes that Microsoft can’t allocate the resources to fix. It’s basically the biggest target out there and support is running out fast. Every day a user continues to use XP is a day closer to a malware attack, rootkit, or keylogger that goes unnoticed. If you are still running Windows XP, you are asking to be hacked. As a business leader you should hang your head in shame that you haven’t addressed this issue.
If you are audited, maybe from a PCI auditor, your networks will be scanned each quarter. When your auditor finds Windows XP on your corporate network, especially if it is in the cardholder environment (where credit cards are processed, transmitted, or stored) and there is just one unaddressed high-level vulnerability, you will fail the scan.
What is interesting is there are reports that banks are still using Windows XP to run several version of ATMs.
(Reuters) – Banks around the world, consumed with meeting more stringent capital regulations, will miss a deadline to upgrade outdated software for automated teller machines (ATMs) and face additional costs to Microsoft to keep them secure.
The U.S. software company first warned that it was planning to end support for Windows XP in 2007, but only one-third of the world’s 2.2 million ATMs which use the system will have been upgraded to a new platform, such as Windows 7 by the April deadline, according to NCR, one of the biggest ATM makers.
There is an interesting story from Tim Greene on InfoWorld.
If you continue to use Windows XP:
Assume you’ve been breached – Admitting this is half the battle. Operating under the assumption you’ve been compromised allows companies to better prepare for the inevitable and react quicker.
Conduct a risk assessment – Identify which systems in your retail environment process and store sensitive data, and if that data is vulnerable to an attack.
Create complex passwords – Use complex passwords (at least seven characters, including at least one number, one capital letter and one special character) on remote administration utilities.
Review logs – Remote connection logs, firewall logs and Windows Security Event logs often highlight hacker transgression – allowing you to detect an incident before it’s too late.
Pen test – Identify and remediate security weaknesses before the criminals spot them.
Run advanced anti-malware and DLP defenses – Consider technology like web security gateway and data loss prevention, which can be used to scan outgoing HTTP and HTTPS traffic that could identify when attackers are siphoning out cardholder data.
Are you still using Windows XP? What are you doing to upgrade to a different operating system before the April 8th deadline?
Technology News and Information by SeniorDBA 