February 24, 2014 No Comments-
Bjørn Lilleeng, Technical Integration Manager – Windows XP (maybe the most beloved Windows version ever) is approaching its end of life. Microsoft has officially announced that the 8th of April will be the last day of support for this operating system. When XP was released back in October 2001 it was truly attractive. With its lack of security, Windows 98 and Windows ME were considered inadequate for professional users. Windows 2000, released late 1999, was mostly used by power users. Looking back it seems like XP appeared at the perfect time. It looked pretty, had a solid security model for that time, and better support for USBs than Windows 2000. Fast user switching made it much more convenient for multi user PCs. It required more or less the same amount of resources as Windows 2000, and by late 2001 a critical mass of people had hardware suited to run XP. And even today Windows XP is considered so good that it is still used on between 25 and 33 percent of all the world’s desktops, according to ZDNet. For many people it works perfectly well for the purpose it is used and the environment it is used in. This means that many businesses are reluctant to invest in Windows 7 or Windows 8, buy new hardware and user education if they believe their XP based environment works well enough for them. But even if Windows XP has been upgraded through several Service Packs (the last one, SP3 in 2008) and constantly patched, XP is facing a totally different world now compared to 2001. The number of internet users is about eight times higher, and current malware is much more sophisticated than malware back in 2001. The fact is that XP simply can’t mitigate the threats we’re seeing modern-day attackers use. The Microsoft Security Intelligence (SIR 15) report also confirms this problem. It shows that Windows XP is six times more likely to be hacked compared to Windows 7/Windows 8. After April 8 this problem will be even more evident, since no more security patches will be released on Windows XP. If I was a hacker I would definitely target XP for my attacks. Knowing that any vulnerability discovered in XP after April 8 would be left unpatched, would no doubt be a big temptation for most hackers. According to Gartner Group, more than 90% of all cyber-attacks exploit security flaws for which a patch is available. The problem is that it takes an average of about 40 days to implement the patches, and this time is cleverly used by the hackers. With Windows XP, there will be no way to remediate security flaws at all in the near future. In a worst case scenario it could even be possible to use such vulnerabilities to take down large XP based networks. The questions then would be: Will Microsoft let that happen? In a crises situation, will they produce patches for XP even after April 8? That remains to be seen, but I really don’t see how to avoid that. 400 million XP users will not vanish for a while. There could also be a potential market for others companies providing services to identify vulnerabilities in XP after Microsoft has stopped issuing security patches. The rest of us let should do our best to say goodbye to Windows XP as soon as possible, and also encourage others to do so. It has been a nice journey Windows XP, but it really is over now.
Norman Safeground Blogs Archive