April 8, 2014 marked the end of an era: the day when Microsoft withdrew support for its hugely successful Windows XP operating system for good. Statistics show that, despite declines of late, the OS is still extremely popular. In fact, it still has a market share of around 25% globally, a figure which has changed only slightly since April 8. It’s true that some organizations need to stick with XP because of third-party app support reasons, and Trend Micro can help these firms, more of which I’ll share later. The problem for those who refuse to migrate onto a newer system, however, is that they’re unnecessarily exposing themselves to a much higher risk of infection.
Relic of a bygone age
Windows XP simply wasn’t designed to cope with the kinds of modern threats facing it today. It was launched in 2001, long before the time of mobile and cloud computing. Back then, remote access was usually achieved via phone lines and networking was achieved with wired connections. Hackers were primarily bedroom-based mischief makers rather than the organized crime gangs and state-sponsored operatives we see today. It was a time before Trojans, ransomware or highly sophisticated targeted attacks.
Back in October 2013, Microsoft warned that XP infections may rise by as much as 66% after April 8, with attackers likely to seek out vulnerabilities by reverse engineering security patches intended for newer versions. It also appears as if some cyber criminals had been sitting on exploits until the support deadline passed. In May, for example, Microsoft was forced to issue an emergency patch – which it also offered to XP users – after discovering active attacks using a zero-day vulnerability in all versions of Internet Explorer.
In fact, users stuck on XP can’t use any version of Explorer after IE8, opening them up to additional risk. Cyber criminals looking for a weakened operating system with unpatched vulnerabilities via which to launch a targeted attack campaign couldn’t dream of a better scenario than a PC running Windows XP.
Beware the hidden costs
Many businesses believe that sticking to XP makes sense, as it will avoid costly upgrades and the potentially diminished user productivity that comes from staff working out how to use the new version. However, the costs of not upgrading can be significantly higher. First up, there is the potential cost of a breach arising from a security flaw in XP that has been exploited by hackers. Then there’s the financial burden coming from maintaining support for the legacy OS. Firms sticking with XP may be required to become Microsoft Premier Online customers.
Microsoft sponsored research carried out by analyst IDC even found that IT teams spent significantly longer dealing with operational issues related to XP than with Windows 7. The amount of time lost by user per year is a whopping 9 hours – way in excess of the 1.2 hours lost with Win7.
Help is at hand
To help businesses work through these and other issues relating to XP migration, Trend Micro has released a handy new guide: What Will Life Be Like After Windows XP? It’s packed with useful information on the security and management challenges firms could face by not upgrading.
Some organizations need to keep on running the legacy operating system due to third-party application support issues, and for these businesses, Trend Micro is here to help. Our Vulnerability Protection solution will help shield machines against vulnerabilities for which patches are no longer available. Trend Micro Endpoint Application Control, meanwhile, will prevent any unwanted, untrusted or malicious apps from installing or executing on your XP-powered machines – adding an additional layer of security.
Here are a few more tips from the guide on how to minimize information security risks if you need to continue running XP:
For more tips and to read the entire guide, download the free whitepaper here.