Retire Comfortably, Windows XP

By on
Retire Comfortably, Windows XP

Microsoft officially ended support of Windows XP, issuing its last security update for the venerable operating system and its Office 2003 suite, officially sunsetting the software in perpetuity. 

In its April 2014 Patch Tuesday round of security updates, Microsoft released two critical bulletins and two rated important, impacting Microsoft Word, Internet Explorer and all versions of its operating system. In all, Microsoft repaired 11 vulnerabilities impacting its software. 

The software giant has been passionately urging businesses and consumers to migrate to its more modern operating system versions, which support some deeply rooted security features.

Operating system attacks have been in decline, partly because of the level of sophistication required to pull them off, said Wolfgang Kandek, chief technology officer of Qualys. In a recent interview, Kandek said he has tracked a steady decline of Windows XP systems as companies start to heed Microsoft's message. In 2013, more than 70 percent of Microsoft's security patches affected Windows XP, Kandek said, urging users to migrate. 

"There's no reason to believe that Windows XP systems won't continue to be a target," Kandek said. "There is a wide enough install base out there for cybercriminals to monetize an attack."

[Related: Despite Windows XP Deadline, Microsoft Partners Say XP Migration Business Isn't Drying Up]

Extended Support of Windows XP is available to organisations that can afford the premium service. Microsoft struck a multimillion Euro deal with the Dutch national government to provide security updates on a regular basis. It has made similar custom support agreements with authorities in England and Australia, and some private-sector firms have made arrangements to continue to receive security updates. 

ATMs that are running a scaled-down, embedded version of Windows XP have until 2016 before support is officially ended.

While attackers have found ways to bypass newer security components, security experts agree that attackers have long migrated to targeting applications and browser components. Many of those components are still running on Microsoft, and the company made it a point to warn businesses and consumers last October that the infection rate on Windows XP systems is significantly higher than its newer Windows 7 and 8 platforms.

Windows XP has been a favorite of business and consumers alike, who were drawn to its stability and ease of use, say solution providers. It couldn't be bested by its intended replacement, Windows Vista, which was developed to increase security against a rising tide of threats against Windows, but widely criticised for peppering end users with annoying authorisation prompts. When Windows 7 was released in 2009, adoption of Windows XP continued to remain strong. 

It's a much-needed operating system retirement, said Gus Chiarello, sales manager at Ramp Up Technology, which partners with antivirus firm AVG for endpoint security and systems management. Chiarello said his existing client base has been slow to migrate for a variety of reasons, but cost is a significant factor. Chiarello said his engineers have added a hardware-as-a-service offering combined with bundled services to help cash-strapped businesses move off of Windows XP. 

"Our engineering team likes Microsoft's sun-setting of Windows XP, because the overall management capabilities in the Windows 7 world gives them more feature functionality," Chiarello said. "We don't play the hype and hysteria card with this; we approach businesses by addressing their operational and financial concerns first, and a lot of times we find we can help them find ways to address their immediate issues without breaking the bank."

Up until now, businesses haven't had to make the case to migrate, said Peter Humphries, Principal at Burlington, Ontario-based networking and security services provider SecureSense. The cost associated with additional security controls needed at the endpoint to mitigate the increased risks associated with Windows XP should free up funds to upgrade some systems, Humphries said, acknowledging that some firms have embedded systems running Windows that will never be updated. 

"Windows XP was stable and there were a lot of organizations with people who can recall putting in a big investment into XP and are now making the case to jump off of it," Humphries said. "Cybercriminals are always looking for the weakest link and will find those firms that didn't heed the warnings.

This article originally appeared at

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © 2018 The Channel Company, LLC. All rights reserved.

Most Read Articles

Log In

  |  Forgot your password?