By David Siah, Country Manager, Trend Micro Singapore
On April 8, Windows XP will stop receiving support from Microsoft. This ends the lifespan of one of Microsoft’s most successful and long-running operating systems. Rarely has a tech product lasted as long as XP—from its launch on October 25, 2001 to its last Patch Tuesday this April 8, a total of 12 years, 5 months, and 2 weeks will have passed. Despite that, as of February this year, StatCounterdata indicated that almost 1 in 5 PCs still used Windows XP. The world has never faced a situation quite like this. Versions of Windows have gone out of support in the past, but never in such a wide scale.
There has been plenty of concern—and in some quarters, hysteria—over this event. When it would happen has been known for some time. Informed users also know that Windows XP was developed in very different circumstances—the famous Bill Gates trustworthycomputing memo was sent after Windows XP had been developed and released to the public.
The end of support for Windows XP concretely means two things: newly discovered vulnerabilities in Windows XP will no longer be patched, nor will they be documented and acknowledged by Microsoft. This represents a huge increase in the risk of using Windows XP. Over time, more issues will be found and exploited, but that said, it may also fall. The ever-decreasing numbers of Windows XP users may make it less worthwhile for cybercriminals to create exploits for an aging operating system.
Nevertheless, at this stage, there will definitely be more threats surfacing, again due to the fact that 1 in 5 PCs are still running on Windows XP. Businesses which are still running on Windows XP will eventually make the transition due to the risks outlined above—just maybe not fast enough. And there will also inevitably be cases where it is necessary to keep Windows XP going even after support ends, due to legacy issues. So what can businesses do, and what strategies can they adopt in the interim?
One of the most valuable tools in managing these risks is virtual patching and vulnerability shielding. Such products scan and inspect network traffic before they reach the user’s applications, providing an opportunity to protect servers and endpoints from vulnerabilities. Thus, virtual patching protection helps extend the life of legacy systems and applications for a while longer as businesses rush to upgrade their systems to more up-to-date versions of Windows. At the same time, virtual patching also lowers the administrative expenses involved.
Another solution can be in hardening the endpoints. Endpoint security software will still protect users, if the security software vendor provides continued support for their products. For example, Trend Micro will continue to provide support for our endpoint software on Windows XP until 2017. In addition, locking down these legacy systems may be even more appropriate, as it prevents unwanted and unknown applications and processes from running, thus reducing the risk of exploitation.
The underlying point is this: Yes, Windows XP’s end of support is something that people should worry about—but the risks of not upgrading immediately is something that can be mitigated with the right tools. For more information, please refer to Managingyour Legacy Systems, a primer we prepared that delves deeper into the topic and explains, in depth, the solutions outlined above.