Windows XP and thinking of the children
Windows XP will got out of official support next week, Tuesday 8 April to be exact.
Unless an organisation has already agreed a specific support package with Microsoft that means the venerable OS will no longer receive security updates.
So, some might say ‘whoopy-de-do’, while others might respond with the Helen Lovejoy Cry. But what is likely to happen?
Well, there have been varying degrees of doom predictions for users of the OS, with some specific scenarios affecting the likes of the retail industry, but what is the reality of the situation?
It has been suggested that hackers are merely storing up exploits to use on unwitting laggards who have not made the migration to either Windows 7 or the much maligned Windows 8. But is this true?
Well, the likelihood is that the nefarious criminals have been looking closely at the OS to see if there are indeed any exploits left.
Most have been found by now due to the popularity and longevity of the system. Often, only after such widespread usage a software package is deemed finally fit for more advanced usage. One need only look at the example of XP’s predecessor in business, Windows 2000, itself built on Windows NT4, which went on, after its own discontinuation, to be used in military applications, specifically with the Royal Navy, where it was dubbed by wags ‘Windows for Warships’.
So it is unlikely, though not impossible, that there are still bugs in Windows XP that would allow a mass exploit that could compromise a large proportion of users. Were such a vulnerability to exist, one can be sure that there are those that would pay handsomely for it, as there is no doubt somewhere a list of the major users persisting with XP and what they do. This kind of list is no doubt a charter for hackers and organised crime to orchestrate ‘The Great XP Attack’TM.
What is far more likely is that there are those in possession of a minor exploit, perhaps a variation on a theme already seen but still vulnerable that would allow a single machine with a specific combination of applications on top of XP, who would be willing to sell such knowledge to those looking to make something targeted.
Such spear attacks, as opposed to mass attacks, are really where the greatest danger lies. But again, Windows XP, supported or not, should not be in a position where it should need to defend itself. There is no harm in persisting with the OS if it is properly protected by the usual bells and whistles, from firewalls to AV, AS and AM, and of course, port blockers to stop people plugging things into it as it sits hunkered down behind all those curtain walls.
In much the same way that one would not expect a Windows 8.1 machine to sit exposed to all the Web can throw at it, an XP machine may well stay perfectly safe when properly protected.
While we provided some good advice and instruction here in our recent feature on XP migration, common sense and normal infosec rules still apply. Protect it as you would any desktop OS within your organisation and the likelihood is it will be fine for some time to come.
And if any of your people are doing the Helen Lovejoy, try a glass of cold water to the face, followed by a lie down in a darkened room.