Large organisations with deep pockets have the option of buying extended support from Microsoft. For most other businesses, recommendations from experts such as Directions on Microsoft and from Microsoft’s security team focus on two main areas: securing Windows XP itself as much as possible, and limiting what these PCs can do within corporate networks and on the Internet.
Securing Windows XP includes making sure that it is on the most recent SP3 version, that all available patches and updates have been applied to it, and that a full-featured security suite with antivirus and firewall is installed and current on the PC. User rights on these PCs should be downgraded, so that they don’t have administrator privileges.
It is also important to use Windows XP with browsers that still support it, such as Google’s Chrome and Mozilla’s Firefox, and not with IE8, which is also falling out of the update cycle. Unnecessary and insecure browser add-ons, controls and plug-ins should be uninstalled.
Businesses should also consider disabling or blocking access to the USB ports on these PCs to prevent malware infections via external peripherals such as flash drives. “Connecting removable storage devices to Windows XP systems should be avoided,” wrote Tim Rains, a director in Microsoft’s Trustworthy Computing group, in a blog post in late March.
It is hard to predict the extent and intensity of the fallout.
It is also key to place limits around Windows XP machines so that they can only access specific applications, data and resources on a business’ internal network, and can only be used to visit hand-picked external web sites. One way to constrain and isolate Windows XP is to run the OS in virtualised environments. End users should not be allowed to connect to the corporate network using home Windows XP PCs. This containment strategy should significantly reduce security risks, according to most experts.
It is hard to predict the extent and intensity of the fallout. “A year from now, we’ll either have seen a massive set of attacks after support ended, or it all may end being a yawner because nothing happened,” Gillen said. However, the security trend for Windows XP is not encouraging. In February, security firm Secunia reported that Windows XP security flaws doubled to 99 from 2012 to 2013.
What is clear is that any business with one or more critical applications that required special security precautions had time to either move off of Windows XP or take precautionary measures, Gillen said.
Should Microsoft be doing more?
Whether fairly or unfairly, Microsoft will find itself pelted with negative publicity if in the coming six months or a year malicious hackers ravage the large community of home and work Windows XP users.
“I wouldn’t be surprised if the hacking community has been reserving exploits until after support ends,” Forrester’s Johnson said. Microsoft itself has predicted that crafty hackers will try to parse out future Windows patches and updates, attempting to identify equivalent vulnerabilities in XP.
It is clear the threat against Windows XP machines will grow with each passing day after the deadline. “This isn’t Y2K, where that day passed and everything was fine,” Silver said. “Here the risk increases as hackers have more and more time to discover vulnerabilities.”
Asked about this, Microsoft’s Murphy said the company cares about the potential impact to Windows XP customers, which is why it has been aggressively creating awareness about the deadline for years. “We’re concerned and we want our customers to be safe,” he said.
The backlash from that worst-case scenario could lead individual customers, and small and medium-size businesses in particular, to become disgruntled with Microsoft and seek non-Windows options, such as desktop Linux alternatives, the increasingly popular Chromebooks that run Google’s Chrome OS, Apple’s Mac OS laptops or desktops, or Android tablets and iPads.
So should Microsoft adopt drastic measures to accelerate the migration off of Windows XP? The company has tried a few tricks, including offering credit at its stores for users trading in XP PCs and buying new ones with Windows 8.1. How about going further and giving away Windows 7 to users who do not want to buy a new PC but rather upgrade their current one?
Microsoft could take such steps, but ultimately, there is no stopgap measure it could offer, short of extending full-fledged support for another year, that would entirely satisfy and be useful for Windows XP holdouts, Silver said, adding that the best way for companies to protect themselves is simply to upgrade from Windows XP.
And at this point, it is hard to criticise Microsoft for sticking to a deadline that it announced in 2007 and has been diligently reminding people about since then, according to Gillen. “If you don’t have plans to move at this point, it’s your own fault,” he said. “I find it difficult to have sympathy for companies that haven’t done anything yet.”
Juan Carlos Perez, IDG News Service
Subscribers 0
Fans 0
Followers 0
Followers