On April 8th, Microsoft is
discontinuing support for Windows XP. XP is still used on about 30%
of the PCs in the world and Microsoft has been working hard to push
people to Windows 8.1 under the threat of “harmful viruses,
spyware, and other malicious software”
(http://windows.microsoft.com/en-us/windows/help/what-does-end-of-support-mean).
Despite this, most people aren't
budging. Windows XP is comfortable and it works. And Windows 8.1 is
infamous for it's Metro/Modern interface which is generally reviled.
This has lead to many a tech commentator throwing out doomsday
scenarios regarding the end of support. But I'd like to take a minute
and debunk these:
It's the Most Patched Operating System
of All Time
Windows XP was originally released in
October 2001, so April will mark 12.5 years of patches and fixes. The
last service pack, SP3, was released in May 2008, which marks the
last time that XP got new features and new opportunities for bugs. It
now has nearly 6 years worth of patches since then.
With all of these patches and fixes,
XP is actually a pretty secure system. The code is mature, tested,
and in wide use. Security researchers have been looking for
weaknesses for over a decade and as has been said, given enough
eyeballs, all bugs will be found.
It's Not that Great of a Target
At this point, there are basically two
types of machines that are running XP: those who can't upgrade and
those who won't. The ''those who won't” are the home and small
business users who are happy with things the way they are and just
don't want to upgrade. Their machines tend to be older with less CPU,
hard disk, and Internet resources. In other words, there's not much
worth exploiting. These computers may up to a decade old and so
obsolete that even if compromised, there isn't much that can be done
with them.
The second type, “those who can't”
are those who are using XP in very custom applications, such as
ATM's. An ATM sounds like a great target to attack, except when you
realize that these machines are not accessible via the Internet, that
banks have their own private security teams looking for suspicious
behavior, and that they are paying Microsoft to continue support for
them privately. Even though the operating system itself may be weak,
the security layers around it are very strong.
Without a good target to go after,
there's not much of a point in working to exploit XP. A Windows 7
exploit, with a greater user base and newer hardware is a much better
target.
The End is Already Here
With less than two weeks before the
April 8th deadline, now is the time when a smart criminal would
release a hack that exploits an unknown weakness. At this point, even
if a new threat emerges, there is not enough time left for Microsoft
to find the code at fault, fix the bug, test a patch, and then
release it.
If criminals have any previously
unknown exploits, then we would be seeing them released into the wild
now, because like all other businesses, there is a first mover
advantage. The longer they wait, the higher the probability that
someone else will release malware using the same exploit first. The
fact that we haven't seen any such hacks suggests that there aren't
any known major weaknesses in XP.
The Actual Deadline is May 13th
Microsoft releases patches on the
second Tuesday of every month and if Microsoft weren't discontinuing
support for XP, then the next set of patches would be released on May
13th. That's the first date when there would have possibly been
patches, but now there won't be. Up until that date, the support
situation for XP is identical to the way it would be if Microsoft
were continuing support.
Support from Everyone Else is
Continuing
Google has announced ongoing support
for Chrome on XP. So have most antivirus manufacturers. Most software
on XP will continue to see updates for the time being as well. Even
if a major hole is found in XP, keeping the rest of the software on
the PC up-to-date will help mitigate the risk.
Conclusion
The moral of the story is that sooner
or later, you should upgrade. Whether it be to Windows 8.1, a version
of Linux, or a Mac, it doesn't matter. However, there is no rule that
says that it has to be done by April 8th. So make an informed
decision, weigh the benefits and risks, and then upgrade when you're
ready to.
No comments:
Post a Comment