Windows XP: Microsoft’s ticking time bomb

Thread: Windows XP: Microsoft’s ticking time bomb

  1. evilsatan's Avatar

    evilsatan said:

    Default Windows XP: Microsoft’s ticking time bomb

    Shona Ghosh examines the security threat posed by Microsoft’s decision to end support for its 12-year-old OS in April

    The final deadline for Windows XP support will act as a starting pistol for hackers, as they target hundreds of millions of users on unpatched systems.

    Microsoft has already granted the 12-year-old OS several stays of execution, but the firm has said it will finally end extended support on 8 April 2014 – despite the fact that XP remains the second-most popular OS, with almost a third of PCs running it.

    These hundreds of millions of desktops and laptops will be vulnerable to hackers once XP stops receiving security updates, with Microsoft warning earlier this year that hackers could use patches issued for Windows 7 or Windows 8 to scout for XP exploits.

    "The very first month that Microsoft releases security updates for supported versions of Windows, attackers will reverse-engineer those updates, find the vulnerabilities and test Windows XP to see if it shares [them]," wrote Tim Rains, the director of Microsoft’s Trustworthy Computing group.
    "If it does, attackers will attempt to develop exploit code that can take advantage of those vulnerabilities on Windows XP," Rains added. "Since a security update will never become available for Windows XP to address these vulnerabilities, Windows XP will essentially have a zero-day vulnerability forever."

    Microsoft noted that XP shared 30 security holes with Windows 7 and Windows 8 between July 2012 and July 2013, giving hackers ample opportunity to reverse-engineer vulnerabilities.

    Ed Shepley, solutions architect at migration specialist Camwood, said users don’t seem convinced by the threat. He added that he’s surprised Microsoft’s warning didn’t lead to "hundreds of people phoning us that day". According to Shepley, the end of XP support poses a "significant risk".


    Other risks

    Failure to migrate could leave [Only registered and activated users can see links. ] open to infections, denial-of-service attacks and data theft, according to Camwood. Aside from the inconvenience and costs to address the attack, companies can also face fines.

    For example, American regulators have warned that banks that fail to upgrade their [Only registered and activated users can see links. ] from XP will be liable if, for example, customer credit-card data is stolen. In the UK, the Information Commissioner’s Office hasn’t issued such clear-cut guidance, but it has the power to fine institutions that don’t hold credit-card information securely in their systems under data-protection laws.

    There are also "soft problems" for companies that don’t migrate to the most up-to-date software, added Shepley. "Companies run the risk of being left behind the rest of the industry," he said. "If you’re using a 32-bit version of XP, all the new tools and software that allow your competitors to be competitive won’t be available to you."


    Poor preparation

    Despite the real security risks, analysts have suggested that corporations are reluctant to budget for the time and money required for a full migration. Many won’t even be able to upgrade before the cut-off date.

    According to IHS iSuppli analyst Craig Stice, most [Only registered and activated users can see links. ] have tried to avoid a full IT refresh amid the economic uncertainty, with managers "hanging on" to the hardware they already have.

    "They’re extending the life of [hardware] as best they can, through internal upgrades or additional memory – doing anything to increase performance without having to upgrade," he said. "Traditionally, PCs are refreshed every four years. We’re seeing that extended pretty dramatically to five or six years."

    According to Shepley, it’s been so long since most businesses have conducted a wholesale migration that many have simply forgotten how long it will take. Microsoft states that corporations should leave up to 30 months to complete their migration.

    "Some of our clients think it can be done over a few weekends. They don’t understand how many applications they have," said Shepley. "One [Only registered and activated users can see links. ] we’re working with believes they have 1,000 applications; we’re doing an inventory for them, and our number is somewhere north of 4,000. People don’t realise how much app proliferation has gone on since they put XP in."


    Mischievous rivals

    It hasn’t helped that Microsoft has, in some instances, been undermined by its rivals continuing to support products on XP.
    One such company, Google, recently announced that it will continue to support Chrome on XP until April 2015 – a year after the deadline for extended support expires. "We recognise that hundreds of millions of users, including a good chunk of current Chrome users, still rely on XP," said Google.

    "Many organisations still run dozens, or even hundreds, of applications on XP and may have trouble migrating."

    Security experts condemned Google for "facilitating" unsafe internet use. "Yes, maybe Google can keep a handle on bugs and security holes in Chrome running on Windows XP," said security analyst Graham Cluley, "but it’s powerless to fix vulnerabilities in Windows XP itself."


    One solution

    Given the hundreds of millions of users potentially at risk, many are expecting Microsoft to relent and release patches. "People are hoping they can get away with it, and that Microsoft will issue a patch of some kind," said Shepley. "It will be interesting to see if something comes onto the internet that affects XP in a bad way quickly. Where Microsoft can deliver a fix, will it? Otherwise, it’s forcing an awful lot of people to be significantly impacted."

    However, Shepley isn’t optimistic that Microsoft will perform a U-turn. "Personally, I don’t think it will push back," he said. "XP arrived in 2001, so we’re talking about producing a fix for something that [will be] around 13 years old."

    There is some comfort for businesses that are likely to miss the April deadline: they have the option of switching to Windows Server 2003, which is based on the same kernel as Windows XP, but won’t be terminated until 14 July 2015. "All the people we know who will miss the April 2014 deadline will easily hit April 2015," said Shepley.

    One mitigation strategy being employed by those who are set to miss the deadline is disconnecting vulnerable PCs running XP from the internet – but this isn’t without risks, either. "Even if a device is only a on private network another device – even one running a supported product – can be infected with malware outside and can bring it onto the private network, infecting other devices," Gartner said earlier this year.

    Nonetheless, both Cluley and Shepley agreed that Microsoft should send out a "strong message" to warn more users off XP before the April deadline.

    "Microsoft has done well communicating through partners, even if it isn’t quite so doom and gloom itself," said Shepley. "Part of me wishes it would say, ‘Right, we’re going to remotely turn off every XP box on 9 April’, because everyone would then pay attention."


    Read more: [Only registered and activated users can see links. ] [Only registered and activated users can see links. ]

     
  2. liveseytowers's Avatar

    liveseytowers said:

    Default Re: Windows XP: Microsoft’s ticking time bomb

    How many people on DF are in the middle of an Windows 7 upgrade program at work? Its a nightmare for us at the moment, hundreds of sites, slow wan links, just outsourced our site support function so everything is chargeable, apps that are not compatible with Windows 7 and no space on Citrix for them, data stored locally that needs backing up first prior to upgrade. Its going to be a fun few months automating the upgrades!
     
  3. dpSparhawk's Avatar

    dpSparhawk said:

    Default Re: Windows XP: Microsoft’s ticking time bomb

    Win7 Upgrade is going to begin after the new year for our company.
     
  4. muttleymacclad's Avatar

    muttleymacclad said:

    Default Re: Windows XP: Microsoft’s ticking time bomb

    Loads of my residential customers are still on XP. I tell them what's happening on April and they just go 'ooooh really. Do i need a new PC then. I don't want Windows 8 though?'
    "When a naked man is chasing a woman through an alley with a butchers knife and a hard-on, I figure he isn't out collecting for the Red Cross." - 'Dirty' Harry
    [Only registered and activated users can see links. ]
     
  5. Over Carl's Avatar

    Over Carl said:

    Default Re: Windows XP: Microsoft’s ticking time bomb

    Glad I'm not in IT Support atm. I'm guessing a lot of you have been informing your clients/superiors of the need to do this for some time, but then they will only let you crack on with it at the very last minute, expecting because you've been talking/planning for this for ages, you can upgrade a whole enterprise at the drop of a hat.

    Then when at the very last minute when it's found out critical line of business apps have problems, somehow it's your fault for not being allowed to test when you first asked to, probably years ago. (I remember when Win7 came out, I tested all LOB apps for the company I was working for and ironed out every problem within 3 months but this only happened because I quietly got on with it rather than ask permission from my boss).
    Last edited by Over Carl; 23rd December 2013 at 07:25 PM.
     
  6. DejaVu's Avatar

    DejaVu said:

    Default Re: Windows XP: Microsoft’s ticking time bomb

    Any businesses that haven't started the transition before now only have themselves to blame. They're lucky XP has been supported this long.
    Microsoft shouldn't be penalised for not supporting an OS after a decade. Ubuntu LTS (Long Term Support) is only 6 years.

    Programs made for Windows XP only, are way out of date and in most cases should have been updated to Windows 7 years ago. If they haven't, the software's not worth having.

    Saving money avoiding Bespoke System upgrades is stupidity. After the announcement of Windows 7, arrangements should have been made. This is one of the reasons I hate being IT Support for businesses.
    Usually, their original custom software developer (from over 10 years ago) has ceased programming, retired or moved to a different position/field and I have to source a new contract for a programmer to recreate their original software at an inflated cost, yet the blame still falls to me.

    I've been explaining to ALL my clients lately that the transition from XP to Windows 7/8 is not optional, its a necessity and extremely important.
    I also throw Vista in the mix too to try and get that shit forgotten about too.

    If they decide no to listen I show them this -
    [Only registered and activated users can see links. ]

    and explain I will not be responsible for unsupported software.
    Last edited by DejaVu; 23rd December 2013 at 07:03 PM.

     
  7. beerman's Avatar

    beerman said:

    Default Re: Windows XP: Microsoft’s ticking time bomb

    Quote Originally Posted by Over carl View Post
    Glad I'm not in IT Support atm. I'm guessing a lot of you have been informing your clients/superiors of the need to do this for some time, but then they will only let you crack on with it at the very last minute, expecting because you've been talking/planning for this for ages, you can upgrade a whole enterprise at the drop of a hat.

    Then when at the very last minute when it's found out critical line of business apps have problems, somehow it's your fault for not being allowed to test when you first asked to, probably years ago. (I remember when Win7 came out, I tested all LOB apps for the company I was working for and ironed out every problem within 3 months but this only happened because I quietly got on with it rather than ask permission from my boss).
    Hit the nail on the head.
     
  8. beansontoast's Avatar

    beansontoast said:

    Default Re: Windows XP: Microsoft’s ticking time bomb

    What's the best recommendation for me to do with my old but trusty laptop? It's got XP on and still works reasonably well. I was thinking about changing it but seeing as it still does everything I need it to I figured there was no need.
    No sympathy for the devil; keep that in mind. Buy the ticket, take the ride...
     
  9. Teajunkie's Avatar

    Teajunkie said:

    Default Re: Windows XP: Microsoft’s ticking time bomb

    I guess it's back to windows 98 for me then!
    xp has been the best os I have used and easy to fix when shit hits the fan too.
    My decal venture has taken over my dog tag business
    nice to be busy though.
    Instagram and twitter @mrteajunke.
     
  10. Hangman's Avatar

    Hangman said:

    Default Re: Windows XP: Microsoft’s ticking time bomb

    Windows 7 should work on anything that runs XP and Windows 8.1 will run even faster.
    [Only registered and activated users can see links. ]

    Its better to burn out than to fade away...............
     
  11. Mr.James's Avatar

    Mr.James said:

    Default Re: Windows XP: Microsoft’s ticking time bomb

    We've been migrating away for the past year or so. Got about 30-40 left to do. Around a dozen of them cannot be migrated to 7 though due to them running specialist software that controls factory production lines.

    Or I say that, we could go buy a newer version of the software that runs on 7. But it would also mean spending a few million replacing the factory production lines to make them compatible with the software too.

    There's no way any company in the same situation will spend millions to essentially stand still. Windows XP may have been only designed to last 15 years, but our factory line was designed to last far longer than that. The main control board is a 486dx2/66!


    Sent from my iPhone using [Only registered and activated users can see links. ]
     
  12. Mr.James's Avatar

    Mr.James said:

    Default Re: Windows XP: Microsoft’s ticking time bomb

    Quote Originally Posted by Teajunkie View Post
    I guess it's back to windows 98 for me then!
    xp has been the best os I have used and easy to fix when shit hits the fan too.
    We still have one Win98 PC too!

    It controls an infra-red precision measuring machine.

    It's another case of 'the only piece of software that supports our machine only runs on 98'

    Again it's about £20k for a replacement machine, plus software... Both of which aren't needed because it works fine as it is.


    Sent from my iPhone using [Only registered and activated users can see links. ]
     
  13. Teajunkie's Avatar

    Teajunkie said:

    Default Re: Windows XP: Microsoft’s ticking time bomb

    Quote Originally Posted by Mr.James View Post
    Both of which aren't needed because it works fine as it is.
    Exactly
    My decal venture has taken over my dog tag business
    nice to be busy though.
    Instagram and twitter @mrteajunke.
     
  14. beansontoast's Avatar

    beansontoast said:

    Default Re: Windows XP: Microsoft’s ticking time bomb

    Quote Originally Posted by beansontoast View Post
    What's the best recommendation for me to do with my old but trusty laptop? It's got XP on and still works reasonably well. I was thinking about changing it but seeing as it still does everything I need it to I figured there was no need.
    Is updating to 7 or 8 something I can do over the top of xp or should I do a clean install? Bit of extra work to get the files (movies etc.) off before a clean install.
    No sympathy for the devil; keep that in mind. Buy the ticket, take the ride...
     
  15. Mr.James's Avatar

    Mr.James said:

    Default Re: Windows XP: Microsoft’s ticking time bomb

    Quote Originally Posted by beansontoast View Post
    Is updating to 7 or 8 something I can do over the top of xp or should I do a clean install? Bit of extra work to get the files (movies etc.) off before a clean install.
    Clean install is the way forward. You can use the Windows Easy Transfer Wizard to save everything to a .mig file on XP and then restore it to the target computer.

    If you want to look at a more customisable solution, and something you could automate with a bit of scripting knowhow, then check out MS's User Sate Migration Toolkit (USMT).


    Sent from my iPhone using [Only registered and activated users can see links. ]
     
  16. Over Carl's Avatar

    Over Carl said:

    Default Re: Windows XP: Microsoft’s ticking time bomb

    Just thought I would mention, if you can afford it, an SSD would probably give that system a massive boost. Reason I mention is now is that when you move to an SSD you need to reinstall windows, and you are just about to do so. Therefore if an upgrade is on the cards, you may as well save yourself from having to set it up all over again.

    This thread just made me think of all the garages round the country with their Gas Analysers and Brake Testing machines. These normally run XP and normally haven't even got antivirus because they are intended to be dedicated machines not attached to a network (much like the machines Mr James mentioned). However I've lost count of how many of these I've seen on the net and often running a dodgy copy of Autodata because most garages don't understand how much they could benefit from a dedicated computer for the mechanics.

    I see a lot of them going down in the near future - I'm thinking I may try and image a few common ones then clear up restoring images
     
  17. beansontoast's Avatar

    beansontoast said:

    Default Re: Windows XP: Microsoft’s ticking time bomb

    Quote Originally Posted by Over carl View Post
    Just thought I would mention, if you can afford it, an SSD would probably give that system a massive boost. Reason I mention is now is that when you move to an SSD you need to reinstall windows, and you are just about to do so. Therefore if an upgrade is on the cards, you may as well save yourself from having to set it up all over again.
    I appreciate that mate. However, it's seven years old and IDE so I'll probably just install on the existing hard drive. I did replace the hard drive about two years ago and upgrade the processor. It's a dell Inspiron 1300 if you fancy pointing and laughing! I'm not too tight to replace the whole thing it's just that it works fine at what I need it for.
    No sympathy for the devil; keep that in mind. Buy the ticket, take the ride...
     
  18. funkyg's Avatar

    funkyg said:

    Default Re: Windows XP: Microsoft’s ticking time bomb

    We've been upgrading/replacing for the last 12 months. A right ball ache.
     
  19. Hangman's Avatar

    Hangman said:

    Default Re: Windows XP: Microsoft’s ticking time bomb

    Quote Originally Posted by Mr.James View Post
    we could go buy a newer version of the software that runs on 7. But it would also mean spending a few million replacing the factory production lines to make them compatible with the software too.

    There's no way any company in the same situation will spend millions to essentially stand still. Windows XP may have been only designed to last 15 years, but our factory line was designed to last far longer than that. The main control board is a 486dx2/66!
    Have you thought about buying a windows upgrade with software assurance, this would allow you to deploy Windows 7/8 Enterprise and you could then run a virtual version of XP to control the production lines.
    [Only registered and activated users can see links. ]

    Its better to burn out than to fade away...............
     
  20. Mr.James's Avatar

    Mr.James said:

    Default Windows XP: Microsoft’s ticking time bomb

    Quote Originally Posted by Hangman View Post
    Have you thought about buying a windows upgrade with software assurance, this would allow you to deploy Windows 7/8 Enterprise and you could then run a virtual version of XP to control the production lines.
    Yeah but a virtual instance won't work unfortunately.

    The software needs to access the com port's hardware layer directly but can't because of the virtualisation layer on top of that.

    The measuring machine is the same as it has an hardware LPT copy protection dongle which requires the same hardware layer access.

    :-(


    Sent from my iPhone using [Only registered and activated users can see links. ]