Windows XP is End-Of-Life

We will remember April 8, 2014 as the day Microsoft ended support for the 13-year old Windows XP operating system (OS). The OS is now classed as end-of-life (EOL) meaning that Microsoft will no longer provide security updates for it leaving it open to future attacks from any as-yet undiscovered or unpatched vulnerabilities.

User share for Windows XP has remained stubbornly high, even with the release of three subsequent major Windows iterations, with estimates suggesting that some 20-25% of PCs are still running it. These machines are now at very serious risk of being exploited.

Kasperskys Senior Research Analyst, David Emm, states that “Our data indicates that less than one fifth of our customers run Windows XP but more than a quarter of infections are Windows XP-based”

This ratio is only going to worsen as security updates are no longer provided and all exploits essentially become zero-day exploits (i.e. they will always be open to attack). Unlike older versions of Windows which have also reached EOL, Windows XP has such a large user base that malware vendors will still find it lucrative enough to attack.

Many companies have not upgraded to the later OS versions due to the perceived costs. Obviously, there is some cost associated with buying new OS software, migrating old systems or software to the new OS and supporting/training the workforce in how to use it. However, with the news that governments and companies alike are spending huge amounts of money (£5.5million, or around $9.2m USD, in the case of the UK government) to be provided with extended support, and add to that the cost of clean up or data loss in the case of exploits, one has to wonder how long they can delay the inevitable.

The only real option at this point is to completely isolate any Windows XP machines (no internet, networks or file transfers), upgrade to a newer version of Windows (e.g. Windows 7 or 8.1)

Leave a Reply