Twelve years ago, Microsoft released Windows XP. After 3 Service Packs and well over 300 updates, Microsoft ended their official “Mainstream Support” for Windows XP on April 14, 2009 and it entered the “Extended Support” cycle for Windows XP. On April 8, 2014, Microsoft will end their “Extended Support” cycle for Windows XP closing the final chapter on one of the most successful operating systems in the history of computing.
Windows XP was so successful that it took nearly 30 months for their Windows 7 operating system to overtake the global Windows XP install base. Today Windows XP still enjoys an install base of ~35% or roughly 800 million of the world’s computers.
What does the end of the “Extended Support” cycle for Windows XP mean moving forward? The Mainstream Support life cycle allowed Microsoft to release “hotfixes”, security updates and provide direct commercial and end-user support. The “Extended Support” cycle moved the product into only receiving security updates to the product and ended all other support. While Microsoft has made some allowances in the past for profound security-related issues for products outside of their Support Lifecycle system, on April 8, 2014, Microsoft will no longer be providing any new updates to Windows XP, including “hotfixes”, service packs or security updates.
This will expose Windows XP users to a myriad of new and evolving security, malware and virus threats. Microsoft Security Intelligence Report volume 14 (PDF) reports the following infection rates by operating system and service pack for the fourth quarter of 2012. While Windows XP Service Pack 3 has made a significant reduction in the amount of security vulnerabilities and infections on the XP platform, XP still leads the pack in infection rates across all Windows operating systems. The combination of large user base with lack of security patches leaves a large target on the venerable operating system.
To mitigate the risk moving forward, users must begin the transition from Windows XP when and where possible. The best option would be moving towards the latest operating system, Windows 8, as it is the most secure and reliable system Microsoft has yet to produce. That might not be an option for many people, so the next best option would be Windows 7. Between Windows XP and Windows 7 was Windows Vista, however, Vista is not an option as it is also nearing the end of its support life cycle.
Infection Attack Vectors Q4 2012 by Operating System
If Windows XP must be used, for whatever reason, then a hardened security presence on the system must be maintained and updated regularly. There are many anti-virus, anti-malware and firewall software options available from Microsoft and third party vendors – both free and paid. The number of unprotected or under-protected Windows XP systems moving forward could create a ticking time bomb if left unchecked and unprotected.
We are urgently recommending the following actions be taken when and wherever possible:
- Upgrade. Windows Vista and 7 will still be supported for a few years and Windows 8 even longer.
If you must continue to use Windows XP:
- Make sure your copy of Windows XP is running Service Pack 3.
- Stop using Microsoft’s Internet Explorer entirely. Use only a currently updated and supported web browser like Mozilla Firefox. Access to Internet Explorer can even be fully removed via the “Windows Components” feature in Add/Remove Programs.
- Stop using Microsoft’s Outlook Express entirely. Use only a currently updated and supported email client like Mozilla Thunderbird or better yet a web-based email client.
- Uninstall the Java runtime environment from your computer unless you absolutely cannot live without it.
- Install a supported anti-virus client. Keep it updated and do a full system scan weekly.
- Make sure Windows Firewall is enabled or use the one that comes with your 3rd party security software.
- Limit your installation of programs off the internet to only trusted sites from trusted companies.