The IT world is preparing for one of its highest profile deaths on April 8th, 2014. Microsoft will be discontinuing security updates and technical support for Windows XP and its variants. Microsoft will not mourn, as their call to action is to migrate off of one of its most popular consumer operating systems in history.
Any Walking Dead fans out there? In the opening episode, a wounded Georgian sheriff wakes from a coma only to find that his world had forever changed into a zombie infested wasteland. The living are left defenseless against the walking dead.
What does this mean to you? Preparing for the zombie infestation
In a published survey in February 2014, Windows XP and its variants are still the second most popular operating system in the world according to NetMarketShare. Windows XP represents a staggering 25-30% operating system usage share, so we can safely assume that the majority of them will still be in use after April 8th, 2014.
The discontinuance of security updates of Windows XP will have direct and indirect consequences to the “connected” world. New vulnerabilities and weaknesses in Windows XP will no longer be patched and will become easier targets for hackers and malicious users over time. The multitude of unpatched operating systems will likely add to the continuum of compromised machines on the Internet. In addition, impacted businesses and financial firms will have indirect impacts on the consumer. It only takes one zombie to start an outbreak.
As we have all learned, to take down a zombie, you must go for the head. In this case, “going for the head” is upgrading to one of the supported platforms by Microsoft. Many will take this approach, but what of those that will not be able to by April 8th? We need to shift our focus from prevention of the infestation to containment of it.
Our recommendations:
- Start from a solid base. Make sure that your XP systems are all up to date with current OS, application and security software patches and versions. Don’t get infected with a known vulnerability from several years ago.
- What can you do better? Assess your current security controls. Can you make enhancements to technology and processes that are in place? For example, can you better utilize your log management? Enhance security event monitoring and alerting? Isolate your XP machines via network segmentation?
- Consider extending support. Governments and large companies are negotiating with Microsoft to extend support for Windows XP. Microsoft is providing extended support for approximately $200 per OS. This can provide some assurance of treatment if there is an infection.
- Consider 3rd party patches and security updates. There will be several companies providing patches and security updates for Windows XP. While this is certainly a path some will go down, you must walk the path with both eyes open. Can you trust the 3rd party fixes? How will they be supported? It is entirely possible that the 3rd party updates may be hiding a zombie or two of their own in the shadows.
- Consider additional protection. While the options for enhancing the Windows XP hosts are limited, since 3rd party vendors will stop supporting XP as well, there are possibilities to arm your network against malware. Consider implementing an advanced malware solution within your infrastructure to detect and block malware activity from reaching your hosts as well as preventing your infected hosts from communicating outside of your network.
- How is your incident response? Prepare for the infection. Build, enhance, and test procedures to respond quickly. How do you identify? How do you contain? How do you clean? It will be a matter of when, not if, Windows XP will be compromised.
Prepare yourself. The walking dead are coming and there will be victims. Prevent the infestation from spreading.
Questions on some of the recommendations? Have some more ideas to add? Please let us know!
5 Comments
For home users who may not want, or be able to afford the cost of upgrading, Linux (e.g. Mint XFCE or KDE) is a viable replacement for Win XP. I’ve done this whit a couple of ‘silver surfers’ whose main computing is browser based with a liitle ligh word processing, photo storage etc. They find Linux/XFCE easier to use than Win8, and their Prescott-cored P4s are much more responsive. This could be a viable solution for small businesses as well if their IT needs are straightforward.
There is a high probability that hackers have been holding attacks in reserve for this day. They know that Microsoft will not respond with patches to fix the vulnerabilities they have discovered so they can compromise millions of systems with impunity.
We can’t think of a single good reason not to upgrade to Win 7. It looks runs and feels the same as XP. It upgrades for pennies on the dollar compared to switching to Linux or Apple based systems. It is secure. It uses memory more efficiently, and it supports all of the programs that are already on the computer. So why not?
We would advise any client not wanting to deal with 8, which is not that bad now, to move to 7 and live long and prosperously Spock.
So XP Support Is Off the Table
Now What?
This is a simple question that everyone is making way to much of. The equation is simple.
Choice one:
Stay with XP
Positives:
◾Everything still works as is. Software, hardware, peripherals, and users all continue as usual.
◾Users and IT support staff all stay nice and comfy in what they are used to.
◾Custom programs continue without modification
◾No immediate additional costs to IT budget
Negatives:
◾Everything will slowly cease to function as new hardware is added for which there is no legacy support.
◾Everything will cease to function immediately upon the ingestion of a virus, malware, or malicious behavior internally
◾BYODs will not be fully supported
◾Increasing training costs as new workers are added who are not familiar with legacy systems
◾ Increasing IT costs relating to procurement of outside vendors with pay for use patches and security solutions to protect XP
◾Increasing, or possibly catastrophic system failures, and no way to patch or fix them
◾Increasing IT costs to hire legacy experts
◾Employee/personal dissatisfaction with systems performance against an evolving internet, BYODs, and high speed processing demands of newer software.
◾Corporate/Personal identity theft increases due to unknown and unpatched security holes.
Upgrade to WIn 7 or 8
Positives:
◾Cures the negatives above
Negatives:
◾Upgrade costs (minimal with 7)
◾Custom Software retooling
◾Very old hardware support issues
◾Training on systems (minimal with 7)
We just had a client tell us “Gee, we’ll just wait till something happens and deal with it then”. That seems to be the reaction generally to the XP obsolescence question. There are a few things wrong with that approach.
First and foremost are the costs. If you have to do something because you are forced to, for whatever reason. It moves that activity from planned, organized, and budgeted to unplanned, chaotic, and expensive as hell.
Second, if you loose your systems be it personal or business what is the net impact per hour on you or your bottom line. A very real risk with XP
Third security, Even if you are fully backed up, if you loose all your systems and are backed up from XP systems you will now have to restore to newer operating systems That is problematic at best and again, expensive as hell.
So we don’t really understand why anyone would not take proactive measures to protect that which is a major pillar of their business process or possibly contains much of what they have saved and accomplished over years or even decades. The fix is simple and can be accomplished at any time. As we told the client quoted earlier.
If you wait till it happens you are way to late.
William, thanks for your comments. You bring up some excellent points and in general I agree. The two main reasons for needing to extend XP beyond the end support date in my mind are
1. It was not on the IT roadmap and not budgeted for, or maybe it was but perhaps not prioritized highly enough.
2. Legacy/custom software that is either known or feared to not run correctly on the newer OS versions and may require significant cost or work to remediate.
As you point out, you will have to “pay” now or later. But later brings some significant risks and potentially higher costs.