Managing Windows XP’s risks in a post support world

David Siah, Country Manager, Trend Micro Singapore

On April 8, Windows XP stopped receiving support from Microsoft. This ends the lifespan of one of Microsoft's most successful and long-running operating systems. Rarely has a tech product lasted as long as XP-from its launch on October 25, 2001 to its last Patch Tuesday this April 8, a total of 12 years, 5 months, and 2 weeks will have passed. Despite that, as of February this year, StatCounter data indicated that almost 1 in 5 PCs still used Windows XP. The world has never faced a situation quite like this. Versions of Windows have gone out of support in the past, but never in such a wide scale.

There has been plenty of concern-and in some quarters, hysteria-over this event. When it would happen has been known for some time. Informed users also know that Windows XP was developed in very different circumstances-the famous Bill Gates trustworthy computing memo was sent after Windows XP had been developed and released to the public.

The end of support for Windows XP concretely means two things: newly discovered vulnerabilities in Windows XP will no longer be patched, nor will they be documented and acknowledged by Microsoft. This represents a huge increase in the risk of using Windows XP. Over time, more issues will be found and exploited, but that said, it may also fall. The ever-decreasing numbers of Windows XP users may make it less worthwhile for cybercriminals to create exploits for an aging operating system.

Nevertheless, at this stage, there will definitely be more threats surfacing, again due to the fact that 1 in 5 PCs are still running on Windows XP. Businesses which are still running on Windows XP will eventually make the transition due to the risks outlined above-just maybe not fast enough. And there will also inevitably be cases where it is necessary to keep Windows XP going even after support ends, due to legacy issues. So what can businesses do, and what strategies can they adopt in the interim?

One of the most valuable tools in managing these risks is virtual patching and vulnerability shielding. Such products scan and inspect network traffic before they reach the user's applications, providing an opportunity to protect servers and endpoints from vulnerabilities. Thus, virtual patching protection helps extend the life of legacy systems and applications for a while longer as businesses rush to upgrade their systems to more up-to-date versions of Windows. At the same time, virtual patching also lowers the administrative expenses involved.

Another solution can be in hardening the endpoints. Endpoint security software will still protect users, if the security software vendor provides continued support for their products. For example, Trend Micro will continue to provide support for our endpoint software on Windows XP until 2017. In addition, locking down these legacy systems may be even more appropriate, as it prevents unwanted and unknown applications and processes from running, thus reducing the risk of exploitation.

1  2  Next Page