Windows XP and Security Explained

On April 8, 2014 Windows will finally end all support for arguably their most successful and longest running operating system (OS), Windows XP. For nearly 13 years Windows XP was Microsoft’s staple OS passing both Windows 95 and 98 in terms of popularity, stability, and longevity. It was the first OS to require an activation key, an early attempt to curb piracy, and helped the internet expand to what it is now. The three support packs that Microsoft issued over it’s lifetime were used to patch security holes and to help keep it afloat as the internet became more advanced, however, in 2013, it is easy to see how Windows XP is essentially obsolete in terms of being able to compete with an advanced internet.

Over the course of 13 years, the internet has grown from a virtual hub where little laws and regulations were in place, to our current version where maintaining a secure site can be a daily struggle. Reports of hacks on major corporations seem to be a headline every few weeks, and these are just the large attacks that we hear of; hackers attack machines on a daily basis.

Since the release of Windows XP in 2001, personal home computers and laptops have become more affordable than in the early 90’s and late 80’s; remember the early 2000’s campaign by Dell Computers, “Dude you’re getting’ a Dell!” The cost of components, storage, and the ability to mass-produce PCs, combined with a very easy to use operating system allowed for Bill Gates vision of the PC to become reality, as PCs would be placed in many homes in America and the World. During the same time XP was being released, the Internet also had a similar explosion, as “getting online” became more affordable, accessible, and popular, allowing people to connect to each other across states and countries.

There was also a dark side to the progress made, due to the fact that nearly all major businesses and homes were running Windows machines, hackers soon found they could exploit vulnerabilities in the OS to hack it and obtain personal information that was stored on the machine. Hacking had occurred earlier in the history of computers, however, with millions of machines now connected to each other via the internet, the problem grew. Microsoft issued regular security updated to machines, as well as Service Packs intended to fill the holes that hackers would find. 3rd party antivirus software makers such as McAfee and Symantec sold software that offered the promise of protecting your computer from digital threats such as viruses, Trojans, worms, and malware.

Many of the antivirus and system software patches did resolve security issues; however, there were occasional breaches. One of the most important and simple things that anyone can do to keep a computer or network safe is to make sure their software is always current. Those that work in IT will reinforce that statement as they are constantly keeping machines up to date with the latest patches to keep their company’s network secure. Manufacturers of software or apps release updates so that the end user will always have a product that is not only running property, but is also running securely; after all, who would pay top dollar for software only to not have the manufacturer support it?

In 6 months, Microsoft will officially end their support for their Windows XP, which is 4 years after Mainstream support ended for the OS; since April 2010 any support offered by Microsoft has been considered the “Extended Support” phase, where free phone support and warranty are no longer available. Currently XP users account for 33.66% of the market share of OS users, which means in 6 months, nearly 1/3 of the world’s computer users will be left to fend for themselves in terms of security.

But McAfee, Symatec and other anti-virus software companies will continue to issue security patches to keep my machine secure, right?

To be frank, no, they will not; why would 3rd party software continue to support software that is considered obsolete by the creator? Many of the large anti-virus software manufacturers will also discontinue support for their XP versions in the next 6 months, again, meaning anyone running XP, should really consider moving to Windows 7 at the very least.

Since July 2009, many large businesses have already moved to Windows 7 and have found it a good successor to XP. In addition to Windows 7 being a stable OS, it is also current with security standards and current web standards, giving the end user a secure and rich web experience. Last year, Microsoft released Windows 8, which is a radical departure from the familiar look and feel of Windows, however, Windows 7 is still currently available. Also the overall price of computers and laptops have decreased dramatically; high quality machines may still be expensive, however, machines that are fully capable of running complex software are now more affordable than they were 5 years ago.

All of this sounds like the panic that happened before Y2K, where everyone claimed the world was going to end, yet nothing happened.

It is true that during Y2K, there was real panic, however, there was a lot of behind the scenes work that was made to update systems to they would not fail when the New Year hit. The problem with XP expiring is much different and very real; on April 8th 2014, Microsoft will cease all security updates to XP, and while the world may not end, the threat of someone stealing customer information becomes that much easier; consider Flu Season and the booster shots that come before it. Every year we know Flu Season is coming and every year people get sick, but what would happen if there were no more Flu shots. You may not get sick that same year, but the chance to get sick increased exponentially.

Well, I feel like I am savvy enough to keep my machine safe even after support ends.

In addition to being a security risk, there is also the risk of being non-compliant with financial and government regulations. Very few people would leave their safe filled with valuables unlocked, and not upgrading to a supported OS is essentially the same with customer information. Regardless of how secure the network may be or how secure the software used, using an outdated OS is placing customer information at major risk.

Insurance is the business of issuing coverage for a potential risk, so let’s look at it that way:  when roofs reach a maximum age, an insurer will typically reject coverage on the roof due to the risk of existing damage being greater than the cost of coverage.  Operating your company on an unsupported, outdated OS is much like insuring an old roof:  it is not good risk management.

Please take time to review what operating system you and your agents are using.  It is highly advisable that you upgrade to Windows 7 or 8 before April 2014 if you currently use Windows XP.