Termination of Windows XP support - How does this affect your security?
From April 8 2014 support for Windows XP has ceased. This inevitable move has left many organisations still using the operating system without choice but to migrate to an alternative such as Windows 8.1, if considering long-term future support. In the interim large numbers continue to use Windows XP before the inevitable move to Windows 8.x
It is thought that Windows XP is still running on one in three machines globally, within organisations, households as well as being utilised on various commercial systems. Estimate over 1.6 billion devices, official figures, but it’s believed that including illicit machines there are over 2 billion devices.
The launch of Windows XP takes us back to over a decade ago, nearing on 13 years. Windows XP was eagerly taken too globally with hundreds of millions of copies of XP being sold and used across the globe over its lifespan.
Many remained with the Windows XP operating system, it is thought to still, over a decade on, be running on one in every three machines today. Countless have been using the operating system throughout the years throughout organisations, and households and within commercial systems (ATM’s for banking), now with the termination of support for Windows XP the time has arrived to upgrade to a current operating system, something that should probably have been done some time ago is now being forced onto multiples.
Many of the organisations likely to still be using XP could include finance organisations, banks, health organisations and in education. Security and compliance will be a major concern within many of these areas.
Although organisations, of all sizes, were aware that support would be terminated for some time, they chose to overlook the warnings, maybe due to their familiarity with the OS or the complexities of migrating all their systems that were working quite stably (why fix what’s not broken kind of thinking).
Upgrading is now the inevitable and is essential to maintaining OS security but the move for many organisations is a lot more complex and this is why they are still using XP even after termination of support. The move to the current Windows 8 is quite a leap from XP, encompassing great cost for many as well as the difficulties that come hand in hand with becoming accustomed to a very dissimilar OS.
Many will still be using Windows XP for some time before they are able to migrate and the loss of technical support and security support will have an affect, if you are in this predicament it’s important to devise a plan to secure Windows XP in the interim.
The potential risks associated with continuing to use XP
With the end of XP support we can no longer expect patches and security updates as well as no further updates to online documentation for the operating system. Existing updates and patches will still be available for now but no new future vulnerabilities will be patched.
Vulnerability to malicious activity from multiple vectors is increased. As well as the potential security risks there is also a question of privacy and thus compliance. Using a non-supported OS will deem a company that is responsible for personal data non-compliant. Unpatched machines might also be prone to crashing and freezing which will have an affect on productivity and performance.
Ways to secure XP systems in the interim
If you entail to continue to use XP, especially now that support has been terminated, it’s very important that the necessary steps are taken to ensure your system remains as secure as possible under the circumstances.
It’s definitely recommended to upgrade to a supported and current OS as soon as possible but in the interim the following should be undertaken to alleviate potential security risks.
- Antivirus and or Antimalware software
Install effective antivirus software, now is not the time to be skimping on antivirus software. Be sure to keep your antivirus/antimalware software up to date. Do your research and acquire the best you can. You might also benefit from having more than one type installed to increase the chances of malware/viruses of varied nature being detected (if it goes undetected by one, another might detect it). Try to increase your chances of detection as best you can.
- Keep drivers up-to-date
Scan your computer routinely for driver updates. Driver flaws can be potential areas for exploitation. Keep your device drivers up-to-date.
- Keep software up-to-date
Although you are unable to update XP, it’s important to cover all other potential flaws. Be sure to keep all other software running on the machine updated and current.
- Internet Browser
It’s recommended to use Mozilla Firefox or Google Chrome as your internet browser. Both these are compatible with XP and have current security features. The latest Internet Explorers are not XP compatible and as proven on 28th April 2014, serious vulnerabilities exist that will likely not be patched.
Avoid using a XP machines for processing sensitive data. Do not use it for internet banking or purchases. Try to keep online activity to a minimum, and when online only use trusted websites. Do not store or process sensitive data on an XP machine.
It’s best to use XP machines for offline activity only, whenever possible and use programs and software already installed. New installations onto a XP machine should be avoided. If using an XP machine for online activity it’s advised to do so using an account with limited privileges and not an admin account. Your security will be increased through limiting any potential activity from malware by using a limited account.
Java is renowned for security risk. When utilising XP it’s advised to disable Java from running in browsers.
In the interim you can choose to run virtualised XP applications if you are suffering compatibility issues. XP can also be run using remote desktop services on Windows 2003, which is still supported by Microsoft extending the migration time until 2015.
- Isolate XP machines
Keep XP machines isolated on the private network, limiting the access to the broader corporate network if a XP machine were to be compromised.
It is possible to use application whitelisting and blacklisting technology bundled with solidification technology that hashes the entire operating system and does not allow for new code to execute. Many banks use this type of technology on ATM hardware that run even older operating systems like windows 98.
You’ve decided to migrate from XP-what to do next
It’s advised that sooner rather than later you do migrate from your XP machines. Security is essential and the XP security model is inferior to that of Windows 7 and Windows 8, without even considering the added concern of NO support. The logical step is to upgrade. So what are your options?
- Upgrade to Windows 7, remembering you would need to upgrade again soon after to keep current
- Migrate to Windows 8, this would involve the purchasing of new hardware as Windows 8 is not designed to run on older machines, however your machine and OS would be current.
- Purchase current new machines with the current OS installed
- Migrate to a completely different platform
Although support for XP has ended, this will not stop the use of XP as yet. Many will continue to use the OS for some time. If precautionary measures are taken XP can be used in the interim but it is advised that plans for an upgrade or change of OS are put in place. To keep XP machines secure we need to limit the opportunities for malicious activity and harden them to protect against potential exposure. We can’t expect to continue to use XP without risk. Many of the organisations still using XP are likely to be using it on a large scale, hence not upgrading sooner, making the upgrade a lot more complicated and costly but this should now take precedence.