Skip Links

End of Windows XP support era signals beginning of security nightmare

Consumer, corporate and even SCADA systems could be at risk when Microsoft stops supporting Windows XP.

By Colin Neagle on Wed, 04/11/12 - 11:02am.

Microsoft’s recent announcement that it will end support for the Windows XP operating system in two years signals the end of an era for the company, and potentially the beginning of a nightmare for everyone else.

When Microsoft cuts the cord on XP in two years it will effectively leave millions of existing Windows-based computers vulnerable to continued and undeterred cyberattacks, many of which hold the potential to find their way into consumer, enterprise and even industrial systems running the latest software.

RELATED: Critical Patch Tuesday bulletin addresses Microsoft Office attack seen in the wild

MORE: Useful security threat data advisory tools

Jason Miller, manager of research and development at VMware, says the introduction of Windows XP “was the hey-dey of buying computers,” with markets having become familiar with Windows 95 or 98 and manufacturers like Dell releasing affordable options. With such an influx of new users, it comes as no surprise that Windows XP remains one of the most common operating systems despite the introduction of two entirely new versions in the decade since it hit shelves. In fact, March 2012 statistics from show XP in the lead for operating system market share, at 43.09%.

Although that number is on a steady decline, its high volume just two years before support is cutoff is cause for concern, Qualys CTO Wolfgang Kandek says. Most enterprises are likely to upgrade their operating systems in the wake of the announcement that XP support would be cutoff. They have plenty of reasons to, such as security concerns raised by the IT department or the need for the latest version of Word or Excel to open new document formats.

Remaining consumers, though, will be much less inclined to make an upgrade.

Several trends account for this. First, and foremost, is cost. At-home computer users who are still content with XP are unlikely to purchase a new operating system without any financial incentive, especially considering that many of the features for Windows 7 require hardware upgrades. Try telling someone who uses their home computer to just check their email and read the latest Yahoo News headlines that they need to spend $500 for a new one.

Then there’s the awareness issue. How many at-home consumer users will even know that Microsoft will be cutting off XP support? How many will know what “the end of support” means for them at the user level, and how many will actually care? Microsoft is of course doing what it can to help spread the word, providing a deployment toolkit and its "Springboard Series" to hold its users hands through the process. Microsoft can only lead these XP-running horses to water, though. It can’t make them drink it.

Finally, the burgeoning tablet market could present a roadblock to PC software upgrades. Amol Sarwate, director of Vulnerability Labs for Qualys, says that many entertainment-minded users who purchase a tablet may still have XP-based PCs still kicking around their homes.

“If I have a Windows XP machine and I go buy a new tablet, for most of my needs I will use my tablet, but I still keep my XP machine for doing some chores that only a desktop can do. So that could also play a role here,” Sarwate says.

Although most of the subsequent security issues appear to be at the consumer level, it may not be long until they find a way into corporate networks or industrial systems, Miller says.

On The Web