With official support for Windows XP set to end on April 8th, what are the biggest security fears and what should users do about it?
History has a habit of repeating itself, and here we have the same conversation taking place as did when Windows NT 4.0 [sp6a] reached its life end, but now the attention is turning toward Windows XP. Before we jump into this topic, let us recall that as with NT, Microsoft gave XP an extension of life, and provided assured support along with a ‘clear’ end-date – and as on previous occasion, notwithstanding we could see it coming, in some cases we have had to hit that wall before taking appropriate notice [as they say, why not put off until tomorrow what you ‘should’ do today?]!
The next question is of course, what now? Do we choose not to update, and run with the continuity of an unsupported application which will, by inference run unpatched, and open to an higher degrees of successful attack, compromise, and whatever other abuse our miscreant attackers choose to invoke? Or do we bite-the-bullet, and bring this state of insecurity under control? However, we may be assured of one thing – in some businesses, I am expectant that such manifestations of out-of-date/patch versions of XP will sit with the required level of unease alongside their neighbouring Windows 2000, and NT 4.0 systems – which on one hand are awaiting the righteous route to refreshment by their masters, whilst on the other, are awaiting the adverse attention of some casual, or motivated hacker.
The absolute bottom line is, we have good practice advice, and in some cases are under the watchful eye of standards such as PCI-DSS, which has expectations when it comes to security. It would seem however, even with this backdrop, there are still many manifestations of out-dated applications, and software presenting risk to the business, and user base alike, offering up some very tasty targets to the attacker who utilises OSINT to mark such vulnerable titbits. It would seem we have put up with outdated applications and software for so long now, we have become numb to the inherent baggage of insecurity they may [do] carry.
John Walker | Integral Security Xassurnce, Ltd | @SBLTD
To find out more about our panel members visit the biographies page.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.