Supporting Windows XP after April 8: What You Need to Know
Microsoft is finally casting off its old operating system, which means you are sort-of on your own. Here's what's in store for sysadmins and developers, and what you need to do starting April 9.
After years of threatening to end the life of Windows XP, Microsoft finally put a stake in the ground and chose today (April 8, 2014) as the end. The operating system that lived much, much longer than it should have or was supposed to is finally having the lights turned off – at least by Microsoft.
For many if not most people, that's not an issue: They long ago moved to Windows 7 or possibly Windows 8.
However, there are perfectly logical business reasons for some companies staying with Windows XP. A Windows 7 migration may prove disruptive to the business, so your employer might be putting it off until he has no choice. Or maybe custom apps break on Windows 7. Many vertical applications cost thousands of dollars, and it might be prohibitively expensive to migrate to a new version, especially with no appreciable return on investment.
So some people, for whatever reason, are still going to be using Windows XP come April 9. If your business or clients are among the holdouts, your work will get a lot tougher.
For starters, Microsoft will be the hackers' biggest helper. It's long been suspected that malware writers have been sitting on exploits they have found in order to spring them on the public after April 9. But in the process of patching Windows 7/8, Microsoft is also telling the bad guys where to look, since there is so much common code across the many versions of Windows and Internet Explorer.
"Attackers will have the blueprint for attacks as soon as Microsoft publishes updates for other platforms. More than 70% of the time Windows 7 and 8 fixes also apply to Windows XP as well," said Wolfgang Kandek, CTO of Qualys, a security provider.
Beyond that, though, remain a number of challenges.
The first line of defense is gone.
Even if you have really good anti-malware/antivirus software, all it can do is stop the malware at the breach. Without Microsoft plugging those breaches, the malware can still get in. So you may find yourself in a situation where the same malware tries over and over to infect you, and your AV software stops it; but with the unpatched hole in Windows XP or IE, the infection will keep coming back.
Firewalls and mail filtering are helpful, but what happens when the laptops leave the office? "People tend to take laptops with them all the time. Home, coffee shop, travel, and these enterprise protections don't apply. If all the PCs stay in the company all the time, then all these tools give you the coverage all the time. But at most companies I have contact with, a significant population of laptops go in and out of the office. They require protection," said Kandek.
Keep an eye on the third party firms you use, because it's likely they will follow Microsoft's lead away from Windows XP, said Jeff Becker, director of international marketing for Baidu Antivirus, the AV arm of China's leading search engine, Baidu. Google, for example, has promised just one more year of support for Chrome on Windows XP.
"You will see companies start to abandon the OS,” said Becker. “I would encourage users to check for updates. We don’t specifically know what other AV companies are planning but we would assure customers to make sure they choose an AV that will continue to support it."
Baidu Antivirus will stick with Windows XP for some time. Even though Windows XP has been uprooted in the U.S., there are still plenty of countries with heavy dependence on the operating system, such as its home country, China. "XP is still a strong part of our business. Globally we look around the world and are not focused on the most cutting edge countries. The U.S. is important but so is Brazil and Egypt," Becker said.
"It's important that businesses just maintain the quality of the software that they have access to, and do a little research on what software is maintaining updates to XP. If they are not updating, ask about alternatives," Becker concluded.
Utilize Windows 7's XP containers.
Consider Windows 7 even if your applications are not ready for it. All versions of Windows 7 have XP-enabled enabled virtual machines, Kandek notes. "This gives those users the best of both worlds: updated, more secure operating systems, without the cost and hassle of updating all software and applications.
While Windows 7 is not the most recent version of Microsoft’s operating system, it is one of the most secure and it is well supported by IT administrators," he said.
Use an updated browser.
The Web browser is attacked more often than the OS. With Microsoft ceasing all further Windows XP development, you will need third party browsers such as Chrome and Firefox. That means new challenges for developers who target users sticking with Windows XP – however many of them actually access up-to-date Web applications.
Use Microsoft EMET.
Enhanced Mitigation Experience Toolkit (EMET) is a free Microsoft tool that puts a straightjacket on Windows and observes what it's doing. If it finds something indicative of an attack, it shuts that process down. EMET has white list capabilities so it won't shut down vital processes, either.
"This tool has been maturing and has been effect against all zero day attacks; it's a really great little secret from Microsoft," said Kandek.