dinsdag 8 april 2014

Don't stop using XP until...

There is a lot of misconception about the security of Windows XP. Microsoft extended support ends today, after publishing the final set of security patches for XP that were developed to tackle security issues that occurred in the last few months. Microsoft has a 1 month patch cyclus, every 2nd tuesday of a month patches are published.
What does ending extended support for us mean:

If Microsoft would still support XP, the next set of security patches would only be published on the 13th of may 2014. Any zero day vulnerability that was discovered today, could, in an ideal world, only be fixed on the 13th of may, thereby leaving your pc vulnerable until the 13th of may. But that is the case for all supported Microsoft operating systems. Your 7, Vista, or 8 system would also be vulnerable until the patches of may 13t. Only in a few instances has Microsoft been pushed to fix earlier, but they keep with their regular scheme.

What does this mean for poor XP?

A fully patched XP system will be no less secure than a fully patched Windows 7, Vista or Windows 8 pc! Only on the 13th of may 2014 will the security be affected negatively because no new patches will be published. Your system will be vulnerable for ever...

Should you migrate?
Yes by all means. You may not be an interesting target for a criminal (you are, but I can probably not convince you today), but your pc is. It will be used as a spambot platform, or for bitcoin mining for others, running porn hubs for criminals, whatever. So migrate: YES


Should we panic?

Yes of course. But not because of today. We should panic because there are still too many XP systems.
Most consumer systems will be fully patched, but I bet that most companies who still run XP have graver problems. Many systems will not even be fully patched. So, consumers, you have one month left to migrate to 7, 8, Apple or Linux. Should you? Yes by all means!
And companies? You are in big trouble. You should fire the responsible management for not preventing this event.


===Update===
Hans Bos from Microsoft Netherlands mentioned that a fully patched XP system is less secure than a fully patched 7/Vista/8 system. He is right of course. Just have a look at Internet Explorer.
But then again, this has always been the case, XP has always been in a minor security league than more current systems. The class difference stays the same...