The Windows XP Zombie Apocalypse

The countdown is finally over for those looking for extended life support for XP (unless they've inked a deal). But are they still secure?

Indeed, many vendors have already committed to continued support for Windows XP as a platform upon which their products will run, which sounds a lot more reassuring than it actually is in real world terms.

The start and finish of such 'protection' is really just your web browser and email client targeted stuff, whereas the start and finish of the XP security argument has to be the not so small matter of the first time someone exploits a low-level OS vulnerability which enables them to circumvent any such AV defence.

Advertisement - Article continues below

At the very least, then, enterprises with XP devices still operating need to limit the use of browsing or email (preferably to zero) while locking those machines down to running specific 'safe' software as far as possible. Filter any traffic going to and from an XP device more aggressively, and up your monitoring of these devices. Isolate XP instances where possible, use whatever network security resources you have to up the inspection of them, and even consider running your instances of XP on Virtual Machines.

All of this is good advice, but it's still akin to placing a sticking plaster on a gangrene infected leg. The only real solution is amputation. It's not too giant a leap of the imagination though. There are plenty of IT security professionals out there supporting this scenario to suggest that the bad guys are already sitting on a XP zero-day or two just waiting for security updates to expire before using it in the wild.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

Some people point to nothing much having happened when Windows 2000 reached end of life status, back in 2010, and others point further back in time to the end of life of Windows 95. However, while the scale of both from the user base was large, more so in the case of Windows 95, the IT security threat landscape was entirely different.

Now that threatscape is both much broader by way of the number of devices that are at risk, and bizarrely also much more targeted by way of the end game. Fewer threats fall into the 'nuisance' category and far more have a payload of monetary gain. Only a fool would argue that the security threats today are not a lot more sophisticated than they were four years ago, and certainly in an entirely different league from 13 years ago when XP burst onto the scene.

The truth of the matter is that XP just isn't as prepared. Despite all the updates and patches, it remains unable at its very core to deal with the kind of threats out there today. Windows upgrades are not just about Microsoft hunting for more revenue (although obviously that's a part of it) but are also about improving the user experience and, most importantly from the perspective of the IT security professional, about bringing ever increasingly advanced security to the OS. Sure, the haters will hate, as they say, but that's fact.

Advertisement - Article continues below

Each point upgrade of Windows has been more secure than its predecessor. XP is so old now that it stands to reason that even if it had not reached end of life, the devices running it would be considered more of a risk, in fact a significantly higher risk, from the security perspective than those running Windows 7 or 8.

Yes, the 'XP Apocalypse' scenario sounds familiar to the 'Y2K Bug Disaster' in some ways. And everyone knows that never actually happened. However, one of the reasons the Y2K bug never materialised is that people were prepared, and took those preparations seriously. The same cannot be said of XP end of life. Plenty of people who should know better have buried their heads in the sand rather than commit the time and money required to move to a supported, and therefore better secured, OS platform.

Advice such as 'ensure any XP machines cannot access the internet via email clients or web browsers' is sound enough, given that most attacks are likely to come from this vector, but better advice is to smell the coffee and migrate away from XP as soon as possible. 

Featured Resources

Staying ahead of the game in the world of data

Create successful marketing campaigns by understanding your customers better

Download now

Remote working 2020: Advantages and challenges

Discover how to overcome remote working challenges

Download now

Keep your data available with snapshot technology

Synology’s solution to your data protection problem

Download now

After the lockdown - reinventing the way your business works

Your guide to ensuring business continuity, no matter the crisis

Download now
Advertisement
Advertisement

Most Popular

How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

3 Aug 2020
How do you build a great customer experience?
Sponsored

How do you build a great customer experience?

20 Jul 2020
Labour Party donors caught up in Blackbaud data breach
data breaches

Labour Party donors caught up in Blackbaud data breach

31 Jul 2020