In a few short months, Microsoft will end support for Windows XP, Windows Server 2003 and Office 2003. We’ve all known this for some time, but the security implications of these product retirements are still the subject of debate, and concern, among IT security professionals.
Among the issues raised by Microsoft’s planned XP end-of-life in April of 2014: What will it mean for IT security at-large when, inevitably, some number of XP users don’t upgrade and remain on unpatched systems? What will happen to devices like point-of-sale (POS) and medical equipment that rely on XP? And what can IT professionals do to prepare?
Our security experts have been gaming it out, and we have some insights to help you navigate the new Microsoft security landscape. Over at Dark Reading, our expert blogger Maxim Weinstein considers the impact of these retirements in his Sophos Security Insights column.
As Maxim observes, PCs running on XP are already more likely to get infected by malware than those with Vista, Windows 7 or Windows 8. When Microsoft stops issuing any security patches for XP, the number of infected computers worldwide will likely go up. And as Maxim writes, these infected computers (or “bots”) could put all of us at greater risk.
“More bots mean more spam, broader spread of malware, more phishing, and so on,” Maxim writes. “Whether this will represent a significant enough change in the global bot population to make a noticeable difference remains to be seen, but it’s worth acknowledging the potential.”
Maxim has some solid advice for IT professionals in any size organization. Check out his column at Dark Reading for his tips: The Dinosaur in the Room.
Meanwhile, at Naked Security, our security experts Paul Ducklin and Chet Wisniewski have been talking and writing about Windows XP and the numerous security questions its retirement raises. One question they ask in their Sophos Techknow podcast: is it reasonable of Microsoft to stop supporting XP after 12 years?
“Absolutely it’s reasonable,” Chet says. He goes on to explain why it’s important to think about how we can make operating systems more secure preventively, instead of merely fixing problems after they arise.
Listen to the podcast below.