Almost 14 years after its release in October 2001 to a world still in shock after the 9/11 terror attacks, the sun has finally set on Microsoft’s Windows XP, writes David Tuffley, lecturer in Applied Ethics and Socio-Technical Studies at Griffith University.
The operating system has been the software in many home and work PCs but for die-hard users who continue to use XP, danger that way lies. All operating systems have a service life, and Windows XP has had an exceptionally long one. The problem for XP, short for extended user ‘eXPerience’, is that it is still being used on hundreds of millions of computers globally.
In February 2014, just under 30 percent of PCs around the world were still running XP, despite there being three later versions of Windows to choose from (Vista, Windows 7, Windows 8 and its tweak edition 8.1).
THE RISKS OF SOLDIERING ON
While some die-hard XP users have finally moved on to Windows 7 or 8, there are certainly those who are still soldiering on after the expiry date on 8 April.
The problem for people who are continuing to use (internet-connected) XP after support ended will be a growing number of security vulnerabilities that will not be solved by the periodic updates and hot-fixes from Microsoft. Nor are those users able to get technical support for any other problems they may have with XP.
OPEN TO ATTACK
As in any ongoing war, when defenders withdraw from battle, attackers (and hackers) take advantage. They almost certainly had been making plans in anticipation of the day in April when millions of XP computers became more vulnerable.
Microsoft’s director of trustworthy computing, Tim Rains, issued a statement last August warning that security patches for later versions of Windows could inadvertently give cyber-criminals the information they need to reverse-engineer a successful attack on unsupported versions of Windows.
This can happen because under the skin, there is a large amount of program code in common between the different versions of the Windows operating system. So patch the code for Windows 7 and 8 and you reveal a potential flaw in XP that won’t be patched.
It is true that up-to-date XP still has reasonable capability to withstand attack, and anti-virus and malware detection software can do a good job. Nonetheless, the risks of being hacked have risen substantially, particularly when older internet browsers are still being used.
The Microsoft Security Intelligence Report goes into detail for those who are interested – see www.microsoft.com/security/sir/default.aspx.
WHAT CAN XP USERS DO?
Individual users can take the obvious course of updating to a later version of Windows at their convenience, or they might take the opportunity to switch to an alternative operating system. There are several to choose from.
For those on a budget, the growing number of online retailers selling computers at close to wholesale prices is making the purchase of new or nearly new equipment surprisingly affordable.
For organisations though, particularly larger ones, the task of migration can be a lengthy one that requires months, if not years, to complete. For these folks, some timely advice for staying safe is in order.
CRASH COURSE IN MANAGING THE RISK OF CYBER-INTRUSION
The Information Security Manual (www.asd.gov.au/infosec/ism), a publication of the Australian Signals Directorate (ASD) gives some useful advice for anyone wanting to protect themselves against the threat of cyber-attack.
● Application white-listing – where a list of verified, trusted programs is created for the PC based on the job it is required to do. If these are the only programs permitted to be installed on the computer, then potentially dangerous programs (including Dynamic Link Libraries or DLLs, scripts and installers) cannot be executed.
● Patching applications – as soon as they become available, install updates and fixes to the white-listed applications, including Java, PDF viewer, web browser, Microsoft Office and others. Older versions of internet browsers are particularly vulnerable.
● Patching operating systems – automatically download and install the latest security patches and hot-fixes as soon as they become available. The ASD specifically recommends not using Windows XP due to the inherent risk.
● Restrict administrator privileges – only those people whose job requires them to install and make changes to operating systems and applications should have admin access.
If implemented, these four security measures have proven to be very effective.
For XP users, performing the three out of the four that are possible, plus using up-to- date anti-virus and anti-malware software, will go a long way to protecting an XP computer until you are ready to migrate to a supported operating system.
This article was originally published on The Conversation – theconversation.com/au.