Lyjotoblog

Summary: Even though the world won't end because of Microsoft's withdrawal of support for Windows XP, those left clinging to the OS after April's deadline still face a number of issues.

Some twelve-and-a-half years after Windows XP first went on sale, Microsoft is turning off support for the operating system. From 8 April there'll be no further free updates or security patches.

There's nothing new about software reaching the end of its commercial life. But the trouble with Windows XP is that it's still reckoned to run between a quarter and a third of the world's desktops.

The sheer scale of XP's legacy means many organisations and individuals now find themselves in the same boat, perhaps because of the difficulty of migrating certain apps, the cost, or simple inertia.

Given that XP users have already shrugged off the arrival of Vista, Windows 7 and Windows 8 without shifting operating system, they may think their first option is just to stay put. After all, Microsoft has had more than 12 years to patch the OS, so surely most vulnerabilities will have been found by now?

"I'm not a believer that you're not going to see anything else," said James Lyne, global head of security research at Sophos. "There's been a healthy supply of [vulnerabilities] for many years now. It would be a turn-up for the books if all of a sudden that ceased to be a problem and the operating system magically became secure," added Lyne.

In fact, criminals may have been stashing away exploits to use once Microsoft has departed the scene, leaving the OS open to unpublished lines of attack, according to Gartner Research vice-president and research director Michael Silver.

"There's certainly a possibility of some vulnerabilities that were already known that haven't been exploited yet. From 8 April or 9 April you could see a number of attacks that people have been holding back," he said.

This pattern of behaviour has certainly been seen before, Sophos' James Lyne points out.

"For example, I remember with Mozilla Firefox — back in the days before Firefox would just update to the latest versions — we would see cybercriminals specifically targeting the versions that were no longer updated," Lyne said. "They knew a significant number of people would still be running them. So in microcosm — it's a small example by comparison — that behaviour has been seen, but this is going to be somewhat of a first in terms of such widespread use of a platform."

------- Read More ----->