0

Microsoft will stop releasing security updates, hotfixes and other updates for Windows XP SP2 on July 13th 2010. No biggie, you might think, after all Windows XP SP3 was released way back in April 2008 and since then we've had both Vista (perhaps best forgotten) and the much more palatable Windows 7. Yet despite the death of XP SP2 being absolutely no surprise to IT admins the world over, it would seem that a large number of machines within enterprise networks are still running that very version of the Windows OS.

Qualsys reckons we are still more than a year away from all machines migrating away from XP SP2 and this threatens to leave many of them exposed to exploits for the vulnerabilities that you can bank upon being unleashed in the second half of 2010. It's not really such a big concern for home users, of course, as XP SP3 is already being pushed automatically through Windows Update, but in the enterprise such automatic updating just isn't feasible.

DaniWeb asked Qualys CTO, Wolfgang Kandek, what global security risks the Windows XP SP2 end-of-life creates?

"Starting in August, the risk of using SP2 will grow as more vulnerabilities for Windows XP are uncovered over time. While we do not know the exact dates and the severity of these vulnerabilities, we are certain that after 90 days automated attacks (exploits) will be available. These exploits will give the attacker full control over the infected machine, including access to all information stored on the machine and the capability of using the machine as a jump-off point into other parts of the network. Attackers will use their proven propagation methods: e-mail, instant messaging and infected websites to deliver the exploits to the target machines".

We also asked Wolfgang Kandek for his advice to those who will still be using XP SP2 come July in order to stay secure?

"We recommend upgrading to SP3, as it will cause the least disruption and have no migration work – no new interface style, same hardware requirements and no compatibility questions. Companies that are advanced in their Windows 7 (or Vista) roll-out are in a position to weigh the risk of temporarily running on SP2 against the probability of having their SP2 machines coming under attack".

Edited by happygeek: n/a

As Editorial Director and Managing Analyst with IT Security Thing I am putting more than two decades of consulting experience into providing opinionated insight regarding the security threat landscape for IT security professionals. As an Editorial Fellow with Dennis Publishing, I bring more than two decades of writing experience across the technology industry into publications such as Alphr, IT Pro and (in good old fashioned print) PC Pro. I also write for SC Magazine UK and Infosecurity, as well as The Times and Sunday Times newspapers. Along the way I have been honoured with a Technology Journalist of the Year award, and three Information Security Journalist of the Year awards. Most humbling, though, was the Enigma Award for 'lifetime contribution to IT security journalism' bestowed on me in 2011.

11
Contributors
14
Replies
29
Views
7 Years
Discussion Span
Last Post by DarkPikachu
0

I think XP is old and people should start upgrading to a newer version of windows/mac or linux.

0

Microsoft is not taking into account all the "happy" XP users who bought the computer prior to sp3, who are now using sp3. If there computer crashes and the OS is not resurrect-able, then there XP restore cd will be rendered useless and they will incur exponential $costs too. I feel Microsoft should be accountable for the integrity of there OS's and I feel they have resources to do so. To most basic users XP is all they need, and to ignore the potential needs of Microsoft's customers is to take them for granted. Which may cause users to migrate to new OS outside of windows.

1

I totally agree...Microsoft should be responsible and take care of their loyal customers, which they have not done properly.
WGA for example, what a nasty thing for paying customers to have to deal with.

-1

@asclinton & Labraat.

Could we all PLEASE stop demonising MS for winding down support for XP? NO other OS edition/flavour has continued to receive patches and support for even half as long as either XP or even Win2k (I really do dare someone to find one SINGLE sample to contradict this by the way). When any OS dev has to focus R&D and support on so many multiple OS builds, it is never good for anyone. XP & Win2K dev and support REALLY need to wind down so that the best efforts and ideas can be forward-focused.

At the end of the day, users have had PLENTY of warning that this day was coming. New PC buys since '07 have had to make a conscious choice in buying a new system either with XP installed, or willingly downgrading to the earlier Windows variant. Don't go complaining now that your decisions might not look so wise now. As to those enterprise environments complaining of systems simply too old to upgrade... if you are a business running mission-critical operations on a system THAT old, then you are already foolish! For a system to be completely incompatible with Win7, we are looking at systems at least 7 yrs old; upgrade cycles should be around 4-5.

So can you all just step down from the soapbox and moaning about completely unreasonable expectations... either that or switch to alternate OS's and get used to performing upgrade cycles even MORE regularly!

0

Get real. Not everyone, whether individual or company can afford to purchase new 'state of the art' equipment every five years. I'm happy that you can. I too love microsoft, but they can afford to do better and they should. It is not asking a lot for Microsoft to offer support for an additional five years on an operating system that is so popular. The company made a lot of money on XP. How about charging a reasonable fee for another extension? God bless.

0

Right too Labraat. Again, most people are not computer guru's. And people payed good money for their computer and OS when they got it, if their windows fails and it will, they would be forced to repurchase XP again, and because windows 7 is too much for there system. Suggesting MS prescribed alternative isn't even ecologically friendly, when in reality XP is a totally suitable OS for the majority of computer users. The point of this article is that systems purchased prior to sp3 will be left behind on account of an update to an existing OS. In my city, the city charges $35 to dispose of a computer, and that not taking into account that its still harmful to the environment. Side note (vista was a joke) and (windows 7 isn't all that impressive either), Windows 7 is like vista with a bandage.

-1

I agree 100% with kaninelupus. Technology is moving at lightning speed (or faster). I want to at least stay up with it to some degree. I consider it much as I do a vehicle or other items. Maintenance, upgrades and eventually a trade in for something more up-to-date. I am constantly up to date with the latest security upgrades and patches. As was mentioned, for MS (or any other company) to continue to spend resources on old arcane technology and not continuously developing for the future would be insane. I wouldn't be surprised if the critics of this practice are still using IE 6 as well. Why? When we have better technologies available, I choose to use it.

0

Have to also say that oft-time, the finger is all too readily pointed MS's way, instead of where it actually deserves to be pointed; at the OEM's! Add as well the IT departments wanting to do what is easiest for themselves or the bursars with a narrow cost/reward concept.

To explore the first... OEM's have known MS has been planning to wind down XP... for a long time now! Yet they kept selling systems loaded (and optimised for) XP till very recently (some even still). As well as this, some of the top OEM's continue to sell new systems with near-legacy hardware on-board, making the upgrade process (either to newer Windows builds, or from x86 to x64) that more difficult... and this is despite the good money people often paid for these machines. MS has tried to counter this by making Win7 far more backwards compatible than ANY previous release, but there will always be limitations (the same being said for OS X and Linux). If you bought a new system in the last few years, and are unable to upgrade Windows, then the yelling should be directed at the OEM or manufacturer, rather than at MS! Of course, the consumer does have some responsibility in all this, as we have in many ways become a culture of CHEAP... we want to have all the fancy features, and pay a fraction of what it's actually worth; I guess you get what you pay for (well hopefully!)

As to the latter category, there has long been a prevailing attitude of "if it ain't broke, don't fix it". Unfortunately, technology doesn't work that way, with the silicon world evolving at an evermore blistering pace. Just because it ain't "broke" doesn't mean a legacy system can cope in the contemporary environs. Wireless and Internet/Intranet capabilities and demands have by far evolved beyond what OS developers could have conceived, especially in term of time-frames. The varied viral threats and exploits have also evolved as such. OS's built 10yrs ago are so incapable of competing with the abilities of the modern OS offering (I'm not just referring to Windows by the way), so expecting MS to continue to applying patches and fixes to XP is insane, not simply unrealistic. Now businesses who have held off on the SP's, and held off on any hardware upgrades along the way, are now finding themselves with a looming nightmare.... and they have only themselves to blame. Warnings were given; upgrades offered; new hardware has continued to plummet in price. To those in this category who are culpable, grow a pair and cop some responsibility!


To those simply belly-aching because they bought a machine with XP five or more year ago and, heaven forbid they either update XP to SP3 or upgrade Windows build... just get over it! EVERYTHING has a use-by-date (modern technology especially), and you need to accept that simple fact. It is no different from say those in may developed countries who a few years ago, bought an Analogue TV, and now as Digital broadcasts come into effect, have to either get a set-top-box, or buy a new TV. If you don't like having to upgrade Windows now and then, switch to one of the alternatives... and get used to upgrading even more often!

Edited by kaninelupus: n/a

0

That version of Windows XP, that is XP SP2, is probably the most stable version that people have had a chance to use without having to make significant investments to buy new hardware. For most people it is still enough.
But in a little while even internet surfing will prove to be more tedious on an old system with no hardware acceleration. I agree with "kaninelupus" that everything has a sell-by date. XP's sell-by date is long past, but sadly MS hasn't provided a more stable or even viable option.

0

To what I know Window XP will be end of life in 2014. So no surprise they end the SP2 and moving to SP3. We have another 4 years or so to enjoy Window XP. If the Window 7 is bringing in the numbers. I bet they could kill Window XP even quicker. I don't hate Microsoft it just that my budget couldn't catch up with their technology. I just use Linux to keep my hardware going as long as it can boot and serve me well.

0

I think the problem lies, especially with the laptops. My laptop was top of the line 4 some yrs ago and is still kicking ass. got enough processing speed and RAM to continue using it for another year or two. The applications I work with do have an upgrade for win 7 or even a stable vista. Also, my hardware drivers arent upgradeable or at least I cannot find the win 7 for every piece of hardware on my machine. Do I dump my machine and quit my profession to something where applications are compatible with win 7 environment and who will guarantee the stability.

I hear you all who are talking about get over it but there are apps that will NOT work on new machines/OS in the near future. My laptop is acting funky, I have tried everything there is to try and I have sought expert help. All sources point to fresh install and you know I cannot do that b/c MS decided to stop delivering updates for SP2 and before SP3. At least they could offer us to purchase a disc with those updates. I will happily do so. Does anyone know if anything like that exists? Please let me know at Bobby_tmq@yahoo.com
Thanks

0

Once they kill it that is the end of it. Like Window 95/98/ME. No updates at all. So I find an equivalent in Linux. Like word, spreadsheet, presentation and of course Firefox browser. They have some games but not as good as Window but still playable. I don't know what software you are using. If there is an equivalent from Linux, I suggest you switch to Linux or get a new hardware with Window 7.

0

SP2 has never been any good to our company, we use SP1 and do a upgrade to sp3 direct, if we try SP2 i get a 70% rate freeze on installation.
:)

0

I think we should use the technology that works best...
newer technology has been built by the next idiot engineers...
computers are now missing useful things such as the old PS/2 keyboard port.
(I have an awsome multi-function gaming keyboard which was given to me that uses this port)
^buying a similar keyboard that uses the recommended USB interface would be expensive and not worth it.

the ethernet port also suffers the same fate... so what do we do when Wifi networking has huge problems??
(certainly not fix it by going wired)

technology is moving in the direction of stupidity, including Windows.

not to mention that exploit everyone's afraid of (properly named "Remote Administration Tool" (RAT)) is already integrated with newer versions of windows.

so either use XP and catch a RAT, or use 7 or 8 which already has a RAT...
(the RAT was implemented by MS with hacker-speculation of user control)

I think we know the safer choice here, though recently even linux has been cracked with an exploit similar to a RAT, which uses bash (what linux runs on)

at least the linux and XP RATs can be controlled...

I have a friend who's friend has cracked and disabled the RAT in Win8 using python...
I'm trying to gain info about it as I want to replicate what he did.

imagine what happens when hackers are able to control MS's RAT...
anyone running Win7 or Win8 could be compromised.
(Vista also has the RAT, but hackers havn't been able to get it working)
^ that doesn't mean MS can't get it working

Edited by DarkPikachu

Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.