Microsoft has ended mainstream support for all flavours of
Windows XP, including Windows XP Professional and Windows XP
Professional x64 Edition.
Extended
support will be available until 8 April, 2014, but the burden
will be on IT managers to ensure their Windows XP estates are
secure.
Although Microsoft is moving XP into the Extended Support of its
lifecycle, it will continue to develop
hot fixes,
as and when they are required.
Stuart Okin, managing director of
Comsec Consulting, and a former
security expert at Microsoft, says that getting telephone support
from Microsoft will be the main issue after mainstream support
ends.
"This will affect clients, [but] only when there is a major
outbreak of malware and they are not sure where to turn to. In
essence nothing changes. Patch your systems; make sure you have
malware protection, as well as other controls, such as firewalls.
For businesses, make sure you security test all the way through the
development lifecycle."
Gary Collins, chief information officer at
Intercept
IT, a specialist in cloud computing, pointed out that even with
the arrival of Vista, Microsoft was retrospectively patching holes
in Windows XP as it found problems with the new operating system
(OS). This meant recoding parts of the XP operating system and
releasing hot fixes.
He says many organisations have been reluctant to move to
Windows Vista, and Windows 7 is not yet available. As a result,
securing Windows XP will remain a focal issue.
"A high proportion of our clients have not upgraded to Vista,
which they see as resource-hungry, so it is unfortunate timing for
Microsoft that XP support is ending, and Windows 7 will not be out
until early 2010."
The onus will be on users to ensure they keep XP up-to-date, as
is the case with older operating systems, says Collins.
"A couple of clients of ours are large banks that still have
Windows NT 3.51 and NT 4 on their servers. They put protection
around the outside, using intrusion detection systems and intrusion
prevention. But they also ensure those networks are not
exposed."
Collins advises organisations to ensure they have adequate
firewall, anti-virus, and intrusion detection systems. But he added
that there are also many experienced Microsoft partners that will
continue to offer support services for Windows XP.
This was echoed by Microsoft, which says that along with its
strategic partners, it will offer custom support relationships, at
a price, that go beyond the Extended Support phase.
Stay up-to-date
Martin O'Neal, at security consultant
Corsaire, says Windows XP users
should run the most recent version of the operating system.
"The basic recommendation for maintaining a supportable platform
is to make sure you move to the latest service pack in the next few
weeks," he says.
Graham Cluley, senior technology consultant at
Sophos, warns that the end of
support for Windows XP - which he says is the world's most widely
used OS - will mean organisations need to plan OS migrations.
"The biggest challenge for businesses is the looming requirement
to specify another OS, particularly for new installs. Enterprise
software developers will begin dropping XP support and IT managers
should be thinking about the best alternative operating
system."
"Given the poor uptake of Vista, the continued popularity of
Apple, the growth of Linux and the simple fact that Linux is free,
it looks like the OS market is going to become more
competitive."
"XP will not be the leading OS forever and businesses need to be
prioritising security in any talks about how to deal with its
demise," he says.
Overall, the experts agreed that good security practices should
be high on the agenda going forward. This is easier said than
done.
Paul Vlissidis, technical director at
NCC Group Secure Test, says, "In
a world of super worms and drive-by attacks, internal patching is
now as essential as having an up-to-date anti-virus, but this
message just does not seem to be getting through. IT security is no
longer the sole provision of suppliers, and end-users should be
aware of this by now," he says.