End of support for Windows XP which was scheduled for April 8 has exposed many businesses to security breaches as vulnerabilities are made public, but patches are no longer available. Any vulnerabilities found in Windows XP will not be fixed by a security update and Microsoft has also discontinued technical support, meaning any business running XP will be at serious risk of infection.
With more than 500 million machines still running XP at the end of 2013, many companies will be affected by this change. Migrating to alternative OS’s such as Windows 7 and 8 is costly and time consuming. With increasing budget pressures, many enterprises
have found it challenging to manage a platform shift of this size. In fact, the number of machines running XP is actually increasing with overall market share at 29.53% in February (from 28.98% in Dec and 29.23% in Jan), revealing the extent of the migration challenge with more businesses adopting this legacy operating system.
In addition to gaining IT spend and senior management buy-in for a company-wide migration, many enterprises also have to contend with the plethora of business-critical applications that only run on XP. A number of retailers have yet to make the switch with legacy systems applications, such as Point of Sale systems, not supported on Windows 7 or 8, leaving these businesses exposed to data breaches if steps to extend their security have not already been taken.
Without any additional security, Windows XP is already 21 times more vulnerable to malware than Windows 8, and the security risks will only increase. It’s important that the many businesses continuing to use XP, take steps to mitigate their risk:
* Remove ‘admin’ privileges from standard users to reduce the risk of unwanted applications, including malware, being downloaded on unsupported legacy systems, like XP. No one apart from your IT organisation should have ‘admin’ rights.
* Enable storage and buffer overflow protection. Unsupported operating systems such as XP are more vulnerable to zero-day attacks which means business must make use of intrusion prevention systems such as McAfee Host IPS.
* Deploy dynamic whitelisting techniques which allow only ‘known good’ applications to execute. Whitelisting reduces the need to constantly chase software updates and patches (including MS patches and security updates), to keep up with the ever increasing tide of malicious software. Instead, if an application is not on the whitelist, it is prevented from executing, is reported and the endpoint remains safe.
* Use real-time visibility to quickly identify and remediate attacks. Tools such as McAfee Real-Time collect endpoint security statuses instantly, helping businesses to identify and remediate the attacks that are attempting to exploit XP vulnerabilities.
Raj Samani, CTO EMEA at security specialist, McAfee, urges all business owners to put measures in place to address the security implications of Microsoft’s move away from Windows XP:
“As we have now reached the end of support for Windows XP, it is important that enterprises are aware of the security implications of this transition and face up to the security challenges ahead. Not only are budgets tight across the board, but many enterprises have built the success of their business using critical applications that are simply not supported by Windows 7 or 8. This lack of application compatibility has placed many enterprises in a difficult position as they progress with migration plans whilst striving to ensure uptime of critical systems on XP. As these businesses continue to work through these challenges, it’s important that security measures are extended now to ensure cybercriminals don’t exploit the vulnerabilities made possible with XP End of Life.”