It’s time to upgrade: Windows XP

It’s time to upgrade: Windows XP:

If you, or your workplace, are still using Windows XP, it’s time to move on. 

Microsoft will officially end support for the 2001-vintage platform on April 8, 2014.

That means no more service packs, no more updates and, most importantly, no more security patches.

Windows users generally receive periodic updates from Microsoft via its Windows Update service. These fixes often patch irregular behaviour in the operating system.


XP users are, of course, welcome to continue using their OS of choice after April 2014, but this behaviour entails a number of risks.

Windows lifecycle fact sheet:

Every Windows product has a lifecycle. The life cycle begins when a product is released and ends when it’s no longer supported or sold. Knowing key dates in this lifecycle helps you make informed decisions about when to upgrade or make other changes to your software. Here are the rights and limits of the Windows lifecycle.


* Support for Windows 7 RTM without service packs ended on April 9, 2013. Be sure to install Windows 7 Service Pack 1 today to continue to receive support and updates.

Why is Microsoft ending support for Windows XP and Office 2003?

In 2002 Microsoft introduced its Support Lifecycle policy based on customer feedback to have more transparency and predictability of support for Microsoft products. As per this policy, Microsoft Business and Developer products, including Windows and Office products, receive a minimum of 10 years of support (5 years Mainstream Support and 5 years Extended Support), at the supported service pack level.

What is the risk of continuing to run Windows XP after its end of support date?

When Microsoft releases a security update, security researchers and criminals will often times reverse engineer the security update in short order in an effort to identify the specific section of code that contains the vulnerability addressed by the update. Once they identify this vulnerability, they attempt to develop code that will allow them to exploit it on systems that do not have the security update installed on them. They also try to identify whether the vulnerability exists in other products with the same or similar functionality. For example, if a vulnerability is addressed in one version of Windows, researchers investigate whether other versions of Windows have the same vulnerability. Microsoft Security Response Center (MSRC) releases security updates for all affected products simultaneously.  This practice ensures customers have the advantage over such attackers, as they get security updates for all affected products before attackers have a chance to reverse engineer them.

But after April 8, 2014, organizations that continue to run Windows XP won’t have this advantage over attackers any longer.  The very first month that Microsoft releases security updates for supported versions of Windows, attackers will reverse engineer those updates, find the vulnerabilities and test Windows XP to see if it shares those vulnerabilities.  If it does, attackers will attempt to develop exploit code that can take advantage of those vulnerabilities on Windows XP.  Since a security update will never become available for Windows XP to address these vulnerabilities.

Security technology in Windows XP was never really that great, even if it got a lot better with SP2, but the product was a runaway smash hit to such an extent that we may never be rid of it. Next April will be 12 years since Windows XP was made generally available; this is an astonishingly long time to keep supporting a software product. Nobody else keeps support life spans like Microsoft; with Windows XP they actually extended the normal 10 year life by 2 years.

As for the security mitigations that Windows XP Service Pack 3 has, they were state of the art when they were developed many years ago.  But we can see from data published in the Microsoft Security Intelligence Report that the security mitigations built into Windows XP are no longer sufficient to blunt many of the modern day attacks we currently see.  The data we have on malware infection rates for Windows operating systems indicates that the infection rate for Windows XP is significantly higher than those for modern day operating systems like Windows 7 and Windows 8.


                                         Infection rate (CCM) by operating system and service pack in the fourth quarter of 2012 as reported in the Microsoft Security Intelligence 

Source: Microsoft, ZDNet, TechNewsdaily,  Technet blog

7 thoughts on “It’s time to upgrade: Windows XP

  1. When someone writes an post he/she retains
    the idea of a user in his/her brain that how a user can understand it.
    Therefore that’s why this post is amazing. Thanks!

  2. Hello There. I found your blog using msn. This is an extremely well
    written article. I will make sure to bookmark it and return to read more of your useful information.
    Thanks for the post. I will definitely comeback.

  3. you’re really a excellent webmaster. The website loading pace is incredible.
    It seems that you are doing any unique trick. Also, The contents are masterpiece.
    you’ve done a magnificent task on this topic!

  4. constantly i used to read smaller articles or reviews that
    also clear their motive, and that is also happening with
    this article which I am reading at this place.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s