Security Advisor

Microsoft Continues XP Support Death March

The end of support doesn't mean the end of support options for those willing to pay.

In yet another Microsoft security blog on the subject of Windows XP's end of days, Redmond  still really wants you to know that April 2014 isn't going away and that the end of XP support is nigh.

This time, Tim Rains, director of the Trustworthy Computing group, gives you more reasons to move away from the dying OS -- and the first point is that those trusting antivirus software and XP's baked-in security features to pick up the slack of monthly security bulletins shouldn't put all their faith that these will get the job done.

"The challenge here is that you'll never know, with any confidence, if the trusted computing base of the system can actually be trusted because attackers will be armed with public knowledge of zero day exploits in Windows XP that could enable them to compromise the system and possibly run the code of their choice," wrote Rains. "Furthermore, can the system's APIs that anti-virus software uses be trusted under these circumstances? For some customers, this level of confidence in the integrity of their systems might be okay, but for most it won't be acceptable."

He also pointed out that while the security features that came packed in with XP SP3 were state-of-the-art at the time, that's no longer the case. Microsoft's last Security Intelligence Report found that infection rates for Windows XP SP3 systems were almost three times higher than those running Windows 7 SP1.

The fact that the newer OSes are able to stop more attacks than the aged OS shouldn't be a surprise to anybody. However, just imagine how much bigger of a gap the infection rate will be when hackers will be able to exploit Windows zero-day flaws with impunity on systems that aren't receiving their monthly medicine.

Those looking to heed the multiple warnings of doom do have options: third-party tools and services  that promise to keep your XP secure are popping up at a rapid rate. One such product is Arkoon Networks Security's ExtendedXP, which is "an agent-based security solution derived from StormShield but focused specifically on protecting Windows XP systems," according to Redmond magazine's Kurt Mackie.

However, one drawback to this and other third-party solutions is the fact that only Microsoft can patch the Windows kernel. So whatever level of protection they can offer, it won't be on the same level as Microsoft's monthly patch rollout.

Luckily, there's yet one more (very costly) solution: Microsoft will continue to service your Windows XP for a steep price. Through its Custom Support program, Microsoft will continue to supply your XP systems with "critical" security bulletins at a high cost.

"Custom Support from Microsoft runs around $200 per device for the first year," said Michael Silver, research vice president and distinguished analyst for Gartner mobile and client platforms, in an e-mail to Redmond magazine earlier in the year. "There's a minimum charge and no ceiling -- we've seen proposals from Microsoft into the millions of dollars for the first year. For organizations that believe they are at high risk, especially in regulated industries, Custom Support may be the best way to claim compliance. Many other organizations are looking for less expensive ways to reduce surface area for attack and/or increase security."

If still on XP, how is your enterprise prepping for the end? Is the high cost of Microsoft's Extended Support worth it to alleviate compliance headaches or are you looking to a third-party solution to stay on the aged OS? Let me know in the comments below.

About the Author

Chris Paoli is the site producer for and


  • Microsoft Shifting Away from Office 365 Brand Name in April

    Microsoft on Monday announced coming product naming changes, where "Office 365" is mostly getting replaced by the "Microsoft 365" brand.

  • Microsoft Grows Services Amid COVID-19

    Microsoft in a Saturday announcement recapped how its services have been affected by "shelter-in-place" governmental mandates in the last week, providing details on growth stats and prioritizations.

  • Microsoft Adds 6 More Months to Expiring Certification Programs

    Microsoft has announced an extension to the end date of three certification programs slated for retirement.

  • Microsoft's Surface Pro X: It's Like the Surface RT, But Better

    There's a lot about the Surface Pro X that's reminiscent of the ill-fated Surface RT. But despite the similarities, this might just be one of the rare cases where the sequel is better than the original.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.