Security Advisor
Microsoft Continues XP Support Death March
The end of support doesn't mean the end of support options for those willing to pay.
In yet another Microsoft security blog on the subject of Windows XP's end of days, Redmond still really wants you to know that April 2014 isn't going away and that the end of XP support is nigh.
This time, Tim Rains, director of the Trustworthy Computing group, gives you more reasons to move away from the dying OS -- and the first point is that those trusting antivirus software and XP's baked-in security features to pick up the slack of monthly security bulletins shouldn't put all their faith that these will get the job done.
"The challenge here is that you'll never know, with any confidence, if the trusted computing base of the system can actually be trusted because attackers will be armed with public knowledge of zero day exploits in Windows XP that could enable them to compromise the system and possibly run the code of their choice," wrote Rains. "Furthermore, can the system's APIs that anti-virus software uses be trusted under these circumstances? For some customers, this level of confidence in the integrity of their systems might be okay, but for most it won't be acceptable."
He also pointed out that while the security features that came packed in with XP SP3 were state-of-the-art at the time, that's no longer the case. Microsoft's last Security Intelligence Report found that infection rates for Windows XP SP3 systems were almost three times higher than those running Windows 7 SP1.
The fact that the newer OSes are able to stop more attacks than the aged OS shouldn't be a surprise to anybody. However, just imagine how much bigger of a gap the infection rate will be when hackers will be able to exploit Windows zero-day flaws with impunity on systems that aren't receiving their monthly medicine.
Those looking to heed the multiple warnings of doom do have options: third-party tools and services that promise to keep your XP secure are popping up at a rapid rate. One such product is Arkoon Networks Security's ExtendedXP, which is "an agent-based security solution derived from StormShield but focused specifically on protecting Windows XP systems," according to Redmond magazine's Kurt Mackie.
However, one drawback to this and other third-party solutions is the fact that only Microsoft can patch the Windows kernel. So whatever level of protection they can offer, it won't be on the same level as Microsoft's monthly patch rollout.
Luckily, there's yet one more (very costly) solution: Microsoft will continue to service your Windows XP for a steep price. Through its Custom Support program, Microsoft will continue to supply your XP systems with "critical" security bulletins at a high cost.
"Custom Support from Microsoft runs around $200 per device for the first year," said Michael Silver, research vice president and distinguished analyst for Gartner mobile and client platforms, in an e-mail to Redmond magazine earlier in the year. "There's a minimum charge and no ceiling -- we've seen proposals from Microsoft into the millions of dollars for the first year. For organizations that believe they are at high risk, especially in regulated industries, Custom Support may be the best way to claim compliance. Many other organizations are looking for less expensive ways to reduce surface area for attack and/or increase security."
If still on XP, how is your enterprise prepping for the end? Is the high cost of Microsoft's Extended Support worth it to alleviate compliance headaches or are you looking to a third-party solution to stay on the aged OS? Let me know in the comments below.