Security Advisor
XP Support Death: One Week Later
So far, it's been quiet out there. But don't take the lack of news as an indication that the attackers have moved on.
So it's been seven days since Microsoft issued its last security update for Windows XP, and it appears that the sun is still out and the world continues to spin.
After being warned of doom and gloom for the past couple of years, not only by Microsoft but other security firms, the Windows XP security landscape has been relatively quiet since April 8's death of support.
Here's Microsoft's Tim Rains on XP's end back in August of last year: "The very first month that Microsoft releases security updates for supported versions of Windows, attackers will reverse engineer those updates, find the vulnerabilities and test Windows XP to see if it shares those vulnerabilities," said Rains in a blog post. "If it does, attackers will attempt to develop exploit code that can take advantage of those vulnerabilities on Windows XP. Since a security update will never become available for Windows XP to address these vulnerabilities, Windows XP will essentially have a 'zero day' vulnerability forever."
So far, I haven't gotten any word of any zero-day flaws popping up for the vulnerable OS. Were the warnings of the attackers with full arsenals of XP exploits ready for unleashing overblown? Or has the reveal of the Heartbleed bug and the scramble to fix almost two-thirds of the entire Internet overshadowed all other IT security news in the past week?
The fact is that while Microsoft is now turning a blind eye to its aged OS, antivirus and antimalware companies continue to provide security support. This could have also played a part in the relatively quiet XP death procession. Antivirus firm Avast released a report on Monday saying that 27 percent of its Windows XP users were not planning on upgrading their systems. It wouldn't look too good for Avast (or any other major antivirus maker) to have such a significant portion of its users riddled with bugs, so it can't just abandon the OS like Microsoft.
"This number is relatively high considering the security risks involved with the OS and makes one wonder how many XP users are not concerned about their protection and aren't planning on upgrading their OS, buying a new PC or seeking AV that will support them," said the firm in the online report. "Avast has been creating protection modules and detections specifically designed to cover Windows XP vulnerabilities and other security problems."
The company said it will continue to provide security support for XP for the next three years. And if you want to shell out the bucks, you can always bribe Microsoft to keep your XP secure.
That's exactly the road the Internal Revenue Service is taking (you know, those guys that you owe something to today). The government agency had first planned to have all its machines running a newer version of Windows by the April 8 deadline. However, in a budgetary meeting on April 7, it was revealed that the agency had only successfully migrated 47 percent of its systems to Windows 7 from Windows XP. For those it couldn't get to, the IRS will be paying Microsoft directly for support -- a figure that Computerworld estimated will cost the agency $11.6 million per year. That's a hefty post-deadline fine!
The IRS and Avast users aren't the only ones who are throwing caution (or a lot of money) to the wind. According to a reader survey, 23 percent of Redmond magazine respondents also have no plans to upgrade their Windows XP machines.
While you might have gotten lucky this first week after the end of XP support, your luck will run out eventually. If you're running Windows XP, have you experienced any issues since April 8? Share your experiences in the comments below.