NEW YORK – Microsoft will end support for the persistently popular Windows XP today, and with an estimated 30 percent of businesses and consumers still using the 12-year-old operating system, the move could put everything from the operations of heavy industry to the identities of everyday people in danger.
What once was considered low-hanging fruit by hackers now has a big neon bull’s eye on it, said Patrick Thomas, a security consultant at the firm Neohapsis, in San Jose, Calif.
Microsoft has released a handful of Windows operating systems since 2001, but XP’s popularity and the durability of the computers it was installed on kept it around longer than expected. Analysts say that if a PC is more than five years old, chances are it’s running XP.
While users can still run XP after today, Microsoft says it will no longer provide new security updates, issued fixes to non-security related problems or offer online technical content updates. The Redmond, Wash., company says it will provide anti-malware-related updates through July 14, 2015, but warns that the tweaks could be of limited help on an outdated operating system.
Most industry observers say they recognize that the time for Microsoft to end support for such a dated system has come, but the move poses both security and operational risks for the remaining users. In addition to home computers, XP is used to run everything from water treatment facilities and power plants to small businesses like doctor’s offices.
Thomas said companies that don’t like risk generally don’t like change. As a result, companies most likely to still be using XP include banks and financial services companies, along with health care providers. He also pointed to schools from the university level down, saying that they often don’t have enough money to fund equipment upgrades.
Marcin Kleczynski, CEO of Malwarebytes, said that without patches to fix bugs in the software XP PCs will be prone to freezing up and crashing, while the absence of updated security-related protections make the computers susceptible to hackers.
He added that future security patches released for Microsoft’s newer systems will serve as a way for nefarious people to reverse engineer ways to breach now-unprotected Windows XP computers.
It’s going to be interesting to say the least, he said. There are plenty of black hats out there that are looking for the first vulnerability and will be looking at Windows 7 and 8 to find those vulnerabilities. And if you’re able to find a vulnerability in XP, it’s pretty much a silver key.
Mark Bernardo, general manager of automation software at General Electric Co.’s Intelligent Platforms division, said moving to a new operating system can be extremely complicated and expensive for industrial companies. Bernardo, whose GE division offers advisory services for upgrading from XP, said many of the unit’s customers fall into the fields of water and waste water, along with oil and gas.
Even if their sole network is completely sealed off from attack, there are still operational issues to deal with, he said.
Meanwhile, many small businesses are put off by the hefty cost of upgrading or just aren’t focused on their IT needs.
Barry Maher, a salesperson trainer and motivational speaker based in Corona, Calif., said his IT consultant warned him about the end of XP support last year. But he was so busy with other things that he didn’t start actively looking for a new computer until a few weeks ago.
This probably hasn’t been as high a priority as it should have been, he said.