Windows XP End-of-Support is not the End of the World
Today is the last day of extended support for Microsoft's popular operating system Windows XP.
What this means is that Microsoft won't publish public security patches for the operating system after that day.
Governments and businesses can pay the company to extend support further, but if your home PC is running XP, you are on your own.
Most news outlets in the world make it look like as if all hell will break lose come Wednesday. Chance is however, that nothing close to that will happen.
Think about it for a moment. Microsoft will release the last batch of public patches for Windows XP, and if it would continue support, it would release the next batch next month unless a new 0-day vulnerability is discovered that is in the wild already. So, one extra month to harden the system or switch to another operating system at the very least.
There is a chance that attackers have discovered a new vulnerability already that they will exploit starting today, but the likelihood that this is happening is slim.
And the past has shown that official operating system patches are not necessarily helping against attacks, as part of the Windows user base is not installing them at all or in a reasonable period of time.
According to Microsoft, the infection rate of Windows XP systems is almost twice as high as that of Vista or 7, and four times as high as that of Windows 8. The data comes from the company's own security products.
It is interesting to note in this regard that infection levels for unprotected computer systems, that is systems without real-time antivirus software, are four times as high when it comes to Windows XP according to a Microsoft study from 2012.
The company expects infection rates to rise based on data that it collected after support for Windows XP SP2 ended in 2010.
So, adding proper protection to the system will reduce the likelihood of becoming a victim of a malware attack.
While Windows XP users certainly need to follow security guidelines to reduce the chance that their system is impacted by vulnerabilities that won't get fixed anymore, it is quite possible to protect the system from the majority of attacks that are developed after today.
We have published a guide on how to secure XP after April 2014 and suggest you take a look at it to improve your system's security to a point where most malware won't affect it.
Here is a short summary for those of you who are in a hurry:
- Make sure all other programs and drivers are up to date at all time.
- Use at least one real-time antivirus software (such as Malwarebytes Anti-Malware Pro) and an active two-way firewall.
- Use a sandboxing solution such as Sandboxie or virtualization for critical applications.
- Use common sense all the time, e.g. don't execute file attachments in emails without virus scanning them, don't click on links in emails or chats.
While Windows XP won't receive official patches anymore, it is still possible to harden it to block many attack attempts before they affect the system.
If you are running Windows XP and take care of your system, chance is that you won't notice any difference to before.
While I suggest you pay good attention to security alerts and releases by Microsoft for the company's supported operating systems to check out mitigation factors and understand attack vectors, it is not really something that you need to worry about in short term unless you do not use proper protection.