How Risky Is It To Keep Using Windows XP?

How Risky Is It To Keep Using Windows XP?

December 23

In my last post I touched on what’s been preventing businesses from migrating away from Windows XP. While I understand the challenges these organizations face, I concluded that migrating away from an operating system that’s no longer being supported (unless you have more than 750 XP devices and can afford to pay Microsoft six figures annually for custom support) is the right decision, no matter how painful it may be in the short term.

When I started researching this post, I felt confident I would keep this opinion. I found another article by Tony Bradley, who I quoted last week, explaining why Windows XP is a bigger security concern than Heartbleed:

  • Just as Y2K was a specific event, Heartbleed was just one vulnerability. It was identified, a patch was developed, and the world was put on notice. Now, we can move on. It was an isolated moment in time. Windows XP, on the other hand, is now a permanent, ongoing “zero day” vulnerability. If attackers are smart and stealthy, we may not even know how many vulnerabilities are discovered in Windows XP from this point on — or how critical they are. There won’t be any more patches or updates, so it’s permanently at risk.

Bomb Shelter Mentality

Under some situations, however, staying with Windows XP might not be an unconscionable thing to do, particularly if your users (or IT department) is tech savvy and you take a series of precautions (note, however that if you need to be HIPAA compliant, you should not be using XP). In an April 2014 article, PCWorld reporter Ian Paul interviews several Windows XP diehards who view their PCs more as appliances rather than “snazzy tech gadgets.” One interviewee, puppeteer Pix Smith, notes:

  • They built an awful lot of bomb shelters back in the 50s with the same kind of mindset…As with most of those things, the number of people affected versus the total number of users is a really, really, low percentage, if you are relatively prudent.

Another interviewee Bob Appel uses a third-party firewall, a free virus checker, and HouseCall to run his personal network of 12 PCs, 10 of which use Windows XP. In addition:

My Firefox browser uses Keyscrambler, HTTPS [Every]where, Ghostery, and Disconnect. I also have a VPN account (PIA) when traveling. For suspicious email attachments, I deploy private proprietary bioware (me!) to analyze before opening. All the ‘experts’ say I am crazy. Thing is, I stopped the security updates in XP years ago after a bad update trashed my system, and yet I have never been infected, although online for hours each day.[1]

Precautions To Take

Interestingly, most anti-virus software vendors plan to support Windows XP through 2016, and Mozilla plans to continue updating the Windows XP version of Firefox indefinitely (Google plans to update the Windows XP Chrome through 2015).

Meanwhile, I found several articles delineating precautions you can take to lessen your risks using Windows XP. Among the most popular ones (in addition to using Firefox with the extensions Appel mentioned) are:

  • Use a limited (rather than the default administrator) account
  • Stop using Microsoft Office 2003 (which is no longer supported) in favor of a more recent version of Office or an open source alternative like LibreOffice
  • Make sure your other software is kept up to date. Check out Secunia PSI, which is a free version of Secunia CSI patch management software)
  • Uninstall exploit-prone plugins like Java and Adobe Flash
  • Disable ports and drives whenever possible, or use third-party tools to configure these ports for write access only.
  • Have a good backup plan in place in case of a Windows XP breach (StorageCraft ShadowProtect is a good one)

Hold Off Until Windows 10?

If your network is fairly simple and you are proactive about bolstering the security around Windows XP, holding off until Windows 10 (rumored to release may actually be the sensible path to take, at least until Microsoft changes the way it licenses Windows.[2]

Windows 7 reaches its support EOL (End of Life) in early 2020, with mainstream support ending January 13, 2015, while Windows 8 hits its EOL in early 2023, with mainstream support ending January 9, 2018. Given how quickly the years pass and how onerous any major upgrade can be, perhaps it’s best to hang on another year or so and wait for the Windows 10 launch.

Are you still using Windows XP? Let us know in the comments or on Twitter!

[1] Actually, these are good browsing tips, regardless of what OS you use.

[2] Most obviously, making it considerably less expensive to upgrade, similar to what Apple does with Mac OS.

Photo credit: SFSD Technology Help Desk via Flickr