Unsolved
This post is more than 5 years old
3 Apprentice
•
15.2K Posts
0
12004
The Risk of Running Windows XP After Support Ends April 2014
"after April 8 [2014], Windows XP Service Pack 3 (SP3) customers will no longer receive new security updates, non-security hotfixes, free or paid assisted support options or online technical content updates. This means that any new vulnerabilities discovered in Windows XP after its “end of life” will not be addressed by new security updates from Microsoft...
What is the risk of continuing to run Windows XP after its end of support date? One risk is that attackers will have the advantage over defenders who choose to run Windows XP because attackers will likely have more information about vulnerabilities in Windows XP than defenders...
(A) seven-year study indicates that attackers have evolved their attacks to overcome one of the key security mitigations that Windows XP has: Data Execution Prevention (DEP)... The evidence is the increasing number of CVEs that had exploits that bypassed DEP".
joe53
1 Rookie
1 Rookie
•
5.8K Posts
0
August 18th, 2013 10:00
Well, there is "relative risk" and there is "absolute risk". And MS, of course, has a vested interest in selling new operating systems. I found this article a bit disingenuous and self-serving. So I'm going to play "devil's advocate" here.
The current relative security risks of XP vs later Windows OS are known and well documented. I have no doubt they will increase substantially after XP support lapses. Particularly since current trends suggest that some 25-30% of Windows users will still be running XP at that time. Now that is one heck of a pool of unpatched targets!
What is not known is the absolute risk of using XP, both now and after next April. My own experience using XP currently is that this risk is acceptably low.
The current relative risk of using XP/sp3 vs Win7/sp1 appears to be about a 3-fold increase in infections, according to the data from the MS blog cited above (11.3 vs 4.5). I can't be sure exactly what the denominator is, but digging into the links it would appear to be "infections/1,000 computers" scanned by the MSRT tool. And this sample included computers that were both protected and unprotected by various layers of security, and users both knowledgeable and less-sophisticated in security and safe-surfing.
To put that into perspective, the risk of infection by using XP during the 4th quarter of 2012 was at most 1.1%, vs maybe 0.4% for Win 7 users. A big relative risk difference, but still a low absolute risk for both systems.
Nonetheless, the absolute risk of using XP after next April will undoubtedly increase, for the reasons cited by the link in the OP. By how much is anyone's guess.
Speaking for myself, I intend to disconnect my currently trusty XP from the net at that time, to see how it all pans out.
Ref: http://download.microsoft.com/download/E/0/F/E0F59BE7-E553-4888-9220-1C79CBD14B4F/Microsoft_Security_Intelligence_Report_Volume_14_Key_Findings_Summary_English.pdf
ky331
3 Apprentice
3 Apprentice
•
15.2K Posts
0
August 18th, 2013 12:00
It seems we each take turns playing "devil's advocate" ---- but if memory serves me, last time we each were playing for the opposite team :emotion-5:
I haven't decided what I'll be doing with my XP [secondary] laptop next April... assuming the hardware survives that long. (I need a new power pack, and I'm beginning to wonder whether it'll be worth it. I've been sharing a power pack with my wife's laptop...)
I don't think I'll completely disconnect it from the internet... but I definitely would be more careful about what I allow myself to do with it: I'm sure I'll avoid doing any "sensitive" [e.g., banking, credit-card, brokerage] transactions... but I'll probably continue to use it for other "routine"/"normal" surfing. We'll see.