Windows XP arrived on the scene in 2002. 12 years is an unheard of life span for a supported operating system but its time has come to an end and the malware writers are really, really excited. They are excited about the opportunity presented by having an in production operating system that never gets another security update. A noticeable lull has occurred in new attacks and new security discoveries in Windows XP. The thought is that they are being held back until after the OS is no longer supported so that there will never be a fix for the issue. The same thing happened with Windows 98. Studies showed that after Windows 98 was out of support that is took about 12 minutes of Internet access before the machine was infected. We can expect the same thing to happen with XP.
Here’s what we need to do:
- Replace any XP computers with new ones
- Those that cannot be replaced must not have access to the Internet at all
Among our clients we see very few XP computers left. Those that are left fall mainly into the category of machine controllers or thin clients. Thin clients can continue to be used because they are locked down from change and don’t directly access the Internet themselves. This makes them more resilient to changes over time and we can just keep those in place. For machine controllers we need to lock them down so that they have no Internet activity at all on them. This means no email, no internet and only the very limited function that they must do in order to run the machine that they are connected to. Any other functions must be moved off to another more modern operating system.
This won’t eliminate the possibility of infection but it will greatly lessen the chance. Infections today are mostly network aware which means that if they can get a foothold on your network the next thing they will do is look for additional computers to infect. They may even specifically look for XP computers.
What happened to make XP more vulnerable? It just got old. The security and OS design that was state of the art in 2002 isn’t even close today. We’ve reached the point in time where the code in XP just can’t be secured. It doesn’t have the capability because the technology to protect it didn’t exist at that time. So the code can’t be secured.
If we haven’t talked about securing your XP computers yet, let’s make sure that we do soon. That April 14th date is going to get here sooner than we realize.
–Amy Babinchak, Harbor Computer Services