Roger's Security Blog

As Chief Security Advisor of Microsoft EMEA - lets share interesting security information

10 Reasons to migrate off Windows XP

10 Reasons to migrate off Windows XP

  • Comments 13
  • Likes

I would like you to sit back, close your eyes and think about the year 2001. Think about how you used technology back then, how you used the Internet. Now, let’s take it a little bit further back in history and think of the year 2000. Just after we realized that the Year-2000-Problem was handled very well by the industry. How you used technology, how you used the Internet, the speed of your Internet connection (I think for me it was ISDN-Dial-Up).

This was the time Windows XP was designed. Windows XP was launched in 2001 and – judging by its success – it was a really great piece of technology. It just runs, rock-solid. Well, it was attacked by a few worms like Blaster, Sasser which led to the development of Service Pack 1, which made us stop development for a few months to look for security vulnerabilities. Over all the years of improvement and learning, this finally led into Windows 7.

If you are still on Windows XP, you probably should re-think your strategy today as the Operating System you are using was not designed to survive in today’s threat landscape. Let me give you 10 reasons why you should definitely move off Windows XP as soon as possible:

  1. First and foremost, Windows XP will go out of support April 8th, 2014. From then onwards, there will be no more security updates for Windows XP. Even though it is still two years down the road, larger organizations typically need some time to migrate and I am convinced that you need to start now!
  2. Changes in development processes like the introduction of the Security Development Lifecycle (SDL) over the last 10 years within Microsoft significantly reduced the number of vulnerabilities, the likelihood for getting infected by malware and the attack vectors. This can easily be seen when you look at the data from our Security Intelligence Report:
    image
  3. Most probably you are still using Internet Explorer 6, when you are running Windows XP. As the browser is your window to the Internet and the most attacked application you run, running a browser which is three versions behind the latest one is definitely not something you should do for different reasons. One is the point I made above. Development processes have come a long way in the industry to incorporate security into the product from a code level and you would want to leverage this. Additionally, there is a lot of technology built into a modern browser to protect you from current attacks like the Smartscreen filter. So, move off IE6 to Internet Explorer 9 (for Windows Vista and later) or at least Internet Explorer 8 if you stay on Windows XP (which you should not J). To show you the impact, here is a graph published by NSSLabs on how far the browser can protect you from socially engineered malware:
  4. The Security Development Lifecycle is not only about reducing security vulnerabilities at a code level but it is about adding additional protection as well, if there is a vulnerability in the code. It is about Defense in Depth as well – or mainly. As a result we introduced technology like DEP (Data Execution Prevention) and ASLR (Address Space Layout Randomization) into the platform, which makes it much harder to exploit a vulnerability in the code.
  5. Ever tried to run Windows XP without being local Administrator? Yes, you will tell me know that you run it in the enterprise like that. What about changing the time zone when you travel with your notebook? Or adding your home printer? Or, or, or? I have to admit that I tried it more than once and gave up. User Access Control helps greatly. It is a huge improvement and makes the non-admin use of the OS much simpler. Even if you would decide to run as a local admin, you work with the user token until you need admin privileges.
  6. On Windows XP you might be using some third-party disk encryption tool, something which comes for free on Windows 7 – even for USB sticks. It is called Bitlocker and Bitlocker To Go.
  7. Talking of Bitlocker: One of the points which are often forgotten when talking about the OS is that one of the key attack vectors is during the boot process. We have seen successful attacks on Windows XP during the boot processes with rootkits. If you switch on Bitlocker on Windows 7 (and Vista) you get a fairly sound boot protection. If you use a 64-bit version with kernel protection, the risk of getting infected during the boot process is actually fairly low.
  8. Managing Software Restriction Policies in Windows XP was a very hard – close to impossible – task. AppLocker on Windows 7 has improved this greatly.
  9. There are quite some changes on the IP layer: We support IPv6 and there are a lot of improvements in the Windows Firewall.
  10. The last point: Windows XP is just not cool anymore. Windows 7 is just much nicer, cooler to use and just much, much more fun

Besides all the security improvements, which make most sense if they are used in a combination like Bitlocker on Windows 64-bit and Applocker it has to be said that managing such a Windows 7 environment has proofed to be much, much more efficient than Windows XP.

I guess you did not have time to finish reading the post? Started your migration project immediately? Great, go ahead!

Roger

Comments
  • Even before I read this, I have been telling everybody I know who is still using a lower OS that they need to upgrade.  People don't realize the importance of it.  It's even harder to get the message across to people who are less technical.  

  • Any idea how we can improve? I got the same feedback internally. This is really good - but what about the consumer? Personally I did not experience a lot of probelms upgrading from Windows XP to Windows 7 - except for some very old games, where I did not have a problem that the kids lost them :-)

    But how can we help?

    Roger

  • Windows XP is reliable window, its good to use if one optimize computer to its best performance by uisng a system utility tool like to speed up pc.

  • beter than 8

  • I'd love to move, however some tax software that I have to use does not support Windows7

  • We are familiar Windows XP, in long time< how should we migrate in technical process indetail explanation? Thanks you

  • I think the worst thing you can do is to try to make a Windows XP out of Windows 7 or 8. These are different operating systems with different possibilities. If you run into problems with some apps, there are options on Windows 7 like the Windows XP Mode (to run a few applications in an XP environment) or application virtualization. There are ways to handle this and in this post, I have some links, which can help you: www.halbheer.ch/.../get-off-xp-or-risk-yourbusiness

  • Al diablo, viva XP :-)

    To hell alive XP :-)

  • win xp! rules,,,

    win 8 sucks! hahaha

  • win XP and win 98 alive for ever

  • The major problem is...money!

    We now live in a very 'free' world, where it is not only acceptable to to download 'free' music, movies, software etc. it is considered normal.

    Thus, trying to entice someone to pay for an upgrade to Windows is almost an impossibility.

    The only solution is to to (try to) convince end users that you get what you pay for.

    Of course you can download (for example) free anti-virus but, in real terms, it is not as effective as a subscription based version.

    And here's the double-whammy... those who want 'free' (music etc.) are those same people who will use free anti-virus software.  Of course, ironically, those are the people that need the extra protection of a paid for service.  Ever tried telling them that?  Don't waste your breath!  Till they have to pay for virus removal!!!!!

    So the same goes with Windows - after all it was free ( it was pre-installed on the computer) so why should I pay for an upgrade?  And I can download a hooky version of Windows 7 or 8 so it's still free??!?!?

    The fact is 'free' costs money.

    At the end of the day XP was awesome.  But it is time to move on.  Get your hand in your pocket now and save yourself money in the long run.  Computer security is not a joke - neglect it at your peril.

  • umm....  The major problem is....money!!!

    so the same goes with Windows after all it was free so why should I pat for an upgrade?

    And I can download a hooky version of Windows 7 or 8 or it's still free???

    The fact is 'free' costs money.

    At the end of the day XP was awesome. But it is time to move on. Get your hand in your pocket now and asve yourself money in the long run. Computer secumity is not a joke-neglect it at your peril.

  • For more info on how and when the end of support for Microsoft will affect your organisation follow the link below: http://itcrip.wordpress.com/2013/11/22/when-will-microsoft-pull-the-plug-on-your-version-of-windows/

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment