Windows XP owners can expect most antivirus vendors to continue providing them with up-to-date signatures long after Microsoft pulls its patch plug in April, but that won't keep their machines safe, an expert said today.
Microsoft will deliver its final public patches for Windows XP on April 8, less than three months from now, finally retiring the 13-year-old operating system, the most successful ever for the Redmond, Wash. developer.
That will leave users still running XP -- and there are hundreds of millions worldwide -- without a way to fix vulnerabilities that hackers can exploit with impunity.
"Antivirus cannot patch the underlying vulnerability," said Andreas Marx, CEO of AV-Test, a German company that regularly evaluates antivirus (AV) products for Windows. "There's nothing that AV can do to close those vulnerabilities, it can only limit malware spreading from one machine to another."
Although he urged XP users to upgrade to a newer and still-supported operating system -- whether Windows 7, 8 or 8.1 from Microsoft, OS X from Apple or Linux from the numerous distributors of the open-source OS -- Marx acknowledged that's not possible for everyone, much less in the limited time left before Microsoft calls it quits.
But by taking steps, XP owners can make their PCs, if not secure, at least safer to use.
"Internet Explorer [IE] and Outlook Express [an obsolete email client distributed with XP] will also no longer receive security fixes, so it will be very dangerous to continue using that browser and email client," said Marx.
Instead, people should switch to alternate browsers and email programs that will be patched after April, such as Google's Chrome, Mozilla's Firefox and Opera Software's Opera browsers. Google has promised to continue supporting Chrome on XP until at least April 2015, for example.
And while an AV program can't keep all threats at bay, Marx urged users to invest in one if they plan on running the older OS through 2014 and beyond.
"AV products will lose these battles [with malware makers] on XP sooner or later," said Marx. "XP will be like Swiss cheese. But you can still do things to protect the system."
Marx contacted more than 20 AV companies to find out whether they will continue to support XP with updated anti-malware signatures, and if so, for how long. Today Marx published that list on his AV-Test website, along with a call for other vendors to submit information so he can keep the count up to date.
Microsoft, for one, announced last year that it would stop serving signatures to XP users of Security Essentials, the free AV program that launched in 2008, and discontinue downloads of the software, after April 8. Today, however, Microsoft backtracked, extending Security Essentials' lifespan until July 14, 2015. It will provide free signature updates until that date as well.
But most third-party AV makers will keep churning out signatures for even longer, Marx found.
Kaspersky, BitDefender and Avira, for example, which placed 1-2-3 in AV-Test's September-October 2013 examination of AV products for Windows XP, have pledged to support consumers until 2018, January 2016 and April 2015, respectively. On the business side, Kaspersky, Symantec and Trend Micro products topped the list; Kaspersky will support its end-point AV software on XP until the second half of 2016, Trend Micro until Jan. 30, 2017. Symantec has not set an end date.