Microsoft retreats from XP's antivirus kill notice

Throws Windows XP users a bone by extending Security Essentials' life until July 2015

Microsoft today backpedaled from earlier decisions and said it would extend a limited helping hand to Windows XP users by them offering antivirus signatures for Security Essentials for more than a year after it stops patching the aged OS.

The Redmond, Wash. company announced the change of heart on its website Wednesday.

"To help organizations complete their migrations, Microsoft will continue to provide updates to our anti-malware signatures and engine for Windows XP users through July 14, 2015," the company's Malware Protection Center team said.

Last year, Microsoft was adamant, saying it would stop serving signatures to XP users of Security Essentials, the free consumer-grade AV program that launched in 2008, when the OS reached its end of life on April 8. Earlier this month, Microsoft added that it would discontinue downloads of Security Essentials for Windows XP on the same last-patch date facing the operating system.

Microsoft will ship its final public security updates -- patches for known vulnerabilities -- in less than three months, ending nearly 13 years of support for the ultra-successful OS.

Because of that impending deadline, Microsoft has been urging customers to dump XP for a newer edition like Windows 7, Windows 8 or Windows 8.1.

The decision to drop Security Essentials and more importantly, halt the delivery of new signatures -- fingerprints, essentially, of newly-discovered malware that makes it possible for Microsoft's antivirus engine to detect and block those threats -- was seen by some as an arm-twisting tactic that would leave users even more vulnerable to attack after patches were no longer shipped to quash vulnerabilities in the code.

Virtually every third-party antivirus vendor will continue to ship signatures to customers running Windows XP long after Microsoft pulls the patch plug. In some cases, those vendors have committed to delivering new signatures for years, as Andreas Marx, the CEO of AV-Test told Computerworld earlier today.

After Microsoft's announcement, Marx cautioned Windows XP users against relying only on Security Essentials. His company, which regularly evaluates Windows security software, gave Microsoft's program a zero score for the obviously-important "Protection" category in tests run in late 2013.

"Security Essentials offers only the basic protection," said Marx today in an interview. "[On Windows XP], it detected only about four-fifths of the malware sample, letting one in five get through."

Microsoft made it plain that its reversal on Security Essentials and anti-malware signatures had no wider implication. "This does not affect the end-of-support date of Windows XP," the company said.

Security Essentials will continue to be available for download by Windows XP users from Microsoft's website only until April 8, 2014.

Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at  @gkeizer, on Google+ or subscribe to Gregg's RSS feed . His email address is gkeizer@computerworld.com.

See more by Gregg Keizer on Computerworld.com.

Join the discussion
Be the first to comment on this article. Our Commenting Policies