Experts question Microsoft's decision to retire XP
But others say the company will 'draw a line in the sand' and stop serving the aged OS with patches
Computerworld - Microsoft will "draw a line in the sand" come April 2014 and will stop issuing security updates for Windows XP, security researchers said today, even if millions of customers are still running the aged operating system and a zero-day bug threatens the Windows ecosystem.
Or maybe not. Other experts believe Microsoft will have no choice but to continue supporting XP.
Windows XP, now in its twelfth year, is slated for retirement on April 8, 2014. After that date, the ancient OS will receive no further security updates or bug fixes, except to enterprises that pay for high-priced support contracts.
PCs running XP will not suddenly stop working, of course, but they will be at risk to attacks exploiting vulnerabilities uncovered -- and patched for other editions of Windows -- from that point on.
Michael Cherry, an analyst with Directions on Microsoft, a Kirkland, Wash. research firm that focuses solely on Microsoft, posed a scenario.
"Suppose we get to a date post the end of Extended support, and a security problem with XP suddenly causes massive problems on the Internet, such as a massive [denial-of-service] problem?" asked Cherry. "It is not just harming Windows XP users, it is bringing the entire Internet to its knees. At this time there are still significant numbers of Windows XP in use, and the problem is definitely due to a problem in Windows XP. In this scenario, I believe Microsoft would have to do the right thing and issue a fix ... without regard to where it is in the support lifecycle."
Microsoft has already extended XP's lifespan. In early 2007, Microsoft gave XP a reprieve, adding support time to Windows XP Home and XP Media Center to match the date already set for Windows XP Professional.
By the time Microsoft pulls the XP plug, it will have maintained the OS for 12 years and 5 months, almost two-and-a-half years longer than its usual practice and a year longer than the previous record holder, Windows NT, which was supported for 11 years and 5 months.
Cherry isn't the only one who figures Microsoft will again pardon XP.
"I don't think they'll stand firm on this," said Jason Miller, manager of research and development at VMware. "What if XP turns out to be a huge virus hotbed after support ends? It would be a major blow to Microsoft's security image."
In Miller's scenario, like Cherry's, the assumption is that vulnerabilities will continue to be uncovered -- either by legitimate researchers or cyber criminals -- that will affect not only XP, but other, still-supported editions. If hackers roll out successful exploits that hijack XP PCs because a patch was not forthcoming, those machines could, in turn, infect systems powered by newer versions of Windows.
But would Microsoft actually do what Cherry and Miller expect?
Not likely, said several other security experts today.
"I think they have to draw a line in the sand," said John Pescatore of Gartner. "They've supported XP longer than anything else, so they'd be pretty clean from the moral end."
Andrew Storms, director of security operations at nCircle Security, echoed Pescatore. "I don't see them changing their minds on this whatsoever," said Storms. "To do that, and alter their support lifecycle, would remove all credibility. Next, people still running Vista would say, 'They're not going to [end support].' And those people would hold onto Vista forever."
At some point, Pescatore and Storms said, users simply have to upgrade the OS, probably by buying a new PC. XP has had its run, and it's over. And Microsoft won't back down.
"I just don't think they will extend [XP] support again," said Wolfgang Kandek, CTO of Qualys. The case could be made, Kandek noted, that by continuing to supply patches to XP, Microsoft would be working "for the greater good." But he would be surprised if the Redmond, Wash. developer did so.
Windows XP lives
- US-CERT urges XP users to dump IE
- Perspective: Microsoft risks security reputation ruin by retiring XP
- Update: Microsoft reacts to XP upgrade critics with free file transfer tool
- No special treatment for China on XP, patches end April 8 in the PRC, too
- Microsoft misjudges customer loyalty with kill-XP plea
- Users mock Microsoft for asking their help on XP-to-Windows 8.1 upgrades
- Backlash slaps Microsoft's 'help-a-friend-dump-XP' plea
- Perspective: Microsoft asks for volunteers to join its kill-XP army
- Users postpone ditch-XP decision as Windows 8 runs to stay in place
- Microsoft retains weapon to silently scrub XP
- Best iPhone, iPad Business Apps for 2014
- 14 Tech Conventions You Should Attend in 2014
- 10 Desktop Apps to Power Your Windows PC
- How to Add New Job Skills Without Going Back to School
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts