AV vendors buck Microsoft, will deliver Windows XP anti-malware signatures for years
Microsoft may want XP dead and buried, but AV rivals plan to support the OS for a long time
Computerworld - Windows XP owners can expect most antivirus vendors to continue providing them with up-to-date signatures long after Microsoft pulls its patch plug in April, but that won't keep their machines safe, an expert said today.
Microsoft will deliver its final public patches for Windows XP on April 8, less than three months from now, finally retiring the 13-year-old operating system, the most successful ever for the Redmond, Wash. developer.
That will leave users still running XP -- and there are hundreds of millions worldwide -- without a way to fix vulnerabilities that hackers can exploit with impunity.
"Antivirus cannot patch the underlying vulnerability," said Andreas Marx, CEO of AV-Test, a German company that regularly evaluates antivirus (AV) products for Windows. "There's nothing that AV can do to close those vulnerabilities, it can only limit malware spreading from one machine to another."
Although he urged XP users to upgrade to a newer and still-supported operating system -- whether Windows 7, 8 or 8.1 from Microsoft, OS X from Apple or Linux from the numerous distributors of the open-source OS -- Marx acknowledged that's not possible for everyone, much less in the limited time left before Microsoft calls it quits.
But by taking steps, XP owners can make their PCs, if not secure, at least safer to use.
"Internet Explorer [IE] and Outlook Express [an obsolete email client distributed with XP] will also no longer receive security fixes, so it will be very dangerous to continue using that browser and email client," said Marx.
Instead, people should switch to alternate browsers and email programs that will be patched after April, such as Google's Chrome, Mozilla's Firefox and Opera Software's Opera browsers. Google has promised to continue supporting Chrome on XP until at least April 2015, for example.
And while an AV program can't keep all threats at bay, Marx urged users to invest in one if they plan on running the older OS through 2014 and beyond.
"AV products will lose these battles [with malware makers] on XP sooner or later," said Marx. "XP will be like Swiss cheese. But you can still do things to protect the system."
Marx contacted more than 20 AV companies to find out whether they will continue to support XP with updated anti-malware signatures, and if so, for how long. Today Marx published that list on his AV-Test website, along with a call for other vendors to submit information so he can keep the count up to date.
Microsoft, for one, announced last year that it would stop serving signatures to XP users of Security Essentials, the free AV program that launched in 2008, and discontinue downloads of the software, after April 8. Today, however, Microsoft backtracked, extending Security Essentials' lifespan until July 14, 2015. It will provide free signature updates until that date as well.
But most third-party AV makers will keep churning out signatures for even longer, Marx found.
Kaspersky, BitDefender and Avira, for example, which placed 1-2-3 in AV-Test's September-October 2013 examination of AV products for Windows XP, have pledged to support consumers until 2018, January 2016 and April 2015, respectively. On the business side, Kaspersky, Symantec and Trend Micro products topped the list; Kaspersky will support its end-point AV software on XP until the second half of 2016, Trend Micro until Jan. 30, 2017. Symantec has not set an end date.
Windows XP lives
- XPocalypse, not now
- Windows XP hack resurrects patches for retired OS
- Bug bounty program outs 7-month-old IE zero-day
- CA Technologies releases free XP migration tool
- Windows XP's U.S. farewell tour to last most of '14
- Microsoft sticks to vow, leaves XP exposed to ongoing attacks
- Microsoft's Patch Tuesday gives XP attackers a roadmap
- Microsoft: We're serious this time; XP's dead to us
- Windows XP die-hards can slash attack risk by dumping IE
- Hackers now crave patches, and Microsoft's giving them just what they want
- Fight Malware, Malfeasance and Malingering Every year brings more extreme sets of threats than the last. The good news is that there are a range of mitigation options....
- Comprehensive Advanced Threat Defense The hot topic in the information security industry these days is "Advanced Threat Defense" (ATD). This paper describes a comprehensive, network-based approach to...
- Advanced Threat Defense: A Comprehensive Approach In this interview, Peter George, president, General Dynamics Fidelis Cybersecurity Solutions, explains why we need more than anti-malware, and what constitutes a comprehensive...
- Who's Spying on You? You're aware of the threats of malware to your business but what about the ever-changing ground rules? Cybercriminals today are launching attacks against...
- NSS Labs & Cisco Present: Evaluating Leading Breach Detection Systems Today's constantly evolving advanced malware and APTs can evade point-in-time defenses to penetrate networks. Security professionals must evolve their strategy in lockstep to...
- Will the Real Endpoint Threat Detection and Response Please Stand Up? This webinar explores new technologies & process for protecting endpoints from advanced attackers as well as the innovations that are pushing the envelope... All Malware and Vulnerabilities White Papers | Webcasts