Microsoft retreats from XP's antivirus kill notice
Throws Windows XP users a bone by extending Security Essentials' life until July 2015
Computerworld - Microsoft today backpedaled from earlier decisions and said it would extend a limited helping hand to Windows XP users by them offering antivirus signatures for Security Essentials for more than a year after it stops patching the aged OS.
The Redmond, Wash. company announced the change of heart on its website Wednesday.
"To help organizations complete their migrations, Microsoft will continue to provide updates to our anti-malware signatures and engine for Windows XP users through July 14, 2015," the company's Malware Protection Center team said.
Last year, Microsoft was adamant, saying it would stop serving signatures to XP users of Security Essentials, the free consumer-grade AV program that launched in 2008, when the OS reached its end of life on April 8. Earlier this month, Microsoft added that it would discontinue downloads of Security Essentials for Windows XP on the same last-patch date facing the operating system.
Microsoft will ship its final public security updates -- patches for known vulnerabilities -- in less than three months, ending nearly 13 years of support for the ultra-successful OS.
Because of that impending deadline, Microsoft has been urging customers to dump XP for a newer edition like Windows 7, Windows 8 or Windows 8.1.
The decision to drop Security Essentials and more importantly, halt the delivery of new signatures -- fingerprints, essentially, of newly-discovered malware that makes it possible for Microsoft's antivirus engine to detect and block those threats -- was seen by some as an arm-twisting tactic that would leave users even more vulnerable to attack after patches were no longer shipped to quash vulnerabilities in the code.
Virtually every third-party antivirus vendor will continue to ship signatures to customers running Windows XP long after Microsoft pulls the patch plug. In some cases, those vendors have committed to delivering new signatures for years, as Andreas Marx, the CEO of AV-Test told Computerworld earlier today.
After Microsoft's announcement, Marx cautioned Windows XP users against relying only on Security Essentials. His company, which regularly evaluates Windows security software, gave Microsoft's program a zero score for the obviously-important "Protection" category in tests run in late 2013.
"Security Essentials offers only the basic protection," said Marx today in an interview. "[On Windows XP], it detected only about four-fifths of the malware sample, letting one in five get through."
Microsoft made it plain that its reversal on Security Essentials and anti-malware signatures had no wider implication. "This does not affect the end-of-support date of Windows XP," the company said.
Security Essentials will continue to be available for download by Windows XP users from Microsoft's website only until April 8, 2014.
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer, on Google+ or subscribe to Gregg's RSS feed . His email address is email@example.com.
Windows XP lives
- XPocalypse, not now
- Windows XP hack resurrects patches for retired OS
- Bug bounty program outs 7-month-old IE zero-day
- CA Technologies releases free XP migration tool
- Windows XP's U.S. farewell tour to last most of '14
- Microsoft sticks to vow, leaves XP exposed to ongoing attacks
- Microsoft's Patch Tuesday gives XP attackers a roadmap
- Microsoft: We're serious this time; XP's dead to us
- Windows XP die-hards can slash attack risk by dumping IE
- Hackers now crave patches, and Microsoft's giving them just what they want
Read more about Windows in Computerworld's Windows Topic Center.
- Protecting Data in a Virtual World AppAssure helps organizations transform backup and recovery operations for virtual and hybrid environments.
- Mission Critical: Managing Mobile Applications & Content Smartphones, tablets and other mobile devices have become embedded in enterprise processes, thanks to the consumerization of IT and a new generation of...
- Securing Mobility, From Device to Network At one time, the process of managing and securing mobile devices and applications was fairly straightforward. Most organizations worried about one application (email)...
- Keep Servers Up and Running and Attackers in the Dark An SSL/TLS handshake requires at least 10 times more processing power on a server than on the client. SSL renegotiation attacks can readily...
- On Demand: Mastering the Art of Mobile Content Management Mobile device usage in the enterprise has skyrocketed, and it continues to escalate. IT must answer to users who demand access to their... All Windows White Papers | Webcasts