For the majority of PC users, Windows XP was a lot like a first car. It wasn’t perfect, but it got us around reliably, and lasted a lot longer than any of us expected. Microsoft released Windows XP on October 25th, 2001, which means Windows XP will be 12 years old next month. In dog years, that would be 72, and as we all know, PC operating systems don’t last as long as a good dog.
Microsoft is finally retiring Windows XP in April 2014, which means that any vulnerability in the operating system that is discovered after April 2014 will not be fixed. This is an important point in the life-cycle of an operating system, because it is estimated that about 33% of the world’s personal computers will still be running Windows XP at that time.
It doesn’t take an IT expert to figure out that this is going to create a windfall for the hacking community. Up till now, as soon as a vulnerability or exploit was discovered in Windows XP, Microsoft released a security update within a couple of weeks to address the bug. After April of next year, that is not going to happen.
The big risk is not just that those Windows XP machines will become more vulnerable, it’s that the entire networking infrastructure where they are connected becomes vulnerable as well.
Once a computer is remotely penetrated, and a hacker gains access to the network, all the information that was normally accessible to that PC is easily found, analyzed, and downloaded. This can include human resource records, financial records, customer files, etc. Think for a second what an experienced IT person could find on your network with physical access to any one of your PC’s.
The situation is even worse than you think. On a corporate network, all the PC’s are protected from the internet by a hardware firewall which filters traffic to and from the internet. Traffic on the inside of the network (from PC to Server or PC to PC) is generally NOT filtered, and in many corporate networks, the Windows Firewall is either turned off or set to allow all inbound traffic to the PC. This places the PC’s at significantly increased risk to other internal PC’s, which is why intrusion prevention is normally so important. Once a PC can be controlled by a remote hacker, they can put additional software on that PC that allows them to easily take over other PC’s.
From an IT perspective, it’s the equivalent of a billboard on I-95 with your physical address and alarm combination printed in nice bold letters.
Sadly, the engine on Windows XP is sputtering, the brakes are failing, and the tires are bald.
It is time to say goodbye.