After attending no less than three shows and conferences in the last 10 days, I’ve been enjoying the luxury of a few days working in the office catching up with my emails, one of which was a missive from Microsoft with a copy of the software giant’s bi-annual Security Intelligence Report.
Amongst many statistics of interest, Redmond Inc. reveals that – during Q4-2013 – Windows XP computers had an infection rate of 2.42 per cent, compared to 3.24 per cent for Windows Vista and 2.59 per cent for Windows 7.
Hang on a minute, does that mean that Vista and Win7 machines had a higher propensity to suffer an infection than the end-of-life WinXP systems?
Analysing the figures confirms this to be the case. I am staggered.
Whilst at Infosecurity Europe show last week, in fact, I was intrigued to hear one analyst say that around 20 per cent of machines in active use in the Western World are still WinXP-based, even though official general support for the legacy operating system ceased on April the 8th.
Or did it?
Most of the majors I spoke with at the Infosecurity Europe show and Counter Terror Expo last week said they had done a deal with Microsoft for critical updates on their remaining WinXP machines for the next year.
At $200 a PC, this support ain’t cheap, but it is necessary if you are a bank with embedded WinXP-driven ATMs or a company with customised applications that will only run under the WinXP environment.
For all these players, migration is an expensive option – both from a cash investment and time perspective. Yes, the organisations concerned should have planned their migration earlier, but that is water under the corporate bridge.
But what operating system should companies migrate to?
I was intrigued to read my good friend and industry colleague Professor John Walker’s analysis this week on the options available to WinXP users, and agree his point that Windows 8 is not the shining paragon of brilliance that Microsoft portrays it to me.
As John says, this leaves us with the sensible option to migrate to the known stability of Windows 7 – or take a chance on Win8.1 and hope things will improve…
Windows XP – a glimmer of hope
There may be hope for WinXP users, however, as when the first serious flaw to hit WinXP in the post-end-of-life popped up late last month in the shape of an Internet Explorer flaw, Microsoft seems to have realised it needed to move.
In case you were down a mineshaft at the time, the flaw – which affects all versions of Internet Explorer from 6 to the latest version, 11 – allows attackers to assume full control over affected machines.
Initially, Microsoft said that it would only patch IE for Windows 7 users and later, but within a day or so of the flaw being discussed in the open, carried out a u-turn and issued an emergency security update to fix the zero-day flaw, including WinXP users in the patch landscape.
“We have made the decision to issue a security update for Windows XP users,” said Dustin Childs, group manager with response communications at Microsoft in a media statement.
“Windows XP is no longer supported by Microsoft, and we continue to encourage customers to migrate to a modern operating system, such as Windows 7 or 8.1. Additionally, customers are encouraged to upgrade to the latest version of Internet Explorer, IE 11,” he added.
So what happens now?
Well, next Tuesday is the first Patch Tuesday since April 8 and it seems that the patchfest will only apply to modern versions of Windows, leaving WinXP users out in the cold.
One corporate IT manager I spoke with, however, said that he was expecting to see a critical update patch next week for WinXP, as part of Microsoft’s paid-for corporate support program.
It will be interesting to see if this critical specialist WinXP patch package leaks out into the wild, as I’m fairly sure it will.
If these leaks gather momentum, it’s just possible that Microsoft may start offering its WinXP critical upgrades program to all WinXP users in return for a modest fee.
Or am I being too optimistic?
+SG