The Final Countdown
There are 31 days in March.
So, counting from when this article was written, that gives almost exactly one month left until Windows XP gets its Goodbye, Farewell and Amen moment.
XP users will get security updates on Tuesday, 11 March 2014, as they have for just over ten years.
They’ll get scheduled security updates again on 08 April 2014.
And then that’s it.
No more updates, neither scheduled nor emergency, no support, no nothing.
From then on, as we’ve pointed out many times, if someone finds an vulnerability in XP they’ll be able to exploit it for ever.
It also means that the fixes that will be coming out for Windows 7 and 8 may end up helping hackers to zoom in on exploits in XP.
After all, a lot of code in the current versions of Windows has been carried forward, albeit with modifications, from XP.
Anyone who doubts the possibility that forthcoming fixes might act as “exploit signposts” for XP should take note of Apple’s recent troubles with SSL/TLS.
An important security fix for iOS got people asking, “Hey! I wonder if this hole is in OS X as well?”
It very quickly became obvious that OS X had exactly the same bug, forcing Apple to accelerate the release of waiting-in-the-wings OS X 10.9.2, and no doubt making Cupertino’s coders wish they had simply pushed out the iOS and OS X updates at the same time.
But Microsoft has no such option for Windows XP, which is officially retiring from public duty next month after 12 years of front line service.
So, Redmond has announced that from Saturday 08 March 2014, XP will openly start talking itself out of a job on your PC:
You’re probably wondering how XP knew, way back when it was first released, that it would be stepping down in April 2014.
It didn’t, of course: the popup is actually a side-effect of Windows Update.
Indeed, if you aren’t running Windows Update, or if updates on your computer are handled by your company from a locally-managed update server, you won’t see the dialog.
You can check for yourself, however, just in case you aren’t sure whether you still have XP or not – Microsoft has also announced a very focused-in-purpose website named amirunningxp.com.
Mac users can have hours, or at least seconds, of fun by visiting the site with Safari and grabbing a comedy screenshot:
XP users get a slightly different picture that will probably spur hoots of derision from diehard “We Shall Not Be Moved” XP fans.
The website wryly (or insultingly, depending on your point of view) depicts an abacus, a mechanical typewriter, a CRT (vacuum tube) monitor and a computer fitted – if you can believe it! – with a floppy disk drive:
Microsoft is also offering a free download of a cut-down version of Laplink’s PCMover software to help you migrate your data from your old XP PC to your new Windows 7 or 8 computer.
→ As far as we can tell, the PCMover tool requires you to have two computers already set up and connected to a network, so you can’t stage the data to a removable disk and load it to your new computer later. It handles your data, but not your apps – you’ll need the paid version for that.
If you install the PCMover software, you’re soon presented with a dialog like this:
That dialog is legitimate, and the numbers match those offered by Laplink itself on its official website.
But please watch out, and urge your friends and family to do the same.
You can well imagine that the crooks behind the fake support call scams – the guys who call up pretending to be “with Microsoft” to badger you into paying to get rid of a virus you don’t have – might try to take advantage of inexperienced users trying to make the move from XP.
If you’ve been using XP for years, and are going to make the switch to a newer version in the next month or so, then it’s likely you haven’t done an operating system upgrade or reinstall before.
So if you find yourself needing help, take advice on where to get it from someone you know and trust.
Don’t let yourself be badgered into accepting assistance from someone you don’t know who just happens to be on hand to provide it.
Letting unknown outsiders connect to your computer over the internet – on their say-so – is always a bad idea.
Here’s a podcast with some advice on how and why to say, “No!” to unsolicited offers of computer support:
What if you’re stuck with XP?
We know and accept that some of you will need to stick with XP even after it officially retires, at least on some of the computers in your organisation.
But you can reduce the ever-increasing security risk posed by those legacy computers in a number of ways, including:
- Segregating your network so you can fence off and lock down your XP computers more strictly. (You might like: Sophos Network Protection Guide.)
- Limiting the software you allow on your XP computers to reduce their exposure to danger. (You might like: Sophos Application Control.)
Here’s a podcast to help you consider all the issues and decide on the safest way forward:
Note. Sophos Endpoint Security and Control (SESC) will officially support Windows XP Service Packs 2 and 3 until at least 30 September 2015. SESC will support Windows Server 2003 until at least 31 Jan 2017. (Our support knowledgebase has a complete platform support list.)
Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/u_m2a22ijYo/