Windows XP Retirement: Essential Security Tips

On April 8, 2014, Windows XP SP3 and Office 2003 will be retired by Microsoft

Microsoft is urging all companies to update their operating systems.  The problem is that  for some companies it could take more than two years to upgrade. If your company still has systems running Windows XP, here are some important security tips.

Check Embedded Systems

Solution providers that work with embedded systems, such as ATM machines and point-of-sale terminals, should be checking in with longtime clients and upgrading systems. If the solution providers do not let the smaller merchants know that Windows XP is going into retirement, then they may unknowingly continue using outdated and poorly maintained equipment. This could cause major security issues. The good news is that most banks and payment processors monitor their customer base to address problems.

Antivirus and Anti-Malware programs

Microsoft said it would continue to support their antivirus software,  Microsoft Security Essentials (MSE), through July 14, 2015. Enterprise users will get updates for System Center Endpoint Protection, Forefront Client Security and Endpoint Protection, and Windows Intune running on XP, Microsoft said.

Windows XP will be supported by multiple antivirus programs such as Avast, Avira, AVG, Bitdefender and Comodo.  The programs will help protect against attacks targeting the browser, its components and other applications, but these antiviruses will not detect attacks that target vulnerabilities in the operating system.

Microsoft will continue to support the Malicious Software Removal Tool as part of its extension of MSE through 2015. The anti-malware utility checks Windows XP systems for infections and can help administrators remove malware.

Windows XP supports Data Execution Prevention, a feature that attempts to prevent exploits from executing in memory. The Enhanced Mitigation Experience Toolkit still will be supported past the April end-of-life. It can turn on additional security features that aren’t supported natively in Microsoft applications running on Windows XP. Unfortunately Windows has made for security measure available on newer OS that make the attacks less likelyon those systems and more likely on Windows XP.

Enhanced Mitigation Experience Toolkit

For organizations that can’t shed Windows XP due to a business-critical application, a tool is available to make attacking Windows XP significantly difficult for an external hacker. The Enhanced Mitigation Experience Toolkit can be enabled to help prevent memory corruption vulnerabilities from executing on the system. The tool may be too complicated to deploy and maintain on dozens of PCs, but on fewer systems, it would be manageable, say solution providers.

No New Patches

Once it ends support on April 8, Microsoft will not be issuing any patches for the operating system, leaving the potential for open vulnerabilities. The only time an exception might be made is if a quickly spreading attack had the potential to cause serious problems, say security experts.

Officially, don’t count on any new security updates. New security updates, nonsecurity hotfixes, free or paid assisted support options, or online technical content updates will come to an end, said Tim Rains, director of product management in Microsoft’s Trustworthy Computing group. “Since a security update will never become available for Windows XP to address these vulnerabilities, Windows XP essentially will have a “zero day” vulnerability forever,” Rains said.

Removing Windows XP From Internet Still Risky

Microsoft recently sent a memo to partners urging them to tell clients that segmenting off Windows XP systems from the Internet would not completely reduce the risk of attacks. The platform can be targeted by an attacker in a multistaged hack. If the isolated PC is still connected to systems internally, it can be used as a stepping stone to get to more sensitive areas of a corporate network.

Use Windows XP In A Virtual Environment

Windows XP can run in a virtual environment on a Windows 7 PC, enabling the client to get the added benefit of using a more modern operating system. This may be an option for some firms that have custom software that won’t run properly on Windows 7 or above.

IT administrators also can add whitelisting software to prevent code from executing on Windows XP systems, say some experts. Modern whitelisting sold by Bit9 and other vendors provides active monitoring over applications and systems, and can support physical or virtual workstations and servers. End users will be impacted by authorizing only mission-critical applications on XP systems, but the environment will be locked down to the point where executing code will be more difficult to carry out.

At the Orange County Computer^® Tech Repair Center, we have seen an increase in client web browsing difficulties using Internet Explorer, and consistent security breaches. These are just the start of the many issues to come in the near future. We are urging customers to upgrade to Windows 7 or Windows 8.1  if entirely possible.

For further information or guidance on upgrade options and security measures to implement for your company, contact a member of our Technical Support Team at (949) 699-6619 for the best solution that works for your organization.