Although consumers have known it’s been coming for some time, the end now is looming – on April 8 – for company support, upgrades and work on Microsoft’s XP operating system.
No big deal, you say, you’ve already upgraded your laptop.
But computer security professionals still are calling it an “XPocalypse” because many complex networks at laboratories are based on XP. And the vast majority of Automated Teller Machines are running XP. And point of service machines, which are the devices you use when you swipe your credit or debit card to make purchases, are XP.
And medical records on XP systems may be exposed through data breaches that could run afoul of HIPAA regulations requiring those be kept secret.
Oh, and utility operators will face new security challenges when XP support ends because XP workstations are used widely in supervisory control and data acquisition (SCADA) systems and certain versions of utility software are certified to run on one, maybe two versions of an operating system, analysts say.
It’s all because Windows XP, which was introduced in 2001, is being abandoned.
The company made the same threat several years ago, but at that time customers rebelled. Several of the then “Big 8” accounting firms, led by Arthur Andersen and Arthur Young & Company, threatened to switch to a competing system, Linux, for their business needs. These companies had tens of thousands of machines running XP and they were not about to buy a new Microsoft operating system no one liked to replace it. Linux could be purchased at a fraction of the cost, if not free.
So Microsoft backed down on its XP plans then, but continued to develop more software, including Windows 7 and now Windows 8.
Last year the company decided that it was time to draw a line. Soon, those who still are using it, a population estimated at tens of millions across the U.S., will start seeing popup ads warning the end is coming.
What it actually means for consumers is that Microsoft will not issue any more security patches for any newly identified security holes in the system. (Less well publicized is the fact that on the same day, Microsoft will also stop patching Internet Explorer 8 and office suite Microsoft Office 2003, which could cause numerous problems for unprepared businesses and individuals who risk not being able to read older files as newer versions come on the market.)
So customers who decide not to upgrade their computer software will be subjecting themselves to increased risk of malware hitting their machines. These consequences can range from hackers stealing a person’s passwords, to lifting their personal information, to being redirected to malicious websites.
At a computer conference in Amsterdam last month, Microsoft revealed that the XP operating system already is six times more likely to be successfully hacked than the newer Windows 7 and Windows 8 systems.
“XP has been a beloved operating system for millions and millions of people around the world, but after 12 years of service it simply can’t mitigate the threats we’re seeing modern-day attackers use,” said Tim Rains, director of Microsoft Trustworthy Computing.
Since Windows 7 and 8 still will be getting fixes, when a new patch rolls out, hackers are expected to mark what the fault is, and find out whether it also exists in XP, analysts say.
Also, makers of peripheral components have not written newer software drivers for many of the printers, scanners and other devices attached to XP machines that would enable them to work with newer operating systems, meaning many devices will be heading to a landfill as newer devices are purchased.
And those existing systems dependent on XP will face a rugged future.
Warns CNN, “If banks fail to upgrade their ATMs to a newer version of Windows by April, customers might be at risk. If hackers discover new flaws in Windows XP, those bugs will go unaddressed, leaving attackers free to exploit them.”
At the Chaos Communications 30c3 conference last year, hackers demonstrated how they could gain physical access to a machine, install a USB stick with code into the ATM, then reboot and take over.
Experts say those who want to continue using the XP product they purchased should be backing up their computers regularly, and keep virus protection at a high level.
They also suggest a couple of simple tricks. For example, when buying merchandise online with an XP machine, it is good practice when entering a credit card number or password, to leave out a character or two.
“Then click back with a mouse to fill in the missing letters before pressing ‘enter,'” the experts advise. “This will make it harder for any key logging program to steal information.