By David Tuffley Yesterday 6:00 PM AEST
If you continue to use Windows XP after support ends, your computer will still work but it might become more vulnerable to security risks and viruses.
Open to attack
As in any ongoing war, when defenders withdraw from battle, attackers (and hackers) take advantage. They have almost certainly been making plans in anticipation of the day when millions of XP computers become more vulnerable. That day is April 8, 2014.
Microsoft’s director of trustworthy computing, Tim Rains, issued a statement last August warning that security patches for later versions of Windows could inadvertently give cyber-criminals the information they need to reverse-engineer a successful attack on unsupported versions of Windows.
This can happen because under the skin, there is a large amount of program code in common between the different versions of the Windows operating system. So patch the code for Windows 7 and 8 and you reveal a potential flaw in XP that won’t be patched.
It is true that up-to-date XP still has reasonable capability to withstand attack, and anti-virus and malware detection software can do a good job.
Nonetheless, the risks of being hacked will rise substantially, particularly when older iinternet browsers are still being used.
The Microsoft Security Intelligence Report goes into detail for those who are interested.
What can XP users do?
Individual users can take the obvious course of updating to a later version of Windows at their convenience (and Microsoft offers some advice here), or they might take the opportunity to switch to an alternative operating system. There’s several to choose from.
For those on a budget, the growing number of online retailers selling computers at close to wholesale prices is making the purchase of new or nearly new equipment surprisingly affordable.
For organisations though, particularly larger ones, the task of migration can be a lengthy one that requires months if not years to complete, not the days and weeks left to them before the sun sets on XP support.
For these folks, some timely advice for staying safe is in order.
Crash course in managing the risk of cyber-intrusion
The Information Security Manual, a publication of the Australian Signals Directorate (ASD) gives some useful advice for anyone wanting to protect themselves against the threat of cyber-attack.
◾ Application white-listing. Where a list of verified, trusted programs is created for the PC based on the job it is required to do. If these are the only programs permitted to be installed on the computer, then potentially dangerous programs (including Dynamic Link Libraries or DLLs), scripts and installers) can not be executed
◾ Patching applications. As soon as they become available, install updates and fixes to the white-listed applications, including Java, PDF viewer, web browser, Microsoft Office and others. Older versions of internet browsers are particularly vulnerable
◾ Patching operating systems. Automatically download and install the latest security patches and hot-fixes as soon as they become available. The ASD specifically recommends not using Windows XP due to the inherent risk
◾ Restrict administrator privileges. Only those people whose job requires them to install and make changes to operating systems and applications should have admin access.
If implemented, these four security measures have proved to be very effective.