Mixed Signals: Microsoft extends Windows XP Security Essentials support to July 2015

Microsoft will kill support for Windows XP this April, but for those of you who are using antimalware products, Microsoft will continue supplying those signatures until July of 2015. This means that Microsoft’s Security Essentials will still be updated after the April cutoff date, but the underlying OS will remain vulnerable.

This is an interesting move as Microsoft has been pushing hard to get everyone off the aging OS. Seeing that they will continue to support Security Essentials past the support deadline sends mixed signals to consumers, as they will likely read that OS updates are no longer being distributed but that Security Essential support is still valid. Because the average consumer isn't very tech savvy, he or she could easily confuse this to mean that XP is still a supported and safe product to use if Security Essentials is installed.

The announcement came on Microsoft's Threat Research & Response Blog, though it does little to explain why they will provide additional support on XP after the April 2014 cutoff. In fact, they admit that "their research shows that the effectiveness of antimalware solutions on out-of-support operating systems is limited."

Microsoft will also be supporting System Center Endpoint Protection, Forefront Client Security, Forefront Endpoint Protection and Windows Intune running on Windows XP as well with antimalware support into July 2015 ts well. Again, this appears to undercut their push for the corporate entities to move off of XP as they will have supported products running on an unsupported OS.

Image via Microsoft

Report a problem with article
Previous Story

Chrome mobile update aims to reduce data usage

Next Story

Blackphone announced; claims to offer more security and privacy

41 Comments

Commenting is disabled on this article.

hopefully microsoft extend windows xp support, im still running xp on older machines that have less than 2gb of ram and wont run anything above xp, vista lagged like hell windows 7 may run it slow and i dont think that windows 8 and 8.1 run well on pc with 1gb or less of ram.

supporting MSE would be a good thing but microsoft really need to improve it they was the champ few years ago now they are not even trying

Ahh ... they've now changed it to something more accurate.

It was originally reported as Microsoft extending XP security updates until July 2015,
now they've edited the article to say it the "virus warnings" that are being extended.

This isnt mixed signals. This is the decent thing to do. There's virtually no extra overhead to provide definition updates to XP installs and the good of doing so far out-weighs the bad.

I've been on 100's of systems where people are using MSE and leave Windows updates left sitting. At least it's something to help protect these folks before the onslaught of attacks begin.

Hopefully this will also give Microsoft a chance to form a more elegant solution and educate and present options to average users of XP with MSE when they EOL MSE.

Mixed Signals: Microsoft extends Windows XP Security Essentials support to July 2015

Mixed Signals? The product uses the same detection and definitions that Forefront (aka System Center Endpoint Protection) and Windows 8 Defender; the only exception would be a significant update for enhanced protection not covered by the base technology.

These definitions and detection methods will continue to be updated for as long as Windows exists, so there is no reason they couldn't keep the XP version updated for a longer period to help with companies and users still in transition.

I don't know why they used an old image of the Microsoft Security Essentials, but I've just noticed - in my version of the software - that it's stated "Your PC is being monitored and protected" ...the first time I've noticed a message from NSA and Microsoft (about the protection part) on my computer

I don't understand why everybody is so worried about XP being EOL'd. 99% of the vulnerabilities are with IE. Most ppl don't use it anyway and if you are you should be switching to chrome or firefox. Security essentials pretty much sucks anyway. Install real antivirus software like kaspersky and anti malware like malwarebytes. Also get rid of java if you dont need it or at least keep it updates. Same with adobe flash and reader keep them updated. Practice safe browsing and email habits and ppl will be fine.

equifire said,
I don't understand why everybody is so worried about XP being EOL'd. 99% of the vulnerabilities are with IE. Most ppl don't use it anyway and if you are you should be switching to chrome or firefox. Security essentials pretty much sucks anyway. Install real antivirus software like kaspersky and anti malware like malwarebytes. Also get rid of java if you dont need it or at least keep it updates. Same with adobe flash and reader keep them updated. Practice safe browsing and email habits and ppl will be fine.

Wow straight out of 2004

In this decade IE has sandboxes (firefox still does not), whitelists, separate processes per tab with separation of privileges (firefox still does not have), double sandboxing at the kernel level (if you have Windows 8) for IE 10 and later, signed activeX controls, updated keys for activeX applets as well as IE (including down to IE 6), not to mention Windows 7 and later has ASLR, DEP, and other anti tampering redundancy built inside it that IE uses.

The vulnerabilities for XP look at everything that can't be locked down as XP is missing privilege separation and protection for its .dll that more modern versions of Windows have. It is easy even for someone not running as a local admin to get a file and that one can attach to a .dll that is running as admin so when the OS runs it the malware gets run at admin level as well.

These are great technical reasons to upgrade that the luddities who use XP do not know about about. XP and even Windows 8 gets many updates for vulnerabilities each month still. It is downright negligent to go on the internet regardless of browser or open a file from an email with XP after April 8th. Unless you have a very expensive support contract with extra custom patches from MS.

It is the very least that Microsoft can do to the huge business/enterprise customer base running XP and their critical applications.

Because 10+ yrs of support and patches was totally insignificant, not to mention the *free* WinXP VM they gave out to help with this transition...

kind of wished they didn't but it is not so bad. XP support doesn't mean apps that run on it won't be supported any more. technically xp security essentials is not part of the OS and if they find an OS exploit it cannot patch it, only try to prevent it from taking over the machine...which may not be possible. Any AV would do the same.

neonspark said,
kind of wished they didn't but it is not so bad. XP support doesn't mean apps that run on it won't be supported any more. technically xp security essentials is not part of the OS and if they find an OS exploit it cannot patch it, only try to prevent it from taking over the machine...which may not be possible. Any AV would do the same.

Not having security updates is like having a free health care plan but using no protection during sex. Sure it might help for somethings after the damage is done, but lord help you if you get herpes or aids.

Studio384 said,
This is probably only virus definitions and not new features that Windows Vista, 7 and 8 get.

It wont matter. MSE has no prevention that I am aware (someone can correct me if I am wrong) compared to other security suites. Since no security patches will exist the tool will just give a false sense of security. If it is rootkit infection it wont even detect a change! What a mess.

MS should make updates for corporate buyers like they do with XP. Many companies are sticking with XP and paying $250,000 a year plus extras in seats for continued updates as it is easier than to switch to Windows 7. Hospitals are prime candidates for this as they do not want to throw out there $300,000 MRI scanners that rely on IE 6 to upload images etc.

Now the XP die hards can say with a smile they are secure because MS essentials (essentially worse AV on the market) says updated and secure and tell me how much greater there OS is and do not take my XP AWAYY when I am at work. ... oh but I do not want any viruses. That's your job to proect me Mr. Computer guy etc.

I remember when it was catching things left and right. What happened? Combofix, MSE and Malwarebytes were my homies... I wouldn't even touch avast or avg (still don't).

I wonder which one stops those rouge antiviruses..

IntelliMoo said,
It's not really the worst per se, it's just the "good enough" one.

By far the biggest attack vector still remains the one sitting between the keyboard and the chair.

Thats very generous of them. They could have just killed it off and be done with it. That would leave lots of people really in the sh*t no patches or av. Seems like they are trying to stage it and give people more time. Will any of the other free providers such av - avast etc be going longer than July 2015 that's the question.

"their research shows that the effectiveness of antimalware solutions on out-of-support operating systems is limited."

So what they are effectively doing is providing a false sense of security.

The security updates should consist of daily messages "For security reasons you need to upgrade to a newer version of Windows or keep this computer disconnected from the Internet."

Why is the Security Essentials screenshot one from Windows 7? Hehe. Just being picky. It is incredible how many people are still using XP. 7 of my last 10 customers have been using XP. Then again, they were all in a retirement community so they are somewhat excused.