Is hell about to break loose online?

The final set of "Patch Tuesday" security fixes for Windows XP will be released in six days.

In seven days, then, things might start getting ugly. If you still have an XP machine around, now is the time to deal with it.

For many years now, criminal organizations that specialize in this sort of thing have been quietly identifying exploits in common software (such as operating systems) – security holes that the software publisher does not yet know about, allowing carefully designed malware to get inside and take control. Usually, an exploit is good for only a short period before the hole is discovered, studied, and corrected by the software publisher.

Windows XP is ancient. Microsoft has repeatedly extended support for it – assigning programmers to find and fix security holes, then pushing those patches as Windows updates – but next week is the end of the line. Since this has been public knowledge for quite a while, malware authors have been quietly building collections of good exploits, waiting until the final Windows XP patch. After that happens, anything that uses the remaining security holes will be free to roam as it pleases, since those holes will never be fixed.

That wouldn't be much of an issue if people had moved away from XP, as Microsoft has been telling everone to do for years. But there might still be half a billion old XP boxes around. The individuals still using XP are generally not tech-savvy folks, and it would take a powerful combination of apathy, laziness and underfunding for a company to still be running XP in 2014. In other words, anything still running Windows XP at this point is probably poorly secured, poorly monitored, and an easy target.

In a short while, many (if not most) of those XP boxes will be playing host to every kind of nasty malware that modern criminal ingenuity can dream up.

There's nothing Microsoft can do about this. It's just not possible to secure Windows XP against modern threats; the operating system's entire architecture is contradictory to that goal. And Microsoft has already put its best possible fix out there: Windows 7, which runs just fine on any machine that can run a patched-up XP, and which will be supported with new security patches until 2020.

What You Need To Do

The only safe way to run an XP box after next week will be to disconnect it completely from the network, or to have it behind an enterprise-grade firewall. (No, your home WiFi / router / firewall / magic box will not do the job.) Security packages from AVG, Symantec and others might continue to provide some protection for a little longer, but they can't do much about gaping holes in the core of the operating system itself.

If you are still on XP, and you can afford to buy a new computer, now is the time to do it.

If you are still on XP, and a new computer is not in the cards, it's time to either upgrade to Windows 7 or start learning GNU/Linux. (Mint is really quite good, it's ready to roll out of the box, and anyone familiar with WinXP can learn it in a few hours.)

If your company has a critical application that only runs in XP, you are now screwed. You can try to deploy that app in locked-down XP virtual machines, carefully isolated from the real world. Or you can pay to have the application fixed, like you should have done four years ago. But if you leave XP desktops as they are, you will – as they say – be p0wned.



Add new comment