There are no more lifelines. In a few days, Microsoft will pull the plug on Windows XP support for consumers. With no more updates or security patches available (other than some bare-bones malware support), it's forecast to be open season on the legacy operating system. But just how bad will the "Windows XPocalypse" be? We spoke to several security experts to find out.
The real risk: relentless attack
The end of support may not seem like a big deal. Windows XP has been under almost constant attack from malware and cyber criminals since it was released in 2001. Windows XP users have managed so far to defend themselves with relative success, so what will be different once Microsoft support ends?
Security experts predict a couple of scenarios. The more ominous is that attackers have already developed an arsenal of Windows XP "zero day" exploits, and they're just waiting until Microsoft support ends to unleash them.
While the deadline makes for good drama, some security folks reject the notion that attackers are lying in wait. "If the 'apocalypse' were going to happen, don't you think it would have already happened?" says Andrew Storms, director of DevOps for CloudPassage. He notes that with so little time for Microsoft to triage an exploit, develop a patch, and properly test it before April 8, it would be just as effective for those cybercriminals to launch their attacks now.
Some security experts predict cyber criminals will launch their attacks on XP before the body cools.
More likely is that cyber crooks will use every Patch Tuesday--Microsoft's monthly release of security fixes--as a new opportunity to find holes in Windows XP, because many of its vulnerabilities span all of the supported versions of Windows. Because Microsoft will continue to identify security holes in Windows Vista, Windows 7, and Windows 8, malicious developers can reverse-engineer the patches to locate the weakness, then check to see if that same vulnerability exists in Windows XP and develop an exploit for it.
'All vulnerabilities will live forever'
The mounting doomsday hype has the ring of that other acronymic apocalypse--Y2K. But TK Keanini, CTO of Lancope, says the comparison is inaccurate. "It is important to note that what takes place on April 8 is not like Y2K where something will break or suddenly have a vulnerability--it is the fact that any new vulnerability discovery cannot be fixed. ... any and all [Windows XP] vulnerabilities will live forever post April 8."
That should be alarming considering there are still hundreds of millions of machines using Windows XP, and new data from Fiberlink claims that 44 percent of businesses are still running the operating system in some capacity.
Sign up for CIO Asia eNewsletters.