Get Pricing For SunView Solutions

Review platform features & packaging to decide what best meets your needs.

IT Service Management

ChangeGear is an industry-leading ITSM platform that helps organizations to better track, manage, and deliver critical services.
Get Pricing

IT Operations Management

LivePulse offers out-of-the-box system and application monitoring essentials in the cloud.

Get Pricing

Windows XP and the Approach of Zero-Day

08/19/2013 by: The SunView Team

zero-day, Windows XP, Change Management

Is it finally time for you to replace your legacy Windows XP OS? If you believe that Microsoft is really, really, really going to stop supporting XP in April of 2014, then you are very late in your transition.

Every major change needs to be planned and implemented with care, not haste. If you are planning any major change, you need to have an ITIL-based change and release solution in your IT Organization. Looking for a solution, look at the offer below.

In the article by Gregg Keitzer, XP Z: Microsoft scares Windows XP users straight with undead bug warning, it becomes obvious that Microsoft will say anything to get the XP users to upgrade, and upgrade ASAP.

Microsoft yesterday warned Windows XP customers that they face never-patched, never-dead "zero-day" vulnerabilities if they don't dump the 12-year-old operating system before its April 2014 retirement deadline.
The article continues by quoting a long-time SANS security trainer.

He predicted that hackers would save their vulnerabilities until after XP's retirement, then unleash them on unprotected PCs.

"The very first month [after April 2014] that Microsoft releases security updates for supported versions of Windows, attackers will reverse-engineer those updates, find the vulnerabilities and test Windows XP to see if it shares those vulnerabilities," said Tim Rains, a director in Microsoft's Trustworthy Computing group, in a Thursday blog.

"If [XP shares the vulnerabilities], attackers will attempt to develop exploit code that can take advantage of those vulnerabilities on Windows XP. Since a security update will never become available for Windows XP to address these vulnerabilities, Windows XP will essentially have a 'zero day' vulnerability forever," Rains said.

Reverse-engineering of patches is a common practice by both security researchers and cyber criminals.

Once a patch is released - say for Windows 7 in May 2014 - hackers can do a code comparison between the updated and non-updated versions to locate the changes. With the changes in hand, astute researchers can figure out where the vulnerability was. Finally, they can use that information to poke around Windows XP to see if it, too, has buggy code similar to the non-patched Windows 7.

As Rains pointed out - and history has shown - it's certain that a number of the flaws fixed in the future in Windows Vista, Windows 7, even Windows 8, will also exist in Windows XP, if only because Microsoft has dragged copious amounts of legacy code, some pre-dating XP, into its newer OSes.

Wow, believe it or not, XP is going to be incredibly vulnerable, that means if you are running XP, and rely on if for your computer systems and your livelihood, hackers are going to come after you - seriously. From an earlier article from Keizer, Aged Windows XP costs 5x more to manage than Windows 7, he discusses the IT costs of running an aging OS.

On the IT side, the savings of Windows 7 mount dramatically, IDC said.

"IT activities account for 11.3 hours of time spent per PC per year when using Windows XP," the research group said. "Shops that have moved to Windows 7...spend 2.3 hours per PC per year on maintaining those systems."

IDC did the math, and concluded that for every 230 PCs running Windows 7 rather than XP, an organization could shift one full-time IT person to other work. Or conceivably do without him or her entirely.

The Microsoft-commissioned report also painted a rosy return-on-investment (ROI) picture for companies who do ditch XP for Windows 7. By IDC's calculations, the acquisition of a new PC - one where Windows 7 is retained as the OS rather than being downgraded to XP - pays for itself in one year and generates almost $1,000 more in savings from reduced IT costs and worker downtime over a three-year span.

"The migration from Windows XP to Windows 7 yields a 137% return on investment over a three-year period," claimed IDC.

So, the choice is up to you. Migrate NOW or risk "zero-day."

|