Microsoft May End Antivirus Updates for Windows XP Too

A spokesperson for Microsoft told ZDnet that the company will not guarantee updates of its antimalware signature and engine after the Windows XP end of support date of April 8, 2014. The news arrives after Tim Rains, Director of Trustworthy Computing at Microsoft, explained why Windows XP and Office 2003 users will be left so vulnerable to attackers.

"Running antivirus on out of support operating systems is not an adequate solution to help protect against threats," the rep told ZDNet on Monday. "Running a well-protected solution starts with using modern software and hardware designed to help protect against today’s threat landscape."

"In addition, Microsoft recommends best practices to protect your PC such as:  1) running up to date antivirus, 2) regularly applying security updates for all software installed, and 3) using modern software that has advanced security technologies and is supported with regular security updates," the rep added.

Last week Rains said that Windows XP users are more vulnerable now than they were years ago because the company has steadily incorporated defensive technologies into Windows with each new version. According to the report, the only major technology Windows XP has is Data Execution Prevention, or DEP, which was improved in subsequent versions.

In a chart provided by Microsoft, the number of Common Vulnerabilities and Exposures (CVEs) mitigated by Windows XP's built-in DEP were finally surpassed by the CVEs that could bypass XP's baked in protection in 2011; by 2012, that bypassing number of CVEs appear to have doubled. Now imagine the number for 2013 and beyond, as unpatched vulnerabilities will begin to emerge after April 8, 2014, some of which will have been saved by hackers to use after the death of Windows XP.

Rains also points out that Microsoft will patch vulnerabilities in Windows Vista and above, but "malicious" researchers will likely reverse engineer these updates, test to see if they affect Windows XP -- which most of them will according to the report -- and write exploits for those vulnerabilities, targeting the older Windows XP platform.

Individuals and companies holding off on upgrading from Windows XP may want to reconsider, especially if they're handling private, sensitive data. This isn't a sales pitch, but more of a plea to move away from the dying platform to at least Windows 7, a sleeker and safer platform using newer technologies that help protect your sensitive information better than Windows XP.

Follow us @tomshardware, on Facebook and on Google+.

Create a new thread in the US News comments forum about this subject
This thread is closed for comments
23 comments
Comment from the forums
    Your comment
  • lp231
    XP is old, but there are other free ones like AVG and Avast
    4
  • jerm1027
    Anonymous said:
    XP is old, but there are other free ones like AVG and Avast


    As much as I'm skeptical of anything those folks have to say, they make a point. If you bothered reading the article, you'd know that one of the first things said was anti-virus wasn't enough. There are inherent vulnerabilities within the OS itself that, presumably, anti-virus can't protect against. Windows XP really doesn't have any built-in security outside of DEP, and that dated version can only do so much.
    Quote:
    In a chart provided by Microsoft, the number of Common Vulnerabilities and Exposures (CVEs) mitigated by Windows XP's built-in DEP were finally surpassed by the CVEs that could bypass XP's baked in protection in 2011; by 2012, that bypassing number of CVEs appear to have doubled. Now imagine the number for 2013 and beyond, as unpatched vulnerabilities will begin to emerge after April 8, 2014, some of which will have been saved by hackers to use after the death of Windows XP.
    0
  • fleakiller
    And what sucks for me on my work computer is that most crane and engine manufacturers software only work on XP.
    3