In an article published by the Wisconsin Law Journal, Michael Menor, a former military computer specialist and network engineer at Tech Experts in Monroe, Mich., indicated that hackers will likely pounce on Windows XP ten minutes after Microsoft pulls the plug on support this April 8, 2014.
With less than two months to go, Windows XP is still installed on 29 percent of the PCs worldwide. Chances are most of these individuals and businesses will not have moved to a more secure platform by the time Microsoft's cutoff date arrives.
Steve Treppa, principal consultant at CT Logic in Royal Oak, Mich., says the Windows XP problem is twofold.
"Obviously, Microsoft won't be [security] patching any more, but the other thing people are talking about is traditionally when Microsoft issues a patch, it's regressive to earlier versions," he said. "So the fear is the bad guys will see what the patches are for Windows 7 and 8 and go back to XP and exploit that patch, because Microsoft will not fix it."
He said Microsoft is reactive regarding patching in many cases; when a bug appears, the company fixes it. However, cyber criminals may actually be holding on to bugs and waiting for Microsoft to cease applying updates to Windows XP so that they can exploit those machines.
Last month, Microsoft acknowledged that it will "continue to provide updates to our antimalware signatures and engine for Windows XP users through July 14, 2015. This does not affect the end-of-support date of Windows XP, or the supportability of Windows XP for other Microsoft products, which deliver and apply those signatures."
Microsoft also warned that the effectiveness of antimalware solutions on out-of-support operating systems is "limited." The best way for customers to protect themselves is to use modern software (aka Windows 7 or Windows 8), regularly apply security updates for all software installed, and run up-to-date anti-virus software.
"Antimalware products have limited effectiveness on PCs that do not have the latest security updates," Microsoft warns on the Security Essentials product page (opens in new tab). "Therefore, after April 8, 2014, PCs running Windows XP should not be considered to be truly protected."
While all of this doom and gloom talk sounds like the Y2K event all over again, the world won't come to a screeching halt because many Windows XP users don't want to or can't upgrade to a newer platform before Microsoft's deadline.
"It's not like Y2K fears. They won't shut down, but we don't know about malware," Treppa said. "If it's true they are sitting on exploits [hacker intrusions], then it's hard to say what will happen. The best advice to give is to budget for PC replacement — now."