A spokesperson for Microsoft told ZDnet that the company will not guarantee updates of its antimalware signature and engine after the Windows XP end of support date of April 8, 2014. The news arrives after Tim Rains, Director of Trustworthy Computing at Microsoft, explained why Windows XP and Office 2003 users will be left so vulnerable to attackers.
"Running antivirus on out of support operating systems is not an adequate solution to help protect against threats," the rep told ZDNet on Monday. "Running a well-protected solution starts with using modern software and hardware designed to help protect against today’s threat landscape."
"In addition, Microsoft recommends best practices to protect your PC such as: 1) running up to date antivirus, 2) regularly applying security updates for all software installed, and 3) using modern software that has advanced security technologies and is supported with regular security updates," the rep added.
Last week Rains said that Windows XP users are more vulnerable now than they were years ago because the company has steadily incorporated defensive technologies into Windows with each new version. According to the report, the only major technology Windows XP has is Data Execution Prevention, or DEP, which was improved in subsequent versions.
In a chart provided by Microsoft, the number of Common Vulnerabilities and Exposures (CVEs) mitigated by Windows XP's built-in DEP were finally surpassed by the CVEs that could bypass XP's baked in protection in 2011; by 2012, that bypassing number of CVEs appear to have doubled. Now imagine the number for 2013 and beyond, as unpatched vulnerabilities will begin to emerge after April 8, 2014, some of which will have been saved by hackers to use after the death of Windows XP.
Rains also points out that Microsoft will patch vulnerabilities in Windows Vista and above, but "malicious" researchers will likely reverse engineer these updates, test to see if they affect Windows XP -- which most of them will according to the report -- and write exploits for those vulnerabilities, targeting the older Windows XP platform.
Individuals and companies holding off on upgrading from Windows XP may want to reconsider, especially if they're handling private, sensitive data. This isn't a sales pitch, but more of a plea to move away from the dying platform to at least Windows 7, a sleeker and safer platform using newer technologies that help protect your sensitive information better than Windows XP.