Author Topic: Disconnecting Windows XP From The Internet Is No Guarantee Of Security  (Read 1455 times)

Offline javajolt

  • Administrator
  • Hero Member
  • *****
  • Posts: 35125
  • Gender: Male
  • I Do Windows
    • windows10newsinfo.com
With the Windows XP retirement looming, the user base is scurrying around to look for options beyond the retirement date. The biggest concern for companies and individuals is data security.

Microsoft will stop releasing updates and security patches for the old operating system after April 8, 2014, and has recommended Windows XP users to upgrade to a new version as soon as possible. A substantial amount is doing so, but there are a few that believe cutting off the Internet is also a solution.

I mean, no connectivity means no attacks, right?

Redmond thinks otherwise. In a document delivered to partners, Microsoft says that even without Internet access, a Windows XP machine could still be vulnerable to other types of attacks:

Quote
“Being disconnected to an internal network, or using a USB or CD to transfer information, may reduce the attack surface but will still leave you vulnerable to several types of attacks once support ends. Aside from a few special situations, keeping your Windows XP machine in a sealed room on its own is not the right choice for your business.”
Additionally, there has been a lot of talk about installing antivirus solutions that will support Windows XP beyond retirement, but Microsoft says that hackers and cybercriminals would attempt to exploit any and all vulnerabilities in the platform left unpatched by the company:

Quote
“We won’t sugarcoat it: If you are running Windows XP after April 8, 2014, you are putting your business at risk — and please don’t believe anyone who claims that quick fixes can replace a critical OS update.”
In other words, upgrading to a newer version of Windows (preferably Windows 8.1) is best solution for businesses if they want to stay on the safe side. Half cooked measures will just not cut it.

With less than three months remaining on the clock, the Windows XP user base have to make a decision, and make a decision fast. It does not take long for security threats to spread.

source:eyeonwindows


Offline fdhealy4

  • Jr. Member
  • **
  • Posts: 53
  • Gender: Male
Disconnecting Windows XP From The Internet Is No Guarantee Of Security
« Reply #1 on: January 24, 2014, 07:40:33 PM »
Arkoon To Offer Windows XP Security Update Service
Dale

Offline javajolt

  • Administrator
  • Hero Member
  • *****
  • Posts: 35125
  • Gender: Male
  • I Do Windows
    • windows10newsinfo.com
Disconnecting Windows XP From The Internet Is No Guarantee Of Security
« Reply #2 on: January 24, 2014, 08:06:01 PM »
One limitation to Arkoon's approach is that only Microsoft can update the Windows XP kernel, so the level of patch support isn't the same.

Just like playing Russian roulette, Anybody using WindowsXP after it is no longer supported gets what they deserve.
« Last Edit: January 24, 2014, 08:15:07 PM by javajolt »


Offline javajolt

  • Administrator
  • Hero Member
  • *****
  • Posts: 35125
  • Gender: Male
  • I Do Windows
    • windows10newsinfo.com
Disconnecting Windows XP From The Internet Is No Guarantee Of Security
« Reply #3 on: January 24, 2014, 08:12:51 PM »
 ExtendedXP

Microsoft will be discontinuing all support, patch and security update services for all Windows XP computers as of April 8, 2014.  The consequences in terms of security risks and exposures are significant.

In order to be able to attack an updated and patched computer, a cyber-criminal  usually needs to mobilize important resources to succeed in developing, locating or purchasing a Zero Day flaw. This challenge and the cost are the only factors limiting the volume of such attacks which are normally used by only the most sophisticated hackers.

For Windows XP after April 2014, there will be no need for a cyber-criminal to be an expert in vulnerability research: all he/she will have to do is wait for a vulnerability to become public and then utilize that information to inexpensively implement malware targeted to take advantage of the flaw.  There will no longer be “Patch Tuesdays” from Microsoft where fixes for known vulnerabilities are released by Microsoft.  In Microsoft’s own words:

Per our long established product support lifecycle, after April 8, 2014, Windows XP SP3 users will no longer receive new security updates, non-security hotfixes, free or paid assisted support options or online technical content updates.  This means that any new vulnerabilities discovered in Windows XP after its end of life will not be addressed by new security updates by Microsoft.  Moving forward, this will likely make it easier for attackers to successfully compromise Windows XP-based systems using exploits for unpatched vulnerabilities. In this scenario, antimalware software and other security mitigations are severely disadvantaged over time and will become increasingly unable to protect the Windows XP platform. Tim Rains Microsoft, April 9, 2013

Thus, the number of hackers able to efficiently attack Windows XP will drastically increase. Clearly, computers still using the XP operating system will be subject to a significantly increased volume of attacks after April 8, 2014 with no defenses available from Microsoft.

However, all surveys agree that widespread use of Windows XP will go on beyond the Microsoft support termination date. Between ongoing lengthy OS upgrade projects with limitation of budget and staff and computers that cannot be migrated – production, SCADA, application incompatibility with Windows 7/8, etc. – the number of workstations using XP on into the future is forecasted to remain high.  Estimates suggest that from 15% – 30% of all PCs will still be using XP through 2014 and beyond. For many organizations there is no practical or financially viable option to consider stopping or migrating these systems but it is also vital to ensure that they are operating in a secure environment.

For some larger organizations there may be an option to have some limited XP security support from Microsoft but it is projected to be quite expensive and reactive.  This has created a significant dilemma for many organizations:  How can they continue to use computers running XP while staying secure, protecting their data and staying compliant with a variety of regulatory requirements – without facing exorbitant costs?

Attentive to its clients’ needs and aware of this critical security issue, Arkoon has designed a solution customized to address the “going forward” XP security problem. The ExtendedXP Service is built on the industry leading Arkoon endpoint security products and services that are already protecting leading organizations around the world.  ExtendedXP (EXP) is the only solution on the market to date which will allow for effective proactive protection of Windows XP workstations after April 2014.

ExtendedXP combines the best of the StormShield HIPS technology with an innovative monitoring service.  Subscribers to the service will benefit both from proactive protection against unpatched vulnerability exploitation on the protected computer and from a service which will warn them of any newly identified flaws, keep them informed on the efficiency of their infrastructure proactive protection system and, if appropriate, make suggestions about any necessary measures that need to be taken.  The combination of the leading behavioral protection technology in the world protecting the XP computer and a dedicated team of cyber-security experts monitoring that state of XP vulnerability combining information gathered worldwide to share with the EXP clients ensures the security of these computers.

EXP will provide a much higher level of security for the XP OS and many of the applications that will be running on an XP computer without the need for signatures, patches, updates, etc.  In addition to real-time identifying and stopping attacks against Microsoft flaws, the service component will be monitoring the overall XP threat environment worldwide and sharing that information back to all of EXP clients along with best practices to use StormShield to stop the new identified attacks and address the flaws that are discovered.  Last, the EXP protections are being offered at a significantly more attractive price than the announced XP support program available from Microsoft.

The result:

• Organizations will still be able to use their XP computers, securely, on into the future either as an ongoing protection or as a bridge until they migrate to Windows 7 or 8.

• They will have better security on their XP computers than they will be able to get from Microsoft – no waiting weeks or months for a security flaw patch plus the option of coverage for applications like Adobe, Java, other browsers, etc.

• Organizations will be able to maintain IT regulatory certifications while still using XP.

• They will have this enhanced security at a price that is much less than the fees that Microsoft will be charging along with flexible commitment time terms.

ExtendedXP Documentation


Offline javajolt

  • Administrator
  • Hero Member
  • *****
  • Posts: 35125
  • Gender: Male
  • I Do Windows
    • windows10newsinfo.com
Disconnecting Windows XP From The Internet Is No Guarantee Of Security
« Reply #4 on: January 24, 2014, 08:26:29 PM »
"Arkoon To Offer Windows XP Security Update Service" at what cost though?

What might the possible cost be for a single home user?

Covering hundreds of PC computer contract terms , EXP agent annual service fee of approximately $ 15 per computer . If a customer's PC larger number of computers , you can also have a certain margin of preference .
 
The software is available in three different versions : the first version of the Windows XP operating system contains , IE browser and Microsoft Office Suite ; Second Edition delivers Adobe Flash, Mozilla Firefox and Google ( microblogging ) Chrome browser ; Third kind version is designed for Adobe Reader and Java build .

In addition, it can provide a customized version.
 
"If you buy 100 copies of the software , its service price is $ 15 per computer , if you buy 50,000 copies, then its price will be lower ."