Category Archives: Windows XP

Windows 7 Pro OEM available until at least February 2015

We previously posted about Microsoft fiddling with Windows 7’s lifecycle dates. At the time, it seemed clear that Microsoft would be foolish to stop making Windows 7 available to computer builders in October 2014 as originally stated.

Microsoft recently updated the lifecycle dates for Windows 7 again, and now Windows 7 Professional OEM will be available until at least February 23, 2015 (a year from today). No specific cut off date is provided on the lifecycle page for Windows 7 Pro, but a footnote states that Microsoft will provide at least one year of notice before any cut-off date is actually set.

Meanwhile, other versions of Windows 7 (Home, Ultimate) will no longer be available as of October 31, 2014, as originally planned.

Anyone still running Windows XP and planning to upgrade to Windows 7 will find that Win7 is no longer available in retail stores. And now we know that even OEM packages for all but the Pro version will stop being available in October 2014.

Another wrinkle in the demise of Windows XP support

According to NCR, who make 95% of them, most of their ATMs run on Windows XP. It’s difficult to predict whether the lack of security patches for that O/S after April will make those ATMs more vulnerable. Financial institutions are aware of this, and are planning to either upgrade their ATMs to Windows 7 or pay Microsoft for a support contract that includes patches for Windows XP after April.

No more updates for Security Essentials on Windows XP after April 8

Update 2014Jan16: Microsoft must have decided it could use some positive press, because they just decided to extend Security Essentials support on Windows XP until July 14, 2015.

Microsoft has confirmed that they will stop issuing updates for its anti-malware software Security Essentials on Windows XP systems after support for Windows XP expires on April 8, 2014.

While I’m sure this comes as no surprise to anyone, since Microsoft will no longer be issuing any patches for Windows XP past April 8, it’s an important consideration for anyone who plans to run Windows XP after that date. Anyone doing so should also stop using Security Essentials and install anti-malware software that will continue to receive updates.

Free alternatives to Security Essentials

Ars Technica has more.

Is your Windows XP computer booting slowly?

Windows XP computers with autoupdate enabled are taking longer and longer to boot. Microsoft has discovered a flaw in Windows Update that is slowing down the update process. As the list of available patches for Windows XP has grown over the years, the delays have increased exponentially. Microsoft tried to fix this flaw with recent updates to little effect. Ars Technica has more.

Windows XP NDProxy vulnerability remains unpatched

A serious vulnerability affecting Windows XP and Windows Server 2003 was recently discovered. Microsoft issued advisory 2914486 to warn users about the vulnerability and recommend workarounds, but so far has not released a patch.

This vulnerability is being actively exploited, through the use of a specially-crafted PDF file. Opening such a file on a computer running Windows XP can result in an attacker gaining access to the computer.

The single workaround suggested in advisory 2914486 has some undesirable side-effects, including disabling VPN. But it may be better than the alternative, especially for users who frequently receive and open PDF files on Windows XP computers.

The usual advice applies: exercise extreme caution when browsing the web, clicking links in email, opening email attachments and opening files from unknown sources. When in doubt, don’t do it.

A post on the SANS ISC Diary blog has more, including a warning that these types of vulnerabilities may become much more common after Microsoft stops supporting Windows XP in April 2014. SANS has even coined a term for this event: Winmageddon.

When Windows XP support ends…

After April 2014, it will no longer be possible to obtain security updates for Windows XP – unless you’re paying Microsoft a ton of money. This has some interesting ramifications.

Clearly, there will be renewed interest in the aging O/S as an attack target. New vulnerabilities will continue to appear, but will remain unpatched on most Windows XP computers. Tools that exploit these vulnerabilities will increase in value, resulting in a boom for anyone developing them.

Depending on how many XP systems remain after April 2014, and the number and seriousness of vulnerabilities discovered after that date, there may be some backlash against Microsoft. There may be calls to extend support for XP even further. It’s possible that as many as one third of all computers and devices will still be running XP after support expires.

If Microsoft declines to extent support, you can bet that any new patches they develop for XP will find their way into the hands of regular users through unauthorized torrents and underground web sites.

On the other hand, while keeping Windows XP patched is obviously an important part of an overall security plan, there are other ways to protect yourself. Most users these days connect to the Internet through a router/firewall, which – if configured correctly – makes it almost impossible for an attacker outside the router to identify or even detect a computer inside the router. So, while I’m not recommending that you ignore this problem (you should really upgrade to Windows 7), there may not be a reason to panic if you’re still running Windows XP next year.

Update 2013Aug21: Another ComputerWorld post on this subject, and a post from ZDNet.

Google Apps dropping support for Internet Explorer 8

Google recently announced that it will be dropping support for version 8 and earlier of Internet Explorer in Google Apps.

The change will occur shortly after the release of Internet Explorer 10, on November 15, 2012.

Internet Explorer 8 is the most recent version of the web browser that runs on Windows XP, so anyone who uses Internet Explorer on Windows XP to access Google Apps will need to switch to a different web browser, or upgrade to Windows 7 or 8 after November 15.

As predicted, Windows XP holdouts likely to upgrade to Windows 7

I’ve been saying for a while that corporate/business/enterprise customers are going to avoid Windows 8. IT departments have no interest in helping countless users re-learn Windows basics because of an ill-conceived and unavoidable user interface decision by Microsoft.

Enterprise IT folks are not interested in performing Windows upgrades on thousands of PCs unless there is a good reason to do so. When Microsoft stops developing security patches for Windows XP in April 2014, that will be a good reason to upgrade machines still running XP. Thankfully, there are alternatives to Windows 8.

After a lot of early problems with networking, compatibility and drivers with Windows 7, that O/S has emerged as the next go-to O/S for Windows-based PCs. Moving a user from Windows XP to Windows 7 will not involve a lot of re-training, drivers have matured, and software compatibility issues have mostly been resolved. Windows 7 sales are likely to exceed Windows 8 sales in the coming months, no matter what Microsoft does to encourage people to skip Windows 7.

Apparently, the attendees of a recent TechMentor conference held at Microsoft’s headquarters agree. According to those folks, Windows 7 is going to be the next Windows XP, with 7 assuming the mantle of ‘most solid and reliable Windows O/S’ for enterprise users.

My own plans are to evaluate Windows 8 on a test PC, but switch my Windows XP machines to Linux if possible, and Windows 7 if not. Windows 8 has a lot to prove before I will even consider using it on any of my main PCs.