Microsoft's Head Fake on Windows XP Support -- Redmond Channel Partner

Bekker's Blog by Scott Bekker, Editor in Chief

Microsoft's Head Fake on Windows XP Support

Did Microsoft just blink on security support for Windows XP?

Windows XP's extended support phase officially ends on April 8. The company has used a lot of tough talk over the last few years to make sure that all customers know that deadline is coming and that it means that from April 9 onward, keeping Windows XP PCs online is an invitation to cyberattacks because there will be no more security updates from Redmond.

Beyond that, Microsoft has been running customer and partner campaigns with the messaging that no amount of patching would make the dozen-year-old Windows XP as secure as more modern OSes like Windows 7 and Windows 8, anyway.

Then comes the odd decision unveiled last week that Microsoft will continue to provide signatures for malware on Windows XP through July 14, 2015. Those signatures will be delivered through Microsoft security and management products like Forefront Client Security, Forefront Endpoint Protection, System Center Endpoint Protection, Windows Intune and the free Microsoft Security Essentials.

I'm concerned that Microsoft's least sophisticated customers will misinterpret this move as an extension of Windows XP support. It's not.

Security experts order the priority of security steps very clearly. It's operating system and application patches first, virus/malware protection software installation with regularly updated signatures second.

What Microsoft has not done is change its decision on whether to keep patching Windows XP after April 8. So far, all indications are that it won't -- and it will be open season for the creation of zero-day attacks for Windows XP. All that signature support through July 2015 won't help much with that. (See Kurt Mackie's in-depth report here for more.)

Microsoft's announcement of the decision acknowledged as much. "Our research shows that the effectiveness of antimalware solutions on out-of-support operating systems is limited," the Microsoft Malware Protection Center blog post stated. In explaining the strange decision, the blog post said the move was intended "to help organizations complete their migrations."

The bottom line is that Microsoft hasn't blinked on the most important part of Windows XP support. But it has done a head fake that's probably going to fool some of the reported 29 percent of remaining Windows XP users into thinking that it's OK to procrastinate a little bit longer.

The longer all those laggard organizations wait, the more dangerous the Internet is for them and, because of their infected zombie computers, for the rest of us.

Posted by Scott Bekker on January 22, 2014 at 9:40 AM

Featured

Microsoft Unveils Service To Keep Azure Connections Private

Azure Private Link, a new service designed to keep Azure service connections off the public Internet, is now available from Microsoft as a preview.
Microsoft Software Assurance Changes To Favor FastTrack

Some changes coming next year to Microsoft's Software Assurance licensing model will aim to steer organizations toward the FastTrack program for their training.
Microsoft Adds 10 Months to Exchange Server 2010's Support Window

Microsoft has changed Exchange Server 2010's end-of-support date to Oct. 13, 2020, about a 10-month extension from the original deadline.
2019 Microsoft Conference Calendar: For Partners, IT Pros and Developers

Here's your guide to all the IT training sessions, partner meet-ups and annual Microsoft conferences you won't want to miss this year.