Microsoft's Head Fake on Windows XP Support -- Redmond Channel Partner

Bekker's Blog by Scott Bekker, Editor in Chief

Microsoft's Head Fake on Windows XP Support

Did Microsoft just blink on security support for Windows XP?

Windows XP's extended support phase officially ends on April 8. The company has used a lot of tough talk over the last few years to make sure that all customers know that deadline is coming and that it means that from April 9 onward, keeping Windows XP PCs online is an invitation to cyberattacks because there will be no more security updates from Redmond.

Beyond that, Microsoft has been running customer and partner campaigns with the messaging that no amount of patching would make the dozen-year-old Windows XP as secure as more modern OSes like Windows 7 and Windows 8, anyway.

Then comes the odd decision unveiled last week that Microsoft will continue to provide signatures for malware on Windows XP through July 14, 2015. Those signatures will be delivered through Microsoft security and management products like Forefront Client Security, Forefront Endpoint Protection, System Center Endpoint Protection, Windows Intune and the free Microsoft Security Essentials.

I'm concerned that Microsoft's least sophisticated customers will misinterpret this move as an extension of Windows XP support. It's not.

Security experts order the priority of security steps very clearly. It's operating system and application patches first, virus/malware protection software installation with regularly updated signatures second.

What Microsoft has not done is change its decision on whether to keep patching Windows XP after April 8. So far, all indications are that it won't -- and it will be open season for the creation of zero-day attacks for Windows XP. All that signature support through July 2015 won't help much with that. (See Kurt Mackie's in-depth report here for more.)

Microsoft's announcement of the decision acknowledged as much. "Our research shows that the effectiveness of antimalware solutions on out-of-support operating systems is limited," the Microsoft Malware Protection Center blog post stated. In explaining the strange decision, the blog post said the move was intended "to help organizations complete their migrations."

The bottom line is that Microsoft hasn't blinked on the most important part of Windows XP support. But it has done a head fake that's probably going to fool some of the reported 29 percent of remaining Windows XP users into thinking that it's OK to procrastinate a little bit longer.

The longer all those laggard organizations wait, the more dangerous the Internet is for them and, because of their infected zombie computers, for the rest of us.

Posted by Scott Bekker on January 22, 2014 at 9:40 AM

Free Webcast! Learn about Password Management Best Practices

Featured

The 2020 Microsoft Product Roadmap

From the next major update to Windows 10 to the next generations of .NET and PowerShell, here's what's on tap from Microsoft this year.
2020 Microsoft Conference Calendar: For Partners, IT Pros and Developers

Here's your guide to all the IT training sessions, partner meet-ups and annual Microsoft conferences you won't want to miss.
Group Pushes for Windows 7's Second Life as Free Software

An industry group is urging Microsoft to release its proprietary Windows 7 code as free software.
Azure Misconfiguration Exposes 250 Million Microsoft Customer Accounts

Microsoft warned users that their customer support case information may have been exposed at the end of 2019 due to security misconfigurations in an Azure-hosted database.

RCP Update

Email Address:

Country

Terms and Privacy Policy consent

Yes, I agree No, I don't agree

I agree to this site's Privacy Policy.

Bekker's Blog by Scott Bekker, Editor in Chief