Microsoft reverses stance on Windows XP security

By on
Microsoft reverses stance on Windows XP security

Gives 15 month stay of execution.

Microsoft has backed off from previous statements on security updates being withdrawn when Windows XP gets to its intended end-of-life in April, offering an olive branch of antivirus signatures and security scanning from Security Essentials until at least July 2015.

Windows XP was due to go end-of-life on April 8 2014, meaning security patches would cease to be offered beyond that date.

But in a surprise statement from its Malware Protection Centre (MPC) issued late yesterday, Microsoft said it will continue to provide updates to its anti-malware signatures and engine for Windows XP users through until July 14 next year.

This is directly at odds with statements of late last year and even earlier this month, when Microsoft announced plans to cease Windows XP updates to its Security Essentials software, which was launched back in 2008, as well as cease updates to the version of Security Essentials.

In its MPC statement, Microsoft said its move "does not affect the end-of-support date of Windows XP, or the supportability of Windows XP for other Microsoft products, which deliver and apply those signatures."

"For enterprise customers, this applies to System Centre Endpoint Protection, Forefront Client Security, Forefront Endpoint Protection and Windows Intune running on Windows XP. For consumers, this applies to Microsoft Security Essentials," the statement read.

"Our research shows that the effectiveness of anti-malware solutions on out-of-support operating systems is limited. Running a well-protected solution starts with using modern software and hardware designed to help protect against today's threat landscape.

"Our goal is to provide great anti-malware solutions for our consumer and business customers. We will continue to work with our customers and partners in doing so, and help our customers complete their migrations as Windows XP end of life approaches," it added.

Many security vendors have indicated they expect a surge of attacks against Windows XP Service Pack 3-based systems after the end of support, based on observations of a similar surge when Windows XP SP2 support ended.

Bob Tarzey, an analyst and director with security and business analysis house Quocirca, said Microsoft recognised that users will continue to linger with their XP deployments.

“The problem Microsoft has with security is, that whatever warnings it issues, it will be blamed for security shortfalls that arise by Microsoft choosing to reduce protection to its users, so it is looking at damage limitation,” he said.

“Stopping 80 percent of malware is far better than stopping none; no signature based anti-virus tools is designed to identify zero-day malware, you need other tools for that. For `essentials' read `basic', such anti-virus programmes are a line of defence against mass market malware and no one should pretend that they can provide 100 percent protection,” he added.

IT security commentator Emil Protalinski said the software giant needs to push consumers and businesses off Windows XP to more secure products, and the best way to do that is to stick to its end of support date.

"On the other hand, there are still so many millions of Windows XP users out there that leaving them completely vulnerable could cause more harm than good," he noted in his security blog,

This article originally appeared at

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, UK edition

Most Read Articles

Log In

  |  Forgot your password?