iTnews
  • Home
  • News
  • Technology
  • Security

Microsoft reverses stance on Windows XP security

By Steve Gold on Jan 17, 2014 6:38AM
Microsoft reverses stance on Windows XP security

Gives 15 month stay of execution.

Microsoft has backed off from previous statements on security updates being withdrawn when Windows XP gets to its intended end-of-life in April, offering an olive branch of antivirus signatures and security scanning from Security Essentials until at least July 2015.

Windows XP was due to go end-of-life on April 8 2014, meaning security patches would cease to be offered beyond that date.

But in a surprise statement from its Malware Protection Centre (MPC) issued late yesterday, Microsoft said it will continue to provide updates to its anti-malware signatures and engine for Windows XP users through until July 14 next year.

This is directly at odds with statements of late last year and even earlier this month, when Microsoft announced plans to cease Windows XP updates to its Security Essentials software, which was launched back in 2008, as well as cease updates to the version of Security Essentials.

In its MPC statement, Microsoft said its move "does not affect the end-of-support date of Windows XP, or the supportability of Windows XP for other Microsoft products, which deliver and apply those signatures."

"For enterprise customers, this applies to System Centre Endpoint Protection, Forefront Client Security, Forefront Endpoint Protection and Windows Intune running on Windows XP. For consumers, this applies to Microsoft Security Essentials," the statement read.

"Our research shows that the effectiveness of anti-malware solutions on out-of-support operating systems is limited. Running a well-protected solution starts with using modern software and hardware designed to help protect against today's threat landscape.

"Our goal is to provide great anti-malware solutions for our consumer and business customers. We will continue to work with our customers and partners in doing so, and help our customers complete their migrations as Windows XP end of life approaches," it added.

Many security vendors have indicated they expect a surge of attacks against Windows XP Service Pack 3-based systems after the end of support, based on observations of a similar surge when Windows XP SP2 support ended.

Bob Tarzey, an analyst and director with security and business analysis house Quocirca, said Microsoft recognised that users will continue to linger with their XP deployments.

“The problem Microsoft has with security is, that whatever warnings it issues, it will be blamed for security shortfalls that arise by Microsoft choosing to reduce protection to its users, so it is looking at damage limitation,” he said.

“Stopping 80 percent of malware is far better than stopping none; no signature based anti-virus tools is designed to identify zero-day malware, you need other tools for that. For `essentials' read `basic', such anti-virus programmes are a line of defence against mass market malware and no one should pretend that they can provide 100 percent protection,” he added.

IT security commentator Emil Protalinski said the software giant needs to push consumers and businesses off Windows XP to more secure products, and the best way to do that is to stick to its end of support date.

"On the other hand, there are still so many millions of Windows XP users out there that leaving them completely vulnerable could cause more harm than good," he noted in his security blog,

This article originally appeared at scmagazineuk.com

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, UK edition
Tags:
end of lifeit trendsmicrosoftsecurityupdateswindows 7windows 8windows xp

Partner Content

Why Genworth Australia embraced low-code software development
Promoted Content Why Genworth Australia embraced low-code software development
Why rethinking your CMS is crucial for customer retention
Promoted Content Why rethinking your CMS is crucial for customer retention
Security: Understanding the fundamentals of governance, risk & compliance
Promoted Content Security: Understanding the fundamentals of governance, risk & compliance
Avoiding CAPEX by making on-premise IT more cloud-like
Promoted Content Avoiding CAPEX by making on-premise IT more cloud-like

Sponsored Whitepapers

Free eBook: Digital Transformation 101 – for banks
Free eBook: Digital Transformation 101 – for banks
Why financial services need to tackle their Middle Office
Why financial services need to tackle their Middle Office
Learn: The latest way to transfer files between customers
Learn: The latest way to transfer files between customers
Extracting the value of data using Unified Observability
Extracting the value of data using Unified Observability
Planning before the breach: You can’t protect what you can’t see
Planning before the breach: You can’t protect what you can’t see

Events

  • Forrester Technology & Innovation Asia Pacific 2022
By Steve Gold
Jan 17 2014
6:38AM
0 Comments

Related Articles

  • Microsoft details massive phishing operation
  • Microsoft's monthly patch includes four serious bugs
  • Poor patching creates easy zero-day vulnerability reuse
  • Don't remove PowerShell: US, UK and NZ security agencies
Share on Twitter Share on Facebook Share on LinkedIn Share on Whatsapp Email A Friend

Most Read Articles

Telstra deregisters 900MHz sites “hindering” Optus 5G rollout

Telstra deregisters 900MHz sites “hindering” Optus 5G rollout

Aussie Broadband nears end of NBN PoI fibre rollout

Aussie Broadband nears end of NBN PoI fibre rollout

Australian court finds insurer not liable for ransomware clean-up costs

Australian court finds insurer not liable for ransomware clean-up costs

Defence, DEWR drop $160m on Microsoft software, Azure

Defence, DEWR drop $160m on Microsoft software, Azure

Digital Nation

Megatrends shaping the next 20 years: CSIRO
Megatrends shaping the next 20 years: CSIRO
COVER STORY: How KPMG, Mirvac and ASX use blockchain to build trust in the property sector
COVER STORY: How KPMG, Mirvac and ASX use blockchain to build trust in the property sector
Criteo to fork out $94.7m for consent breaches
Criteo to fork out $94.7m for consent breaches
Domino’s invests in observability for zero contact delivery
Domino’s invests in observability for zero contact delivery
Australia will lose 11 percent of jobs to automation by 2040: Forrester
Australia will lose 11 percent of jobs to automation by 2040: Forrester
All rights reserved. This material may not be published, broadcast, rewritten or redistributed in any form without prior authorisation.
Your use of this website constitutes acceptance of nextmedia's Privacy Policy and Terms & Conditions.