iTnews

Cyber defence agency warns against using WinXP, IE in unison

By Steve Gold on Mar 13, 2014 10:00AM
Cyber defence agency warns against using WinXP, IE in unison

Combo "like removing both the belt and braces".

The US agency for cyber defence has added its weight to the rising tide of warnings about Windows XP going end of life on April 8.

It said users who are unable to stop using embedded versions of Windows XP should at least stop using Internet Explorer, and even then may have invalidated any cyber insurance that requires patch updates.

Despite the warning, the US Computer Emergency Readiness Team (US CERT) acknowledged the fact that some business - notably those that use embedded versions of XP - may have to remain with the ageing Windows operating system.

But it said if a business must use WinXP, then it should be using a more secure web browser client.

US-CERT's warning comes as a raft of organisations advise PC users to migrate to a more recent version of Windows as a matter of urgency.

According to Sarb Sembhi, an analyst and director of consulting with Incoming Thought, users of systems such as ATMs and CCTV platforms are quite likely to be using an embedded version of WinXP - with no real economic alternative open to them.

"It is going to be difficult for them to migrate away from these systems, but the good news here is that most embedded Windows XP users won't be using a browser interface, so they have nothing to fear from this announcement," he said.

Sembhi also warned, however, that businesses using any type of embedded WinXP system should check their cyber security insurance cover conditions, as most insurance of this type, he said, has a primary condition of software being fully patched and up to date.

"This could create problems after 8 April when Windows XP will no longer be patched by Microsoft," he said.

On top of this, the analyst cautioned that any organisation that is subject to security audit requirements - such as that mandated by PCI DSS - is unlikely to pass muster on its WinXP system when the operating system goes end of life next month.

"Normally I would say that, if a business conducts a regular risk analysis process in connection with its IT systems, then they should be okay to use an embedded WinXP system, but the insurance and audit issues may be a problem. And since Windows XP is so old, I doubt that many businesses are using a desktop version of the operating system at this late stage."

US-CERT has also warned against combining WinXP and MS-Office 2003 for similar security reasons.

“All software products have a life-cycle. End of support refers to the date when Microsoft no longer provides automatic fixes, updates, or online technical assistance,” the agency said in its advisory.

Analyst Bob Tarzey echoed Sarb Sembhi's note of caution, saying that all IT security IT has an element of `belt and braces' in it.

"US-CERT is right to advise against staying with XP, but if there is no short term choice, the advice to consider a non-Microsoft browser makes sense," he said, adding this was especially pertinent given the fact that most web browser clients are free to use.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, UK edition
Tags:
ielegacysecuritysoftwareunsupporteduscertwindows xp

Partner Content

"We're seeing some good policy put in place, but that's the exception"
Partner Content "We're seeing some good policy put in place, but that's the exception"
Security "mindset shift" needed to protect organisations
Promoted Content Security "mindset shift" needed to protect organisations
Alienated from your own data? You’re not alone
Promoted Content Alienated from your own data? You’re not alone
5 essential digital transformation ideas
Promoted Content 5 essential digital transformation ideas

Sponsored Whitepapers

Planning before the breach: You can’t protect what you can’t see
Planning before the breach: You can’t protect what you can’t see
Beyond FTP: Securing and Managing File Transfers
Beyond FTP: Securing and Managing File Transfers
NextGen Security Operations: A Roadmap for the Future
NextGen Security Operations: A Roadmap for the Future
Video: Watch Juniper talk about its Aston Martin partnership
Video: Watch Juniper talk about its Aston Martin partnership
Don’t pay the ransom: A three-step guide to ransomware protection
Don’t pay the ransom: A three-step guide to ransomware protection

Events

  • iTnews Benchmark Awards 2022 - Finalist Showcase
  • IoT Impact Conference
  • Cyber Security for Government Summit
By Steve Gold
Mar 13 2014
10:00AM
0 Comments

Related Articles

  • 5 essential digital transformation ideas
  • Heroku hackers got account passwords via OAuth token theft
  • Clean Energy Regulator swaps Fujitsu for Digital61
  • Patch now against Linux 'Nimbuspwn' root priv-esc bugs
Share on Twitter Share on Facebook Share on LinkedIn Share on Whatsapp Email A Friend

Most Read Articles

NBN Co sizes up six-figure customer exodus a year to fixed wireless

NBN Co sizes up six-figure customer exodus a year to fixed wireless

NBN Co to cut 160 applications under $200m IT simplification

NBN Co to cut 160 applications under $200m IT simplification

NBN Co's 250Mbps and gigabit growth is finally clear

NBN Co's 250Mbps and gigabit growth is finally clear

What to expect from the incoming Labor government

What to expect from the incoming Labor government

Digital Nation

COVER STORY: Data and IoT set digital agriculture on a sustainable future
COVER STORY: Data and IoT set digital agriculture on a sustainable future
COVER STORY: A Year in the Metaverse
COVER STORY: A Year in the Metaverse
Why do DeFi and DAOs matter to business?
Why do DeFi and DAOs matter to business?
CTO Juergen Mueller offers a glimpse into SAP's metaverse play
CTO Juergen Mueller offers a glimpse into SAP's metaverse play
Lendlease launches its own metaverse in Milan
Lendlease launches its own metaverse in Milan
All rights reserved. This material may not be published, broadcast, rewritten or redistributed in any form without prior authorisation.
Your use of this website constitutes acceptance of nextmedia's Privacy Policy and Terms & Conditions.