Is Using Windows XP Really That Dangerous?

Brandon Dimmel's picture

Is it really that dangerous to continue using Windows XP?

Microsoft's Windows XP has officially been decommissioned as of April 8, 2014, meaning that Microsoft will not longer support the software insofar as security updates are concerned.

Without any security updates, Windows XP is extremely vulnerable to attack if and when an operating system exploit is discovered. And, even if one is discovered, it may or may not make headlines - which means most users running Windows XP simply won't be aware their system has been compromised. It's these types of attacks that are most dangerous, and are often referred to as zero-day exploits.

Security expert Andrew Storms at CloudPassage questioned the notion put forward by many security experts. They suggest that hackers have been waiting anxiously for the April 8, 2014 deadline in order to launch a series of attacks on Windows XP users - but, so far, that hasn't happened.

Dangers Wait Down the Road, Security Experts Say

TK Keanini, chief technology officer at Georgia-based data analysis firm Lancope, agrees that it's unlikely hackers are about to launch a doomsday attack on XP machines any time soon. But Keanini says the real dangers will be found in the future, perhaps when Windows XP users suspect them the least.

"It is important to note that ... [it] is not like [the year 2000 bug] where something will break or suddenly have a vulnerability," Keanini said. "It is the fact that any new vulnerability discovery cannot be fixed." (Source: pcworld.com)

Storms agrees that it's likely a serious attack will come someday down the road. In fact, Storms recommends isolating a Windows XP machine from a network, ensuring that any infection afflicting that system won't spread to others.

If a Windows XP machine is isolated from a network (both the Internet and public networks), it's reasonable to expect that the machine could function infection-free for quite some time. However, that is not true if the machine comes in contact with an infected CD, DVD, or USB device. That's exactly how the conficker worm spread back in 2008, which quickly spread to well over 9 million PCs in a very short amount of time.

Windows XP Users Should 'Upgrade As Soon As Possible'

In the long run, Keanini says most Windows XP users should plan to upgrade to a new operating system as soon as possible.

"If you have an XP [system] ... you need to treat it as if it were already dead and move quickly to get it replaced," Keanini said. "Pretend it caught fire, and you will be moving with the right amount of urgency."

Regardless, all security experts agree that Windows XP users should take extra special caution when storing their most sensitive information on their PCs -- such as banking and credit card data. At the very most, do not store sensitive information in documents or plain text files. This type of information should always be encrypted in order to help mitigate risk. Programs like Roboform are able to encrypt website passwords, including documents known as 'safe notes'.

Online Banking with Windows XP "Incredibly Dangerous"

"Skyrocketing online banking malware combined with a coming slew of never-to-be-patched vulnerabilities means that online banking on Windows XP is going to become incredibly dangerous soon," noted Christopher Budd, Trend Micro's threat communications manager.

"While that is a risk to the users of those Windows XP systems, in aggregate and in the end, it's those users' banks and financial institutions that face the greatest risks." (Source: cbc.ca)

What's Your Opinion?

Are you still using Windows XP and do you plan to update your system to another operating system any time soon? If you plan to stay with Windows XP, what precautions are you taking to help protect your system? Lastly, do you believe a major attack on Windows XP systems is coming, or do you think this is simply fear mongering designed to sell newer PCs and/or promote other operating systems?

Rate this article: 
Average: 3.9 (14 votes)

Comments

bern's picture

XP users provide a pool of countless millions of potential machines to launch easy DOS attacks and the such like. They are a threat to all other Windows users. If they become too popular a tool of nefarious groups, I can see Microsoft issues specific XP patches to help protect the majority of its users.

Dennis Faas's picture

It's only a matter of time until an exploit is discovered. Super stealthy exploits have already proven to slide right through existing defenses (that's why they're called "zero-day" exploits). Unfortunately, Firewall / Antivirus / Anti-malware cannot protect you against something it can't see or hasn't been programmed to see - it can only detect what it knows, whether it's signature based or heuristics.

nate04pa's picture

I agree that Windows XP will become increasingly susceptible to malware and attacks.

But, look at where most of the data breaches and attacks have occurred. They are on the other end - at the banks, major and online retailers and merchants, the government. No operating system can protect us from these attacks.

blueboxer2's picture

I like XP and don't like Windows7. But to keep up with today's file sizes, new hardware and connection types, and similar innovations, I must use my Win7 laptop as my main computer.

But I also have an XP Pro laptop, an XP Home laptop, and XP Home desktop. The latter is the main driver for my printer and supports the biggest screen. The Home laptop is smallest and lightest for travelling but no huge loss if stolen or damaged. The XP Pro is the most generally useful and fits in carry bags the Win7 won't. I have almost finished full image backups of all my computers using individual external hard discs. A local wifi hot spot gives hardware firewalling and of course the software firewalls are activated. All are passworded, with some upgrading planned. None are ever used for confidential information.

Beyond that, I am reviewing an already formidable defensive package to see which of the new generation of browsers, antivirus, and anti-malware offerings offer least internal conflict and strongest protection levels. And I have sandboxing in a couple of computers and to be added to the rest.

Since my exposure levels are low, my loss potentials low, my defences formidable and last-ditch (external backup)resources almost unassailable, I think I can afford to continue using XP when and where it suits me, and plan to abandon the machines only after mechanical failure such as broken screen or battery failure uneconomic to remedy.

gaelicfog's picture

Maybe the remaining big companies or cities and towns that keep their computers on all the time, need to bump up to Windows 7 or 8.1, but not my 2004 HP Desktop with XP, that may not be turned on for days at a time or when its on it may not be online. When Microsoft discontinued coverage for WINME years ago and even though WINME isn't WINXP, Microsoft came out with the same claim of hackers delight to feast on WINME and it never happened. I used my WINME as a downstairs backup until the summer of 2012 when I sold my house, so how many years was it with out coverage, 7-8 years? If I'm a hacker, I want to go after the sorry losers using Vista, then WIN7 or 8 or 8.1 or especially Apple. To me if WIN XP isn't hit in 12-18 months, forget about it!

drstove's picture

Depending on which article I read, it appears that there are still 25-35% of desktop computer and laptop users still running XP. With that many machines running XP, I would think some enterprising group would begin offering support for a small yearly fee. In fact, some former hackers who are very familiar with XP might decide to go legit and begin providing fixes instead of hacks.

jmd's picture

Linux or just a linux demo CD's much safer.

ththadsl's picture

I look after 4 desktop PCs and one laptop for a Historical Society.
Until recently the desktops were all XP and the laptop Win7. Last year I replaced one of the desktops with a new Win8 machine and earlier this year started to replace the others with Win7. I have successfully done this with one machine but the other 2 have become infected with Malware/Virus before I could complete the transformation.

This happened after Microsoft stopped updating "Security Essentials". I am not completely sure if this is the reason since other people have used these machines and I have no idea what they were doing.

You can see articles on my website, users.tpg.com.au/ththadsl about going from XP to Win7 and also about "Office 365 Home Premium"

cagner's picture

I think they want to sell more computer's. They have been in the news quite a bit lately. I do not use CD's or DVD's on my desktop PC. Do not click on a link in an e-mail. Believe that it is better to type the address in your browser. So, for now..I am going to keep my XP. Maybe later, I will consider a new PC.

kevinb478's picture

I have a windows XP machine but I would like to upgrade but my machine won't run the new os and I can't afford a new machine I barely make above min wage and have other bills to pay so can't afford another new machine and don't want to get one cause the one I have runs just fine I'm thinking that Microsoft just want people to go out and buy new computers with the new windows which i think is a waist of money when you have a perfectly good machine at home that works just fine

Dennis Faas's picture

Consider ditching Windows XP for Linux. It won't be the same (by far), but it will at least provide you with a secure and up to date environment. You can do just about everything with Linux you can with Windows, though the game playing / support definitely won't be the same.