Microsoft kicks elderly Windows XP when it's down

The company is stopping delivery of, or support for, multiple security products that enterprises use to stay safe.

Microsoft has stopped producing and distributing anti-malware signatures for its Security Essentials software installed on aged Windows XP PCs.

The July 14 deadline was announced a year and a half ago, when Microsoft backtracked from earlier decisions and said it would extend a hand to Windows XP users.

"To help organizations complete their migrations, Microsoft will continue to provide updates to our anti-malware signatures and engine for Windows XP users through July 14, 2015," the company's Malware Protection Center team said in January 2014.

Microsoft stopped downloads of Security Essentials itself -- the software, not the antivirus signatures, or "fingerprints" -- in April 2014, when it halted patches to the 2001 OS. Security Essentials is still available for Windows Vista and Windows 7 machines; in Windows 8 and 8.1, as well as Windows 10, Microsoft replaced Essentials with Windows Defender.

Corporations that still run Windows XP and have been trying to make it more secure using Microsoft's enterprise-grade anti-malware software are out of luck on multiple fronts. Windows XP signatures for these products have been halted, too: The discontinued Forefront Client Security and Forefront Endpoint Protection, as well as the rebranded malware sniffer, System Center Endpoint Protection.

Microsoft also bagged the Malicious Software Removal Tool (MSRT) for Windows XP on Tuesday. MSRT, distributed through Microsoft's Windows Update service and the business-grade Windows Server Update Service (WSUS) each month, eradicates select families of malware from machines. Unlike antivirus tools, it does not block malware from reaching the PC, but works as a janitor cleaning up malware's mess.

When Microsoft set the drop-dead for Security Essentials' signatures and MSRT, it may have hoped that Windows XP would have vanished by now: That hasn't happened.

In June, Windows XP still powered approximately 13% of all Windows personal computers worldwide, said analytics vendor Net Applications earlier this month. The 13% represented nearly 200 million systems.

But although Microsoft's called it quits with XP, third-party antivirus vendors have not. According to Andreas Marx, CEO of AV-Test, a German company that regularly evaluates antivirus products, most security firms will support Windows XP with software and signatures until at least January 2016. Marx has published a list of antivirus vendors' anticipated end-of-support dates for Windows XP.

For example, Trend Micro will support XP until Jan. 30, 2017 and Kaspersky until 2018. Symantec has yet to declare an end date. Meanwhile, Bitdefender today said it would support Windows XP until January 2016.

"We strongly recommend that all current XP users should start upgrading to a newer Windows version, not only because it becomes too much of a hassle finding compatible and up-to-date software or supporting security solutions, but because if anyone with a black hat finds a new security hole, Microsoft won't do anything about it anymore," said Liviu Arsene, a senior threat analyst at the Romania-based security company, referring to the April 2014 patch stoppage.

Join the CSO newsletter!

Error: Please check your email address.

Tags windows xpMicrosoftsecurity

More about KasperskyMicrosoftSymantecTrend Micro

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Gregg Keizer

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place