Blogs & Stories

Trustwave Blog

The Trustwave Blog empowers information security professionals to achieve new heights through expert insight that addresses hot topics, trends and challenges and defines best practices.

How to Survive After Windows XP Dies

"The art of dying graciously is nowhere advertised, in spite of the fact that its market potential is great." -Milton Mayer

It seems as though Windows XP has been with us for a lifetime. But one of the most commercially successful operating systems ever created has created a security conundrum.

As of April 8, after more than a dozen years, Microsoft is ending support for Windows XP. What does this mean? There will no more security updates, hotfixes or support available for users running XP.

None. Nada. Zilch.

Guess who is licking their chops? You guessed it, the bad guys. Attackers will be ready to pounce, with some reports suggesting adversaries have been amassing zero-day vulnerabilities, waiting for the not-too-distant day to come when Microsoft stops patching Windows XP.

According to the most recent NetMarketShare stats, Windows XP is still running on almost 30 percent of desktop systems.

That means three out of 10 systems will be sitting ducks without many options to properly protect themselves. How many of those systems transmit or store sensitive data? How many of those systems remain tucked away in the dark corner of your network?

For those that haven't already done so, businesses and individuals immediately need to develop a plan to discover if they have any systems still running Windows XP and determine a proper migration path. Will all of your applications be supported on a new version of Windows? Do you have the trained resources to determine which new vulnerabilities need to be mitigated in this process? Do applications need to be re-written?

Here are five recommended steps to take if you think you might be in trouble come April 8.

Identify all systems in your environment

This can be done as a manual process, but it might fail to identify hidden systems. For instance, did you know that Judy in the Topeka office connects her laptop to the network to stream music all day? Smart tools, including Trustwave TrustKeeper Agent, are available to help you quickly and accurately tag your systems.

Define system dependencies

Which applications or services still run on these Windows XP systems?

Create an upgrade path

Do all of your vendors support newer versions of your solutions? Do you need to go shopping? How much budget do you need?

Test. Test again. Keep on testing

How will all of these technical and procedural changes impact your security posture? Ask yourself candidly if you have the knowledge and tools to answer these questions.

Conduct a risk assessment

Once you've upgraded operating systems across your network, a risk assessment is a good way to ensure you have all of your ducks in a row. Risk assessments are recommended after any major environment change, as the risk profile changes.

One other deadline to keep in mind: If you're running Windows 7, mainstream support for that operating system is scheduled to end one year from this week.


Shortly after this blog was posted, Microsoft announced it will extend anti-malware support through July 14, 2015.

"This does not affect the end-of-support date of Windows XP, or the supportability of Windows XP for other Microsoft products, which deliver and apply those signatures. For enterprise customers, this applies to System Center Endpoint Protection, Forefront Client Security, Forefront Endpoint Protection and Windows Intune running on Windows XP. For consumers, this applies to Microsoft Security Essentials.

Greg Rosenberg is a security engineer at Trustwave