A Q&A with Cristian Florian, Product Manager For GFI LanGuard On Security Implications & Planning Ahead
With Windows XP End of Life & End of Support just around the corner (8th of April 2014), companies around the globe are trying to understand what the implications will be for their business continuity and daily operations, while IT Managers and Administrators (not all) are preparing to deal with the impact on users, applications and systems.
At the same time, Microsoft is actively encouraging businesses to migrate to their latest desktop operating system, Windows 8.
One could say it’s a strategy game well played on Microsoft’s behalf, bound to produce millions of dollars in revenue, but where does this leave companies who are requested to make the hard choice and migrate their users to newer operating systems?
Do companies really need to rush and upgrade to Windows 7 or 8/8.1 before the deadline? Or do we need to simply step back for a moment and take things slowly in order to avoid mistakes that could cost our companies thousands or millions of dollars?
Parallel to the above thoughts, you might find yourself asking if software companies will continue deliver support and security patches for their products; a question that might be of greater significance for many companies.
To help provide some clear answers to the above, but also understand how companies are truly dealing with the Windows XP End of Life, Firewall.cx approached GFI’s LanGuard product manager, Cristian Florian, to ask some very interesting questions that will help us uncover what exactly is happening in the background… We are certain readers will find this interview extremely interesting and revealing….
Hello Cristian and thank you for accepting Firewall.cx’s invitation to help demystify the implications of Windows XP End of Life and its true impact to companies around the globe.
Thank you. Windows XP’s End of Life is a huge event and could have a significant security impact this year. So it will be important for companies to know what the risks are and how to mitigate them.
Is Microsoft the only company dropping support for Windows XP? Taking in consideration Windows XP still holds over 29% of the global market share for desktop operating systems (Source Wikipedia https://en.wikipedia.org/wiki/Usage_share_of_operating_systems
Feb. 2014), how are software companies likely to respond? Are they likely to follow Microsoft’s tactic?
A good number of companies have committed to support Windows XP beyond Microsoft’s End of Life date, but eventually they will have to drop support too. Although still high, the market share for Windows XP is showing a constant decline and once the deadline is reached, it will not take long before companies realize that it is no longer viable to dedicate resources to support and retain compatibility with Windows XP.
Google said that Chrome support for Windows XP will continue until April 2015. Adobe, however, will release the last version of Adobe Reader and Acrobat that still supports Windows XP in May 2014.
Microsoft will continue to provide antimalware definition updates for Windows XP until July 2015, and all major antivirus vendors will continue to support Windows XP for a period of time. Some of them have stated that they will support it until 2017 or 2018. Antivirus support is important for XP but one note of caution is that antivirus alone does not offer full protection for an operating system. So while supporting Windows XP is commendable, vendors need to be careful that they do not offer a false sense of security that could backfire on them and hurt their reputation.
GFI is a leader in Network Security Software, automating patching and vulnerability assessments for desktop & server operating systems. We would like to know how GFI will respond to Windows XP End of Life.
We are telling our customers and prospects that Windows XP will not be a safe operating system after April 8. As of this year, Windows XP systems now show up in GFI LanGuard’s dashboard as high security vulnerabilities for the network during vulnerability assessments.
We will continue to provide patch management support for Windows XP. For as long as customers use XP and vendors release updates compatible with the OS, we will do what we can to keep those systems updated and as secure as possible. What is important to note is that this is simply not enough. The necessary security updates for the operating system will no longer be available and these are crucial for the overall security of the system and the network.
A GFI LanGuard trial offers unlimited network discovery and it can be used to track free of charge all Windows XP systems on the network. IT admins can use these reports to create a migration plan to a different operating system.
Do IT Managers and Administrators really need to worry about security updates for their Windows XP operating system? Is there any alternative way to effectively protect their Windows XP operating systems?
If they have Windows XP systems, they should definitely be concerned.
In 2013 and the first quarter of 2014, Microsoft released 59 security bulletins for Windows XP; 31 of which are rated as critical. The National Vulnerability Database had reported 88 vulnerabilities for Windows XP in 2013, 47 of them, critical. A similar number of vulnerabilities is expected to be identified after April 8, but this time round, no patches will be available.
Part of the problem is due to the popularity of Windows XP. Because it is used so widely, it is a viable target for malware producers. It is highly probable that a number of exploits and known vulnerabilities have not been disclosed and will only be used after April 8 – when they know there won’t be any patch coming out of Microsoft.
There are only two options: either upgrade or retire the systems altogether. If they cannot be retired, they should be kept offline.
What do you believe will be the biggest problem for those who choose to stay with Windows XP?
There are three problems that arise if these systems are still connected to the Internet. First, each system on its own will be a target and prone to attack quite easily. Second, and this is of greater concern, is that machines running XP will be used as gateways into the entire network. They are the weakest link now in the chain and can also be hijacked to spread spam and malware and a conduit for DDoS attacks.
Third, compliance. Companies that are using operating systems not supported by the manufacturer are no longer compliant with security regulations such as PCI DSS, HIPAA, PSN CoCo and others. They can face legal action and worse if the network is breached.
GFI is well known in the IT Market for its security products and solutions. Your products are installed and trusted by hundreds and thousands of companies. Can you share with us what percentage of your customer database still runs the Windows XP operating system, even though we’ve got less than a month before its End of Life?
We have seen a marked decline in the number of XP users among our customers. A year ago, we were seeing up to 51% of machines using XP, with 41% having at least one XP system. Looking at the data this year, 17% are still using XP, with 36% having at least one Window XP system.