This article is part of an Essential Guide, our editor-selected collection of our best articles, videos and other content on this topic. Explore more in this guide:
1. - Ripped from the headlines: Windows XP security dangers: Read more in this section
- Microsoft urges businesses toward Windows XP upgrade
- Gartner: Get rid of Windows XP, quick
- Windows XP attacks will come, slowly, after patches end
- Windows XP POS systems pose huge PCI DSS compliance issue for merchants
- In Windows XP migrations, focus on application compatibility
- Some Windows XP enterprises not planning upgrades despite security risk
- Microsoft to continue XP antivirus updates beyond April 2014
Explore other sections in this guide:
- 2. - Windows XP end-of-life triage: XP security tactics
- 3. - Windows XP end-of-life transition: XP migration planning
Microsoft announced late Wednesday that customers running its Security Essentials antimalware software with its Windows XP operating system would continue to receive updates beyond the April 2014 cutoff for XP support.
"To help organizations complete their migrations, Microsoft will continue to provide updates to our antimalware signatures and engine for Windows XP users through July 14, 2015," said Microsoft's Malware Protection Center team in a blog post detailing the support extension.
The move is in part a reversal of Microsoft's decision to end all support for XP this year. For the average Windows XP user, this means that those using the vendor's Security Essentials antivirus suite will continue to receive new signatures, while enterprises that have yet to transition from XP can expect a number of Microsoft security products -- including System Center Endpoint Protection, Forefront Client Security, Forefront Endpoint Protection and Windows Intune -- to receive updates until at least next year.
The Redmond, Wash.-based software giant's decision comes just as the market share for Windows XP dipped below 30%, according to statistics from research firm Net Applications. XP's still-sizable market share led to Google and Mozilla stating that XP-compatible updates for their respective Web browsers will continue through at least 2015, while many third-party antimalware vendors had already planned to continue support for XP users past the end-of-support date.
Microsoft emphasized that XP's end-of-support date, now less than three months away, has not been affected. The company has been pleading with companies and users to migrate off of XP to more secure versions of Windows.
"Our research shows that the effectiveness of antimalware solutions on out-of-support operating systems is limited," said Microsoft's Malware Protection Center team. "Running a well-protected solution starts with using modern software and hardware designed to help protect against today's threat landscape."
While updates to Security Essentials will hopefully help XP users prevent infections on their machines, the effectiveness of Microsoft's antivirus software has been questioned in recent years: Independent IT-testing firm AV-TEST has consistently ranked it at the bottom of its home AV rankings. In June 2013, AV-TEST gave Security Essentials the lowest possible score in the "protection" category of its test. Microsoft has argued in the past that such results don't reflect real-world performance.
Regardless of one's opinion on the performance of Security Essentials, even XP users that choose to utilize third-party AV products will be left unsafe, according to Ken Baylor, research vice president for Austin, Texas-based NSS Labs. Baylor recently authored a report detailing the latest evolution of financial malware, in which he noted the increasingly sophisticated capabilities being utilized by malware authors.
Baylor specifically pointed to attackers' ability to drop hundreds of slightly different variants of malware in one attack as a particular blow against signature-based AV.
"[Traditional AV] is fairly useless. There are only two reasons that people still have it. One is for compliance reasons. If you want to get any sort of audit and you don't have antivirus software on there, it looks pretty bad," said Baylor. "And the other thing is, it's good for is identifying old malware. If you're looking for real defense against targeted malware, it doesn't work."