Problem solve Get help with specific problems with your technologies, process and projects.

Security for Windows XP: Knowing when to update a Windows version

Is Windows XP still secure enough for enterprise use, or should infosec pros be updating to more secure Windows versions as soon as possible? Threats expert Nick Lewis weighs in.

Gartner says enterprises should plan to eliminate Windows XP in their infrastructures by 2012. Where do you rank XP as a threat to enterprises? Given the number of exploits that have victimized it over the years, should enterprises seek to replace it sooner?
The end of Windows XP has been predicted for several years, and it may happen sooner than later, as Microsoft ceased supporting Windows XP SP2 as of July 13, 2010, and will eventually cease all support for security for Windows XP. But it's likely that even a complete lack of support is not going to get large enterprises to fully eliminate Windows XP from their infrastructures, given the sizable number of varied systems that use it -- such as embedded controllers, SCADA, or other types of specialized systems -- and the investment enterprises have made in such systems.

Continuing to maintain Windows XP or unsupported versions of Windows is a significant threat to enterprises, however, particularly in high-risk areas like those mentioned above, where Windows XP will most likely stay entrenched until other investments are made in upgrading infrastructure or equipment. These systems could be secured in many different ways -- such as running them on isolated networks -- but the recent Stuxnet Trojan targeting SCADA systems points out that many times these types of security controls are not effective and the systems are at a high risk.

Running Windows XP on general administrative staff desktops -- which could, nevertheless, be running a variety of other, more secure Windows versions or operating systems -- is not as big of a risk if the systems are otherwise adequately secured by running up-to-date antimalware or other security software that could block attacks, though such adequate security may still be difficult. An enterprise should evaluate the overhead and costs of maintaining older or unsupported versions of Windows (including the potential costs of a breach) as opposed to the effort and costs required to upgrade the Windows version.

There have been a significant number of exploits that victimized Windows XP, which have not had as severe an impact on newer versions of Windows, as newer versions feature many other security improvements that prevent these exploits or minimize the impact of exploits. Current versions of Windows should be seriously considered because of these improvements.

This was last published in July 2010

Dig Deeper on Microsoft Windows security

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.