This content is part of the Essential Guide: An enterprise guide to Windows XP security after end of updates for XP
News Stay informed about the latest enterprise technology news and product updates.

Microsoft to offer Windows XP antivirus updates past April 2014

Software giant Microsoft will extend Windows XP antivirus updates past the XP end-of-life date, but security patches are still slated to end in April.

Microsoft announced late Wednesday that customers running its Security Essentials antimalware software with its Windows XP operating system would continue to receive updates beyond the April 2014 cutoff for XP support.

"To help organizations complete their migrations, Microsoft will continue to provide updates to our antimalware signatures and engine for Windows XP users through July 14, 2015," said Microsoft's Malware Protection Center team in a blog post detailing the support extension.

The move is in part a reversal of Microsoft's decision to end all support for XP this year. For the average Windows XP user, this means that those using the vendor's Security Essentials antivirus suite will continue to receive new signatures, while enterprises that have yet to transition from XP can expect a number of Microsoft security products -- including System Center Endpoint Protection, Forefront Client Security, Forefront Endpoint Protection and Windows Intune -- to receive updates until at least next year.

The Redmond, Wash.-based software giant's decision comes just as the market share for Windows XP dipped below 30%, according to statistics from research firm Net Applications. XP's still-sizable market share led to Google and Mozilla stating that XP-compatible updates for their respective Web browsers will continue through at least 2015, while many third-party antimalware vendors had already planned to continue support for XP users past the end-of-support date.

Microsoft emphasized that XP's end-of-support date, now less than three months away, has not been affected. The company has been pleading with companies and users to migrate off of XP to more secure versions of Windows.

"Our research shows that the effectiveness of antimalware solutions on out-of-support operating systems is limited," said Microsoft's Malware Protection Center team. "Running a well-protected solution starts with using modern software and hardware designed to help protect against today's threat landscape."

While updates to Security Essentials will hopefully help XP users prevent infections on their machines, the effectiveness of Microsoft's antivirus software has been questioned in recent years: Independent IT-testing firm AV-TEST has consistently ranked it at the bottom of its home AV rankings. In June 2013, AV-TEST gave Security Essentials the lowest possible score in the "protection" category of its test. Microsoft has argued in the past that such results don't reflect real-world performance.

Regardless of one's opinion on the performance of Security Essentials, even XP users that choose to utilize third-party AV products will be left unsafe, according to Ken Baylor, research vice president for Austin, Texas-based NSS Labs. Baylor recently authored a report detailing the latest evolution of financial malware, in which he noted the increasingly sophisticated capabilities being utilized by malware authors.

Baylor specifically pointed to attackers' ability to drop hundreds of slightly different variants of malware in one attack as a particular blow against signature-based AV.

"[Traditional AV] is fairly useless. There are only two reasons that people still have it. One is for compliance reasons. If you want to get any sort of audit and you don't have antivirus software on there, it looks pretty bad," said Baylor. "And the other thing is, it's good for is identifying old malware. If you're looking for real defense against targeted malware, it doesn't work."

Dig Deeper on Microsoft Windows security

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

On this Windows XP machine with Microsoft Security Essentials installed, I received the following message from Microsoft "Support for this system is ending. When this occurs, the Microsoft Security Essentials will no longer be supported and your PC might be unprotected". So, now tell me who is right, the writer of the above article, or Microsoft.

And if Microsoft is right, then why are they promising support for the above MSE system beyond April 8 2014, but then they go back on their word. How can anyone trust them?
If you need a screen shot as proof, I can supply that.
That they will stop updating MSE and MRT Firewall can block threats that your antivirus may miss can prevent hackers from breaking into your computer
Sohow is absolutely correct - Not only did they stop windows update , whatever microsoft did crashed my XP computer. I have scrambled for 3 days to get the computer running again and rid myself of the problems caused on April 8th by microsoft. Now I am trying to figure out how to get Internet explorer off the machine for all the doomsday warnings