IT Support Blog for Small Business Owners

Migrate off of Windows XP: a new Internet Explorer exploit

Posted by David S. Mulvey on Tue, Apr 29, 2014

Internet Explorer ExploitA new wave of targeted attacks against serious vulnerabilities in Internet Explorer have exposed the increased risk facing organizations still clinging onto Windows XP (the ten year old operating system that Microsoft stopped supporting this month.) To that point, Microsoft issued a security advisory on Sunday, warning that every supported version of Internet Explorer is impacted by the vulnerabilities. One thing is almost a certainty; Windows XP users won't likely receive the critical updates from Microsoft.

Microsoft has said for a few years now why you need to move off of XP, these kinds of vulnerabilities are going to continue to exist and if you're running on an unsupported operating system you are going to be increasingly exposed to more threats over time. Unfortunately businesses continue to cling onto Microsoft Windows XP and despite declining numbers, ANP still have an estimated 10 percent of businesses have systems running the retired operating system. I believe its security events like these that give IT management some additional ammunition to show there is some risky exposure to the business. I often see it’s difficult for IT to get the businesses to spend money on an operating system upgrade unless the owner sees tangible benefits. This should be a red flag for the business owner! It's an example of what is going to happen continually over the next two to three years if businesses don't upgrade and retire Windows XP.

A few months ago ANP suggested a mixture of application white listing, network VLAN segmentation and other measures to restrict Windows XP systems (that are still in production within your company) and isolate them from critical parts of your network such as your server farm. Businesses also need to proactively monitor the networks to ensure that architecture changes don't introduce a way for attackers and viruses to move from one network segment to another.

All users, including those still running Windows XP, need to consider an alternate browser to effectively negate the specific attack; I personally prefer Google Chrome to Internet Explorer and use it on my PCs and Mac’s. But there are other browser alternatives, such as Mozilla Firefox. On Sunday Microsoft was suggesting deploying their Enhanced Mitigation Experience Toolkit; and although it is a good solution, it’s a huge amount of deployment work plus care and feeding of the application to continue to get the benefit it can provide. I keep asking myself, why bother with these expensive, difficult and time consuming work-around solutions? Why not either upgrade your XP machines to Windows 7 or if the machine is really old (greater than 5 years) then simply replace it with a new OEM version of Windows 7 on a new PC?

Please let me know if we can help you in any way in regards to mitigating Windows XP issues.

 

What A Business Owner Should Expect From Outsourcing

Topics: End of support for windows XP, Internet Explorer exploit

Dreaded Deadlines April 15 “Taxes” and April 8 “End of XP IT Support”

Posted by Scott Persechino on Sun, Jan 19, 2014

no xp support resized 600The deadline we are typically concerned about in April is the 15th – Tax Day.  Here in calendar year 2014, business owners, IT personnel, and IT outsourcers are also preoccupied with another deadline, this one on April 8th – the end of Microsoft XP Support.  If you have not already heard, on April 8th, 2014, Microsoft will officially end Windows XP operating system’s life cycle. Microsoft has stated that it will no longer sell or support Windows XP and Office 2003.

There will be no automatic fixes, updates, free assisted online technical support, or security updates.  And if the statistics are anywhere near correct, experts are stating that for businesses with 5-250 employees, only 55% of them know about the end of XP, and 70% have no idea what migrating off XP will involve, or how it will impact their business!  This is pretty scary stuff—today is January 19th!  How many employees are in your company?  Do you have a plan?  If not, please take this situation seriously, because if any of your computers are still running XP, your business could be negatively impacted, with some very serious consequences.  Consider the following items and the potential impact to your business:   

  • Security Risks: Without question, XP security vulnerabilities present the greatest threat to your business. Without the security enhancements provided by an updated XP operating system, all of your business data and personal information are subject to harmful viruses and spy ware.  On April 9th, hackers will very likely have more information about vulnerabilities in Windows XP than the IT folks who are trying to protect the computers still running this operating system.  In fact, there is a strong likelihood that malicious viruses will be unleashed on XPs on April 9th, leaving unprotected computers “dead in the water.”  Viruses will very likely be spreading quickly over the Internet, and potentially onto your internal network, to any PCs still operating on XP.  Please don’t be that business owner consumed with thinking about a virus spreading through all the computers that keep your business running. Take proactive steps with your IT provider instead, and “Be Off Microsoft XP.”
  • Compliance Issues: For many businesses, continuing to operate XP could result in compliance issues leading to the suspension of certifications, and potential public notifications of an organization’s inability to securely maintain its systems and customer information.  Think about what is happening to Target and Neiman Marcus currently. Do you want to run the risk of compliance problems placing your business in legal peril and seriously damaging its reputation?  Your business has only one reputation. Don’t run the risk of tainting it by ignoring the XP issue.
  • Upgrade Expenses: As a business owner trying to control costs, are you concerned that an upgrade will be too expensive? If so, please reconsider. Some experts are viewing businesses that continue to run XP as irresponsible, and a serious liability. There is no doubt that problems are going to arise, and they may end up costing your business significantly more than the prudent XP upgrade, not to mention the potential downtime of your operation.
  • Custom Support Available for a Price: Many business owners are in denial about the end of XP, hearing that support will actually remain available after April 8, 2014.  True…but beware, as that support will be very expensive, and the reality is that it will be only a temporary band-aid.  Please don’t ignore this situation. This is not going to be another Y2K “non-event.” This one is real, and it will bite you if you don’t take action.

The interesting thing is that the “XP Lack of Support” also opens up other questions and opportunities for discussion.  Microsoft is assuming their XP customers will migrate to Windows 7 or 8.  Well, is this the time for your business to look more seriously at Apple MACs?  How about Linux?  Or do you do away with all of this, and move entirely towards tablets? 

All of these options come with a list of your standard “pros” and “cons.” It’s never easy.  All of these options are viable depending on your circumstances. Now is the time to be talking seriously to your IT provider about this important decision. You can file for an extension if you cannot meet the April 15th Tax Day deadline. There is no such option available for the XP deadline of April 8th.   Please take action now. ”Get Off Microsoft XP.” would you like to learn more? Register for our 30 minute webinar held this week to educate business owners on what the risks are and what your options are.

 

Register For The Webinar Today!

Topics: End of support for windows XP, Windows XP, End of Windows XP Support, End of 2003 support, Security threats facing small businesses

End of Support for Windows XP. Time to say NO to XP

Posted by David S. Mulvey on Thu, Jan 09, 2014

End of support for Windows XPOn April 8, 2014, Microsoft is officially retiring Windows XP and Office 2003. As Windows XP comes to the end of its life, desktops and servers all around the world will feel the effects. Microsoft recently estimated that 25% of all Microsoft operating systems in use today are still using Windows XP! Fortunately, there are a couple things you can do if your applications depend on Windows XP.

With Windows XP's retirement party less than 90 days away, after April 8 any zero-day exploit released into the wild will run rampant on Windows XP systems while Microsoft watches on the sidelines; they will not offer any security patches to mitigate the security risk. When companies beg for a security fix, Microsoft will hold one document up: the lifecycle information for Windows XP with a Post-it note that shows we all had four years to move to Windows 7, to avoid a Windows XP exploit.

I am writing this blog to make certain my readers are well aware that you are quickly running out of both time and options when it comes to removing Windows XP from your company. Microsoft isn't the only company ditching XP. Not only can Microsoft wash its hands of Windows XP support, but so can all the custom software and Line-of-Business application companies that once supported Windows XP.

Assuming those companies stopped actively developing for the Operating System years ago, they are likely still supporting the applications that run on it. After Windows XP end of life on April 8, 2014, they'll have no reason to continue to support that version of their software. The implications of this reality run far and wide. Line-of-business software is surely affected, as are any other random software applications you are using.

Honestly, when was the last time you called any support company regarding Windows XP? It’s not that you will no longer be able to call and get technical support from Microsoft that really matters. What really is cause for concern is that Microsoft and security software vendors will likely stop patching, updating and supporting their software.

Why would companies such as McAfee, Symantec, Kaspersky or Trend Micro bother maintaining a product for an Operating System that is, for all intents, dead? Windows XP will still run, and it could be that their definition files will be updated with the latest viruses for a time, but do you think those companies will pay attention to viruses targeted toward XP after its retired? I think it is unlikely!

The bottom line is that running Windows XP in your organization on anything other than a desktop with no network connection, no floppy drive, no USB ports, or CD drive is an outright liability, bordering on irresponsible; you must insure that the machine cannot be attacked by any virus. Yes, there will be some unique software situations that will require it, but if you determine that your organization can't afford to get off Windows XP on the basis of support or cost, I believe you are wrong.

Let me be clear -- I love Windows XP; I distinctly remember running Windows XP on my early IBM AT computer with an AT-style keyboard. Still, it's now past the time to put Windows XP out to pasture.

There is at least one thing you can do, though, to extend the life of systems that depend on Windows XP: use a Windows Server 2003 R2. Windows Server 2003 R2 is essentially Windows XP Server, and while the Windows XP end of life date is April 8, 2014, the end of life for Server 2003 R2 comes 15 months after that: July 14, 2015. Since they are roughly the same OS, based on the same kernel, it's likely that anything you require XP for will work on Server 2003 R2 -- and that will buy you more than a year to figure things out.

The bottom line is that you're running out of both time and options when it comes to removing Windows XP from your company. But, whatever you do, make sure that Windows XP is off your network by April 8 2014. If you would like to learn more about what your next steps as a business owner should be; sign up for my 30 minute educational webinar below.

 

FREE IT Webinar Prepare for the End of XP Its Time to Take Action Click Here to Get Started

Topics: End of support for windows XP, windows 7

Subscribe By Entering Your Email

Follow ANP



Latest ANP Blogs

Browse by Category