After 8 April 2014, Windows will stop supporting its Windows XP operating system. This means that from that day forward, security vulnerabilities will not be fixed, leaving computers potentially vulnerable to attacks.
Since Windows XP is still the second most popular operating system in use, the number of potential victims is cause for serious concern. Therefore, the EC3 advises Windows XP users to upgrade or change their operating system before 8 April.
According to Troels Oerting, Head of EC3, the April deadline will work as a red flag for hackers. “People have to realise that if they connect to the Internet with a Windows XP machine after 8 April, they will become easy targets for hackers. This goes for individuals as well as for companies and government services. If you realise you can no longer lock your front door, you call a locksmith to change it. This is the same.”
This warning was echoed by Wil van Gemert, Director Cyber Security at the Ministry of Security and Justice, responsible for the Dutch National Cyber Security Centre (NCSC): “Our core message to businesses and government organisations is to stop using Windows XP. And we’ve been putting out that message since last year. That is why the NCSC has published factsheets in both English and Dutch with strict advice on this issue. But we realise that there are still organisations that run Windows XP because of legacy applications that do not work on newer versions of Windows, financial constraints or other reasons. The very least they should do is reduce the risk by limiting the access and functionality of their Windows XP machines.”
Whenever Microsoft releases security updates for supported versions of Windows such as Windows 7, attackers will reverse engineer those updates, find the vulnerabilities and test Windows XP to see if it shares those vulnerabilities.
If it does, attackers will attempt to develop exploit code that can take advantage of those vulnerabilities on Windows XP. Since a security update will never become available for Windows XP to address these vulnerabilities, antivirus software will not provide full protection.