Windows XP…ah, the memories!
I wrote many of my books including the first two editions of Hacking For Dummies and the first edition of The Practical Guide to HIPAA Privacy and Security Compliance originally on Windows XP – not to mention countless articles, security assessment reports and more over a 7-8 year span.
It was nice working with you XP!
I waited to write this post today, the day after all the Windows XP end-of-life hype, so as to not get caught up in that mess from yesterday. What’s interesting to me about this whole Windows XP story is that every analyst, IT vendor marketing rep, journalist, auditor, and consultant is an “expert” on the doom and gloom that will be brought upon society with all of the businesses and consumers not upgrading their operating systems.
Looking at the headlines, still today, it’s kind of funny (and sad):
“Vital industries exposed to risk”
“Isn’t safe to use anymore”
…blah, blah, blah.
Apparently Windows XP is still being run on 25% of PCs. Will we hear stories about Windows XP systems being drywalled into oblivion like we’ve heard about Novell NetWare? Probably not. I do suspect it’s going to be around for years to come. And, sure, vulnerabilities will discovered – especially on systems that have scant security controls to begin with. IT’s elite will clamor about their amazing exploits. Management will still have their heads in the sand. Life goes on.
The funny thing about Windows XP is that the OS itself is not where the real risk is in most network environments. [Oh gosh, did I say that out loud!?…now I’m going to have some “researchers” all over me…shudder.] Real-world experience tells me that much of the risk is all the other stuff people are installing and IT is not patching that’s creating the real problems…the latest study shows that 76% of vulnerabilities are NOT Microsoft’s issue. I’ve seen higher numbers in the past.
Microsoft Corporation is being treated like some of the big social/political issues like “global warming”, gun control, and income “inequality” because they’re expedient, convenient, and intangible enough to get people riled up.
Here’s the real issue that we’re still not hearing: I know without a doubt that many of the people preaching fire and brimstone about Windows XP are the same people who continue to ignore the critical basics I’ll rant about until the day I retire such as:
Unless and until these people have helped themselves and the others who depend on them fix this low-hanging information security fruit, I’m going to say: Got XP? No problem!
“A business associate referred our company to Principle Logic when we were seeking a resource to perform vulnerability /penetration testing for our external and internal networks. We found Kevin Beaver to be professional, well informed, and easy to work with. His testing did not disrupt our networks, and his progress updates were timely.
His final report was very thorough and included security recommendations for our network environment. The executive leadership was so impressed with Kevin’s security expertise, they have extended their agreement to continue to perform periodic testing. We highly recommend Kevin Beaver and Principle Logic as a resource for network security testing.”