The Windows XP debate is an interesting one, and when one considers there are significant numbers of clients still installed, and dependent on this out-of-patch, out-of-date O/S, does tend to implicate that are some potential rich pickings to be had by attackers, and those who utilise OSINT to seek out those vulnerable targets – including one major London core bank who have recently led the way with security in the form of Waking Shark II [makes you think doesn’t it?]. However, notwithstanding some of these systems may be subscribed to the extended cover which will provide them with ‘Critical’ updates, when you conjoin such instances of an archaic O/S to the recent IE 6-11 Zero Day Exploit, it just may be that here you see the two worlds of proffered insecurity collide with maximised opportunities of adverse incursion. Then link this to the fact that there are still critical systems and applications being hosted on NT 4.0 [SP6a] which went out of support on 01/01/05, and one can soon start to see why some cyber-attacks are so very successful. However, the future of Windows, and the road-map to succession does not at this time look to be a pretty one!
One of the key problems with the future of Windows, is where do we go now? With the aforementioned XP under SP3 out of mainstream support on the 14/04/09, and reaching the end of extended support on 08/04/14, the clock will start to ramp up the pennies for the underpin of further support contracts, with the less popular Vista hitting its end-of natural life on 10/04/12, and the extension of its life on 11/04/17, we start to see a shadow pass over these applications of the past which should imply it is time to get the thinking caps on – why?
Well I don’t know if you are one of those brave people who have dabbled with Windows 8.0/8.1, and if so, you may be of the same opinion as I that this ain’t no flagship O/S, but a rather lumpy, resource hungry logical environment which, again in my opinion is not ready for the corporate world. And notwithstanding its life goes right up to 10/01/23 under extended support, it will have to improve great deal to attract the masses – and that leaves us with the one realistic option we have right now to lean on in the form of Windows 7, which to throw more statistics at you is has a life up to 13/01/15 [which thankfully is not a Friday], hitting its end of extended support on 14/01/20. Thus as of today, as far as upgrading the Windows O/S is concerned there may be only one stable option under the Microsoft banner.
The conclusion here however is a difficult one, but I can see a few options which will consume the IT Director’s through process which are:
1) The sensible option would seem to be to migrate to the known stability of Windows 7, and choose an O/S which is not the most current!
2) Take a chance on Windows 8.1 and hope that things improve
3) Or, last but not least – is this the window [forgive the pun] which the Linux folks have been waiting for to put a serious dent in the dominance of Windows on the Desktop?
As they say, only time will tell, but we may be entering a new shift for the battle of the desktop.
Professor John Walker FMFSoc FBCS FRSA CITP CISM CRISC ITPC
Visiting Professor at the School of Science and Technology at Nottingham Trent University (NTU), Visiting Professor/Lecturer at the University of Slavonia[to 2015], CTO and Company, Director of CSIRT, Cyber Forensics, and Research at INTEGRAL SECURITY XASSURNCE Ltd, Practicing Expert Witness, ENISA CEI Listed Expert, Editorial Member of the Cyber Security Research Institute (CRSI), Fellow of the British Computer Society (BCS), Fellow of the Royal Society of the Arts, an Associate Researcher working on a Research Project with the University of Ontario, and a Member, and Advisor to the Forensic Science Society.
[wp_ad_camp_4]
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.