Some state and local agencies won’t finish migrating from Windows XP by the time Microsoft stops issuing security updates on April 8 — but they shouldn’t be complacent about it. There is a growing feeling that come spring, XP hackers will emerge to prey on older systems.
“There is definitely a concern that hackers are holding back on vulnerabilities they’ve found in Windows XP, waiting until support ends,” says Michael Silver, research vice president and distinguished analyst for Gartner. Leon Barnowski, LAN supervisor for the city of Norwich, Conn., adds, “If you’re a hacker with a zero-day attack planned and you can hold on to that exploit until April or May, that would be perfect for you.”
— Microsoft (@Microsoft_Gov) January 8, 2014
Dieter Klinger, chief operating officer for Montgomery County, Md., is aware of what’s at stake and believes the county’s XP systems will be safe, even though it may take until the end of 2014 to upgrade all of them. “We’re trying to shorten that window as much as we can,” he says.
Montgomery County has numerous security measures in place to protect all of its PCs, including firewall protection, web and email filtering, and real-time anti-malware software on both its servers and workstations. Klinger says the county is also taking the opportunity to retrain users on security best practices. “Regardless of OS, we still find that our biggest problems come from social engineering — users being tricked into doing things they shouldn’t.”