What is the REAL risk of continuing to use Windows XP?

[Kenn Caesius]

Now that the official support for Windows XP has ended with veiled omens
of doom and pleas to upgrade to the latest Microsoft OS, I, like many of
you have tacitly threw caution to the wind and stuck with Windows XP.

Is Windows XP that under siege from hackers and malware that I should
consider changing how I use it? The way I figure, the threats seem over
blown - not to underestimate the threats of hackers and malware, I find
it hard to believe they would bother with a 12-year-old operating
system, moreso with its steady decline. I have used Windows 2000 for
years after its support ended and it has been uneventful except for some
printer driver problems. Of course, Windows XP is different from Window
2000 and no doubt the risks have changed since either OS was
introduced - What will be the risks and challenges to maintaining
Windows XP?

---End of message---

[Winston]

"Kenn Caesius" <xilotea...@yahoo.com> writes:
> Is Windows XP that under siege from hackers and malware that I should
> consider changing how I use it?

If it's a stand-alone machine that never accesses the Internet directly
or indirectly for any reason (incl. email), your risk should be just
about nil.

Otherwise, my impression is that older Microsoft Windows systems are
relatively vulnerable, particularly when the person using it does
everything from the initial account, which has administrator privileges,
instead of using a limited access account.

Consider: Just about every month for all the years XP has been out,
Microsoft has had critical security patches in its monthly patch
release. It's likely that more vulnerabilities exist but haven't been
found yet. Traditionally, the bad guys have tracked the vulnerability
announcements and modified their intrusion code accordingly to break in
to systems where the administrator wasn't fast enough at installing the
patches. Recall that there's actually a market for so-called 0-day
vulnerabilities.


> ... I find it hard to believe they would bother with a 12-year-old

> operating system, moreso with its steady decline.

I think you're looking at it the wrong way (as in, you're trying to
convince yourself that no one would target you). In a sense, you're
right, they (usually) don't target *you* specifically. They attack
millions of machines at a time in the hope that some of the attacks will
succeed. So then it's a numbers issue -- how many such machines are
there, how likely is it that an attack will succeed, etc. With lots of
XP machines out there, and with new vulnerabilities not getting fixed,
that's a lot of targets and an ever-increasing chance of success.

> What will be the risks and challenges to maintaining Windows XP?

The real-life risks depend on whether the system contains information
you wouldn't want in the hands of the wrong people, or could be used as
a base for launching other attacks.

Of course, another approach to this whole issue is to switch to a
different O/S, such as one of the dozens of flavors of Linux or BSD, or
OpenIndiana (derived from OpenSolaris), etc. Some Linuxes reportedly
run better than XP on older hardware and are supported, but whether that
would work for you depends on how much what you're doing depends on
MS Windows.

Enough speechmaking, :)
-WBE