Windows XP users vulnerable after Microsoft ends support

NEW YORK—Microsoft Corp. will end support for the persistently popular Windows XP today, and with an estimated 30 per cent of businesses and consumers still using the 12-year-old operating system, the move could put everything from the operations of heavy industry to the identities of everyday people in danger.

“What once was considered low-hanging fruit by hackers now has a big neon bull’s eye on it,” says Patrick Thomas, a security consultant at the San Jose, Calif.-based firm Neohapsis.

Microsoft has released a handful of Windows operating systems since 2001, but XP’s popularity and the durability of the computers it was installed on kept it around longer than expected. Analysts say that if a PC is more than five years old, chances are it’s running XP.

While users can still run XP after Tuesday, Microsoft says it will no longer provide new security updates, issue fixes to non-security related problems or offer online technical content updates.

The Redmond, Wash.-based company says it will provide anti-malware-related updates through July 14, 2015, but warns that the tweaks could be of limited help on an outdated operating system.

Most industry observers say they recognize that the time for Microsoft to end support for such a dated system has come, but the move poses both security and operational risks for the remaining users.

In addition to home computers, XP is used to run everything from water treatment facilities and power plants to small businesses.

Marcin Kleczynski, CEO of Malwarebytes, says that without patches to fix bugs in the software, XP PCs will be prone to freezing up and crashing, while the absence of updated security-related protections make the computers susceptible to hackers.

He added that future security patches released for Microsoft’s newer systems will serve as a way for nefarious people to reverse engineer ways to breach now-unprotected Windows XP computers.

“It’s going to be interesting to say the least,” he says. “There are plenty of black hats out there that are looking for the first vulnerability and will be looking at Windows 7 and 8 to find those vulnerabilities. And if you’re able to find a vulnerability in XP, it’s pretty much a silver key.”

Those weaknesses can affect businesses both large and small.

Mark Bernardo, general manager of automation software at General Electric Co.’s Intelligent Platforms division, says moving to a new operating system can be extremely complicated and expensive for industrial companies. Bernardo, whose GE division offers advisory services for upgrading from XP, says many of the unit’s customers fall into the fields of water and waste water, along with oil and gas.

“Even if their sole network is completely sealed off from attack, there are still operational issues to deal with,” he says.

Meanwhile, many small businesses are put off by the hefty cost of upgrading or just aren’t focused on their IT needs.

Barry Maher, a salesperson trainer and motivational speaker based in Corona, Calif., says his IT consultant warned him about the end of XP support last year.

Mark McCreary, a Philadelphia-based attorney with the firm Fox Rothschild LLP, says small businesses could be among the most effected by the end of support, because they don’t have the same kinds of firewalls and in-house IT departments that larger companies possess. And if they don’t upgrade and something bad happens, they could face lawsuits from customers.

Sam Glines, CEO of Norse, a threat-detection firm with major offices in St. Louis and Silicon Valley, believes hackers have been watching potential targets for some time now.

“There’s a gearing up on the part of the dark side to take advantage of this end of support,” Glines says.

He worries most about doctors like his father and others the health care industry, who may be very smart people, but just aren’t focused on technology. He notes that health care-related information is 10 to 20 times more valuable on the black market than financial information, because it can be used to create fraudulent medical claims and illegally obtain prescription drugs, making doctor’s offices tempting targets.

AP Business Writer Joyce M. Rosenberg in New York contributed to this report.