If your computer runs Windows XP or Office 2003 and connects to the Internet - you must read this


Microsoft have twice shifted forward the "end of life" date for Windows XP and Office 2003,because of the amount of users in place, and the less than enthusiastic take-up of Windows 7 and 8.

But, as they say in the real world, all good things must come to an end.

April 8, 2014 is one of those dates that will be etched in the mind, just as 22nd of November 1963 and 20th July 1969 are milestone dates in the minds of many.

It is the day active technical support, bug fix support, security patch support, Internet Exolorer 8 support etc ends for Windows XP and Office 2003.

It will also be the day that hackers the world over have been waiting for, the day when they can unleash the hacks and zero day exploits for Windows XP, Office 2003, Java, Internet Explorer 8 etc, that they have held close to their chests for the past couple of years.

You have been warned! That is basically the message on Microsoft's website regarding the end of support for Windows XP. In a press conference in October 2013, a Microsoft spokesperson suggested that they have given 4 years of advance notice to XP users that they need to upgrade, which means Microsoft is not responsible for the consequences incurred by running XP beyond 8th April 2014.

The 8th of April 2014 is not a trivial deadline. Nor is what I am about to write alarmist. I wish it was, it would be so much easier to deal with than the disaster looming on the global Internet time-line.

The expiration date for active support for Windows XP / Office 2003 is just as serious as the year 2000 bug.

I still find people who believe addressing the Y2K bug was a scam to make people in the IT industry rich or a conspiracy to make us upgrade our computers, a fraud, paranoia . . . ad nauseum.

In fact, Y2K was not the Global Technological Catastrophe that it very well could have been, because deadly serious people in Government and Business around the globe saw the horrendous potential in the technical glitch and ACTED!

Hundreds of billions of dollars and multi-millions of man-hours were thrown at the problem to make sure Y2K did not bring down the electronic infrastructure our modern lives so deeply depend upon.

The potential fallout from the Y2K bug was a fizzer because the very real problem was addressed ahead of time.

Unfortunately, we will not fare so well with the coming storm of exploited computers, stolen data, on-line money fraud, on-line identity fraud etc, simply because the solution this time relies on hundreds of millions of ordinary computer users, people not trained and skilled in the black-arts of computer security, to do something every impulse in their body will resist - spend real money on appropriate computer hardware and software solutions and employing skilled people to lock-down and secure these computers and the data they contain, and constrain their appetites for content that is hosted on unsafe websites!

With the end of XP Security patch support, computer users of the world need to take a collective step backwards and actually DO what they should have been doing from the first day they plugged in a PC - and should have been doing every day after that - take computer security seriously!

What the . . . Prepare to be Patronised
Operating Systems are complex assemblies of computer code and over the life of an O/S, many changes and updates need to be applied to them to add features, fix bugs and address security issues.

With Microsoft O/S's, these changes are obtained via the Windows Update process, or the Microsoft Update process which includes access to Windows Updates and service packs for Windows and a range of other Microsoft products, including Office.

Beyond 8th April 2014, no new updates will be available through the Windows Update service for Windows XP and Office 2003.

That is what all the fuss is about! No Security fixes!

Combine that with all of the secret exploits and brute force attacks the hackers of the world will throw at XP / Office 2003 and throw in careless and recalcitrant users who breach the existing security by letting rogue and illegal sites through the browser, and it is not hard to predict when the Tsunami of pain will hit - we actually have a date, all that is left to guess is how many people will be hurt by the tsunami.

Here are a few numbers that can answer this question for you.

    How many computers worldwide are still running WINDOWS XP?   Approximately 570 million!
    How many of those XP's are illegal (un-patchable) copies?    Approximately 150 million!
    How many of those illegal (un-patchable) XP's are in CHINA?  Approximately 80 million!
    Why you don't want to be an XP user in China post 08/04/14?  How do you protect your PC online?

If your XP installation is a pirated (illegal) copy, it will not pass the Windows Genuine Advantage challenge - this is how Microsoft evaluate the genuine-ness of your installation / lisence key.

If XP does not pass WGA, you will not be able to install the next Service pack, which is dumb luck if your XP version is at SP2 level or earlier. Your XP installation will miss out on some significant security fixes in SP3 and the hundreds of security patches released afterwords, as well as Internet Explorer 8 and many current Internet Security packages, which require SP3 at least to install.

If you were stupid enough to access a hacker or cracker site to download a hack for the WGA process on your pirate copy of XP, good for you. You probably invisibly downloaded a keystroke logger and assorted exploits that turned your computer into a Zombie as well.

Rootkits are a nasty form of computer hijack, and pirated XP is the soft target. Cheer up! You could have been Pwned.

If you are running a fully patched, genuine Windows XP with Current Internet Security software installed and you are very disciplined when on-line, you are still below par security-wise and otherwise (secure website access, current patched utilities etc).

If your Windows XP is below below par, forget about keeping anything on your computer secure - you just won't be able to for very long, you have in effect a broken system.

I'm Alright Jack!
People who are accustomed to purchasing and maintaining computers on the cheap, people who do not take time to study and learn how to use computers properly, efficiently, safely and securely, and people who simply don't care about the consequences of poor security are the reasons so much exploitation occurs on-line at the moment.

It will only get worse, as average computer users, blissful in the ignorance of technical reality, leave their computers, laptops, smartphones and tablets always connected and wide open to the seedy side of the net in the quaint belief that "My files aren't worth copying. I don't have anything important on my computer", or "I have an antivirus program installed - that will protect me".

Such responses to a problem that is capable of ruining your life is beyound stupid, beyond irresponsible, it borders on criminal.

Ignorance of reality is not a defence against the kinds of damage a person can do to you, your spouse, your children, your friends and workmates by obtaining acces to your personal information.

Modern Antivirus and Internet Security software has lots of blindspots, and you need to run manual file scans regularly. As with all security measures on your PC, careless and wilful access of unsafe websites can over-ride security software.

These days, the motive for most computer break-in's is to steal personal documents, which are sold to whoever is willing to buy. The purchaser of your personal info will try to use that info to make money by impersonating you, either on-line or in the real world.

For example, if a person is able to walk in your front door and walk out with your wallet, they could easily use the contents to impersonate you and gain access to anything you have in your name.

To steal your ID electronically, all someone would need to do is gain access to your computer and copy invoices & bills, letterheads, online bank details and they could drain your bank accounts before you knew anything had happened.

With a little extra effort, they could actually become you. They only need 3 pieces of your personal information to create a complete new person. The more info they can obtain from your computer the easier the process of becoming you becomes.

With your full name, your date of birth and your current address, they can do the rounds and open accounts in your name eg gym or video library membership, customer loyalty schemes, supermarket accounts etc. From these documents they can go up a notch and obtain a birth certificate extract etc, then up a notch to creating an electricity account, phone account etc, then up a notch to a bank account.

That is how a person, with your first, middle and last names, date of birth and current address can, with some skill and daring, create a complete identity for themselves, including a photo license, passport and bank accounts with their face and your identity. 

From there they can use all of this info to change your name by deed poll, then plunder your bank accounts, even take control of the deed to your house.

So don't ever think that your computer has nothing important on it that a hacker or thief would want.

I'm Alright Mac!
There is no room for smug derision from Mac users either. The majority of you have been part of the problem in your denial of reality. Macintoshes do get viruses and worse and worse. Flashback Trojan, Pintsized.

Many of you are guilty of sending viruses, spyware and hacking tools to Windows users via email and disk sharing. If you all had curtailed your dogmatic belief that Macs are safe from exploits and installed and maintained security software and applied basic security techniques, you could have been much more a part of the solution.

If you are a Mac user, arrange today to obtain a reputable Internet Security package for each of your O/S X and iOs devices and become part of the solution. If you are too stingy to part with real cash, a free antivirus tool can be found here.

Cloudy with Storms Expected
If you use the "cloud" for anything, and you do (even if you don't know it), and you resist updating from Windows XP, you had better get used to the phrase - "Your Operating System is not compatible with this Application"! The reason for this is - cloud services are accessed via a secure portal ie; a HTTPs webpage using TLS/SSL security.

Currently, Internet Explorer 8 is just a bit below par when it comes to connecting to secure web services. Already, many secure web pages cannot be accessed successfully with Internet Explorer 8 (XP cannot run IE9 or 10).

But, I hear you say - what about Firefox and Chrome etc? Yes. Firefox and Chrome are able to access secure web pages, and yes, they both run on Windows XP.

The cavaet is - all of the browsers use Java to access the Windows SSL services and certificates, a selection of which are part of all Windows installations. As time goes on, Oracle will stop fixing and upgrading Java for an obsolete Browser platform (Java has to be regularly patched to fix security issues - it is a major hacker target).

After 8th April 2014, the Windows XP certificate store and the code that administers it will not be updated - that will become another target for hackers, and it goes on.

Eventually, the other browser distributors will freeze development of their products for XP, and you will be locked out of more and more secure websites as time goes by.

Hotmail is now a cloud based service, using the secure Outlook.com portal.

The next time you open google.com or google.com.au have a look at the beginning of the address - google's home page is now an https - secure page. Gmail is a secure login to a secure cloud based application.

If you are a user of a commercial or Student/Teacher Adobe product that was installed from a CD or DVD, you will eventually be required to upgrade to (by downloading and installing) the cloud version of the application. If you currently rent access by the month or year, when your subscription requires renewing, you will be required to download and install the cloud version. If your computer runs Windows XP, You will be confronted with the message - "Your Operating System is not compatible with this Application"!

For Adobe to offer a credible secure login for their cloud based services and as an attempt to repair their trashed reputation due to a major hack, they have set the bar high for registered users of their products.

Adobe reader is ubiquitus and essential for opening pdf files, but it has been in the cross-hairs of hackers for years, so regular security updates of this essential application are required. When will Adobe drop reader support for XP? Who knows. But now is the time to look for alternatives if you insist on sticking with XP.

Adobe Flash is another application that is a big target for hackers. It is also rumoured to be phased out as HTML5 becomes the environment of choice for multimeda content online and the h264 video codec replaces most of the proprietary file formats including .flv (flash video).

Most web pages are now being written for HTML5 compatibility. Does Internet Explorer 8 support HTML5? yes and NO.

Some basic HTML5 elements translate as HTML4 equivalents, but the majority of the enhancements delivered by HTML5, in particular multimedia support without reliance on external encoders and players like adobe flash (security issues) will be inaccessible to Internet Explorer 8.

Many Industry specific CRM and Database products, University and TAFE email servers and file servers are accessed via secure web portals. The logins to these portals are either by secure web pages (using the Java + SSL + certificate method) or by using a custom vpn supplied by the vendor or configured in the Internet Modem.

As good as these methods are, they still rely on Java and Windows XP's SSL services and certificates, which is about to become obsolete, leaving you with 2 options - risk being blocked from accessing your data over the web in the future because of a security shortfall or upgrade now, before it is too late.

Plugging the Void
Many writers of utility, shareware and freeware applications will drop support or bug fixing for XP, as it will not be economical for them to throw the resources at a lost cause.

Drivers are also a target for hackers. Manufacturers of hardware will phase out support and updates for the XP platform, leaving XP users with no recourse if drivers for their older hardware and add-in cards (particularly Video Cards, a target for hackers) go feral.

We will soon find that manufacturers of Printers, scanners and video cards etc will drop support for XP.

Many Antivirus and Internet Security packages will not install on XP if SP3 is not present. (The current version of AVG free downgrades itself when you attempt to install it on XP). One by one, the makers of Internet Security software and anti-spyware software will drop support for Windows XP, making it harder and harder to keep up the 50% of protection they provide.

I hear you muttering to yourself 50%? what about the rest?

The other 50% is up to you dear user.

Compare your computer to a house. It has lots of windows and doors. To keep it secure you have deadlocks on the doors and locks and/or security grills on the windows and an alarm system for alerting you to an intrusion when you are not at home.

All of that effort to make your house secure is only rewarded if you apply all of the security feature all of the time (although a professional burglar will still get in).

If you have everything locked down tight, but leave the front door unlocked, or wide open, or leave the key in the lock or under the mat, your security plan is a waste of time.

Consider the web browser on your computer as the front door. You can have as much security in place on your computer as you can , but, with a couple of careless or inappropriate clicks online, you can circumvent all of the security measurs and let the weird wild web through.

The security measures you apply to a computer are only as strong as the resolve of each user of that computer to adhere to safe browsing and downloading habits - every time you use the Internet.

When it comes to safe browsing habits, as a user of the Internet, your rights are few and your responsibilities are many.

Here are some links to articles you might find useful
Consequences of not upgrading before use by date website
Protection layer for XP if you must keep it website
Microsoft Deployment Toolkit website
Microsoft Springboard - planning a workplace upgrade website
Enhanced Mitigation Experience Toolkit website
Will your current hardware run Windows 8.1? Find out here.
Upgrading from Windows XP to Windows 7 for IT professionals here.
Upgrading from Windows XP to Windows 8.1 for IT professionals here.
Microsoft offers PCmover Express to move DATA (not programs)from XP to 7, 8 or 8.1 here.
  • Microsoft Windows, Windows XP, Office 2003 are trademarks belonging to Microsoft Corporation.
  • Other brand names used in the compilation of these resources are trademark and/or copyright to their respective holders.
  • Mention of a product, company, corporation, website or resource does not imply an association or endorsement of the company, product, website or resource.
  • Some of the websites linked to on this CD may have access restrictions in your country. It is your responsibility to use these links safely and responsibly.
  • Editorial is copyright John Fischer. You may reproduce it as long as you acknowledge its source.