Windows XP: End of Life

The State of South Dakota continues to move away from Windows XP to Windows 7.

When and why is this happening?

  • As of April 8, 2014, Microsoft will no longer provide support for Windows XP.

When support ends, Microsoft will no longer provide security and other updates for computers running Windows XP. Without these updates, any computer (at work or at home) running Windows XP, will be vulnerable to cyber-attacks, even with firewalls and antivirus in place.

What does this mean for the end user?

  • Microsoft will not provide updates and fixes for security issues in Windows XP, but hackers will still continue to research and exploit any holes they can find, leaving your computer and all of its data vulnerable.

Hacking, data harvesting, and cyber exploitation have become big businesses, with personal data, social security numbers, credit card numbers and more having prices fluctuating alongside the price of gasoline. While an individual computer may not store any of this valuable information, it does have access to our internal network and systems that do contain a plethora of treasured digital data. A breach on a single machine becomes a stepping stone in a cyber-criminal's journey towards their ultimate goal of harvesting private data from our state network.

Do you recall the recent Target breach?

The events surrounding the credit card breach at Target during the 2013 holiday season perfectly displays the "snowball effect" possible in a single machine breach. By breaching a single computer, hackers gained access to the entire backend infrastructure of the Target register and purchasing system. Millions of credit card numbers, account numbers, and related information were compromised, costing untold billions of dollars in tangible and unknown future costs to citizens today and tomorrow.

  • This single compromised machine was running Windows XP, and did not have the security updates applied to it necessary to be connected to the Internet.

The citizens of South Dakota entrust us daily with mounds of sensitive information necessary to conduct state business: names, addresses, dates of birth, social security numbers, financials, account numbers and more. We have a responsibility to take whatever actions are necessary to safeguard their data, and ultimately their livelihoods.

What is BIT going to do?

  • As of February 14, 2014, BIT began removing all Internet access via network policies to all Windows XP machines.

Any known Windows XP computer will no longer have Internet access after this date, but we need your agency's help. We can't possibly know about the old Windows XP laptop sitting in a case under your desk that is used once a year for travel, or if you have a Windows XP desktop powered off that you need for an older, un-updated piece of software. Please survey your offices and ensure that no computer continues to run Windows XP.

  • If you do find computers still running Windows XP, or are unsure if they are, DO NOT plug them into the network. Ask the BIT Help Desk for assistance.
  • Computers running Windows XP need to be either updated to Windows 7 or replaced.

Any computer running Windows XP that has, could, or will connect to the state network puts the state at risk of being compromised. The usernames and passwords stored therein can be discovered, compromised, and abused once that computer reconnects to any Internet or network connection. These compromises can take minutes and even second and would allow the bypassing of all our cyber defenses.

BIT staff will help evaluate existing Windows XP computers, determine if the software running on the computer can run on Windows 7, and provide options to go forward, including the costs of the necessary licensing to upgrade to Windows 7.

What impact does this change have on my home computer?

  • If you, your family, or friends are still running Windows XP at home and access the Internet on that computer, you need to start looking at upgrading fast.

Private information such as your online banking account details, credit card information, any/all of your personal passwords, and literally every keystroke you type can end up in the wrong hands within minutes. The trickle-down effect from compromised financials, exposed health records, and damage to your reputation would take years to repair.

While a situation like this has never occurred before, the seriousness of the situation cannot be overstated.

For more information, please visit: http://bit.sd.gov/security/xpeol.aspx.

Popular Posts