Microsoft will officially pull the plug on free support for Windows XP on April 8, meaning that any computer still running the operating system will no longer feature the kind of security patches routinely delivered by the company. The federal government has been rushing to upgrade its computers over the last two years, but many systems will still be vulnerable once the deadline passes.
According to the Washington Post, as many as 10 percent of the government’s computers could be left out of date, including networks carrying classified military and diplomatic information.
“Once XP goes out of support and is no longer patched, you’ve just raised the vulnerability significantly on the whole Windows platform in your organization if you haven’t moved off XP,” Richard Spires, a former Department of Homeland Security chief information officer, said to the Post.
Typically when an operating system is still being serviced by Microsoft, the company offers security upgrades any time the system is exploited around the world. After April 8, however, this service will be halted, leaving many computers at risk. One unnamed State Department official told the Post the government approached Microsoft about extending the deadline, but the company declined to do so.
For its part, Microsoft said it does not believe computers will be at a “substantially greater risk” after the deadline, though it emphasized that the newest operating systems – such as Windows 7 or Windows 8 – are the most secure.
Although the upgrading process began two years ago, budget battles and a lack of clear direction has bogged up the effort considerably. Slowing the process down even more is the fact that many government programs have been specifically built for use on XP, meaning that moving on to the another system requires redesigning and reprogramming custom software.
“There is something broken in the process if they are letting this many machines be un-updated at this point,” Steve Bellovin, former chief technologist for the Federal Trade Commission, told the Post. “Some of it is budget cuts. Some of it is not very good management, I suspect.”
As a rough estimate, Defense and State Department officials said most of their computers would be off XP by the time the deadline passed. Approximately 75 percent of the Justice Department’s computers will be updated as well. Meanwhile, officials said that many of the classified networks still on XP aren’t even connected to the internet, reducing the risk of attack.
Still, critics argue the fact that so many computers won’t be updated is another sign the government is not fully prepared to defend against cyberattacks. As RT reported in February, the latest Senate report found federal agencies were not implementing even the most basic deterrents, such as using strong passwords and updating anti-virus software. According to the report, some agencies stored sensitive information on shared, unprotected drives, while “hundreds of vulnerabilities” were detected in Homeland Security networks, mostly stemming from issues that could be easily fixed.