Microsoft has completed a U-turn and backed off from previous resolute statements on security updates being withdrawn when Windows XP gets to its intended end-of-life in April, offering an olive branch of antivirus signatures and security scanning from Security Essentials until at least July 2015.
As reported previously, Windows XP was due to go end-of-life on April 8 2014, meaning that security patches would cease to be offered beyond that date for the dated operated system.
Unconfirmed reports from late last year suggested that some users of embedded versions of Windows XP were offered at least one year's extra support in return for a £183 (US$ 300) fee. SCMagazineUK.com understands that this was particularly necessary where bank ATMs are involved, as many units, notably those in pubs and clubs, are driven using these versions of Windows XP.
But in a surprise statement from its Malware Protection Centre (MPC) issued late on Wednesday, Microsoft said that it will continue to provide updates to its anti-malware signatures and engine for Windows XP users through until July 14 next year.
This is directly at odds with statements of late last year and even earlier this month, when Microsoft announced plans to cease Windows XP updates to its Security Essentials software, which was launched back in 2008, as well as cease updates to the version of Security Essentials.
In its MPC statement, Microsoft said that its move "does not affect the end-of-support date of Windows XP, or the supportability of Windows XP for other Microsoft products, which deliver and apply those signatures."
"For enterprise customers, this applies to System Centre Endpoint Protection, Forefront Client Security, Forefront Endpoint Protection and Windows Intune running on Windows XP. For consumers, this applies to Microsoft Security Essentials. Our research shows that the effectiveness of anti-malware solutions on out-of-support operating systems is limited. Running a well-protected solution starts with using modern software and hardware designed to help protect against today's threat landscape," the software giant said.
"Our goal is to provide great anti-malware solutions for our consumer and business customers. We will continue to work with our customers and partners in doing so, and help our customers complete their migrations as Windows XP end of life approaches," it added.
Many security vendors have indicated they expect a surge of attacks against Windows XP Service Pack 3-based systems after the end of support, based on observations of a similar surge when Windows XP SP2 support ended.
Bob Tarzey, an analyst and director with Quocirca, the security and business analysis house, said that Microsoft is effectively admitting that users will continue to linger with their XP deployments.
“The problem Microsoft has with security is, that whatever warnings it issues, it will be blamed for security shortfalls that arise by Microsoft choosing to reduce protection to its users, so it is looking at damage limitation,” he said.
“Stopping 80 percent of malware is far better than stopping none; no signature based anti-virus tools is designed to identify zero-day malware, you need other tools for that. For `essentials' read `basic', such anti-virus programmes are a line of defence against mass market malware and no one should pretend that they can provide 100 percent protection,” he added.
IT security commentator Emil Protalinski, meanwhile, added that Microsoft is in a tricky situation.
On the one hand, he says, the software giant needs to push consumers and businesses off Windows XP to more secure products, and the best way to do that is to stick to its end of support date.
"On the other hand, there are still so many millions of Windows XP users out there that leaving them completely vulnerable could cause more harm than good," he noted in his security blog on The Next Web.