The impending XP-ocalypse – Take Action!

The November 2013 issue of CVu (link available to accu.org members only, sorry) has an article from Silas Brown (The Windows XP Threat: A Call to Action), calling people to do something about the problem we all will face when Microsoft stops issuing security updates for Windows XP after April 8, 2014.

The article has a little code snippet that will insert a time-left countdown and message on a website, asking people to replace the operating system on their PC with something other than Windows XP (since XP systems are quite old by now, Linux is suggested as the best alternative). I wanted to take action as well, so I looked around for a plugin to WordPress that I could use. I didn’t find one that was custom-written for precisely this purpose, but what came close was the Linux Promotional Plugin, which is aimed at anyone running Windows or Mac, and encourages them to switch to Linux.

I took some time to understand how the plugin code works (at a shallow level of understanding; just enough to be able to make changes), and found that it was pretty easy to make the changes I needed for my purpose. I even found a small bug while I was at it and sent a note about it to the original plugin author.

The plugin is now live on my blog and has the modifications I made. If you’re interested in using it, you can download the modified plugin, and re-use what you want. It might be useful to use a diff tool to see what changes I made. That might help you adapt the plugin to your own needs more quickly.

I used Internet Explorer’s “F12” Developer Tools to test my changes (modifying the user agent string). Here’s what people on Windows XP will now see when they visit this blog:

image

Silas points people to a Microsoft blog post for motivation, and quotes a particularly relevant passage, so I’ll repeat that here as well:

When Microsoft releases a security update…criminals will…identify the specific section of code that contains the vulnerability…develop code that will allow them to exploit it on systems that do not have the security update installed on them.  They also try to identify whether the vulnerability exists in other products…if a vulnerability is addressed in one version of Windows, researchers investigate whether other versions of Windows have the same vulnerability…the Microsoft Security Response Center…[releases] security updates for all affected products simultaneously…But after April 8, 2014, organizations that continue to run Windows XP won’t have this advantage over attackers any longer.  The very first month that Microsoft releases security updates for supported versions of Windows, attackers will reverse engineer those updates, find the vulnerabilities and test Windows XP to see if it shares those vulnerabilities.  If it does, attackers will attempt to develop exploit code that can take advantage of those vulnerabilities on Windows XP.  Since a security update will never become available for Windows XP to address these vulnerabilities, Windows XP will essentially have a “zero day” vulnerability forever.

Do not be the person who ignores this problem! Take action, whether that be replacing XP with Linux, finding someone to help you with that, or just taking the computer off the Internet!

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.