I’ve been hearing predictions for a year that after Windows XP went out of support, it would only be a matter of time before people started backporting patches to it.
As it turns out, they don’t have to. Windows XP has a close relative, Windows Embedded, that doesn’t go out of support until 2019. The people who are fretting over XP-based ATMs and cash registers don’t realize many of those devices–those built in 2009 or later–are running Windows Embedded. It looks just like XP, works just like XP, and installs a lot like XP, but it’s still supported. The bigger question is whether the people running it are patching it, but that problem has existed ever since Microsoft released Windows Update.
Well, with a simple registry hack, it’s possible to make Windows XP look like Windows Embedded and keep getting updates. Microsoft quickly issued a statement, and some people are predicting Microsoft will quickly close that loophole.
I’m not so sure about that. Think about it: The people most likely to be able to use the loophole are the people who are most likely to be running something a lot newer than XP. Or maybe they’re people who are going to keep an XP box around whether they can patch it or not, but do the bulk of their computing on something newer. The average computer user who buys PCs from a national big-box store and won’t replace it until the hard drive or power supply fails isn’t going to do this. This is something a few thousand enthusiasts are going to do, not something the hundreds of millions of remaining XP owners are going to try.
So I don’t think it’s worth the effort to try to close the loophole.
So what’s the risk?
You’re using patches that aren’t supported. But the core of the operating system is the same, so the likelihood of something bad actually happening seems fairly small.
I’m more concerned about the non-optional but non-essential components like Media Player. Many of those won’t be patched because XP Embedded came with a newer version, or didn’t come with it at all. A cash register or an ATM doesn’t need a Media Player to do its job, after all.
I think making this change gives you a false sense of security. But is it better than nothing? Yes. So while I won’t endorse this hack, I’d rather people did this than doing nothing.
David Farquhar is a computer security professional, entrepreneur, and author. He started his career as a part-time computer technician in 1994, worked his way up to system administrator by 1997, and has specialized in vulnerability management since 2013. He invests in real estate on the side and his hobbies include O gauge trains, baseball cards, and retro computers and video games. A University of Missouri graduate, he holds CISSP and Security+ certifications. He lives in St. Louis with his family.
One thought on “Windows XP rises from the dead… accidentally”
At work, we have registers and hand-held computers (PDAs, we call them) which rely on Windows Embedded. We are in process of upgrading – I have no idea to what on the register side, but they’ve come out and told us that we can expect iPods and iPads to replace the PDAs. Something like 14,000 of them are already purchased.
Comments are closed.