However, Andrew Plato, president of Anitian Enterprise Security, a Beaverton, Ore.-based security consultancy, thinks Microsoft is making an important point here about unintended consequences.
Plato said even if an XP PC was connected to an internal corporate network, but not to the Internet, hackers could use it as a command-and-control machine to hit other parts of the network, much like what happened with Target's massive credit-card breach last month.
"The reality is, XP machines will be vulnerable, and all it takes is a few minutes of connectivity for the vulnerability to create a serious breach," Plato said.
"Having a totally offline XP machine is technically quite secure, but it is not realistic. Those PCs inevitably get plugged into something, or somebody puts a USB into them, then they become infected or start calling home."
Though Microsoft is ending XP support and patches, the software giant will be providing antimalware signature updates for XP users through July 14, 2015, to help businesses complete migrations.
PUBLISHED JAN. 21, 2014