Third-Party Windows XP Security Update Service Announced
Arkoon Network Security has announced its ExtendedXP product will be available this fall for those organizations that want to stick with the aging OS.
Microsoft will end its "extended support" for Windows XP after April 8, 2014, which is when security patch support for the 12-year-old operating system will end. The only advice coming from Microsoft, so far, is that organizations and individuals should move off Windows XP or face an endless "zero-day" vulnerability situation. Various third-party vendors have offered a helping hand, but Arkoon, along with partnering company Matrix Global Partners, is promising a degree of protection that's similar to the kind of patch support that will disappear after April 8.
Paris-based Arkoon makes various security solutions, including its StormShield endpoint protection software. In October, Arkoon will roll out for testing a new product called "ExtendedXP" (EXP), which is an agent-based security solution derived from StormShield but focused specifically on protecting Windows XP systems.
"The ExtendedXP product then, the agent part, is taking one aspect of the StormShield endpoint protection product and essentially making it much more easy to install and manage," explained Robert N. Foley, CEO at Matrix Global Partners Inc., in a phone interview. Indianapolis, Ind.-based Matrix Global Partners works with Arkoon as the exclusive distributor of StormShield products in North and South America.
The agent takes up a "very small footprint," which Foley estimated at less than "8 k." The ExtendedXP system relies on a template update process backed by the EXP Services team at Arkoon. Foley described the template as a "baseline set of settings and controls" for protecting a Windows XP computer. The template will change to reflect any newly identified vulnerabilities.
"If there is a new vulnerability, the managed services team will report that back to them and potentially create a new template," Foley said. "All the customer has to do is apply the new template to the management console. It will automatically update all of the remote agents with the new protection."
One limitation to Arkoon's approach is that only Microsoft can update the Windows XP kernel, so the level of patch support isn't the same.
"The area where we will be the weakest will be in the area of kernel attachments," Foley said. "But we certainly also are not saying that we don't believe that ExtendedXP shouldn't be part of a multilayered solution. We are presuming, we recommend, that anyone using ExtendedXP also has a firewall. That they are also doing extra layers of protection, as they are hopefully doing today…. We are filling in one part of a multipart security strategy."
Arkoon's marketing literature makes claims that its ExtendedXP security protection is "an improvement over the security that is being supplied by Microsoft in 2013." The literature even asserts that organizations could stay within regulatory compliance by using it. Those claims aren't proven. However, for those organizations wanting to check the protection claims, ExtendedXP will be rolled out in October for testing.
"We will be ready to have customers start piloting our solution as late as October -- it might be a bit before that -- where they can actually go put it in their environment, put it up in XP boxes -- and then attack it," Foley said. He suggested that organizations could test ExtendedXP using the last nine months of Microsoft's Patch Tuesday vulnerabilities. As for ExtendedXP meeting compliance standards, that all depends on an audit, and Foley suggested that the product could meet the definition of "a compensating control." It's not a certainty, though.
The impetus for ExtendedXP largely came from organizations seeking an alternative, Foley said. For various reasons, organizations may not want to move off Windows XP. Microsoft's one gesture of support for Windows XP users after April 8 is an expensive per-incident option that's only available to organizations that qualify to use its Premiere Support Services. However, Windows XP use still remains strong today, with estimates of 37 percent use.
"This really is a user-driven thing," Foley explained. "It really started because a couple of our large European customers, primarily in the aerospace-defense industry, approached Arkoon and said, 'Hey, you've got this StormShield agent. We've got this XP problem. Is there anything you guys can do for us?'"
Arkoon, like other security solution vendors, typically works with Microsoft on vulnerability protection. However, after April 8, that collaboration isn't assured for Windows XP.
"Clearly there is a strong relationship between Microsoft and Arkoon because of the nature of the products over the years," Foley said. "And what I've heard is that it is not yet resolved…. It is not clear yet what level of cooperation we will have with Microsoft [on Windows XP]."
Arkoon offers three monitoring packages, plus custom-made ones to support specific applications. There's a Microsoft package, supporting Windows, Internet Explorer and Microsoft Office. There's a package that supports Mozilla Firefox and Google Chrome browsers, plus Adobe Flash. A third package supports Adobe Reader plus Oracle Java. Pricing for ExtendedXP is based on volume, and there are additional discounts when buying the monitoring packages, which are priced between $13 and $15 per seat, according to Foley.
ExtendedXP is sold based on a minimum of 250 seats at $15 per seat per year for the agent protection, Foley said. "And with a quantity discount it obviously goes down, so if you have 50,000 seats it's much less than that."
Foley said that the ExtendedXP product release will be near the time of the October test release. "We suspect some people will want to deploy at the end of fourth quarter and that the big push will come probably in the early part of the first quarter because you don't want to wait till April 7," he said.
Arkoon was recently acquired by a division of EADS, which owns Airbus and aerospace and defense companies in Europe. EADS' division, Cassidian Cyber Security, acquired Arkoon almost five months ago, but they had bought StormShield earlier -- about two-and-half to three years ago, Foley said.
For more ideas on moving off Windows XP, see this summary article
Kurt Mackie is senior news producer for the 1105 Enterprise Computing Group.