The Windows XP end of life is months away but the clock is ticking. Are IT managers listening? Once April 8, 2014 hits, businesses using Windows XP won't be protected against new malware attacks.
Microsoft has released its latest Microsoft's Security Intelligence Report, which analyzes cyber exploits and threats in over 600 million computers worldwide.
One of the report's messages is grim when it comes to compliance. The finding: Windows XP systems had an infection rate that was six times higher than Windows 8.
On Tuesday, Tom Rains, Microsoft's Director, Trustworthy Computing, posted his observations about the cybersecurity report. Rains sent out a wake-up call about the risks of running unsupported software. On April 8, 2014, support will end for Windows XP, and that means no more "hotfixes," no more security updates, no more assisted support options.
After the end of support, attackers will have an advantage, said Rains. When Microsoft releases monthly security updates for supported versions of Windows, attackers will try to reverse-engineer them to identify vulnerabilities in Windows XP.
No Basement Hobbyists
If they succeed, attackers will then move to develop exploit code to leverage those vulnerabilities. Rains noted that “inevitably there is a tipping point where dated software and hardware can no longer defend against modern day threats and increasingly sophisticated cybercriminals."
The report noted key threats for those running Windows XP are Sality, malware that steals information and lowers PC security settings; Ramnit, malware that attacks executable files, Microsoft Office files and HTML files; and Vobfus, worms that download other malware onto PCs.
“Today’s cybercriminals aren’t the hobbyists we saw developing malicious software from their basements in the 1990s,” said Rains. “Cybercriminals today are no longer motivated by fame and notoriety; they are well funded underground organizations, often with advanced capabilities that include large-scale malware automation, who are motivated by profit or seek to cause real financial or political harm.”
Are business managers listening? A recent survey suggests not all managers are prepared. A study announced in September, "Application Usage Management Survey: Software Migrations & Application Readiness," from application usage management company Flexera Software, prepared jointly with IDC, surveyed enterprises planning their OS migrations.
"Microsoft’s support for Windows XP is scheduled to end on April 8, 2014. That means the clock is ticking for enterprises to complete migration of their operating systems and enterprise applications," according to the survey. Significant work has yet to be done within this very narrow time frame. Almost a third of organizations -- 28% -- haven’t yet migrated 50% of their application estates to Windows 7. Only 3.7% of respondents plan on migrating directly to Windows 8."
Inaction at a Price
Windows XP was the most widely used operating system until Windows 7 overtook its supremacy in 2012. Current estimates vary but Windows XP is still popular and is run worldwide. Security watchers are concernd that numerous PC installations after the April 8 deadline will continue to carry Windows XP.
At what price? In terms of downtime and in terms of shareholder complaints over due diligence, should the Windows XP systems fall under attack. "The impact of even a few Windows XP systems within an enterprise after the April 8, 2014 EOL date presents such a substantial vulnerability and security risk that it’s hard to justify delaying the migration to Windows 7 or Windows 8," according to PC-maker Lenovo.