Mobilize Blog

Application Modernization

Recent Posts

Posts by Topic

see all

XP end of life poses bigger security threat than thought

Posted by John Browne on Oct, 29, 2013 @ 14:10

If in your natural state of eternal optimism you think the Bad Guys have started to slack off, think again.

Win XP logoMicrosoft's recently released Security Intelligence Report, Volume 15, which you can get here (160 mind numbing pages) indicates that after a little improvement in the first half of 2012 things got worse in the second half. This year--looking at the USA--infection rates dropped from 1Q2013 to 2Q2013. (Note: Microsoft collects billions of datapoints from their own anti-malware software, Bing searches, Outlook and Office 365 users, and more). 

Microsoft uses an index called CCM (Computers Cleaned per Mille) which is the number of computers cleaned for every 1000 executions of their Malicious Software Removal Tool. It's a handy way to see what the infection rate is by OS, or region, or whatever. In 2Q2013 the CCM for the USA was 11.5% (down from 14% in 1Q), but in some developing countries it's north of 40%.

An interesting article on ZDNet discusses some even-more-depressing possibilities about Windows XP end-of-life and potential attacks, vulnerabilities, and exploits. Consider the following:

  • XP is, well, old. Since then, each subsequent version of Windows has built better security into the OS
  • The infection rate for XP is over 9% while it's less than 2% for Win8. And to counter the argument that "well, yeah, but nobody's bought Win8" look at it for Win7 (which is the biggest share of Windows desktops). It's only 4.9%, almost half of XP's rate.
  • All the major Windows versions encounter malware about roughly the same rate, so the high XP infection rate is a strong indicator of its native vulnerabilities to attack compared to more modern systems.

So what's the news here? This new frightening scenario: after the last patch of XP (probably on April 8, 2014) attackers will study every new patch to Vista and Windows 7 to see if XP is also vulnerable in the same way. And when it is, they will build an exploit and launch it out the window to do its evilness. But unlike Vista and the other still-supported versions of Windows, XP won't get a patch to fix it. So people still running XP--even inside VMs in many cases--will be vulnerable to attack.

Need more information about getting off Windows XP before it's too late? Download our chock full o' information eBook:

Download Now!

Topics: Windows XP, Windows security, malware