The last days of Windows XP – Security threat? You bet!

windowsxpHere we are – by this date next month Windows XP support will officially end.  April 8th is day Zero and a whole lot of security hurt is on the way.  So what are we looking at exactly?  Trouble.  Windows XP has been around for years and it still commands millions of desktop and laptop systems, by some figures as much as 30 percent worldwide.  Medical systems, ATMs and many functional systems that surround us every day still use Windows XP.  Now, it’s not like Windows XP will suddenly die, but it is a security concern that has a lot of people wishing it would - justdie…  Attrition or something, that would be nice.  Surely these machines are still running out there, and you would think that’s because they’re running well.  Come April 8th, hackers will be licking their chops though because there will be no more patches, no more updates and that means open season with many vulnerabilities still on the horizon that won’t be patched.  Everything zero-day, everything that is tied to this legacy platform, every application that is optimized for Windows XP will be attacked – count on it.

xp-deathHere’s what’s going to happen.  On April 8th, 2014 at 3pm local time, every Windows XP home and professional operating system will see a message each and every day that reads:  “Windows XP End of Support is on April 8th, 2014″.  Users will also see a link to Microsoft’s Windows XP end of  support website.  Further, if a customer has a need for customer support, as they say, SOL.  It’s time to update.   And you know, it’s about time.
I once had a classic 1965 Plymouth Barracuda that was more paint and rust than metal in places.  I had to replace with new fenders and do extensive metal work.  Windows XP has gotten more than its share of coats of paint over the years.  There were major revisions and updates, they got to a third service pack six years ago and had countless bundled updates after that.   The world of security was different when Windows XP first hit, the malware that exists today wasn’t around – root kits, spyware, ransomware, cross-script attacks, even the encryption requirements just weren’t what they are today.   It’s time to put this old dog down, and that’s going to mean a lot of hurt, no way around.

95% of Bank ATMs may still be running Windows XP

 

Windows_XP_SP3

Windows XP Screenshot

So, one has to wonder why Windows XP has hung around for so long, the reasons vary.  In some cases, companies are stuck to applications that haven’t updated and lack compatibility with Windows 7 and Windows 8.   That seems to be the case with a crushing number of banking ATM’s, which by last count was 95 percent Windows XP.  No doubt they are racing to upgrade and update these machines.  Imagine zero-day weaknesses launched against ATMs, hackers already are.  Sometimes businesses haven’t moved because of costs – people to make the upgrade, equipment costs, operating system costs and migration costs all factor into the picture.  Some people just plain dislike Windows 7 and especially Windows 8.  That matters not because the change is coming no matter what.   Even I have a system that is offline, does one thing when I need it to and nothing else, so why upgrade?  Especially when there is no true OS upgrade process between these operating systems.

That’s just the thing though, that system – I know what it does and it doesn’t touch the internet at all.  Millions of computers still do connect to the internet and that means when new holes hit – large, rapid-spreading infections will be behind bigger and bigger bot nets and large-scale attacks.  Understand that vulnerabilities constantly emerge on Windows XP to this very day.

So what’s the way out?  Simple, maybe.  Replace that old computer, it’s a risk.  That may not be practical though for large businesses and they will be looking to alternatives until they can make the move.  Some will jump to Mac computers, some will get new Windows computers or Chromebooks.  Some organizations will look at more stringent procedural monitoring and securing of their aging systems.  Many have started implanting VDI technologies, both organically built on-premise VDI solutions and those that are cloud-based, also known as “cloud-delivered desktops”.  These solutions offer a quick migration and thin-client operating system environment that is centrally managed, quickly deployed and quickly updated.  One thing that may emerge and take root is an outside Windows XP community that could publish their own patches and updates, though the veracity and stability of an outside community effort may not be a solution the industry can get behind.  Without much choice however, you never know.

So, Windows XP – one month to go.  This is a real issue that unfortunately needed to happen, get ready for some big news to come out of this.

Windows XP ScreenShot – “Used with permission from Microsoft.”

About John Casaretto

SiliconANGLE's CyberSecurity Editor - Have a story tip or feedback? Please reach out to me! Security is as critical as ever and our mission is to uncover those stories that will help our industry be more secure.