The Windows XP Zombie Apocalypse

The countdown is finally over for those looking for extended life support for XP (unless they've inked a deal). But are they still secure?

"Supporting operating systems beyond their end-of-life is nothing new for the corporate IT department, and there are plenty of ways-and-means to reduce or mitigate the risks associated with unsupported software. In the meantime, Google has said that it will support its Chrome web browser on Windows XP until April 2015, and antivirus vendors (including Microsoft) have said they will continue to update their software running on Windows XP computers until 2015."

While Windows XP and Windows 7 stand roughly shoulder-to-shoulder in terms of infection rates when there is no real-time anti-malware protection in place, with such armour Windows 7 leapfrogs clearly into the 'much safer' category.

What isn't in question is that, after today, software updates (wave goodbye to Patch Tuesday' for XP and service packs) will cease and desist. Even if a gaping big vulnerability is uncovered, regardless of whether there's a zero-day in the wild causing all kinds of damage or whatever, there will be no more security patches.

That much is stone cold fact. Existing patches may well - given the sheer number of XP instances still out there - be available online for some time yet. That doesn't alter the frankly worrying fact that any new vulnerabilities are going to be left to unpatched and accessible for anyone to exploit as they wish.

Advertisement
Advertisement - Article continues below

Research suggests that as many as a third of existing malware infections across operating systems can be put down, at some level, to a lack of timely security patching. It's common sense really, and doesn't take an IT security genius to work out that an unpatched piece of software (be that third-party application or core OS) is far more likely to get infected by an exploit than one that has been patched against a specific vulnerability.

At the OS level, it's also clear that while Windows XP and Windows 7 stand roughly shoulder-to-shoulder in terms of infection rates when there is no real-time anti-malware protection in place, with such armour Windows 7 leapfrogs clearly into the 'much safer' category.

Windows 8 hasn't been covered off in this feature yet for two key reasons. Firstly it just hasn't made any kind of impact upon the enterprise migration radar as of yet. Secondly, real-time protection comes built-in and, as a result infection rates are so low as to be all but invisible right now.

Indeed, about 0.2 per 1,000 compared to 4.2 per 1,000 for XP machines. Take away the real-time malware protection and XP rates shoot up to 15.6 per 1,000 according to Microsoft's own Malicious Software Removal Tool figures. This latter statistic is an important one in terms of the Windows XP security risk analysis. That's because the bad guys tend to focus their attention and resources where the biggest profit lays.

Featured Resources

Application security fallacies and realities

Web application attacks are the most common vulnerability, so what is the truth about application security?

Download now

Your first step researching Managed File Transfer

Advice and expertise on researching the right MFT solution for your business

Download now

The KPIs you should be measuring

How MSPs can measure performance and evaluate their relationships with clients

Download now

Life in the digital workspace

A guide to technology and the changing concept of workspace

Download now
Advertisement

Most Popular

Visit/operating-systems/25802/17-windows-10-problems-and-how-to-fix-them
operating systems

17 Windows 10 problems - and how to fix them

4 Nov 2019
Visit/strategy/28115/the-pros-and-cons-of-net-neutrality
Business strategy

The pros and cons of net neutrality

4 Nov 2019
Visit/domain-name-system-dns/34842/microsoft-embraces-dns-over-https-to-secure-the-web
Domain Name System (DNS)

Microsoft embraces DNS over HTTPS to secure the web

19 Nov 2019
Visit/social-media/34844/can-wikipedia-founders-social-network-really-challenge-facebook
social media

Can Wikipedia founder's social network really challenge Facebook?

19 Nov 2019