Microsoft has announced that all official Windows XP support will be terminated on April 8, 2014. But despite the fact that zero-day is just around the corner, millions of businesses and individuals are still using the legacy platform, making them extremely vulnerable to hacking and malware attacks.
The Windows XP platform’s ecosystem is officially going to expire. Launched in 2001, Microsoft ended its mainstream support for the platform in April 2009. A 5-year support plan was then announced following the platform’s huge success.
“Getting Over your XP“, a Spiceworks report, revealed that over 75% of IT professionals still run Windows XP. Needless to mention, unsupported mainstream operating systems are paradise for cyber-criminals and fraudsters.
Businesses and private homes, especially in Asia, S.America and Africa, have been very slow in upgrading their computing systems. The inability to adopt new software is due to lack of compatible hardware and poor resources, along with inadequate financial capabilities. The upcoming XP support termination will put these networks in jeopardy.
To make matters worse, Google has already announced that it will offer full Windows XP Chrome support well into 2015. While this move may help the die-hard loyals and cash-stripped Windows XP users for the short-term, it can also delay their move to safer and supported operating systems. A patched browser isn’t a substitute for a fully-patched system.
Possible damages and exploits can include:
- Planting of spyware that can cause leakage of sensitive information.
- Remote taking over of systems and direct intruder access.
- Botnet activity and participation in DDoS attacks.
- Installation of spyware that can track user-activity in real time.
A great example is the Indian Banking Industry, which uses Windows XP as its default software platform. Over 34,000 bank branches and thousands of retailers still rely on the expiring OS. The situation in China is equally worrying. 49% of Chinese computers still use Windows XP, with a high percentage using pirated insecure versions.
Hackers can use a wide range of tricks to exploit Windows XP systems. This can start with realistic “system pop-ups” containing phone numbers regarding possible upgrades. More sophisticated techniques can involve bogus registration forms that harvest your private information or even links that activate malware download and installation.
CISOs and InfoSec Executives face a huge challenge in coming months. Besides demanding the funding and resources required to upgrade the current operating systems, they must define clear guidelines to minimize the risks. Only basic activities such as sending and receiving emails and basic browsing sessions should be permitted.
Its time to say goodbye to Windows XP. The sooner the better.