Government // Enterprise Architecture
News
10/30/2013
09:28 AM
Connect Directly
RSS
E-Mail
50%
50%

Windows XP Malware: 6X As Bad As Windows 8

WinXP is already an easy target for hackers, and it will get even simpler once Microsoft ends support for the 12-year-old OS in April.

Need another reason to quit Windows XP before Microsoft ends support for the operating system in six months? Then consider that real-world Windows XP systems already sport a much higher rate of malware infections than Microsoft's more recent operating systems.

"Windows XP is six times more likely to be infected than Windows 8, even though it has the same malware encounter rate," Mike Reavey, Microsoft's Trustworthy Computing general manager, said in a keynote presentation at this week's RSA Conference in Amsterdam. Those statistics were gathered from real-world systems. "There are over one billion Windows machines online and we can use them to track malware," he said.

Overall, Windows XP and Vista systems each encounter about 16% of all malware that's in the wild, which puts them slightly behind Windows 7 (19%) but ahead of Windows 8 (12%), according to Microsoft. Yet for every 1,000 computers scanned, an average of 9.1 Windows XP SP3 machines were malware-infected, which is nearly double the infection rate for Vista SP2 (5.5 infected machines per 1,000) and Windows 7 SP1 (4.9 machines), and almost six times the infection rate of Windows 8 RTM (1.6 machines).

Note that the Windows XP machine count refers to Service Pack 3 installations. For its predecessor, SP2, the malware infection rates were 66% higher than for SP3.

[ Is your BYOD program putting your network at risk? Learn more about Catching Mobile Malware In The Corporate Network . ]

The marked decrease in infection rates for later-generation versions of Windows is a sign that Microsoft's 2004 about-face on software security and focus on bringing Secure Development Lifecycle (SDL) practices to bear on its software development has been working. "The downward rate is a sign of secure development practices," Reavey said. "In pretty much every service in Microsoft we have people devoted purely on security, focused on what's going on in the marketplace and what's needed to secure it."

But as Microsoft counts down to April 2014, when it plans to end Windows XP support, the company is highlighting the information security shortcomings of aging versions of Windows as one more reason for customers to upgrade. "Microsoft Windows XP was released almost 12 years ago, which is an eternity in technology terms," Tim Rains, the company's director of Trustworthy Computing, said in a related blog postTuesday. "While we are proud of Windows XP's success in serving the needs of so many people for more than a decade, inevitably there is a tipping point where dated software and hardware can no longer defend against modern day threats and increasingly sophisticated cybercriminals."

Once Windows XP stops receiving security updates, Microsoft expects the security situation to degenerate further. "On April 8, 2014, support will end for Windows XP," Rains said. "This means Windows XP users will no longer receive security updates, non-security hotfixes or free/paid assisted support options and online technical content updates. After end of support, attackers will have an advantage over defenders who continue to run Windows XP."

To date, however, despite the additional security protections afforded by later-generation versions of Windows, many businesses and consumers are sticking with the 12-year-old operating system. Indeed, as of September 2013, Windows XP remained installed on 21% of PCs worldwide, and 15% of PCs in North America, according to Web analytics company StatCounter.

Currently, zero-day vulnerabilities that affect Windows XP are fetching a relatively low price -- $50,000 to $150,000 -- compared to more recent-generation Windows operating systems, because Microsoft has been patching those vulnerabilities in a relatively short timeframe, according to security expert Jason Fossen, who works at the SANS Institute.

But expect the weaponized exploit economy to change come April, when Microsoft ceases patching XP. That's because Microsoft's continued patching of its newer operating systems will give would-be XP attackers the equivalent of CliffsNotes for targeting the older OS. "After April next year, when we release monthly security updates for supported versions of Windows, attackers will try and reverse engineer them to identify any vulnerabilities that also exist in Windows XP," said Microsoft's Rains. "If they succeed, attackers will have the capability to develop exploit code to take advantage of them."

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
<<   <   Page 2 / 2
TerryB
50%
50%
TerryB,
User Rank: Ninja
10/31/2013 | 5:23:53 PM
re: Windows XP Malware: 6X As Bad As Windows 8
Dude, I never even heard of it and doubt many other people have either. So how is the support cost of running two completely different o/s, not to mention paying a security contractor like you. Doubt it would pass a risk/reward analysis outside of the most critical businesses like banking. Getting a virus and cleaning it up would be more cost effective.
KyleS211
50%
50%
KyleS211,
User Rank: Apprentice
10/31/2013 | 1:39:12 PM
re: Windows XP Malware: 6X As Bad As Windows 8
I always wonder when I see these kind of articles if MS creates some of this Malware just to get people to move on to their next OS? The timing is always suspicious. Just saying.
IT-security-gladiator
50%
50%
IT-security-gladiator,
User Rank: Strategist
10/30/2013 | 6:12:35 PM
re: Windows XP Malware: 6X As Bad As Windows 8
Nice try but you are dead wrong. Apparently you have no clue how it works. I can safely bet you do not have Robolinux on any PC or laptop.
Aroper-VEC
50%
50%
Aroper-VEC,
User Rank: Apprentice
10/30/2013 | 6:09:32 PM
re: Windows XP Malware: 6X As Bad As Windows 8
That's a clever solution for quick remediation, but it does not offer true "protection". Further, the EU can still download and save an infected file in their Linux partition and then re-infect the restored VM just as easily by executing or opening the corrupted files.
IT-security-gladiator
50%
50%
IT-security-gladiator,
User Rank: Strategist
10/30/2013 | 6:05:27 PM
re: Windows XP Malware: 6X As Bad As Windows 8
I am IT consultant all over Asia to help secure companies pc's and servers from malware. With the new morphing viruses I had to get really creative and innvoative to bring a real solution to the table that works. The anti virus software etc just can't protect them from morphing i.e. changing malware anymore.

So I found this commercial Linux OS that cocoons all versions of Windows: i.e. 7 & XP inside a very innovative and specialized VM so that the users data files are saved to a Linux partition while the Windows OS & software is initially backed up and stored in just one .vdi file safely inside the Linux partition, which contains their original Windows installation with all its programs too. So when they get hit with a morphing virus it takes them only one click to restore their original copy of Windows and of course since their data is always safe inside the Linux partition and fully read writable from the Windows OS with bookmarked folders there is no downtime as it only takes seconds to click on their Robolinux menu option that restores their original perfect Windows Virtual Machine back to the way it was before the virus struck them.

The result is they are completely immune to all Windows malware.

I can barely keep up with the demand for it. Check it out: Google Robolinux.
<<   <   Page 2 / 2
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest September 18, 2014
Enterprise social network success starts and ends with integration. Here's how to finally make collaboration click.
Flash Poll
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
The weekly wrap-up of the top stories from InformationWeek.com this week.
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.