There are just a few short weeks before Microsoft ends support for Windows XP, and a new report from security researchers suggests that the situation for those still running the 12-year-old operating system may be even worse than feared. In a recent Wisconsin Law Journal article, Michael Menor, a former military computer specialist and network engineer, warns that businesses still running Windows XP after the April 8th cutoff date could see their systems infected “within 10 minutes.”
Microsoft currently releases regular updates and patches to Windows XP and its successors to address security vulnerabilities. These include both exploits discovered “in the wild,” as well as vulnerabilities discovered internally or by the security community before they can be exploited by hackers. The problem is that Microsoft has long telegraphed the end of support for Windows XP, and hackers who have discovered exploits in Windows XP are likely holding off on releasing them until after the support cutoff date. From the hackers’ perspective, why release a virus or exploit online and give Microsoft a chance to fix it now instead of waiting until after April 8th and presumably enjoying free rein over Windows XP’s helpless users?
Another issue is that, due to similarities in the underlying code between Windows XP and later versions of the operating system, hackers may be able to discover existing vulnerabilities in Windows XP by examining the patches that Microsoft will continue to release for Windows Vista, Windows 7, and Windows 8. As explained by Steve Treppa, principal consultant at IT firm CT Logic:
Obviously, Microsoft won’t be patching [Windows XP] any more, but the other thing people are talking about is traditionally when Microsoft issues a patch, it’s regressive to earlier versions. So the fear is the bad guys will see what the patches are for Windows 7 and 8 and go back to XP and exploit that patch, because Microsoft will not fix it.
The Wisconsin Law Journal article is targeted at law firms, but the advice rings true for any business or consumer user of Windows XP. The situation is particularly dire because, as of the date of this article, Windows XP still accounts for about 29 percent of all online PCs, representing as many as 500 million computers worldwide. In the event that all of these machines fall victim to security vulnerabilities at once, the results could be catastrophic.
It is this reality that caused Microsoft to delay its end of support plans for Windows XP several times. Meanwhile, governments and security researchers have also implored the company to extend support once again, particularly in China, where estimates peg Windows XP usage share at over 50 percent. But despite these efforts, Microsoft appears resolved to keep its April 8th deadline.
Some users may be comforted to know that Microsoft and third party firms will continue to provide updates to anti-malware software on Windows XP, but these measures can only offer partial protection. Vulnerabilities to the “core” infrastructure of the operating system cannot be averted by top-level software alone.
But users shouldn’t expect the Internet to come to a screeching halt on the morning of April 9th. Windows XP systems will continue to operate, but the most insidious aspect is that those infected may not even know it. Modern malware doesn’t want to be detected, so it exists subtly inside a user’s PC until needed. From there, a whole host of negative actions could take place, including the hijacking of a user’s PC as part of a botnet, the logging of keystrokes and passwords to gain access to users’ secure online accounts, the installation of a hidden Bitcoin miner, and more.
It is therefore imperative that users migrate their systems to a supported operating system before the April 8th deadline, and the cheapest way to do that may be the purchase of a new PC: “We get calls all the time about making their system go faster, and we will do the research, but in most cases the cost is way too high and we advise them to buy a new computer,” Mr. Treppa explained. “And the upgrade pricing for Windows 7 or 8 is in the $200 range, and when computers can be had for $400-$500, you’re already half way there.”