Windows XP in the crosshairs of online attackers

Many organizations still using the OS, as exploits against it continue to grow

Exploits using Windows XP as an attack vector will grow this year, according to security experts commenting on Microsoft's "Security Intelligence Report Volume 8" (SIRv8).

The report, released earlier this year and referenced by Microsoft this week, covers July 2009 through December 2009. Once again, the United States is the top destination for malware, with China and Brazil running second and third. The infamous Conficker worm continues to be among the top five in terms of malware growth. Other familiar mainstays in the top five are the Taterf worm (tops the list for total infections) and Alureon in the Trojan virus category.

The good news is that with the adoption of Windows 7, overall threat detections are down compared with the first half of 2009, even with Windows 7 launching late in the study period (October 2009). The bad news is that there are many consumers, enterprises and small-to-medium businesses still running Windows XP, a nine-year-old operating system.

In Windows XP, Microsoft vulnerabilities account for 55.3 percent of all attacks in the studied sample, according to the report. Yet Tami Reller, corporate vice president and chief financial officer for Windows and Windows Live, estimated at Microsoft's Worldwide Partner Conference this month that 74 percent of businesses continue to use XP.  

Windows XP SP3 will continue to get security updates until April 2014. However, the clock has already run out for XP Service Pack 2, which Microsoft stopped supporting on July 13. That operating system, along with Windows 2000, no longer gets security updates from Microsoft.

"Windows XP SP2 is a widely deployed operating system and is now no longer supported by Microsoft," said Jason Miller, data and security team leader at Shavlik Technologies. "We could see a significant uptick in exploits for Windows XP. Most companies should have addressed this issue already. But, a lot of home users probably do not know that their operating system is at risk."

Windows 7 migration

Security experts expect massive growth in adoption of the safer Windows 7 over the next three to five years.

"The growth will be explosive due to the pent up demand from Windows XP users that have been excluded from the improvements in hardware and software technologies due to the XP operating system's inabilities," said Phil Lieberman president and CEO of Lieberman Software. "We will also be seeing ISVs exploiting more of the advanced user interface features of Windows 7 and Server 2008 as they become the de facto standard for desktops and servers."

Miller said that despite the report's relatively positive overtones about a downtick in scanned malware, perceptions in the security research community are that the response rate is too slow. The risk and exploit disclosure process, and maybe even the patch release process, will have to be amended, adjusted or revamped.

"This is an area that software vendors need to reach out to security researchers and work with them," he said. "On the researcher side, they feel the vendor is too slow to adopt fixes for the vulnerabilities. On the vendor side, researchers fail to note that it takes time to fix and test the fixes. The worst case scenario is for a vendor to release a patch that fixes the vulnerability but adversely affects the system."

What's left unsaid

Missing from the SIRv8 report is significant data on Internet Explorer 8, as well as more info about security risks in the mobile computing space. To that end, IT security evangelists expect a greater emphasis on Web-borne bugs, mobile risks and cloud computing exploits in future reports as Microsoft ramps up its "Software Plus Services" initiatives.

"There is little coverage of cloud based exploits and the risks from a security perspective," Lieberman said. "I would be interested in seeing if the use of technologies such as Google Apps and Microsoft BPOS [Business Productivity Online Suite] cause a reduction or increase in security threats."

As it prepares for SIRv9, which will likely appear this fall and cover January through June of 2010, Microsoft is soliciting feedback from users and IT experts on the current SIRv8. Critics, researchers, casual readers, enthusiasts and experts alike are all encouraged to e-mail, with their thoughts, the report's authors wrote.

SIRv8 includes data derived from more than 500 million computers worldwide, each running Windows. It also draws data from services such as Windows Live Hotmail and the Bing search engine.  

About the Author

Jabulani Leffall is a journalist whose work has appeared in the Financial Times of London, Investor's Business Daily, The Economist and CFO Magazine, among others.

inside gcn

  • connected vehicles

    4 connected vehicle apps Michigan is testing right now

Reader Comments

Sun, Aug 1, 2010

If you're just updating to XP SP3, be sure to CLEAN your system well before installing it. That means running chkdsk first to repair any Hard drive issues, then run your AV and Malware programs (ilike malwarebytes antimalware and superantispyware, both free) so you have a nice clean base to install onto. If you have an external HD, you may want to clean up, then image your current working setup with the free Macrium Reflect. It makes the smallest, fastest images and was rec'd #2 Gizmo's freeware. #1 is much larger (100+ MB), makes larger images, and is a bit more "polished=". But I prefer Macrium Reflect if you want to image.

Fri, Jul 30, 2010 Ryan

I totally agree with Jim

Wed, Jul 28, 2010 william

XP in the cross-hairs of online attackers? When did that happen? OMG! Well, Michael reassures me that most home users have "strong 3rd party security software" so those viruses "cannot really make it in." That must be why hardly anybody with XP is at risk. Note to Michael: I don't use Ubuntu day-to-day but you sound like a real dope. Ubuntu is simple to install and simple to use for what most home users need to do. Anybody can do it (even you.)

Wed, Jul 28, 2010 Michael

Most home computers should have switched over to windows xp SP3 by now anyways, actually they should have for a long time, considering the people that mainly use computers now-a-days use laptops, most laptops coming with either Vista or Se7en depending on when you bought it, (some with xp if that old.) With strong 3rd party security software, (which most home users own) those viruses cannot really make it in, as long as the software is up-to-date, which most AntiViruses automatically do. also @jim, Ubuntu, is almost unusable for most companies due to the amount of knowledge needed in order to do anything. Most employees do not have this, also the software conflicts, not everyone will want to use Wine as their main way to open things in their company.

Tue, Jul 27, 2010 jim

Time for you folks to update your old XP computers to Ubuntu. Bonus: speed & security increase!

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group