Industry Faces Life after XP

Tuesday, April 8, 2014 @ 05:04 PM gHale

For an industry that still has systems running Windows NT, the exodus of Microsoft support for Windows XP should not be as big a deal as one would think.

After all, those ancient systems are still running. Having said that, if manufacturers are not moving to a fully supported system in this day and age of cyber alerts and increased sophistication of attack methods, they are definitely rolling the dice.

XP Risks, Protection Tips after April 8
Patch Tuesday: XP, IE Take Center Stage
Security Awareness: A Matter of Safety
Attacks in ’13: 200 Per Minute

With an increased awareness of security inching forward throughout the industry, it only makes sense that starting off with a security plan would include an operating system that has full vendor support.

All that said, today marked the end of Windows XP’s life. It will receive its last ever set of patches on Windows Update today, and for the most part, that will be that. Any flaws discovered from now on — and you can almost hear the bad guys typing in test code as we speak will not get a public patch.

By some measures, 28 percent of the Web-using public is still using Windows XP, and these systems are ripe for exploitation. It is understandable why; the system was excellent.

While we can hope that personal firewalls, intrusion detection, and even Network address translation (NAT) systems will prevent any worm from infecting these systems, but exploitation through things like malicious email attachments, Office documents, USB keys, and browsers is inevitable.

In addition to XP, Office 2003, released October 21, 2003, is also ending its support today. And although Internet Explorer 7 and 8 both released after Windows XP they, too, are no longer getting support on Windows XP and will no longer get patches.

Google and Mozilla will continue to support Chrome and Firefox on Windows XP for at least one year. Similarly, some antivirus software will continue to receive definition updates, including Microsoft’s own Security Essentials.

We can expect to see the usual range of malware running on exploited machines. That malware will be a threat to the machines’ users, of course, with exploits that can spy on them and compromise passwords, banking details, and so on. But more problematically, it will also be a threat to everyone else, as compromised XP installations will end up recruited into botnets, taking commands from remote systems to perform such tasks as sending spam and participating in denial of service attacks.

While Windows XP machines used to control industrial machinery, security systems, and the like are on private networks hopefully loaded with security, it still means they face uncertainty. They should be running Windows XP Embedded. But are they?

Whether they know it or not, manufacturers are already under attack. An unsupported operating system just ups the ante for security professionals and makes some systems very low hanging fruit.

Leave a Reply

You must be logged in to post a comment.