Windows XP users vulnerable as Microsoft support ends

microsoft-windows-xpLONDON, England, Wednesday April 9, 2014 – If you’re among the many dedicated Windows XP users who have ignored Microsoft’s advice to ditch the venerable operating system, brace yourself for what could be a rough ride.

Support for XP ended yesterday.

That means there will be no more official security updates and bug fixes for the operating system from Microsoft.

Some governments have negotiated extended support contracts for the OS in a bid to keep users protected. The British government has signed a £5.5m deal for extended support, while the Dutch government has signed a “multi-million euro” deal to obtain help for the 40,000 PCs running XP used by the nation’s civil servants.

Security firms said anyone else using the 13-year-old software would be at increased risk of infection and compromise by cyber-thieves.

Statistics suggest 20 to 25 percent of all users have stuck with XP despite the fact that there have been three major releases of Windows since its debut in 2001.

Anyone running Windows XP prior to the termination of support already faced a disproportionate risk of falling victim to malware, said Dave Emm, a senior research analyst at security firm Kaspersky.

“Our data indicates that less than one fifth of our customers run Windows XP but more than a quarter of infections are Windows XP-based,” he said.

That exposure ratio was only going to get worse after 8 April, he said, once the last security patch for Windows XP had been released.

That final patch fixed a series of bugs, one of which is rated as critical and is already being actively exploited despite only being discovered in late March.

“Effectively, every vulnerability discovered after 8 April will become a zero-day vulnerability – that is, one for which there is and never will be, a patch,” said Emm.

Windows XP users topped the list of victims cyber-thieves targeted, said Maik Morgenstern and Andreas Marx from the German AV-Test group, which rates and ranks security software.

“Malware writers go for the low hanging fruits because it’s a lot easier to infect systems running on an old Windows XP operating system compared to brand-new Windows 8.1, with all its built-in security features,” they said.

“We think we will see a lot of attacks for Windows XP within the next few months, but attackers will also always add exploits for other Windows systems just to catch those systems as well.”

Orla Cox, a senior manager at cyber-defence firm Symantec’s security response unit, said criminal groups were likely to hoard the XP vulnerabilities they knew about rather than use them to bolster malware being spammed out to millions of people.

“The types of groups sitting on zero-days will tend to use them against high-end targets and for corporate espionage,” she said. “Some organisations will have particular concerns because they find it so hard to move away from XP.”

Any zero-day that did get used against a corporate target was likely to be re-used later on, she added.

“Once it’s out there it gets into the malware kits and then gets circulated and there will be no defence,” she said. (BBC News) Click here to receive free news bulletins via email from Caribbean360. (View sample)