News

Windows XP: Widely Used, Widely Attacked

Exploits using Windows XP as an attack vector will grow this year, according to security experts commenting on Microsoft's "Security Intelligence Report Volume 8"

• By Jabulani Leffall
• 07/26/2010

Exploits using Windows XP as an attack vector will grow this year, according to security experts commenting on Microsoft's "Security Intelligence Report Volume 8" (SIRv8).

The report, released earlier this year and referenced by Microsoft this week, covers July 2009 through December 2009. Once again, the U.S. is the top destination for malware, with China and Brazil running second and third. The infamous Conficker worm continues to be among the top five in terms of malware growth. Other familiar mainstays in the top five are the Taterf worm (tops the list for total infections) and Alureon in the Trojan virus category.

The good news is that with the adoption of Windows 7, overall threat detections are down compared with the first half of 2009, even with Windows 7 launching late in the study period (Oct. 2009). The bad news is that there are many consumers, enterprises and small-to-medium businesses still running Windows XP, a nine-year-old operating system.

In Windows XP, Microsoft vulnerabilities account for 55.3 percent of all attacks in the studied sample, according to the report. Yet many businesses still run XP. Tami Reller, corporate vice president and chief financial officer for Windows and Windows Live, estimated at Microsoft's Worldwide Partner Conference this month that 74 percent of businesses continue to use XP.  

Windows XP SP3 still gets security updates until April 2014. However, the clock has already run out for XP Service Pack 2, which Microsoft stopped supporting on July 13. That operating system, along with Windows 2000, no longer gets security updates from Microsoft.

"Windows XP SP2 is a widely deployed operating system and is now no longer supported by Microsoft," said Jason Miller, data and security team leader at Shavlik Technologies. "We could see a significant uptick in exploits for Windows XP. Most companies should have addressed this issue already. But, a lot of home users probably do not know that their operating system is at risk."

Windows 7 Migration
Security experts expect massive growth in adoption of the safer Windows 7 over the next three to five years.

"The growth will be explosive due to the pent up demand from Windows XP users that have been excluded from the improvements in hardware and software technologies due to the XP operating system's inabilities," said Phil Lieberman president and CEO of Lieberman Software. "We will also be seeing ISVs exploiting more of the advanced user interface features of Windows 7 and Server 2008 as they become the de facto standard for desktops and servers."

Miller said that despite the report's relatively positive overtones about a downtick in scanned malware, perceptions in the security research community are that the response rate is too slow. The risk and exploit disclosure process, and maybe even the patch release process, will have to be amended, adjusted or revamped.

"This is an area that software vendors need to reach out to security researchers and work with them," he said. "On the researcher side, they feel the vendor is too slow to adopt fixes for the vulnerabilities. On the vendor side, researchers fail to note that it takes time to fix and test the fixes. The worst case scenario is for a vendor to release a patch that fixes the vulnerability but adversely affects the system."

What's Left Unsaid
Missing from the SIRv8 report is significant data on Internet Explorer 8, as well as more info about security risks in the mobile computing space. To that end, IT security evangelists expect a greater emphasis on Web-borne bugs, mobile risks and cloud computing exploits in future reports as Microsoft ramps up its "Software Plus Services" initiatives.

"There is little coverage of cloud based exploits and the risks from a security perspective," Lieberman said. "I would be interested in seeing if the use of technologies such as Google Apps and Microsoft BPOS [Business Productivity Online Suite] cause a reduction or increase in security threats."

As it prepares for SIRv9, which will likely appear this fall and cover January through June of 2010, Microsoft is soliciting feedback from users and IT experts on the current SIRv8. Critics, researchers, casual readers, enthusiasts and experts alike are all encouraged to e-mail sirfb@microsoft.com, with their thoughts, the report's authors wrote.

SIRv8 includes data derived from more than 500 million computers worldwide, each running Windows. It also draws data from services such as Windows Live Hotmail and the Bing search engine.