Windows XP: Widely Used, Widely Attacked

Exploits using Windows XP as an attack vector will grow this year, according to security experts commenting on Microsoft's "Security Intelligence Report Volume 8" (SIRv8).

The report, released earlier this year and referenced by Microsoft this week, covers July 2009 through December 2009. Once again, the U.S. is the top destination for malware, with China and Brazil running second and third. The infamous Conficker worm continues to be among the top five in terms of malware growth. Other familiar mainstays in the top five are the Taterf worm (tops the list for total infections) and Alureon in the Trojan virus category.

The good news is that with the adoption of Windows 7, overall threat detections are down compared with the first half of 2009, even with Windows 7 launching late in the study period (Oct. 2009). The bad news is that there are many consumers, enterprises and small-to-medium businesses still running Windows XP, a nine-year-old operating system.

In Windows XP, Microsoft vulnerabilities account for 55.3 percent of all attacks in the studied sample, according to the report. Yet many businesses still run XP. Tami Reller, corporate vice president and chief financial officer for Windows and Windows Live, estimated at Microsoft's Worldwide Partner Conference this month that 74 percent of businesses continue to use XP.  

Windows XP SP3 still gets security updates until April 2014. However, the clock has already run out for XP Service Pack 2, which Microsoft stopped supporting on July 13. That operating system, along with Windows 2000, no longer gets security updates from Microsoft.

"Windows XP SP2 is a widely deployed operating system and is now no longer supported by Microsoft," said Jason Miller, data and security team leader at Shavlik Technologies. "We could see a significant uptick in exploits for Windows XP. Most companies should have addressed this issue already. But, a lot of home users probably do not know that their operating system is at risk."

Windows 7 Migration
Security experts expect massive growth in adoption of the safer Windows 7 over the next three to five years.

"The growth will be explosive due to the pent up demand from Windows XP users that have been excluded from the improvements in hardware and software technologies due to the XP operating system's inabilities," said Phil Lieberman president and CEO of Lieberman Software. "We will also be seeing ISVs exploiting more of the advanced user interface features of Windows 7 and Server 2008 as they become the de facto standard for desktops and servers."

Miller said that despite the report's relatively positive overtones about a downtick in scanned malware, perceptions in the security research community are that the response rate is too slow. The risk and exploit disclosure process, and maybe even the patch release process, will have to be amended, adjusted or revamped.

"This is an area that software vendors need to reach out to security researchers and work with them," he said. "On the researcher side, they feel the vendor is too slow to adopt fixes for the vulnerabilities. On the vendor side, researchers fail to note that it takes time to fix and test the fixes. The worst case scenario is for a vendor to release a patch that fixes the vulnerability but adversely affects the system."

What's Left Unsaid
Missing from the SIRv8 report is significant data on Internet Explorer 8, as well as more info about security risks in the mobile computing space. To that end, IT security evangelists expect a greater emphasis on Web-borne bugs, mobile risks and cloud computing exploits in future reports as Microsoft ramps up its "Software Plus Services" initiatives.

"There is little coverage of cloud based exploits and the risks from a security perspective," Lieberman said. "I would be interested in seeing if the use of technologies such as Google Apps and Microsoft BPOS [Business Productivity Online Suite] cause a reduction or increase in security threats."

As it prepares for SIRv9, which will likely appear this fall and cover January through June of 2010, Microsoft is soliciting feedback from users and IT experts on the current SIRv8. Critics, researchers, casual readers, enthusiasts and experts alike are all encouraged to e-mail, with their thoughts, the report's authors wrote.

SIRv8 includes data derived from more than 500 million computers worldwide, each running Windows. It also draws data from services such as Windows Live Hotmail and the Bing search engine.  

About the Author

Jabulani Leffall is an award-winning journalist whose work has appeared in the Financial Times of London, Investor's Business Daily, The Economist and CFO Magazine, among others.


  • Microsoft Nabs IoT Platform Provider Express Logic

    As part of its plan to invest $5 billion in IoT technologies, Microsoft this week acquired Express Logic, which provides real-time operating systems for industrial embedded and IoT devices.

  • Dealing with Broken Dependencies in SCVMM

    Brien shows you how to resolve some broken, template-related dependencies in Microsoft's System Center Virtual Machine Manager.

  • AzCopy Preview Adds AWS S3 Data Transfer Improvements

    Microsoft announced this week that it has improved the preview version of its AzCopy tool to better handle Amazon Web Services (AWS) S3 data.

  • Microsoft Adding Google G Suite Migration in Exchange Admin Center

    Microsoft's Exchange Admin Center will be getting the ability to move Google G Suite calendar, contacts and e-mail data over to the Office 365 service "in the coming weeks."

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.