Skip the navigation

Windows XP infection rate may jump 66% after patches end in April

Microsoft again puts the scare into XP laggards, this time using stats

October 30, 2013 09:17 AM ET

Computerworld - Microsoft yesterday again put the scare into Windows XP users, telling them that after April 8, 2014, the chance that malware will infect their PCs could jump by two-thirds.

The claim, made by Tim Rains, director of Microsoft's Trustworthy Computing group, came on the heels of the release of the company's twice-annual Security Intelligence Report (download PDF).

Following up on comments he made in August, Rains again warned Windows XP stragglers to expect an increase in attacks when the aged operating system exits support in five months.

"After end of support, attackers will have an advantage over defenders who continue to run Windows XP," Rains asserted in a Tuesday post to a company blog. "After April next year, when we release monthly security updates for supported versions of Windows, attackers will try and reverse engineer them to identify any vulnerabilities that also exist in Windows XP. If they succeed, attackers will have the capability to develop exploit code to take advantage of them."

Rains then went a step further, and cited statistics from Microsoft's own telemetry-gathering efforts to give customers an idea of the increased threat after support ends.

"We have already had a glimpse into what happens when a Windows XP-based platform goes out of support," Rains added. "In the two years after Windows XP Service Pack 2 went out of support, its malware infection rate was 66% higher than Windows XP Service Pack 3 -- the last supported version of Windows XP."

Support for Windows XP Service Pack 2 (SP2) ended in July 2010, a little over two years after the release of XP SP3.

In a chart accompanying his comments, Rains showed the higher infection rate of Windows XP SP2 when compared to SP3. The two started out with similar infection rates, but began to diverge in the first quarter of 2011, with the largest gap in Q4 of that year. Since then, the difference between the two has narrowed: In the fourth quarter of 2012, the latest shown in the chart, the gap appeared to be approximately four computers per thousand -- 12 for SP3 versus 16 for SP2 -- representing a 33% increase in the latter's infection rate.

While there could be other reasons for the different infection rates, including lack of up-to-date security software, Rains' implied assumption was that it was because XP SP2 had not been patched -- because it could not be -- while XP SP3 had been.

Microsoft has been extremely blunt about the danger customers will face next year after Windows XP support vanishes, belittling the creaky OS's security prowess, even attacking it at times. That's unusual. Microsoft's usual tactic is to simply ignore an older operating system, as it does Windows Vista, the flop that now accounts for just 4% of all Windows PCs.

infection ratechart
According to Microsoft, the no-longer-supported Windows XP SP2 has an infection rate significantly higher than the still-patched SP3. (Image: Microsoft.)


Our Commenting Policies
Internet of Things: Get the latest!
Internet of Things

Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!