Windows XP infection rate may jump 66% after patches end in April
Microsoft again puts the scare into XP laggards, this time using stats
Computerworld - Microsoft yesterday again put the scare into Windows XP users, telling them that after April 8, 2014, the chance that malware will infect their PCs could jump by two-thirds.
The claim, made by Tim Rains, director of Microsoft's Trustworthy Computing group, came on the heels of the release of the company's twice-annual Security Intelligence Report (download PDF).
Following up on comments he made in August, Rains again warned Windows XP stragglers to expect an increase in attacks when the aged operating system exits support in five months.
"After end of support, attackers will have an advantage over defenders who continue to run Windows XP," Rains asserted in a Tuesday post to a company blog. "After April next year, when we release monthly security updates for supported versions of Windows, attackers will try and reverse engineer them to identify any vulnerabilities that also exist in Windows XP. If they succeed, attackers will have the capability to develop exploit code to take advantage of them."
Rains then went a step further, and cited statistics from Microsoft's own telemetry-gathering efforts to give customers an idea of the increased threat after support ends.
"We have already had a glimpse into what happens when a Windows XP-based platform goes out of support," Rains added. "In the two years after Windows XP Service Pack 2 went out of support, its malware infection rate was 66% higher than Windows XP Service Pack 3 -- the last supported version of Windows XP."
Support for Windows XP Service Pack 2 (SP2) ended in July 2010, a little over two years after the release of XP SP3.
In a chart accompanying his comments, Rains showed the higher infection rate of Windows XP SP2 when compared to SP3. The two started out with similar infection rates, but began to diverge in the first quarter of 2011, with the largest gap in Q4 of that year. Since then, the difference between the two has narrowed: In the fourth quarter of 2012, the latest shown in the chart, the gap appeared to be approximately four computers per thousand -- 12 for SP3 versus 16 for SP2 -- representing a 33% increase in the latter's infection rate.
While there could be other reasons for the different infection rates, including lack of up-to-date security software, Rains' implied assumption was that it was because XP SP2 had not been patched -- because it could not be -- while XP SP3 had been.
Microsoft has been extremely blunt about the danger customers will face next year after Windows XP support vanishes, belittling the creaky OS's security prowess, even attacking it at times. That's unusual. Microsoft's usual tactic is to simply ignore an older operating system, as it does Windows Vista, the flop that now accounts for just 4% of all Windows PCs.
Windows XP lives
- XPocalypse, not now
- Windows XP hack resurrects patches for retired OS
- Bug bounty program outs 7-month-old IE zero-day
- CA Technologies releases free XP migration tool
- Windows XP's U.S. farewell tour to last most of '14
- Microsoft sticks to vow, leaves XP exposed to ongoing attacks
- Microsoft's Patch Tuesday gives XP attackers a roadmap
- Microsoft: We're serious this time; XP's dead to us
- Windows XP die-hards can slash attack risk by dumping IE
- Hackers now crave patches, and Microsoft's giving them just what they want
- Top 10 Reasons to Strengthen Information Security with Desktop Virtualization Regain control and reduce risk without sacrificing business productivity and growth
- Preventing Sophisticated Attacks: Anti-Evasion & Advanced Evasion Techniques McAfee Next Generation Firewall applies sophisticated analysis techniques specifically to detect advanced evasion techniques (AET).
- The Security Industry's Dirty Little Secret The debate over advanced evasion techniques (AETs) This report summarizes the findings of a McAfee commissioned research group to determine the level of understanding IT security professionals have about AETs...
- Demand More, Get the Most from the Move to a Next-Generation Firewall Beyond the basics in a next generation firewall, to protect your investment you should demand other valuable features: intrusion prevention, contextual rules, advanced...
- What should I look for in a Next Generation Firewall? SANS Provides Guidance With so many vendors claiming to have a Next Generation Firewall (NGFW), it can be difficult to tell what makes each one different....
- Responding to New SSL Cybersecurity Threat The featured Gartner research examines current strategies to address new SSL cybersecurity threats and vulnerabilities. All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!