XPocalypse, not now

Didn't hackers get the memo? They were supposed to be exploiting the unpatched Windows XP

1 2 Page 2
Page 2 of 2

The last time we looked, our home and business PCs were not dispensing Andrew Jacksons.

The story got broad play in the tech and even mainstream media. (Computerworld was not above the fray; it ran a story as well.) And as Microsoft warned customers not to try the hack, some scoffed, hearing yet more dissembling.

"Of course they say it is a bad idea to use the hack, they want people to move to Windows 8 and later Windows 9," chimed in a reader identified only as "nilst2011" in a comment appended to the Computerworld news story.

Complacency ruled, too, as many argued and even more assumed that the hack and its not-quite-XP patches would keep them safe -- attitudes that drove IT managers crazy. On PatchManagement.org's mailing list, where IT professionals discuss patches and patching, the XP hack has been widely panned on several levels, from its legality to whether it really will work long-term.

"If you are willing to risk everything in order to avoid dropping a 10-year-old OS, be my guest. Just stop misleading the average user that they can protect themselves while still using XP," said one clearly-frustrated commenter on the mailing list.

More important, the lack of evidence of ongoing exploits against Windows XP meant nothing, argued Storms. "We all know there are still bugs in XP and we all assume there has to be some zero-days still to be found," Storms said, using the term for an exploit of an unpatched vulnerability. "[And] there is no doubt that some XP zero-days are prancing about the black markets as we speak."

Under-the-radar attacks could be executing even now, said Storms, who contended that the most likely use of unpatched Windows XP vulnerabilities would be against what he called "high-value targets," the kind in the crosshairs of very focused, limited attacks that are aimed at specific corporations and government agencies. All it takes for a successful infiltration of a network is one careless click by one employee tricked by a well-crafted email.

"But the thing is that the available market of high-value [Windows XP] targets is quickly dwindling and has been dwindling for years," said Storms. "I'll put money on the news headline that says a big XP zero day has been released. But let's be smart here: It's not going to be immensely impactful like Code Red, the Morris worm or Conficker."

Some of Storms' examples did significant damage, spread promiscuously or were resistant to eradication. 2008's Conficker, for example, was still infecting millions of Windows PCs years after its debut.

Such massively-disruptive malware has become a thing of the past. Still, some have used the same examples as Storms when wondering aloud what Microsoft might do, after Windows XP was retired, if something similar hit the Internet. Would Microsoft retract its promise, and patch the flaw?

No one knows.

Storms had another good point: Windows XP is steadily diminishing as an attractive target simply because, although it still powers about a fourth of all personal computers, its share is shrinking.

In the last 12 months, XP has dropped 12.5 percentage points, shedding 33% of the user share it held in May 2013, according to analytics firm Net Applications. If Windows XP continues to lose user share at its current tempo, it will be powering less than 10% all personal computers a year from now.

Cross your fingers that nothing happens in the meantime.

Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at  @gkeizer, on Google+ or subscribe to Gregg's RSS feed . His email address is gkeizer@computerworld.com.

See more by Gregg Keizer on Computerworld.com.

Copyright © 2014 IDG Communications, Inc.

1 2 Page 2
Page 2 of 2
Shop Tech Products at Amazon