XP Continues to Dominate Organizations

It wasn’t all that long ago that Windows XP was run on a significant proportion of desktops in the enterprise. And despite the recent end-of-life statements, XP is still very much among the living. For example, a fiber-optic cabling deployment ship uses it to navigate where to lay its cable, and an automated safe made by Brinks still runs on Windows XP, too. At the DEF CON conference in August, security researchers showed how they could reboot the safe, take control of its systems and mess with the underlying Microsoft Access database to open its door and steal the money inside.

Even some government networks are lagging behind the times. That’s indeed the case with the U.S. Navy, which earlier this year just entered into a $9.1 million contract that would keep XP security patches and updates coming until 2017. England’s National Health Service also has a huge support contract for its large XP population. And according to Network World, the vast majority of ATMs run on XP, as well as 75 percent of water utilities, Forbes reported.

Three Things to Know About Windows XP

So what? There are always going to be companies that lag behind the latest operating system, and getting every desktop upgraded may not be possible due to tight budgets or reliance on legacy applications for compliance or certification reasons. However, things are somewhat different in 2015 from when XP first came alive in the early 2000s.

1. You’re More Likely to Be Infected

First, according to Microsoft, XP machines are six times more likely to be infected with malware than newer versions of Windows. And with Windows 10 being offered as a free upgrade for the next year, it might make sense to examine those last bastions of XP-dom and see if you can eradicate them from your businesses for good.

At a conference that I attended last year, Microsoft’s Craig Mundie said, “Even running one XP machine represents a major threat.” This is because Windows XP can’t be hardened to avoid today’s threats; it has many weaknesses. Many of the security programs have moved on from trying to protect XP endpoints for this reason.

2. XP Runs in More Places Than You Might Think

Windows XP can be found in some surprising places, including many customized applications where OS updates aren’t yet available. At one hospital complex, a help desk employee told me that they have plenty of XP desktops around and can’t easily upgrade them anytime soon. There also are numerous point-of-sale (POS) terminals, ticket kiosks, video conference rooms, traffic cameras and supermarket self-checkout lanes (these have enough problems as is) that may run on the operating system.

Take a look at the collection chronicled in the Public Computer Errors board. I am sure you can think of other places XP might be lurking. Getting rid of these threats in your enterprise will take time and a lot of effort, especially if the vendors that originally manufactured the machines are no longer in business.

3. The IoT Contributes to the Problem

Corporations are more heavily networked than they were even a few years ago, and this means that infections can be transmitted quickly throughout your infrastructure. Even if more modern operating systems aren’t compromised by a piece of XP-based malware, data stored on the network can be examined and copied. This adds to the argument for better behavioral analysis and advanced threat detection tools, too.

The early buzz is that the new Windows 10 is better and more solid than previous versions. It might be time for a major desktop refresh to get Windows XP out of your hair once and for all.

more from Endpoint

IOCs vs. IOAs — How to Effectively Leverage Indicators

Cybersecurity teams are consistently tasked to identify cybersecurity attacks, adversarial behavior, advanced persistent threats and the dreaded zero-day vulnerability. Through this endeavor, there is a common struggle for cybersecurity practitioners and operational teams to appropriately leverage indicators of compromise (IOCs) and indicators of attack (IOAs) for an effective monitoring, detection and response strategy. Inexperienced security […]

TrickBot Gang Uses Template-Based Metaprogramming in Bazar Malware

Malware authors use various techniques to obfuscate their code and protect against reverse engineering. Techniques such as control flow obfuscation using Obfuscator-LLVM and encryption are often observed in malware samples. This post describes a specific technique that involves what is known as metaprogramming, or more specifically template-based metaprogramming, with a particular focus on its implementation […]