September 15, 2015 By David Strom 3 min read

XP Continues to Dominate Organizations

It wasn’t all that long ago that Windows XP was run on a significant proportion of desktops in the enterprise. And despite the recent end-of-life statements, XP is still very much among the living. For example, a fiber-optic cabling deployment ship uses it to navigate where to lay its cable, and an automated safe made by Brinks still runs on Windows XP, too. At the DEF CON conference in August, security researchers showed how they could reboot the safe, take control of its systems and mess with the underlying Microsoft Access database to open its door and steal the money inside.

Even some government networks are lagging behind the times. That’s indeed the case with the U.S. Navy, which earlier this year just entered into a $9.1 million contract that would keep XP security patches and updates coming until 2017. England’s National Health Service also has a huge support contract for its large XP population. And according to Network World, the vast majority of ATMs run on XP, as well as 75 percent of water utilities, Forbes reported.

Three Things to Know About Windows XP

So what? There are always going to be companies that lag behind the latest operating system, and getting every desktop upgraded may not be possible due to tight budgets or reliance on legacy applications for compliance or certification reasons. However, things are somewhat different in 2015 from when XP first came alive in the early 2000s.

1. You’re More Likely to Be Infected

First, according to Microsoft, XP machines are six times more likely to be infected with malware than newer versions of Windows. And with Windows 10 being offered as a free upgrade for the next year, it might make sense to examine those last bastions of XP-dom and see if you can eradicate them from your businesses for good.

At a conference that I attended last year, Microsoft’s Craig Mundie said, “Even running one XP machine represents a major threat.” This is because Windows XP can’t be hardened to avoid today’s threats; it has many weaknesses. Many of the security programs have moved on from trying to protect XP endpoints for this reason.

2. XP Runs in More Places Than You Might Think

Windows XP can be found in some surprising places, including many customized applications where OS updates aren’t yet available. At one hospital complex, a help desk employee told me that they have plenty of XP desktops around and can’t easily upgrade them anytime soon. There also are numerous point-of-sale (POS) terminals, ticket kiosks, video conference rooms, traffic cameras and supermarket self-checkout lanes (these have enough problems as is) that may run on the operating system.

Take a look at the collection chronicled in the Public Computer Errors board. I am sure you can think of other places XP might be lurking. Getting rid of these threats in your enterprise will take time and a lot of effort, especially if the vendors that originally manufactured the machines are no longer in business.

3. The IoT Contributes to the Problem

Corporations are more heavily networked than they were even a few years ago, and this means that infections can be transmitted quickly throughout your infrastructure. Even if more modern operating systems aren’t compromised by a piece of XP-based malware, data stored on the network can be examined and copied. This adds to the argument for better behavioral analysis and advanced threat detection tools, too.

The early buzz is that the new Windows 10 is better and more solid than previous versions. It might be time for a major desktop refresh to get Windows XP out of your hair once and for all.

More from Endpoint

Unified endpoint management for purpose-based devices

4 min read - As purpose-built devices become increasingly common, the challenges associated with their unique management and security needs are becoming clear. What are purpose-built devices? Most fall under the category of rugged IoT devices typically used outside of an office environment and which often run on a different operating system than typical office devices. Examples include ruggedized tablets and smartphones, handheld scanners and kiosks. Many different industries are utilizing purpose-built devices, including travel and transportation, retail, warehouse and distribution, manufacturing (including automotive)…

Virtual credit card fraud: An old scam reinvented

3 min read - In today's rapidly evolving financial landscape, as banks continue to broaden their range of services and embrace innovative technologies, they find themselves at the forefront of a dual-edged sword. While these advancements promise greater convenience and accessibility for customers, they also inadvertently expose the financial industry to an ever-shifting spectrum of emerging fraud trends. This delicate balance between new offerings and security controls is a key part of the modern banking challenges. In this blog, we explore such an example.…

Endpoint security in the cloud: What you need to know

9 min read - Cloud security is a buzzword in the world of technology these days — but not without good reason. Endpoint security is now one of the major concerns for businesses across the world. With ever-increasing incidents of data thefts and security breaches, it has become essential for companies to use efficient endpoint security for all their endpoints to prevent any loss of data. Security breaches can lead to billions of dollars worth of loss, not to mention the negative press in…

Does your security program suffer from piecemeal detection and response?

4 min read - Piecemeal Detection and Response (PDR) can manifest in various ways. The most common symptoms of PDR include: Multiple security information and event management (SIEM) tools (e.g., one on-premise and one in the cloud) Spending too much time or energy on integrating detection systems An underperforming security orchestration, automation and response (SOAR) system Only capable of taking automated responses on the endpoint Anomaly detection in silos (e.g., network separate from identity) If any of these symptoms resonate with your organization, it's…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today