Select Page

Cyren Security Blog

The Cyren Security Blog is where Cyren engineers and thought leaders provide insights, research and analysis on a range of current cybersecurity topics.

Windows XP: The Final Goodbye

More than one month after Microsoft stopped supporting Windows XP, it is amazing to note that it is still the second most widely used operating system following Windows 7. Based on the data from StatCounter Global Stats it still accounts for approximately 16% market share amongst other desktop (i.e. PC and laptop) operating systems as illustrated in Figure 1.

Figure1. Current OS Market Share Percentage

Figure 1. Current OS market share percentage

Even with the collective efforts of Microsoft and several security vendors educating users on the potential threats of continued usage of the operating system, there are still a significant number of home users, small and medium businesses and corporate businesses that continue to use Windows XP for several reasons – although the graph below does show a decreasing percentage since the start of the year.

Figure 2. OS Market Share Percentage for the months indicated

Figure 2. OS Market share percentage for the months indicated

Reasons for Staying with Windows XP

I have read several postings on the internet about the reasons why there are still users who stick with Windows XP. However, in the end, it comes down to value, time and education. I have summarized some of the reasons:

Financial institution and other Fortune 500 companies are still using Windows XP Embedded versions. There are still quite a high number of ATM machines, devices like scanners and other commercial hardware products that are still using Windows XP Embedded. These companies have paid millions of dollars for extended Windows XP support. It might be difficult for them to upgrade to newer operating system at once because it might cause disruption in the day to day business of the financial sector. However, news has already spread that a group of hackers have already plotted an attack on ATM machines using mobile technology to control an ATM remotely. With this new method of attack, hackers can simply send SMS messages to a compromised ATM machine, take control of the ATM and do whatever the attacker wants – of course withdraw cash from the machine.

Several government-run facilities use Windows XP heavily. Funding in schools and libraries has been limited, and computer software upgrades are low priority. There were applicable laws that enabled schools and libraries to purchase computers at a cheaper price, but schools haven’t updated their hardware or the accompanying operating system since. Many can’t support an OS newer than Windows XP and if they need to, it will likely require an upgrade of hardware as well, which significantly increases the costs. Since students are very familiar with Windows XP it is likely possible that they are using the same in their homes as well. This issue is also common in healthcare institutions.

Driver issues in old computer hardware and peripherals. Small offices and home users still keep their old hardware such as printers, scanners, copiers, internal storage devices and other hardware as long as these are still working and doing the job properly. Updating their operating system may pose issues as device drivers for old hardware are no longer updated past Windows XP (since new similar hardware has already emerged and is designed to work with the new operating system). So changing the OS comes with hardware upgrades beyond the PC itself.

It is still working and it’s the only environment where old programs work. A majority of home users and small office workers have this kind of thinking – as long as things still function and can get their job done. Also, there may be programs and software such as games which they would love to use or play that were purchased prior to Windows XP and don’t run on operating systems past Windows XP.

There’s just not enough time to migrate to newer operating system. This might be another reason why financial institutions are still stuck with Windows XP embedded systems. Their applications would take considerable time to port to newer operating systems.

Survival Kit for Continued Usage of Windows XP

If users still insist on sticking with WinXP because of one or many of the above reasons, then below are some survival tips from a security point of view to help users stay safe. Note that these tips will not ensure users are safe forever.

  1. Refrain from using Internet Explorer. Being one of the most exploited applications in Windows XP, it is no longer safe to use this browser. Further illustrating this, a patch was actually issued after the April 8 date. The current version of Internet Explorer now is 11 and this shows how really obsolete versions 7 and 8 from Windows XP are. These old versions leave your system vulnerable to zero-day vulnerability attacks. Never set your default browser to use Internet Explorer. Alternative browsers such as Mozilla FireFox and Google Chrome can still help users browse the internet safely since both companies have announced continued support for their browsers in Windows XP. However, over time these companies will also cease to support their browser. Google have already announced support of Chrome on XP for only another year. FireFox have still not indicated when they might stop their support.
  2. Update everything including third-party software. Keep all Microsoft applications and services up to date to and ensure users have the latest patches into their systems. This should not be limited to the operating system alone but also other third party software – especially applications that use an internet connectivity frequently. Users can let go of MS Office 2003 since Microsoft have already abandoned their support for it and switch to open-source suites such OpenOffice. Uninstall software that you no longer need. The less software users have in their systems the fewer paths hackers can take to infiltrate.
  3. Always use limited user account. Though malwares can still modify user privileges, using a limited user account may help facilitate easier mitigation of damage whenever the system is attacked. This will restrict the user from making changes in the system but it should be fine for normal daily usage. Switching to an administrator account is not difficult if the user wishes to install or make changes to the system.
  4. Turn on Windows XP Firewall and install Antivirus products into the system. Sometimes users forget to turn on their Windows XP firewall after playing some online games or other network activities that requires the firewall to be off. But it’s always a good practice to have this always turned ON. And to further increase the security of the system always have an antivirus product securing and monitoring your system with updated database or definition files. The Microsoft provided Security Essentials will still be supported by Microsoft for another year and security vendors may also follow for another year.
  5. Security awareness. It is said that the human is still the weakest link in a security chain but with unparalleled security know-how, no matter how old the system, hackers may find it difficult to attack the system. Be vigilant and always remember security practices for safer browsing and computing. Do not click on email attachments and never accept online offers especially from pop-up ads. Stay away from websites that are known as sources of malwares, spyware, adware and other threats. Always review security certificate expirations. Remember to call your bank or any financial institution to verify any request for your information and financial data. And if you are unsure you can always unplug your system from the internet.

The above tips may help users survive attacks for the first few months or so but over time they still need to move to a new level of security, that is, to migrate to newer operating system with better security. Always remember the following potential risk of staying with Windows XP:

  1. Without critical updates or patches for Windows XP your system will never be safe because the system is more vulnerable to harmful attacks from viruses, spyware and other malicious programs. Antivirus vendors will, over time, also abandon their support for Windows XP.
  2. Third party software vendors will also stop updating their XP products. With their products being attacked due to Windows XP vulnerabilities and without any patch in sight they may just abandon ship instead of adding protection to their products.
  3. Hardware manufacturers may also stop supporting Windows XP on new hardware, forcing users to upgrade or switch to newer operating system or even a new computer system entirely.

It maybe indeed be a challenge for so many to change their operating system and let go of Windows XP for a lot of reasons. The challenges basically equates to hassles, time and costs not to mention the additional adjustments on the part of the users. However, since security is compromised with the continued use of Windows XP, it is evident that the peace of mind of the users far outweighs the challenges of upgrading.

You might also like

Phishing with QR codes

Don’t Scan or be Scammed By Maharlito Aquino, Kervin Alintanahin and Dexter To In 1994, a type of the matrix barcode known as the Quick Response code, now widely known as QR code, was invented by Masahiro Hara from a Japanese company Denso Wave. The purpose of the...