Windows XP: The Snowball Effect

We’ve all heard the warnings – Windows XP was going to be retired on April 8th 2014 after 12 long years of active service. After that, no more security patches, leaving anyone still running the operating system highly vulnerable to being hacked.

That was over two weeks ago. Have we heard anything about widespread hacking attacks, or acres of malicious code infecting Windows XP machines?

Nope, zilch. Nothing at all.

So, was it all a ruse? Were Microsoft just using scaremongering tactics to persuade us all to upgrade to newer operating systems such as Windows 7 or Windows 8?

Or perhaps after 12 years of consistent patching, all the vulnerabilities that were going to be found in Windows XP have been found, and therefore it’s as safe as houses to continue using?

Unfortunately not. Just like a hunter doesn’t catch its prey by pouncing on it at the very first sighting, it waits for the right time in order to achieve the maximum impact.

Many people may be breathing a sigh of relief right now – a bit like the furore after the Milennium bug (“See? My computer didn’t explode!”). It’s passed April 8th and nothing’s happened.  The thing is, with XP, the threat is only going to grow larger and larger.

First let’s address the vulnerability issue. James Lyne, Global Head of Security Research of our security partners Sophos, said this about future vulnerabilities within Windows XP:

“I’m not a believer that you’re not going to see anything else…There’s been a healthy supply of [vulnerabilities] for many years now. It would be a turn up for the books if all of a sudden that ceased to be a problem and the operating system magically became secure.” (source: Zdnet: Windows XP: What to expect when Microsoft shuts down support)

As well as this, cyber criminals have upped their game these days. Rather than a random approach of taking what they get, hacking has become extremely strategic and ultimately more sophisticated.

What’s feared in this situation is something called reverse engineering. In a Windows XP context, here’s how this is likely to go down:

1. Microsoft are continuing to create patches for supported Windows operating systems such as Windows 7 and Windows 8. They even have ‘Patch Tuesdays’ – the second Tuesday of each month – in order to release these security updates.
2. On Patch Tuesday for May, hackers are likely to perform a ‘code comparison’, basically testing to see if the same vulnerability that is being patched for Windows 7 and Windows 8, also exists in Windows XP. This situation is fairly likely, given that Microsoft like to bring across a lot of legacy coding to their modern operating systems.
3. The patch for Windows 7 or 8 will obviously fix this vulnerability for those operating systems – that’s what it’s intended for. However, if the same vulnerability is found within Windows XP too, there are now no further security updates or support for it. So this vulnerability will not only be identified by cyber criminals, there will be no attempt to address it…leaving the field wide open.

So although we may not have seen any reported attacks against people still using Windows XP (which isn’t a small number – estimates put the number of machines still using the retired operating system as 1/3 of all current users), the feeling is that cyber criminals are simply biding their time, making sure they will be exploiting the biggest vulnerabilities within the legacy system. And that’s something they can just keep doing as more patches become available.

On the 8th April, Windows XP was fully patched and addressed all the vulnerabilities that Microsoft knew about. Come the first patch Tuesday, there may well be some more vulnerabilities found, but there’s nothing you can do to protect yourself against them, and everything that hackers can do to exploit them.

It’s the snowball effect – with every patch update for the newer operating systems, the greater the chance of them being reverse engineered for Windows XP, leaving those machines incredibly vulnerable to hackers.

The rise of the risk is significant – and it’s something that’s addressed in this Tech Republic article which says that although the Heartbleed bug has been captivating the headlines in recent weeks, it pales in comparison to the risks associated with running Windows XP.

Heartbleed was an isolated incident. Unfortunately, and as Tim Rains in Microsoft’s Trustworthy Computing group points out in this blog, Windows XP users can expect to be living a ‘Zero Day’ every day from now on. It’s an appropriate use of the zombie analogy, because of the fear around reverse engineered attacks against patches intended for newer Windows operating systems.

For anyone reading this blog who is still running Windows XP, the best advice is to consider upgrading in order to make sure you’re using an operating system that is supported.

However, if this simply isn’t possible, it’s all about auditing your IT environment and knowing exactly what is running on Windows XP.  Then, as James Lyne points out, consider what impact these machines are having on your organisation, and do your best to protect your business’ data:

“It’s all about building enclaves. You want to put these systems of higher risk into isolated network zones and use network security and firewall technology to do heightened inspection on those devices,” (source: Zdnet: Windows XP: What to expect when Microsoft shuts down support)

Do you also have any PCs at home running Windows XP? If they’re connected to the same network that you might access your work email from, something nasty could potentially transfer from one device to the next, even if the second device isn’t running on Windows XP. To put it bluntly, anyone using a Windows XP machine is also compromising those of us who use the internet. That would be pretty much all of us then…..

For more information about the risks surrounding Windows XP we’ve built a section on our website – or by all means get in touch to speak to one of our experts.