End to Microsoft XP support could put millions of computers Source: Vito Pilieci,
A velo-taxi drives past a billboard advertising the Microsoft Windows XP operating system June 1, 2005 in Berlin, Germany. Microsoft is locked in a legal battle with the European Commission over how it sells its computer operating systems in Europe. Microsoft is waiting for a response today from the EC after submitting a proposal to resolve the dispute.
Photograph by: Sean Gallup , Getty Images
OTTAWA ― Computer and banking systems around the world are about to be hit with a new challenge to their security.
On April 8, Microsoft Corp. officially closes the door on Windows XP.
The 12-year-old program still accounts for 29.2 per cent of all operating systems worldwide, according to research firm Net Market Share.
It’s installed on more than 95 per cent of all automated banking machines and is used in the networks that link those machines together, according to security researcher Symantec.
The software is also deployed on as many as 1.9 million Point-of-Sale (POS) machines ― where you key your PINs at checkout lanes ― across North America, and four million around the world, according to retail industry researcher IHL Group.
Come April, no more security patches will be released to protect any Windows XP systems, rendering all computers running the software open to attack by malicious hackers.
“I don’t think people are aware how much of this (XP) is still around,” said Stefano Tiranardi, regional manager for Symantec. “We’re talking very critical devices for both enterprises as well as consumers.”
Tiranardi has been monitoring groups that are stockpiling viruses and other malicious software specifically so they can target computers running Windows XP after April 8.
“Cybercriminals are very well-tooled and financed; this is a lucrative business,” he said. ‘I know that they have been hoarding vulnerabilities.”
Microsoft has been supplying patches, or updates, to Windows XP to address various security vulnerabilities since it was released in 2001. A vast majority of attacks on computers and networks happen due to systems that should be patched, but are not.
One recent attack on Bell Canada’s network due to an outdated security patch on a server led to hackers getting access to the personal data of 22,400 of its small- and medium-sized business customers.
Shutting off the ability to patch Windows XP will create a precarious scenario for companies relying on the software to support critical systems.
“A lot of retailers have been totally ignoring the cyber threats out there. (XP) has been doing the job and it has been doing the job for years now. From a risk-management perspective, there hasn’t been a big catalyst (to force an upgrade) yet,” said Tiranardi. “Breaches are going to have huge impacts. They are going to be gambling with the security of their consumer data. Pricing, customer information, marketing plans. With one action, their business is at 100 per cent at risk.”
The last version of Windows XP was released in 2008, but it remained the most widely used operating system until August 2012, when Windows 7 finally topped it in market share. .
Christopher Budd, global threat communications manager with security firm Trend Micro Inc., said that patches released for other Windows products after April 8 will ultimately end up working against Windows XP users.
“The hackers are going to take every security patch that Microsoft releases and reverse-engineer it to find out what the vulnerabilities are,” said Budd. “I’ve been trying to bang the drums on this for a while now. We’ve never had an operating system as widely used at the end of its life as Windows XP. Come April 9, we are entering an unprecedented realm.”
Microsoft has tried to end support for Windows XP once before in 2013, but backed down after a mass pushback from consumers, retailers and the financial community.
This time, there will be no more extensions, according to Microsoft.
“This is something that companies should not take lightly. Everyone is literally running out of time,” said Henrik Guetle, director of the Windows and Surface Business Group at Microsoft Canada.
“Windows XP is a platform that was developed 12 years ago. It was developed for an era where the types of threats and usage were very different than it is today. At some point, you can’t cater to the modern world on a platform that is 12 years old.”
The issue is especially important given the recent surge in hacking activity in recent months. On top of the Bell Canada attacks, personal information and credit card numbers from more than 100 million consumers were stolen in an attack on the POS terminals used at Target and Neiman Marcus stores in the United States.
The Canadian Bankers Association said its members are aware of the issue and have taken “steps to make the necessary changes” to banking machines. The association said in an emailed statement that “we do not expect there to be any impact on customers’ ability to access banking services.”
| }
|