Insecure Windows XP Still Third Most Popular OS

Windows-XPWindows XP was released on August 24, 2001.  It was officially retired by Microsoft two years ago on April 8, 2014.  This makes WinXP almost 15 years old, which in operating system years is about 500 years old.  Sophos reported:

“Windows XP was still running on 10.9% of all desktops as of March 2016, according to stats compiled by Net Applications.

To put that in perspective, according to Net Applications’ figures, Windows XP is still the third-most popular desktop OS, trailing only Windows 7 (51.9%) and Windows 10 (14.2%).

And there are more PCs running XP than Windows 8.1 (9.6%), and all versions of Mac OS X combined (7.8%).”

And this is a huge problem, because security vulnerabilities that have been discovered and exploited for Windows XP after Microsoft ended support means that these operating systems will remain vulnerable forever.

I get it.  I have met and worked with many of the hold-outs, who tend to be older users who are uncomfortable with the user interface changes that have happened.  Many users avoided the upgrade to Windows Vista based on all the bad press about this OS, and then skipped the excellent Windows 7 product because “it was too different.”  Moving from XP to 8 was a disaster for users who traded up when WinXP was retired, with some returning to the old but familiar OS.  Windows 10 was not an improvement for this group of users.

To put this in perspective from a security point of view, this is no different than locking your doors with an old style thumb-button knob lock that can be defeated with a credit card inserted into the door jam.  Just not going to keep the bad guys out.

And it gets worse.  Most of the free and paid for versions of anti-malware security products will not install into Windows XP either, which leaves these users running an unsupported operating system with security that can no longer be updated for new malware signatures.  Pick the worst neighborhood you can think of, and go for a walk their after midnight.  This is what your online life is like every day.

In my professional life, when we perform vulnerability assessments for corporate clients, we often uncover a Windows XP system that is happily chugging along supporting some sort of home-grown application that was developed by someone on staff who left the company years ago.  No one can figure out how to update it (no documentation, another problem), but the application is still in production, and only works on XP.  If this is true for your business, you just need to bite the bullet and move up to something new.  These systems are targeted by cyber-attackers as an entry point and pivot point to extend their attack into your network, to servers and data stores where the good bits are.

This is the year to finally retire these relics of a bygone era.

More Information:

0

About the Author:

Cybersecurity guru to business owners in the St Paul, Minneapolis, and western Wisconsin area. Computer security and hacking have been a passion of mine since I entered the computer and networking business in 2000. In 2013 I completed a course of study and certification exam to become a Certified Ethical Hacker (CEH). In 2016 I was certified as a Certified Information Systems Security Professional (CISSP). As Senior Cybersecurity Engineer at Computer Integration Technologies, I help our clients experience high levels of computer security, network security, and web site security. In addition to consulting on security products and services, we also conduct security audits, vulnerability assessments and full penetration tests. We also provide Cybersecurity Awareness Training for clients and their employees. We also work with companies and organizations that need to certify compliance with regulations such as PCI-DSS (credit card processing), HIPAA/HITECH (medical records), and GLBA. The views expressed on this Web site are mine alone and do not necessarily represent the views of my employer.

Add a Comment