Homeless in Vancouver: Windows XP to become world’s top malware
After 13 years, Microsoft is about to finally turn off vital life support to the aging Windows XP operating system.
It’s hard to properly say goodbye to XP, not because of love but because so many people still use it whether they want to or not.
On April 8, 2014, Microsoft will discontinue automatic security updates for Windows XP.
Significantly, Microsoft says it will will also stop providing the XP-compatible Microsoft Security Essentials for download.
To say that this is going to create a huge security hole in the very fabric of human civilization may not be the overstatement it sounds like.
"Zero day vulnerability forever"
Windows 7 shares a significant amount of code with Windows XP. After April 8, every Windows 7 update could potentially reveal a security hole in XP. Tim Rains, director of Microsoft’s Trustworthy Computing group, has written explicitly of this risk in a recent blog post:
“The very first month that Microsoft releases security updates for supported versions of Windows, attackers will reverse engineer those updates, find the vulnerabilities and test Windows XP to see if it shares those vulnerabilities.”
If it does, Rains predicts, attackers will be quick to exploit those vulnerabilities in Windows XP. And with no more security updates, XP will essentially have a “zero day” vulnerability forever.
Between July 2012 and July 2013, Windows XP was an affected product in 45 Microsoft security bulletins, of which 30 also affected Windows 7 and Windows 8.
How your ATM could be SOL after April
So what sort of doofuses still rely on an obsolete 13-year-old operating system anyway?
The banking system, for one!
NCR, the world’s largest manufacturer of ATMs, recently told Bloomberg Businessweek that around 95 percent of the world’s automated banking machines run on the Windows XP operating system. That apparently includes some percentage of Canada’s 59,100 bank machines.
A TD spokesperson told Canadian Business that all of TD's 2,800 ATM machines run XP, and that complete conversion to Windows 7 is planned for the end of 2015. The writer could get no similar numbers out of any other Canadian bank.
Affected machines include the “mini bank” ATM machines that are common in convenience stores such as the Tranax Mini-Bank 2500, which is currently running Windows XP.
There are very recent reports from December of criminals in Europe using malware to rob ATMs running Windows XP.
And closer to home, I told the Windows XP logo can still be seen on desktop computers at Vancouver City Hall.
Windows XP may only be the second most popular operating system in the world—with an estimated half-billion users—but after April, it’s sure to be the most popular for malicious hacks.
With such a large user base and institutional penetration, XP itself potentially becomes a security hole in society—the very first operating system to be classed as malware.