Unsupported software risky, says Microsoft TwC

Running unsupported software is risky, warns Microsoft’s Trustworthy Computing (TwC) group

Running unsupported software is risky, according to Microsoft’s Trustworthy Computing (TwC) group, which is not attached to any product group and focuses on security, privacy and reliable computing.

The risks are highlighted in the latest volume of the Microsoft Security Intelligence Report (SIR), released at the RSA Europe 2013 conference in Amsterdam.

The warning comes ahead of the end of support for the software firm's Windows XP operating system on 8 April 2014. After that date, Microsoft will not issue any more security updates for Windows XP.

This means Windows XP is likely to be targeted by malware that exploits new or existing vulnerabilities that were not patched before end of support.

Microsoft warns that attackers may use security updates issued for later versions of the operating system such as Windows Vista, Windows 7 and Windows 8 to identify weaknesses in XP to exploit.

“Between July 2012 and July 2013, there were 30 vulnerabilities discovered in the later operating systems that were common to XP, so the risk is high,” said Tim Rains, director of TwC, Microsoft.

“Running antivirus on an out-of-support system will not provide adequate protection against the latest threats, he told Computer Weekly.

Newer operating systems are more secure

Rains said that year after year Microsoft's SIR has shown that up-to-date systems and regular maintenance is essential to provide adequate protection against new and evolving threats.

“After support ended for Windows XP Service Pack 2, the SIR data showed that the infection rate was 66% higher that the supported version of XP SP3, which shows the risk is real,” he said.

Running antivirus on an out-of-support system will not provide adequate protection against the latest threats

Tim Rains, Microsoft Trustworthy Computing

According to Statcounter, Windows XP makes up about 21% of the operating systems in use around the world, and 13% in the UK.

“These users are more susceptible to criminal activity than users of modern operating systems that include security tools to mitigate and deflect the latest forms of attack,” said Rains.

Even with support, he said, Windows XP is more vulnerable than later versions of the operating system, which alone is a good reason to update.

Microsoft believes that this is true of all software suppliers that have introduced secure development lifecycles. Newer versions of software are inherently and automatically more secure.

Windows XP is 12 years old and security technologies such as data execution prevention (DEP) that were cutting edge at the time are now being bypassed regularly by attackers.

The newly released SIR version 15 shows how from 2006 to 2012 the number of exploits that bypass DEP has increased steadily, overtaking the number of exploits mitigated by DEP in 2011.

“Windows XP is no longer keeping pace because it does not have the security protection based on hardware and compiler evolution in the past 10 years,” said Rains.

Malware encounter metric

Version 15 of the SIR introduces a new metric of “encounter rate”, which is a measure of the proportion of the more than one billion systems worldwide that contribute data to the report that are reporting instances of malware.

“A malware encounter is like a doorbell ring, which is different to an infection which would be the equivalent of a system opening the door and letting the malware in to execute,” said Rains.

According to the SIR version 15, Windows XP users are six times more likely to be infected than Windows 8 users, twice as likely as Windows 7 users, and 1.5 times as likely as Windows Vista users.

More on Microsoft Windows XP end of support

The SIR version 15 also shows that Internet Explorer 8 on Windows XP lacks 17 threat mitigation technologies that are a standard part of Explorer 10 on Windows 8 internet.

“Since Windows XP SP2, Microsoft has intensified its research and development in mitigation technologies to introduce multiple layers of protection,” said Rains.

“The aim of the multi-layer approach is to decrease the return on investment for attackers by making it harder to exploit vulnerabilities in the operating system,” he said.

Top threats to Windows XP users

According to the SIR version 15, the top threats facing XP users worldwide are the Sality virus, Ramnit, and Vobfus.

The top threats in Europe facing users of all Microsoft systems are Win32 obfuscator programs, HTML iframe tags that point to malicious sites, and Win32 Wintrim Trojans that display popup ads.

The top threats to users of all systems in the UK are HTML iframe tags, Win32 Sirefef fake antivirus, and JS/BlacoleRef script inserted into compromised websites.

Underlining the point about the risks of unsupported operating systems, Rains said these top threats typically take advantage of unpatched systems.

Read more on Web application security