Windows XP users already facing malware invasion – before Microsoft “pulls plug”

Windows XP users already face far higher risks from malware  – with XP users facing infection rates six times higher than Windows 8 users, according to a report released by the company. Microsoft will withdraw support for the ageing platform in April next year – despite the fact that one in five PCs on Earth still use it.

Per 1,000 PCs scanned, 9.1 XP machines had been infected – as compared to 1.6 for Windows 8, according to a report by V3.

“Microsoft Windows XP was released almost 12 years ago, which is an eternity in technology terms. While we are proud of Windows XP’s success in serving the needs of so many people for more than a decade, inevitably there is a tipping point where dated software and hardware can no longer defend against modern day threats and increasingly sophisticated cybercriminals,” Microsoft wrote in a statement this week.

Around 21% of PCs worldwide still run Windows XP, according to a report by Neowin, speaking to Holly Stewart, Senior Program Manager of the Microsoft Malware Protection Center. In the U.S., 13% of PCs still use Windows XP.

“On April 8 2014, support will end for Windows XP. This means Windows XP users will no longer receive security updates, non-security hotfixes or free/paid assisted support options and online technical content updates. After end of support, attackers will have an advantage over defenders who continue to run Windows XP,” Microsoft said.

Google and Mozilla have both said they will continue to support their browsers after that point. The OS, however, will be vulnerable. After April, only companies paying for custom support will be protected – and up to a third of organizations are expected to still use Windows XP machines, according to earlier research by British firm Camwood.

Some security experts predict a “wave” of attacks at that point, with cybercriminals having banked exploits in anticipation of that moment.

“The average price on the black market for a Windows XP exploit is $50,000 to $150,000 – a relatively low price that reflects Microsoft’s response,” said Jason Fossen of security training company SANS earlier this year.

“When someone discovers a very reliable, remotely executable XP vulnerability, and publishes it today, Microsoft will patch it in a few weeks. But if they sit on a vulnerability, the price for it could very well double.”

Many firms have been slow to migrate from the ageing platform – despite the fact that Microsoft recommended leaving at least 18 months to migrate.

Author , We Live Security

  • Jim Thompson

    So will that mean my computer is still vulnerable even though ESET is at fully updated with latest Virus signatures?

    • Your computer would still be vulnerable if you were running Windows 8.1: using security software doesn’t give you guaranteed protection against all malware, let alone all system vulnerabilities. What it means is that XP vulnerabilities after that date are not likely to be patched by Microsoft. While anti-malware programs do sometimes protect generically against known vulnerabilities, their main focus is on malicious code: you shouldn’t assume that they provide protection against other kinds of attack. They’re not really a substitute for OS updates and patches.

      • Hello,

        In addition to my esteemed colleague David Harley’s response, I would like to point out that ESET has no plans to abandon support for Microsoft Windows XP.

        We only stopped supporting Windows 95 one-and-a-half years ago, which Microsoft stopped supporting that in 2001, and we notified users two-and-a-half years before then that we were dropping support so they would have time to upgrade and test their systems.

        ESET still supports Microsoft Windows 2000 (the operating system that preceded Windows XP), as well as Windows NT 4.0 (the operating system that preceded that) and has not announced any plans to stop supporting any of them, so Windows XP is going to be supported by ESET for the foreseeable future.


        Aryeh Goretsky

Follow us

Copyright © 2017 ESET, All Rights Reserved.