Story image

Windows XP – where have all the bad guys gone?

01 May 2014

April 8, 2014 has come and gone and you may be wondering what all the fuss was about.

After all, the bad guys haven’t come out of hiding, wreaking havoc on those who still have instances of Windows XP running on their networks.

Actually, it’s been quite quiet. Stories of exploits of unpatched and previously unpublished security holes that infiltrated Windows XP haven’t made headlines.

Surely, the bad guys haven’t just disappeared or given up on XP?

And a ruse it certainly was not (we ALL know that XP was a patchy piece of work).

However now we can see the start of things to come, with a zero-day exploit for Internet Explorer identified over the weekend.

And, yes, XP machines with Internet Explorer are vulnerable and there will be no patch for them. Read more.

The real opportunity for hackers will be the May updates. When these come out, anything affecting Vista/7/8/2008/2012/Server 2003 will likely be tested on XP by malicious people. If it is, it will be open and vulnerable for the bad guys to reverse engineer.

It’s not only the operating system you have to think about, but older applications that only run on XP. These may also be out of support now and could be vulnerable also – if not today, in months to come.

It’s our job to plan for the worst case scenario. Hearing nothing doesn’t mean it’s not happening. For those of you with kids, sometimes the quietest times are when you worry most!

It’s not in the hackers’ interests for us to know they are already there. They would far rather remain in stealth mode for as long as possible, stealing what they can, while we don’t know about it.

Your weakest link?

Product lifetimes are usually around two years, yet Windows XP has been around since 2001. During its lifetime there has been a fundamental shift in the malware industry – and XP was not well equipped to deal with the new types of malware which the new security industry had to face.

The aging operating system was not written with a strong security focus and it became a weak link in the security chain with many exploits targeting it specifically.

Now that Microsoft has stopped supporting patching of Windows XP, the operating system becomes much more vulnerable. Any exploits found in XP will never be fixed leaving it a sitting duck.

So what can you do?

Suggesting an upgrade to a newer operating system is a given – but of course if you haven’t done that yet, it’s probably for good reason.

Typically, the strongest reason being that some legacy systems are too costly to upgrade or are simply not supported. So if you are still stuck using XP how can you minimise the risks for your business?

Step 1 – Make an inventory of all your IT assets

First and foremost you should know exactly how many Windows XP machines are still out there so you know which areas of your network are the weak spots.

Step 2 – Plan an upgrade path

Where possible, despite the reasons for not upgrading, you should still have a firm plan for upgrading from Windows XP to a later operating system, at a time that works best for you and the business.

Step 3 – Disconnect the XPs from the Internet / email

Definitely the strongest security risk is presented by users browsing the internet or opening emails on vulnerable XP machines. If you still need to use XP, make sure that these machines are not able to connect / browse the Internet.

You should create a separate “dirty” subnet on your network which does not have Internet connectivity. Moreover, this subnet should have little to no access to your corporate network so that if any malware gets to this network it cannot make the hop to your main network.

Step 4 – Install multiple protection mechanisms

If despite everything, your XP machines still need to be connected to the Internet – it is highly recommended that multiple protection mechanisms are put into place. Definitely a good antivirus should be your first consideration.

Patch management to ensure that the operating system and no other software is vulnerable on a machine should also be installed. A good web filtering software or agent should be installed such that users are protected from visiting any malicious websites.

Users will most likely be accessing email, so these should be sanitised before they reach the employee’s inbox. When all the above have been checked, then employees should be allowed online and browsing kept to a minimum.

Step 5 – Always remember to educate

Education is a must. You will find that employees do not want their machine infected by malware. In many cases they are simply unaware of the risks as a result of the many essential tools in use today.

Explain the risks they run while browsing the web or opening emails. A malware infection is a headache for the IT admin, but it’s definitely not fun for the employee either.

Lightening the load

If you don’t have the right tools in place, basic asset tracking software is a good place to start. It’s a faster way to create an accurate inventory of network and to identify those vulnerable XP machines, even those that are rarely in the office.

With the inventory in hand, you can plan the upgrade to a newer system as well as deploy antivirus, patch management and web protection to mitigate the risks these computers pose to your network.

By David Attard, GFI WebMonitor Product Manager, GFI Software

Protecting data centres from fire – your options
Chubb's Pierre Thorne discusses the countless potential implications of a data centre outage, and how to avoid them.
Opinion: How SD-WAN changes the game for 5G networks
5G/SD-WAN mobile edge computing and network slicing will enable and drive innovative NFV services, according to Kelly Ahuja, CEO, Versa Networks
TYAN unveils new inference-optimised GPU platforms with NVIDIA T4 accelerators
“TYAN servers with NVIDIA T4 GPUs are designed to excel at all accelerated workloads, including machine learning, deep learning, and virtual desktops.”
AMD delivers data center grunt for Google's new game streaming platform
'By combining our gaming DNA and data center technology leadership with a long-standing commitment to open platforms, AMD provides unique technologies and expertise to enable world-class cloud gaming experiences."
Inspur announces AI edge computing server with NVIDIA GPUs
“The dynamic nature and rapid expansion of AI workloads require an adaptive and optimised set of hardware, software and services for developers to utilise as they build their own solutions."
Norwegian aluminium manufacturer hit hard by LockerGoga ransomware attack
“IT systems in most business areas are impacted and Hydro is switching to manual operations as far as possible.”
HPE launches 'right mix' hybrid cloud assessment tool
HPE has launched an ‘industry-first assessment software’ to help businesses work out the right mix of hybrid cloud for their needs.
ADLINK and Charles announce multi-access pole-mounted edge AI solution
The new solution is a compact low profile pole or wall mountable unit based on an integration of ADLINK’s latest AI Edge Server MECS-7210 and Charles’ SC102 Micro Edge Enclosure.