Story image

Windows XP – where have all the bad guys gone?

01 May 14

April 8, 2014 has come and gone and you may be wondering what all the fuss was about.

After all, the bad guys haven’t come out of hiding, wreaking havoc on those who still have instances of Windows XP running on their networks.

Actually, it’s been quite quiet. Stories of exploits of unpatched and previously unpublished security holes that infiltrated Windows XP haven’t made headlines.

Surely, the bad guys haven’t just disappeared or given up on XP?

And a ruse it certainly was not (we ALL know that XP was a patchy piece of work).

However now we can see the start of things to come, with a zero-day exploit for Internet Explorer identified over the weekend.

And, yes, XP machines with Internet Explorer are vulnerable and there will be no patch for them. Read more.

The real opportunity for hackers will be the May updates. When these come out, anything affecting Vista/7/8/2008/2012/Server 2003 will likely be tested on XP by malicious people. If it is, it will be open and vulnerable for the bad guys to reverse engineer.

It’s not only the operating system you have to think about, but older applications that only run on XP. These may also be out of support now and could be vulnerable also – if not today, in months to come.

It’s our job to plan for the worst case scenario. Hearing nothing doesn’t mean it’s not happening. For those of you with kids, sometimes the quietest times are when you worry most!

It’s not in the hackers’ interests for us to know they are already there. They would far rather remain in stealth mode for as long as possible, stealing what they can, while we don’t know about it.

Your weakest link?

Product lifetimes are usually around two years, yet Windows XP has been around since 2001. During its lifetime there has been a fundamental shift in the malware industry – and XP was not well equipped to deal with the new types of malware which the new security industry had to face.

The aging operating system was not written with a strong security focus and it became a weak link in the security chain with many exploits targeting it specifically.

Now that Microsoft has stopped supporting patching of Windows XP, the operating system becomes much more vulnerable. Any exploits found in XP will never be fixed leaving it a sitting duck.

So what can you do?

Suggesting an upgrade to a newer operating system is a given – but of course if you haven’t done that yet, it’s probably for good reason.

Typically, the strongest reason being that some legacy systems are too costly to upgrade or are simply not supported. So if you are still stuck using XP how can you minimise the risks for your business?

Step 1 – Make an inventory of all your IT assets

First and foremost you should know exactly how many Windows XP machines are still out there so you know which areas of your network are the weak spots.

Step 2 – Plan an upgrade path

Where possible, despite the reasons for not upgrading, you should still have a firm plan for upgrading from Windows XP to a later operating system, at a time that works best for you and the business.

Step 3 – Disconnect the XPs from the Internet / email

Definitely the strongest security risk is presented by users browsing the internet or opening emails on vulnerable XP machines. If you still need to use XP, make sure that these machines are not able to connect / browse the Internet.

You should create a separate “dirty” subnet on your network which does not have Internet connectivity. Moreover, this subnet should have little to no access to your corporate network so that if any malware gets to this network it cannot make the hop to your main network.

Step 4 – Install multiple protection mechanisms

If despite everything, your XP machines still need to be connected to the Internet – it is highly recommended that multiple protection mechanisms are put into place. Definitely a good antivirus should be your first consideration.

Patch management to ensure that the operating system and no other software is vulnerable on a machine should also be installed. A good web filtering software or agent should be installed such that users are protected from visiting any malicious websites.

Users will most likely be accessing email, so these should be sanitised before they reach the employee’s inbox. When all the above have been checked, then employees should be allowed online and browsing kept to a minimum.

Step 5 – Always remember to educate

Education is a must. You will find that employees do not want their machine infected by malware. In many cases they are simply unaware of the risks as a result of the many essential tools in use today.

Explain the risks they run while browsing the web or opening emails. A malware infection is a headache for the IT admin, but it’s definitely not fun for the employee either.

Lightening the load

If you don’t have the right tools in place, basic asset tracking software is a good place to start. It’s a faster way to create an accurate inventory of network and to identify those vulnerable XP machines, even those that are rarely in the office.

With the inventory in hand, you can plan the upgrade to a newer system as well as deploy antivirus, patch management and web protection to mitigate the risks these computers pose to your network.

By David Attard, GFI WebMonitor Product Manager, GFI Software

Opinion: Critical data centre operations is just like F1
Schneider's David Gentry believes critical data centre operations share many parallels to a formula 1 race car team.
MulteFire announces industrial IoT network specification
The specification aims to deliver robust wireless network capabilities for Industrial IoT and enterprises.
Google Cloud, Palo Alto Networks extend partnership
Google Cloud and Palo Alto Networks have extended their partnership to include more security features and customer support for all major public clouds.
DigiCert conquers Google's distrust of Symantec certs
“This could have been an extremely disruptive event to online commerce," comments DigiCert CEO John Merrill. 
Schneider Electric's bets for the 2019 data centre industry
From IT and telco merging to the renaissance of liquid cooling, here are the company's top predictions for the year ahead.
China to usurp Europe in becoming AI research world leader
A new study has found China is outpacing Europe and the US in terms of AI research output and growth.
Google says ‘circular economy’ needed for data centres
Google's Sustainability Officer believes major changes are critical in data centres to emulate the cyclical life of nature.
52mil users affected by Google+’s second data breach
Google+ APIs will be shut down within the next 90 days, and the consumer platform will be disabled in April 2019 instead of August 2019 as originally planned.