Microsoft SIR Report Highlights Risks of Unsupported Software Ahead of XP Withdrawal

The results of the fifteenth Microsoft Security Intelligence Report have been released today, and according to Rains “the data clearly shows clearly that XP is not keeping pace with the cybercriminals”.

The SIR report data was compiled between January and June 2013 from more than a billion systems worldwide. “The report highlights the risks of running unsupported software”, he told Infosecurity. “In April, Windows XP will have completed 12 years of service. The DEP (data execution prevention) that was built into the OS was cutting edge at the time, but is now frequently – and routinely – bypassed.”

After Microsoft stop shipping security updates, Rains warns that attackers will look at the patches Microsoft apply to the new operating systems and look for the same – unpatched – vulnerabilities in XP. “Then you’ll see zero-day threats that last forever, and it’s a very real threat. Between July 2012 and July 2013, we saw the same vulnerabilities applied to XP and Windows 7 30 times.”

When XP SP2 went out of support, the malware infection rate was 66% higher than a supported version. Running anti-virus on XP after April 8 2014 “will not be adequate”, Rains insisted. “It’s like building a house on a bed of quick sand. The foundation is not solid, and it will be very unstable from a security point of view.”

It is the first time that ‘encounter data’ (malware which has been encountered but not necessarily successful) has been collected and used as a metric, and Rains describes it as “very interesting. An average 17% of systems encounter malware but only 0.6% actually get infected”, he said.

Of the XP threats that were encountered, the top three were: Sality “a file infector, basically a virus…this is the one virus people should be aware of”; Ramnit (“family of malware”); and Vobfus (“Family of worms, spread most commonly through USBs”). Basic hygiene, including looking after passwords and not plugging in unknown USBs, is not getting the exposure it needs, said Rains.

In the UK and EU, drive-by downloads are a bigger concern, with BlacoleRef and IframeRef both making it in the top three threats in the UK. Sirefef, a rogue security software family, was the third. “Attackers are taking advantage of unpatched system vulnerabilities”, Rains declared. “It’s important to keep all your software up to date – not just Microsoft. It’s harder to keep Java updated, which is why hackers are attacking it.”

Microsoft is transparent in its objective and call to action: Upgrade from XP. “If we didn’t have such clear data about the risk of running older software, we probably wouldn’t be talking about this, but the data is clear.” In Romania, where 40% of the OS marketplace uses XP, it also has the highest infection rate in the whole of the EU.

“XP was built last century and over time, attackers learn how to defeat security mitigations. It has had a great run and if we thought we could make it a secure op system in the future, we would.”

While enterprise customers know that the date for end of support is approaching, consumers, according to Rains, are less aware.

In other interesting findings, Finland consistently has the lowest infection rate in the EU, and next to Japan, in the whole world.

Lithuania, Greece and Cyprus all have the highest malware infection rated in the EU. “Social economic factors really come into play here. If a government is unstable, malware increases as public and private partnerships break down.” Korea has witnessed a huge reduction in their infection rates, dropping from 93% to 25%. The initial high percentage was a result of two large threats.

Finally, Rains notes the movement away from worms and towards drive-by download attacks. “Drive-bys require good internet connectivity though, so places like Syria, Egypt and Iraq are less at risk.”


What’s hot on Infosecurity Magazine?