In less than a month, most of the world's ATMs and a large portion of its computer-based industrial control systems will become a lot more vulnerable to hackers and viruses.
On April 8, Microsoft will stop issuing updates and patches for bugs in its Windows XP operating system, which was released in 2001 but remains widely used, as companies put off the costly and complex task of system upgrades.
That delaying will make it easier for hackers to break into the main systems still running XP, security experts say, in part because Microsoft will continue issuing updates for the three newer versions of Windows. Those updates can be reverse engineered to find weaknesses in XP.
"The probability of attackers using security updates for Windows 7, Windows 8, Windows Vista to attack Windows XP is about 100 per cent," Timothy Rains, Microsoft's director of trustworthy computing, told a recent computer security conference in San Francisco.
The potential security problems that will follow the end of Windows XP support could be greater than when Microsoft ended support for even older systems, Windows 95 and 98. The number of computers worldwide has grown, particularly in poorer nations, security experts point out. The system has also been around far longer than its predecessors, more than 13 years compared with less than a decade for Windows 98 and Windows 95.
"As more and more people connect, the potential targets and range of systems that can be exploited grows," said Brian Honan, a Dublin-based computer security consultant.
About 40 per cent of personal computers still use Windows XP, according to data from research group Netmarketshare. Beyond PCs, Windows XP also powers ATMs, medical devices, industrial control systems and some of the hardware used for swiping credits cards, said Jaime Blasco, malware researcher at AlienVault.
More than 95 per cent of ATMs also run the operating system, according to NCR, the largest provider of ATMs globally. It expects only a third of ATM providers will upgrade before Microsoft's April 8 cut-off.
The challenge, said Mr Blasco, is that many companies have built their own software that is only compatible with XP. Rebuilding that is expensive and ironing bugs out of the new version would take time.
"I ask these companies why they are using old software, they say 'Come on, it works and we don't want to touch that'," he said.
In the meantime, analysts say, companies are likely to invest in other forms of protection, to safeguard their networks or improve their ability to respond to attacks.
For the companies that make PCs, that is bad news, said Kirk Yang, an analyst with Barclays. Many companies, including Hewlett-Packard and Lenovo, had been hoping to see their sales rise as offices buy new PCs. While PC sales to enterprises are still stronger than sales to consumers, they are not pouring in as some had expected, said Mr Yang.
"All we do on PCs mostly is Microsoft Word, Excel, Power Point and now with cloud computing you do everything [more complex] on the cloud, so it removes a lot of incentive to upgrade PCs," he said. Plus, he said, for IT departments, "it's a big pain to change operating systems".
Developing countries in particular could see the frequency of malware rise, said Mr Rains of Microsoft. Many computers in such nations run pirated version of Windows, and governments there are less active than elsewhere in working with internet providers and companies to identify and stave off attacks.
Copyright The Financial Times Limited 2014. You may share using our article tools.
Please don't cut articles from FT.com and redistribute by email or post to the web.
via Technology - Google News http://ift.tt/1ohspN8
Put the internet to work for you.
0 comments:
Post a Comment