What are some of the worst scenarios out there?
Just when you think it’s safe to sit down in front of your computer, a Microsoft official suggests an impending PC-based zombie apocalypse. He may not be talking about a Walking Dead scenario in which a gang of hapless survivors battle flesh-eating ghouls. These zombies are PCs whose background processes have been commandeered by hackers who use them to steal the owner’s bank passwords, spew spam, or launch distributed-denial-of-service attacks.
Earlier, Director of Trustworthy Computing Tim Rains at Microsoft, warned that support for Windows XP (originally released back in 2001) will cease after April 8th. There will be no additional security-related updates or any other updates. Microsoft will not support the operating system in any way after the April deadline passes.
In fact, Microsoft’s patching policy will contribute to the situation. Rains says that when a vulnerability is found in one product, Microsoft tests related products to see if it exists there, too. For instance, if a vulnerability is found in Windows 7, it will also test Windows XP. Patches for all the products with the same vulnerability are typically released at the same time.
Microsoft organizes its release of patches in this way, says Rains, because the bad guys are infamous for reverse-engineering security patches to identify the vulnerability in question. If they find a crack in the system, they will inevitably write malware to exploit it.
Microsoft will continue to issue patches for any vulnerabilities it finds in Windows 7 and/or Windows 8. This, in turn, will inspire hackers to continue reverse-engineering the patches. In doing so, they will undoubtedly identify vulnerabilities applicable to Windows XP. When (not if) they find one that works, Windows XP will be at their mercy.
When this happens, your machines will end up as zombies in botnets with no antivirus software available to fix them. That is a problem not just for the owners of the individual machines, but also a major headache for the Internet at large.
“The risk,” says Rains, “is that after April, large numbers of compromised XP systems will be used to launch attacks.”
As for the scale of the problem, recent statistics show that 13.5 percent of Internet users still rely on Windows XP — only Windows 7 is more popular. Meanwhile, Microsoft’s online Malicious Software Removal Tool sees, with XP systems, a rate of infection for unprotected machines of about 1.5 percent.
Sometime after April, as the bad guys get their act together, all Windows XP machines will be effectively unprotected. And you can bet the infection rate will balloon drastically. If the rate exceeds 10 percent then the rate of infection for machines on the Internet will exceed one percent, and who knows what the overall impact will be.
Rains’ advice to Windows XP owners: migrate and move up to a newer operating system.
For aNewDomain.net, I’m Lamont Wood.
Based in San Antonio, Texas, Lamont Wood is a senior editor at aNewDomain.net. He’s been covering tech trade and mainstream publications for almost three decades now, and he’s a household name in Hong Kong and China. His tech reporting has appeared in innumerable tech journals, including the original BYTE (est. 1975). Email Lamont at Lamont@anewdomain.net or follow him @LAMONTwood.