aNewDomain.net — Sitting down to your computer just got a lot scarier. The impending prediction of an upcoming zombie apocalypse, infesting your trusty old Windows XP, has been confirmed by Microsoft.
Tim Rains, director of Trustworthy Computing at Microsoft, spearheaded this terrifying press release. Now, these aren’t your traditional Blockbuster zombies. There won’t be any skin-devouring creatures that stalk and corner 20-something’s in malls and residential neighborhoods. The Microsoft zombies are PCs whose central controls have been overrun by hackers in order to flood spam, steal bank passwords or launch distributed-denial-of-service (DDoS) attacks.
Photo Credit: Wikimedia Commons
Director Rains reiterates an announcement made earlier this year that Microsoft will end all support for Windows XP, which was released in 2001, after April 8th 2014. This means an end to security-related updates, which keep the current system fairly hack-free, and all other updates to the OS. The updates released up until April 8th (Zombie-Apocalypse Day) will counter specific software weaknesses, but not after. New holes in security will spring up, as they always have, and Microsoft simply won’t be mending them.
Flaw in the System
After April 8th Microsoft’s patch policy will actually worsen the situation. Rains explains that Microsoft protects its products by unilaterally releasing an update for all products when one vulnerability is found, checking to see if the other OSs have the same issue. For example, when a security breach is found in Windows 7, Microsoft will test XP and Windows 8 to check for similar holes.
Microsoft organizes its release of patches that way because the bad guys are known to reverse-engineer security patches to identify the vulnerability in question. They will then test other products for the vulnerability and, if they find it, write malware to exploit it.
The problem is that after April 8th Microsoft will continue issuing patches for any vulnerabilities it finds in Windows 7 or Windows 8, and the bad guys will continue reverse-engineering the patches, identifying the vulnerabilities, and trying them on Windows XP. When — rather than if — they find one that works, Windows XP will be at their mercy, since no exploited flaw will ever be fixed.
Presumably, the machines will end up as zombies in botnets with no antivirus software available to fix them. That is a problem not just for the owners of the individual machines, but also a major headache for the Internet at large.
“The risk is that after April 2014 large numbers of compromised XP systems will be used to launch attacks,” Rains told Tech Page One.
As for the scale of the problem, recent statistics show that 13.5 percent of Internet users still rely on Windows XP — only Windows 7 is more popular. Meanwhile, Microsoft’s online Malicious Software Removal Tool sees, with XP systems, a rate of infection for unprotected machines of about 1.5 percent.
Sometime after April, as the bad guys get their act together, almost all Windows XP machines will be effectively unprotected, and the infection rate will presumable balloon. If the rate exceeds 10 percent then the rate of infection for machines on the Internet will exceed 1 percent, and who knows what the overall impact will be.
Rains’ advice to Windows XP owners: migrate. In other words, move up to a newer operating system.
For aNewDomain.net, I’m Lamont Wood.
Based in San Antonio, Texas, Lamont Wood is a senior editor at aNewDomain.net. He’s been covering tech trade and mainstream publications for almost three decades now, and he’s a household name in Hong Kong and China. His tech reporting has appeared in innumerable tech journals, including the original BYTE (est. 1975). Email Lamont at Lamont@anewdomain.net or follow him @LAMONTwood.