Archive for April, 2014

Why there will be no XP doomsday.

Monday, April 7th, 2014

Right now the tech press is convinced that all instances of XP are suddenly going to become massive malware magnets that will end civilization as we know it.  I’m a teensy bit skeptical.  Its probably safe to assume that a good chunk of those computers already have malware and are part of some botnet already. Its commonly accepted that 1/3rd of all computers have a malware infection.   People using a 12-year old OS probably aren’t the ones deeply engaged in safe security practices and I’m guessing part of that 1/3rd.  In my IT career I’m often shocked at the condition of people’s home computers.  Occasionally someone will bring one in and it’ll be filled to the gills with malware, yet running an anti-virus.  The AV is usually either out of date because its commercial subscription expired or its running a free AV with poor hit detection like MSE.

Large corporations with XP installs are probably paying for continued security patches and engage in security policies like limiting user rights, updating software quickly, web/mail filtering, and running decent AV.  These machines aren’t at much risk, especially considering that when we look at malware distribution vectors, its often via a trojan like a fake flash installer or exploits via 3rd party software like Java or Adobe Reader.

We also keep hearing how 27% of all computers are running XP.  This is determined by web stats, yet most web bots show an XP derived user agent, so we really don’t know how trustworthy those numbers are.   Bot filtering is tough to do and if not caught can greatly inflate numbers.

So, what’s the worst case scenario here? Some 0-day that’ll take everything down. Possibly, but Conficker came out several months after the hole it used was patched, so we know that a lot of people aren’t even bothering to patch or are doing so on very slow schedules.  I’m not sure why a 0-day will be such a threat when a 284-day exploit works  just as well. The XP doomsday is already here and its been going on for 12 years.

My prediction is that nothing of note will happen. Maybe some computers will switch from being owned by one botnet to another.  Enterprise will continue to trudge along and migrate to 7 or even 8.1.  Per usual, the doomsayers are overplaying their hand for ad impressions.

Advertisements