And it seems that cybercriminals are very well-prepared for that moment, readying waves of Windows XP attacks that are bound to convert into nice amounts of money, as the average price on the black market for a Windows XP exploit is said to be from $50,000 to $150,000, according to security expert Jason Fossen. When Microsoft will no longer support Windows XP, this means that it will no longer provide security patches, thus leaving it wide open for hackers to bank bugs discovered between now and April 2014.
Windows XP to become a treasure for hackers
Don’t think that Microsoft has already abandoned Windows XP; there are almost weekly critical security updates being readied for those that still use it. Usually, if Microsoft detects a critical bug that is heavily exploited by hackers, Microsoft will issue a security update as fast as it can and will not wait for its monthly Patch Tuesday schedule to do it. Jason Fossen explains: A new vulnerability is also referred to as a “zero-day” one. Most likely, cybercriminals have already started discovering “zero-day” vulnerabilities and are just waiting for Microsoft to stop security support so that they could later on sell them or use them on unprotected computers. A good sign for this theory might represent the decrease in Q4 of 2013 and Q1 of 2014 of publicly disclosed Windows XP vulnerabilities. The same Fossen says that “hackers will be motivated to sit on them” and to wait to get a “better price”. This is a big issue because despite the fact that Microsoft will retire Windows XP, it will still have a big marketshare, something around thirty percent, which means that Windows XP will be present on millions of computers worldwide, a real gold mine for cybercriminals. There will be a few companies, organizations and government agencies that will still get Windows XP security patches, because they pay big fees for custom support.
And here are some interesting facts from the second half of 2012 about XP’s weak security protection when compared to Windows 7:
Windows XP infection rate: 11.3 machines per 1,000 Windows 7 SP1 32-bit infection rate: 4.5 per 1,000 Windows 7 SP1 64-bit. infection rate: 3.3 per 1,000
There is no data yet on Windows 8, but most likely the numbers are even better. Brian Gorenc, manager of HP Security Research’s Zero Day Initiative: As Fossen observes, if there will be heavily-exploited zero-day vulnerabilities in Windows XP, the users themselves will “organize and demand patches”. Jason Miller, manager of research and development at VMware: One of the best solutions for Microsoft would be to come up with a new upgrade offer, cheaper than previous ones, to convinces users to leave XP behind and embrace Windows 8.
Name *
Email *
Commenting as . Not you?
Save information for future comments
Comment
Δ
