Windows XP users already facing malware invasion – before Microsoft “pulls plug”

Windows XP users already face far higher risks from malware  – with XP users facing infection rates six times higher than Windows 8 users, according to a report released by the company. Microsoft will withdraw support for the ageing platform in April next year – despite the fact that one in five PCs on Earth still use it.

Per 1,000 PCs scanned, 9.1 XP machines had been infected – as compared to 1.6 for Windows 8, according to a report by V3.

“Microsoft Windows XP was released almost 12 years ago, which is an eternity in technology terms. While we are proud of Windows XP’s success in serving the needs of so many people for more than a decade, inevitably there is a tipping point where dated software and hardware can no longer defend against modern day threats and increasingly sophisticated cybercriminals,” Microsoft wrote in a statement this week.

Around 21% of PCs worldwide still run Windows XP, according to a report by Neowin, speaking to Holly Stewart, Senior Program Manager of the Microsoft Malware Protection Center. In the U.S., 13% of PCs still use Windows XP.

“On April 8 2014, support will end for Windows XP. This means Windows XP users will no longer receive security updates, non-security hotfixes or free/paid assisted support options and online technical content updates. After end of support, attackers will have an advantage over defenders who continue to run Windows XP,” Microsoft said.

Google and Mozilla have both said they will continue to support their browsers after that point. The OS, however, will be vulnerable. After April, only companies paying for custom support will be protected – and up to a third of organizations are expected to still use Windows XP machines, according to earlier research by British firm Camwood.

Some security experts predict a “wave” of attacks at that point, with cybercriminals having banked exploits in anticipation of that moment.

“The average price on the black market for a Windows XP exploit is $50,000 to $150,000 – a relatively low price that reflects Microsoft’s response,” said Jason Fossen of security training company SANS earlier this year.

“When someone discovers a very reliable, remotely executable XP vulnerability, and publishes it today, Microsoft will patch it in a few weeks. But if they sit on a vulnerability, the price for it could very well double.”
Many firms have been slow to migrate from the ageing platform – despite the fact that Microsoft recommended leaving at least 18 months to migrate.