If you’re still using Windows XP, get ready for a security nightmare
While we know that using an operating system without support is quite risky and foolish, cyber attacks like last Friday show that it can become a real nightmare. Over the weekend the WannaCrypt ransomware stole the headlines by affecting thousands of computers in dozens of countries around the world.
In intranet was left out of play, which alerted us, but in a short time, attacks were confirmed in the English health system, FedEx in the United States, institutions in Russia, Ukraine, Taiwan, Mexico, and more. WannaCrypt takes advantage of a critical vulnerability in Windows that fortunately Microsoft had already discovered and patched before the attacks. But of course, in systems with support.
The alarming way in which this ransomware began to spread and how tens of thousands of attacks arrived in more than 70 countries, prompted Microsoft to launch an extraordinary update for Windows XP, a system that was no longer supported three years ago.
The company decided to release for the public, security updates that are available only to customers in special support (such as the case of the XP cash machines that receive support until 2019), because they know that there are still many Windows XP machines in the world. Machines that were not protected from WannaCrypt because they simply do not receive security updates anymore.
The NSA, the Shadow Brokers and what’s to come
In April we commented on how the latest exploits released by the Shadow Brokerswere being used to compromise thousands of Windows PCs . This group has become quite famous in the world of cybersecurity after claiming to have hacked the NSA.
Many of the tools released and that supposedly have their origin in the NSA , had already been marked by antivirus software since 2012, but several security experts believe that they contain vulnerabilities not yet known for old versions of Windows. Yes, like Windows XP.
And now, Microsoft has decided to confirm that the failure that takes WannaCrypt was developed by the NSA . In the words of the Redmond company:
We have seen vulnerabilities stored by the CIA appear on WikiLeaks, and now this stolen vulnerability of the NSA has affected customers around the world.
The tools published by the Shadow Brokers continue to run freely on the Internet. Security experts expect more zero-day vulnerabilities to be discovered even though many have already been patched. The updated versions of Windows are the least vulnerable, but those old systems like XP probably have not seen the worst yet. WannaCrypt is probably just a sample of what is out there.
Microsoft is not the bad guy in the story
It seems that in cases like this does not apply much of “the one who is free from sin who throws the first stone”, because throughout the weekend one of the things that can be observed is the whole world throwing stones against Microsoft . “Everything is your fault, Windows is insecure, etc.”
As our colleagues in Engadget said: the sentence of Windows is its popularity, neither Linux nor Mac will save you from the ransomware. Both systems accumulate more vulnerabilities than Windows itself, but none accumulate by far the number of users.
On the desktop Windows simply has no rival, Microsoft’s operating system has more than 80% of the market, and despite its age and lack of support for years, Windows XP is still the third most used Windows, only after Windows 7 and Windows 10. XP has more market share worldwide than Linux, with 5% according to StatCounter or 7% according to NetMarketShare.
Terrorists attack stadiums and train stations because they are full of people, cybercriminals attack Windows because that is where there is more chance of doing damage and making a profit. Windows XP is a system that officially stopped being supported years ago and even though extraordinary situations like this cause Microsoft to publish an emergency patch, does not mean that this is a solution that can be expected eternally, nor that it is not practical.
The biggest problem is with large companies, which have been suffering since the end of support was announced despite having had years to take action. Updating thousands of equipment can be not only very expensive, but also has an impact on the operability of the business for the time and resources it requires.
However, remaining vulnerable to this type of events to follow in obsolete versions of a system, with probably many vulnerabilities accumulated by government agencies, can be much more expensive in the end. It can turn into a nightmare quickly.
If you’re a simple personal computer user, it’s been a while since it was time to change your PC, or at least change the Windows version. That argument of “if it is not broken do not fix it” does not apply here, Windows XP is totally and absolutely broken because it has no support, no support is not receiving security updates, not receiving these is to be completely naked in front of threats still undiscovered and all those who believe in the future.