China snubs Microsoft for ending XP security
Microsoft has paid a high price for stopping security support on Windows XP - the Chinese government has decided not to buy Windows 8 for fear that product too will be left insecure.
'Chinese spies' launch new Adobe zero-day attack
But industry observers believe there may be more to the move, reflecting the severe breach in trust between China and the US which became clear this week when the US government publicly ‘named and shamed' five Chinese Army officers for allegedly hacking into American companies and stealing their trade secrets.
China's official news agency, Xinhua, confirmed the decision to drop Windows 8 on 20 May, saying: “China will forbid the use of the Windows 8 operating system (OS) in new government computers, a move to ensure computer security after the shutdown of Windows XP. All desktops, laptops and tablet PCs to be purchased by central state organs must be installed with OS other than Windows 8.”
Explaining why, Xinhua said: “Despite major Chinese software security companies having promised to provide technical assistance to guard against risks, Windows XP users have remained fearful about potential dangers such as hacker attacks. And the Chinese government obviously cannot ignore the risks of running OS without guaranteed technical support. It has moved to avoid the awkwardness of being confronted with a similar situation again in future if it continues to purchase computers with foreign OS.”
Xinhua says most Chinese government computers still run Windows XP, which has a 70 percent market share in the country.
Microsoft told journalists it was surprised to see Windows 8 barred from bids for public sector deals – though it can still be offered to private sector customers in China.
In a statement, the company said: “Microsoft has been working proactively with the Chinese Central Government Procurement Center and other government agencies through the evaluation process to ensure that our products and services meet all government procurement requirements, and we'll continue to do so.
"We are confident that Windows 8 meets all of these requirements, and we've seen a large number of customers around the world, including governments embrace Windows 8 as a modern, secure operating system.”
The decision by China to snub Windows 8, first announced on 16 May, seemingly pre-dates the US Justice Department's indictment of the five People's Liberation Army officers for alleged industrial cyber espionage, and their appearance on an FBI ‘Most Wanted' poster.
As a result, industry watchers are divided as to whether the move reflects the growing distrust between the US and China over cyber security, or is a purely commercial decision.
Cyber security expert Professor John Walker, visiting professor with Nottingham-Trent University's School of Science and Technology, said Windows 8 had not lived up to expectations among users and “in many cases it has proven to be a heavyweight disaster”.
But he told SCMagazineUK.com: “There might be something else to it. Since Snowden, this decision could also be about trust, the concern that Windows 8 could be engineered to allow ‘invasion'. It may be that this is a very valid excuse for the region to back out of MS products altogether, and look to get more robust solutions deployed which may not be considered to have been compromised pre-install!”
But Tim Holman, president of the ISSA-UK user group and CEO of security firm 2-sec, told SC UK via email: “I can't see this being anything other than an economic decision.”
“It has long been known that China is one of the world's worst offenders when it comes to using unlicensed software and Windows XP has pretty poor license enforcement. With Windows 8, Microsoft are quite rightly ensuring that each copy has to have a licence in order to operate.
“Perhaps the move from China is simply an economic one and she cannot afford to upgrade from an effectively free operating system (Windows XP) to one that needs a purchased licence to run.”
In a further twist, while Microsoft officially ended XP security support in April, it U-turned on that decision earlier this month to patch a zero-day flaw in XP that was being actively exploited – ironically by suspected Chinese cyber-criminals targeting EU-based organisations.
Meanwhile, China remains aggrieved at the espionage charges laid against its army officers and has issued data on the cyber attacks it has suffered from the US, while insisting “China is a solid defender of cyber security”.
Xinhua said that from 19 March to 18 May, nearly 1.2 million Chinese host computers were controlled by more than 2,000 Trojan horse networks or botnet servers based in the US.
“Those activities target Chinese leaders, ordinary citizens and anyone with a mobile phone. In the meantime, the US repeatedly accuses China of spying and hacking,” the agency said. “China has repeatedly asked the US to stop, but it never makes any statement on its wiretaps, nor does it desist, not to mention make apology to the Chinese people.”
Looking beyond Windows 8, China will now focus on developing its own operating system. There are several Linux-based OSs made by Chinese companies, such as KylinOS and StartOS, though they have not so far proved popular.