Companies that rely on older operating systems are putting themselves at greater risk of security breaches according to the latest version of the Microsoft Security Intelligence Report, in which the company says that newer versions of Windows display exceptional security. As the report put it “Windows 8.1 and Windows Server 2012 R2 have some of the lowest malware infection rates we have seen and are providing clear security benefits.”
Despite Microsoft's evidence that newer systems are more secure, there are still large numbers of machines using older systems. According to a recent survey from Bit9 this month, 44 percent of enterprises are still using Windows XP, more than a year after Microsoft ended extended support for the operating system, while 34 percent of organisations are still using a combination of XP and, the soon-to-be defunct, Windows Server 2003. What's more, about 10 percent of organisations are still using Windows XP exclusively – an indication of the reluctance of businesses to move away from older systems.
But such companies are leaving themselves open to attack. Mark James, ESET security specialist said that companies not upgrading were harming their ability to stay safe. “With Windows XP currently having a larger market share than windows 8.1 it's a very scary prospect,” he pointed out. “XP will not be getting any security updates, no vulnerabilities or exploits will be fixed, no updates to make you safe and secure are going to happen. All in all it's just bad practice to still be using Windows XP. If you are then you need to look at moving as soon as possibly can.” He advised all companies dragging their feet to go for Windows 8.1 and get free upgrade to Windows 10 in the future.
TK Keanini, the CTO for Lancope drew on a lesson from the natural world. “In biological systems, when errors like this occur, the organism to protect itself will contain it, this is how you end up with a benign tumours as opposed to malignant ones. The same pattern should apply here, encapsulate these machines as best you can because they are harmful to their adjacent machines and on the Internet, that means everyone,” he said.
However, his colleague, Lancope's VP of threat intelligence, said that upgrading wasn't always straightforward. “"There is a hardware component to the upgrading of Windows XP and 7. Some of the older computers can't run it and will remain at their OS level for the life of the computer. In poorer countries this can be a long time. This strengthens the need for others to protect against them,” he said.
Other findings of the Microsoft report included the “precipitous” rise in vulnerability disclosures, with an increase of 55 percent from the first half of last year, and a rapid increase in new exploits which could be deployed. The report said that “It used to take weeks or months for new exploits to appear in exploit kits, but in the second half of 2014 we saw that time period decrease to ten days or less (sic) in several cases.”