Skip Tags

Popular Tags

Decorative icon

The Resource Center Online Security Issues & Protection | post

ID Theft is a very real threat when Microsoft “retires” its XP operating system next year

by Steve Schwartz on

A "zero day vulnerability" to computer software often opens the door to id theft. If you are one of the millions still using Microsoft's XP operating system, you face a very real such problem early next year.

I have touched on "zero-day" problems before in this space. It's the term given to the amount of time that passes between the indentifying of a way a piece of software can be hacked and the issuing of a patch by the software company closing the hole. The discovery of the vulnerability is dubbed the "zero day."

If you are using a Windows operating system on your computer you may not realize that every Tuesday Microsoft issues patches to plug problems that have been discovered in its products. They come automatically to your computer the first time you sign on to the Internet after they are posted and you may not realize you have received them until you go to shut down you computer and you get a warning not to turn it off until some updates have finished loading.

Most of the time, these fixes are inconsequential in nature. A few are important and close major loopholes that could have been exploited by cyber-criminals and led to massive id theft.

Windows XP, launched in 2001, is the largest selling operating system ever brought to market by Microsoft. But it is now three generations old, have first been supplanted first by Windows 7 and now more recently by Windows 8 (now 8.1).

Microsoft has announced it will "retire" XP in April 2014. That means that from that date on, no updates patching security flaws in the XP operating system will be issued. The gates will be opened wide to theft of identity all over the Internet.

No big deal, you might be thinking, if your computer is using Windows 7 or Windows 8 (8.1). The problem is a lot of computers still use XP, by one count perhaps 39 percent of all computers using Windows. The number still using XP may be as high as 500 million worldwide.

Consider that number for a moment. Come next April 8, 2014, some 500 million computers suddenly more vulnerable and open to ID theft by cyber-crooks That is unless you work for a company or other organizations such as government agencies, that pay high fees for custom support, which provides critical security updates including for an operating system that’s officially been declared dead.

Believe it or not there is an active black market where hackers can buy and sell "exploits" - computer programs designed to take advantage of weaknesses found in various popular computer systems and programs. In the past, we are told by computer security experts, the average price on the black market for a Windows XP exploit has been in the $50,000 to $150,000 range. This is relatively low, reflecting Microsoft’s record of quick response when flaws in its programs are discovered.

But recently the market in XP exploits has dried up. The conclusion by the experts is that the bad guys are waiting until April to unleash new programs attacking XP.

If you are an XP user, what should you do? The obvious answer is to spend the $100-$200, to do what Microsoft hopes it is forcing you to do - buy a newer version of Windows. Or, if you're still using XP, maybe it is time to consider buying the next generation of computer possibly moving from a clunky desktop to a sleek new notebook.

It is also likely that come the New Year, you will start seeing ads for online services that will, for a fee, offer a service that will keep XP updated with fixes in response to newly discovered vulnerabilities. You might just hope that if major vulnerabilities are discovered Microsoft will be forced into issuing a fix just to publicly save face.

Gregg Keizer, writing in Computerworld, has an interesting take on the problems caused by the retirement of XP. It will be interesting to see what happens come April. If you are using Windows 7 or 8, or some non-Microsoft operating system, you can sit back and look on as an interested observer. If, however, you are still using XP, theft of identity could be a real and it will certainly be a scary time for you.

01