We'll cover:
1. How attackers work.
2. The significance this has for Windows XP users who will no longer receive updates to their operating system.
3. Free solutions to help secure your PC.
2014/01/14: This article has been updated, correcting NetMarketShare figures regarding how many people use different versions of Windows. In practical terms there is little difference.
Microsoft will soon stop issuing security updates for Windows XP.
At the same time it will cease issuing updates for its anti-malware product (Microsoft Security Essentials) for Windows XP.
This is significant because a very large minority of PC users still have Windows XP installed. Should they buy a new Windows 8 PC or can they maintain a decent level of security once they are abandoned by Microsoft?
In April 2014 Microsoft will end support for Windows XP and its free anti-malware protection. However, in December 2013 29 per cent of Windows users were still running Windows XP.
To put things into perspective 44.5 per cent were running Windows 7 and only 11 per cent were running Windows 8 and Windows 8.1 combined. These figures are provided by NetMarketShare.
Clearly such a large number of people are not going to switch to Windows 7 or 8 in the next three months.
The following article explains what the threats are for Windows XP users, how they work and ways in which users can secure their old computers without having to upgrade the operating system.
How hackers do it
There are two common ways for hackers to attempt to gain
access to desktop computers.
Social engineering
The first is so-called social-engineering, in which they
trick victims into running a malicious program. This program may be designed to
steal information, such as passwords, from the system. Let’s call this type of
software ‘spyware’.
Alternatively the software might try to further trick or
blackmail the victim, perhaps by claiming (ironically) that it has detected a
malware infection or by locking the PC and demanding payment for releasing the
system back into the user’s control. These types of threats are called ‘rogue anti-virus’ and ‘ransomware’ respectively.
For social engineering to work the user usually has to be
convinced to run a program. If they are sufficiently convinced that they need
to download and run a certain program (or insert a strange USB storage device)
then they will probably carry on regardless of what their anti-virus program
tells them.
Some may check themselves if they see a warning like, “This
file is a Trojan. We recommend you should delete it.” but clearly enough users
are fooled for the criminals to continue with this tactic.
No amount of
patching Windows will change this situation so, for Windows XP users, this type
of threat remains as significant (but probably no worse) as before.
Software exploitation
The second method is to gain access to the system using
automatic attacks. These usually involve the victim visiting a website that
contains some malicious code. This code, known as an exploit, runs on the
target computer and gains a temporary level of control. It uses its new-found
position of power to download and install malicious software, such as the
aforementioned spyware, rogue security software and ransomware.
Automatic exploits only work because there are security
holes, aka ‘vulnerabilities’, in the software on the victim’s computer.
Vulnerabilities can exist in the applications that come included with Windows,
such as Internet Explorer; in third-party applications such as Java, Flash and
Adobe Reader; and even in hardware drivers (last month researchers published an exploit for Nvidia’s display driver).
If vulnerable software is updated to make it less vulnerable
then exploits are less likely to work. For example, if you are still using Java
version 6.x then your system is very open to attack because there are lots of
known vulnerabilities for that software. Upgrading to the latest version 7.x will
help, because there are fewer known vulnerabilities in the latest version of
Java.
It is neither safe nor accurate to assume that any program
has no vulnerabilities at all. Usually it’s just a matter of time before someone
finds a new one. If a program is popular then there is more motivation for
researchers to look for security holes because they affect the most number of
potential victims.
Most popular exploits
It is hard to say whether attackers prefer to exploit vulnerabilities
in Windows’ own files or those belonging to third-party software but, according
to an update by the security blog Contagio,
the exploit kits used by criminals in recent months seem very focussed on Adobe
Reader, Adobe Flash and Oracle’s Java.
There are some exploits aimed at Internet Explorer 10 and
earlier, many of which could affect Windows XP users. Switching from Internet
Explorer to a browser that has continued Windows XP support (such as Google
Chrome, Mozilla Firefox and Opera Software’s Opera browsers), and updating all
other third-party applications would be a sensible move if you want to stick
with Windows XP.
Updating automatically
Microsoft makes updating Windows reasonably convenient
thanks to the Windows Update service. However, this does not usually provide
updates for third-party software (although it does sometimes). Fortunately
there is a free application that behaves in much the same way as Windows Update
but for non-Microsoft programs.
Secunia’s Personal Software Inspector (SPI)
will scan your PC for vulnerable applications and can automatically download
and update those for which updates exist. You can also opt to have it download
the updates but wait until you instruct it to install them, and you can even
have it simply scan and inform you about available updates, rather than
downloading anything.
How this affects users of Windows XP beyond April 2014
If Microsoft sticks to its plans then Windows XP will no
longer receive security updates after April 2014. This means that any future
vulnerabilities detected in Windows XP system files and the applications that
come with it will remain unfixed. This appears to be great news for the
attackers, who can locate security holes and use them without fear that their
activities will be hindered by an impending fix.
The solution(s)
However, this is just one facet of the situation.
Third-party applications and hardware drivers will still be updateable as long
as their developers continue to provide support. Additionally, certain
anti-malware software, including Kaspersky Internet Security and Symantec Norton
Internet Security, are capable of detecting many types of exploits and can prevent them from taking control of the system.
I put together a list of anti-malware products that will continue to protect Windows XP after Microsoft withdraws support. Most, at the time of writing, were committed to the foreseeable future.
I put together a list of anti-malware products that will continue to protect Windows XP after Microsoft withdraws support. Most, at the time of writing, were committed to the foreseeable future.
While Java is notoriously popular with hackers, you don’t
need to remove it completely in order to secure your PC. You can keep Minecraft
running happily on your system but simply disallow Java in the web browser.
There are at least five free and easy ways to protect against viruses and spyware. Windows XP users won’t be able to follow point #4 (i.e. update Windows) from that linked article but the rest
are relevant for those sticking with XP.
Microsoft has a tool that helps to prevent the exploitation
of vulnerabilities in its own software and those created by third parties. The
Enhanced Mitigation Experience Toolkit is probably a little too tricky to use
for everyday users but experts and the inquisitive can download it for free.
So while it is always best to fix the problem, by patching
the security hole (or uninstalling the vulnerable application if you don’t need
it!), there are ways to prevent the bad guys from gaining access even though
the holes continue to exist.
No comments:
Post a Comment