Start isolating critical XP systems now, experts warn

Organizations that still need to use Windows XP after Microsoft pulls the support plug in eight months should spend the time they have left isolating software running on the aged OS.

With no security patches forthcoming after April 8, 2014, cybercriminals are expected to head into overdrive in releasing exploits of zero-day vulnerabilities discovered and sold for big bucks in the underground. Therefore, organizations keeping XP as a primary operating system are painting a big bulls eye on their computers.

"It's really a losing battle," Wolfgang Kandek, chief technology officer for Qualys, told CSOonline.

At the end of this year, IDC predicts roughly a fifth of the world's PCs will be running XP.

"That is the good news, but the bad news is the installed base is concentrated in commercial customers rather than home users, which means an exploit is potentially more damaging," said Al Gillen, an analyst with IDC.

Based on browser usage, Qualys estimates that about 10% of U.S. home users are currently running XP. Such users have little choice but to bite the bullet and upgrade to avoid having their systems infected with malware looking to steal credentials to online banking and other websites.

The problem becomes more complicated for organizations running specialty software dependent on XP, said Tyler Reguly, manager for security research and development at Tripwire.

For example, Reguly recently ran across a regional airport in Canada that could not upgrade from XP without breaking critical software. Also, many retailers using XP-based point-of-sale systems cannot afford new equipment.

[Also see:Ã'Â Bromium protects hosted desktops and Windows XP with its Microvisor]

Organizations stuck with XP after Microsoft's deadline should take the OS and the apps it runs off the Internet.

"For those who can't upgrade, they need to look at risk-reduction strategies," said James Lyne, director of technology strategy at Sophos.

Wherever possible, XP and the apps that can't live without it should be on a virtual machine that essentially isolates the software in its own sandbox. Vendors that provide such technology include VMware and Citrix Systems.

"If I have to, I can automatically quarantine that virtual machine to help reduce my risk," said Paul Henry, a security and forensic analyst with Lumension.

The VM platforms can be configured to restrict access to the underlying systems' hard drive and to certain files to prevent infections from spreading. In addition, XP should be stripped of any components not necessary to run the specialized apps.

"When you run older, vulnerable software in these sandboxes, it really does work to help mitigate [the risk]," Reguly said, adding that the technology provides a "really nice platform to lock things down."

For companies with money to burn, Microsoft is offering very expensive custom support for XP. However, at prices ranging from $600,000 to $5 million the first year, depending on the number of systems, it's an option only for desperate enterprises.

"I couldn't afford it," Kandek said.

So isolation will likely be the best strategy for many organizations, which should get started soon, before cybercriminals start releasing their XP-hunting malware.

Sean Bodmer, chief security researcher at CounterTack, has a warning for companies who fail to act. "Once there is no further support for identified, exploitable vulnerabilities, it will be easier for attackers to access data than fishing with dynamite," he said.

Read more about malware/cybercrime in CSOonline's Malware/Cybercrime section.

Join the CSO newsletter!

Error: Please check your email address.

Tags applicationsMicrosoftzero-daylegalsoftwaredata protectionqualyscybercrimewindows xpsupportData Protection | Malware

More about Citrix Systems Asia PacificCitrix Systems Asia PacificIDC AustraliaLumensionMicrosoftQualysSophosTripwireVMware Australia

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Antone Gonsalves

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place