Microsoft released its Security Intelligence Report Volume 15 earlier this week and sprinkled within its roughly 160 pages is one inescapable truth: Windows XP users are growing increasingly vulnerable.
Users of the 12-year-old operating system will be most at risk after April 8, 2014, when Microsoft announced it is no longer providing security updates, non-security fixes or technical support for Windows XP.
The report covers findings gathered from January to June.
“During the first half of 2013, currently supported versions of Windows desktop operating systems (Windows XP, Windows Vista, Windows 7 and Windows 8) all had roughly similar malware encounter rates – between 12 and 20 percent,” Tim Rains, director of Microsoft Trustworthy Computing, said in a Tuesday post. “But Windows XP systems had an infection rate that was six times higher than Windows 8.”
When Microsoft ceased supporting Windows XP Service Pack 2 a couple of years ago, Rains said malware infection skyrocketed 66 percent higher than Windows XP Service Pack 3 – which is the final version of Windows XP that will be supported.
According to a study conducted in April by VMware, 64 percent of enterprise-size companies haven't migrated off Windows XP – and the same goes for 52 percent of midsize firms and 61 percent of small and midsized businesses. End-user downtime, data loss, migration failures and cost are some of the reasons companies have stuck with what works.
Released earlier this month, Windows 8.1 provides users with remote business data removal, improved biometrics support, pervasive device encryption, improved Internet Explorer, malware resistance and device lockdown, Rains said.
“These features, coupled with new devices that build security into the hardware itself, help ensure and maintain device integrity (UEFI - Secure Boot) and data protection (TPM - Encryption), providing business customers with an added layer of security not available on the older hardware,” according to Rains.
The Microsoft report also addresses other security issues, including cloud-based domain name system and distributed denial-of-service attacks, as well as various other vulnerabilities, malware, exploits, email threats and malicious websites. It also goes into mitigation techniques.