Old Operating Systems Die Harder

Windows XP systems are feeling the big squeeze now, with Windows 8 on the horizon and Microsoft eliminating its support for XP by April 2014 -- and new data underlines how risky running older OSes like XP can be.

Fortinet's FortiGuard Labs mapped out a snapshot of OS attacks this year that showed 47 million attack attempts using exploits against vulnerabilities that were first discovered back in 2003. And the majority of the attacks were against XP systems, says Derek Manky, senior security strategist with Fortinet's FortiGuard Labs. Manky says the Windows 7 and Windows 8 transition period leaves existing XP systems increasingly in the bull's eye for attack.

"The sudden absence of support for XP leaves a void that will likely be filled by a slew of old and/or soon-to-be-discovered vulnerabilities and subsequently give rise to a new crop of security exploits that specifically target these legacy systems, which are now devoid of security updates or support," he says.

Manky and his team analyzed the number of vulnerabilities captured by its FortiGuard systems and, not surprisingly, found that older OSes experience more exploits. That's thanks in part to the increased availability and maturity of crimeware kits.

"If you look at the number of exploits discovered in 2011, the number of attack attempts was down to around 425,000, versus the 2.9 million we saw for exploits found in 2009," Manky says in an upcoming blog post. "The sad truth is that hackers are still successful going after older vulnerabilities, which really are low-hanging fruit since they have been known and unprotected against for ages."

Newer versions of Windows, Vista, and Windows 7 suffered far fewer exploit attempts, Fortinet's data shows. There have been less than 1 million exploits from 2010 until now, and there were less than 5,000 exploit attempts against new bugs that were discovered in 2012.

Aside from the maturity of crimeware kits, security features added to Windows 7, such as PatchGuard, have made it tougher for the bad guys to exploit the OS, according to Fortinet's findings. "Windows 7 is certainly more secure with technologies like DEP andASLR. Though we have seen these defeated with proven exploits and, I suspect, just like XP, when time rolls on, more exploits will become wrapped into easy-to-use tools, propelling attack volume similar to what we see on XP today," Manky told Dark Reading. "Likely, we won't reach the same levels, but expect a similar trend with high volume."

Manky expects 5,000 to 6,000 different attack attempts by the end of the year based on vulnerabilities found in 2012.

"The older the vulnerability, the more time there is for hackers to obtain the necessary code in order to create and execute successful attacks against users," according to Fortinet.

Have a comment on this story? Please click "Add Your Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.