Top
Computer Glossary
Security Tips & Information
What's New!!
Help Desk
Taking care of your PC
My Favorite Links
Buying & Recycling PC's
Protect Yourself Online
Software
The mysterious "Cloud"
Improve & Protect your Browser
About Thom & the Site
Search

Pittsburgh Tech Guy

Phone: 412-256-8674

Email: pghtechguy@hotmail.com

Skype: pghtechguy on Skype

 

How to Backup your computer online for free
« Back to School Security tip #1 | Main | It's always family that makes you work the hardest for free »
Wednesday
Aug142013

The best reason yet to abandon XP this upcoming spring..

DateWednesday, August 14, 2013 at 12:05AM

Cyber criminals will bank their Windows XP zero-day vulnerabilities until after Microsoft stops patching the aged operating system next April, a security expert argued today.

Jason Fossen, a trainer for SANS since 1998 and an expert on Microsoft security, said it's simply economics at work.

"The average price on the black market for a Windows XP exploit is $50,000 to $150,000, a relatively low price that reflects Microsoft's response," said Fossen. When a new vulnerability -- dubbed a "zero-day" -- is spotted in the wild, Microsoft investigates, pulls together a patch and releases it to XP users.

If the bug is critical and being widely used by hackers, Microsoft will go "out-of-cycle," meaning it will issue a security update outside its usual monthly Patch Tuesday schedule.

But after April 8, 2014, Microsoft has said it will retire Windows XP and stop serving security updates. The only exceptions: Companies and other organizations, such as government agencies, that pay exorbitant fees for custom support, which provides critical security updates for an operating system that's officially been declared dead.

Because Microsoft will stop patching XP, hackers will hold zero-days they uncover between now and April, then sell them to criminals or loose them themselves on unprotected PCs after the deadline.

"When someone discovers a very reliable, remotely executable XP vulnerability, and publishes it today, Microsoft will patch it in a few weeks," said Fossen. "But if they sit on a vulnerability, the price for it could very well double."

Minus any official patching from Microsoft, XP zero-days and their associated exploits could remain effective for months, maybe even years, depending on how well security software detects and quarantines such attacks.

If Fossen's thesis is correct, there should be signs of bug banking, most notably a sharp reduction in the number of publicly-disclosed or used-in-the-wild XP vulnerabilities during the fourth quarter of 2013 and the first quarter of 2014.

"[Hackers] will be motivated to sit on them," Fossen stressed.

For you, the average user, you will be at the mercy of hackers.  You've been warned...

AuthorThom McClain | CommentPost a Comment | Reference4 References |

References (4)

References allow you to track sources for this article, as well as articles that were written in response to this article.
  • Response
    Response: paul smith 安い
    at paul smith 安い on November 9, 2013
    The sexes can be not any improved, numerous people end up organizing most of these perfect into a fireplace only to eradicate these, or perhaps employ these types of carriers to accumulate newsprint as well as end up consumption the whole carrier and the newsprint inside of.
  • Response
    Response: ugg ブーツ 楽天 偽物
    at ugg ブーツ 楽天 偽物 on November 17, 2013
    While you're vigilant in your scheduling and even set up a resources, you no doubt know of which looking on the internet pertaining to bathing room items quite easy.
  • Response
    Response: have a peek at these guys
    at have a peek at these guys on December 2, 2013
    Superb Web-site, Keep up the excellent job. With thanks.
  • Response
    Response: longchamp magasin geneve
    at longchamp magasin geneve on December 31, 2013
    Bret Aiken has been studying, applying, and experimenting with protecting coatings for loos and kitchens considering that the nineteen eighties. Throughout the 80s Bret and his hassle James Aiken labored collectively in the shower door sector for Rainbow 80s and later Rainbow 90s, as a part of a family members enterprise ...

Reader Comments

There are no comments for this journal entry. To create a new comment, use the form below.

PostPost a New Comment

Enter your information below to add a new comment.

My response is on my own website »
Author Email (optional):
Author URL (optional):
Post:
 
All HTML will be escaped. Hyperlinks will be created for URLs automatically.

Notify me of follow-up comments via email.