Kicking off Windows Week here at htxt.africa is the news that today marks the end of Microsoft’s support for Windows XP. As of April 8 2014, Microsoft will no longer be actively developing security fixes for the operating system, so if any new vulnerabilities surface in the coming days/weeks/months/years, they won’t be fixed. Ever.
As you might imagine, this is likely excellent news for anyone writing malware, and terrible news for financial institutions since Windows XP is still used by a significant number of computers, even today.
At a “Farewell Windows XP” event held at Microsoft’s SA headquarters today, Microsoft said that they don’t know how many Windows PCs still use XP, exactly, but accepted wisdom among the IT journalists present at the event told me that it’s probably “around 10%”. And with billions of Windows PCs around the world, that’s still a significant number.
Not coincidentally, Trend Micro sent out a press release earlier today saying how this new reality is going to pose a significant threat to financial institutions, to the point where banks may even start shutting off access to their online services to computers that still use Windows XP.
While drastic, it makes sense for them to do so considering malware writers are targeting online banking facilities more now than in the past. As Trend Micro says, “[criminals’] most profitable attack is to go where the money is”. That’s backed up with research, too: Trend Micro’s press release stated that “from 2012 to 2013, detections of online banking malware more than doubled from 500,000 worldwide in 2012 to more than 1 million in 2013”.
The message here is that if you’re still using Windows XP, you’re strongly advised to upgrade to another, more recent operating system. Even though that may seem like a strong-arm tactic to get you to buy software you may not even be considering (or even move to that open-source OS you may have been eyeing), it’s an undeniable fact that newer operating systems are more secure than older ones.
Just how much more, you may be asking. Microsoft SA’s Anthony Doherty (Windows and Surface business group lead) said at today’s event that Windows 8 is “up to six times more secure” than Windows XP ever was, a reality that minimises any risk of successful malware attack.
Upgrading, then, is not exactly a terrible idea, particularly if you bank online and want to carry on doing so without running the risk that a cybercrime syndicate has infected your vulnerable Windows XP system, and is just waiting to harvest your banking details and rob you blind.
Of course, it’s not just the PCs accessing online banking portals that are at risk, it’s also many of the banks’ own PCs. Many of those that power ATMs, for example, have until recently been using the now-defunct operating system, and some still do.
We have previously reported that banks are indeed in the process of performing the necessary ATM PC upgrades to ensure they are as secure as possible going forward. ABSA has confirmed to us that they have purchased an additional year of support for Windows XP, which ensures ongoing security for the remaining ATMs that have not yet been updated.
Aziz Cassim, the head of self service channels at FNB told us via email that “We are on track for migration to Windows 7 and have a detailed plan to implement the changes, which will not impact ATM usage for our customers.”
We’ve asked the other two (Standard Bank and Nedbank) what progress they’ve made with their own ATM upgrades and we’ll update the article when they come back to us, but it’s safe to presume that neither of them are resting on their laurels. Not with billions of rands at stake.
Will you miss Windows XP? Or has the time come for the world as a whole to move beyond its touch-free trappings? Let us know in the forum/comments below.
Update: Vuyo Mpako, Standard Bank’s head of channel design and development, had this to say about the bank’s preparations for a post-XP world:
“Standard Bank has been preparing itself for this upgrade, also due to [the] necessity of enabling new capabilities which require Windows 7. Standard Bank is investing significantly on in-line teller technology, which will be used for in-branch teller automation. This will be like having an automated cash accepting device, except that it is fully integrated with the branch experience. The aesthetics of the in-line-teller technology make it ideal for in-branch full self-service as well as partially assisted self-service deployments. Customers can expect to see these integrated with our Gen-8 branch deployments in the latter part of this year.
In-line with these, we had already started with our upgrade platform with Windows 7, which is progressing very well. We have now fully certified all our new software for rollout to commence in the latter part of this year. In the short-term, we are confident that the plans around extended support for our ATM software are adequate. There are no risks to customers, and our customers do not have to worry about any of these.”