75% of DCC PCsrunning doomedOS as Microsoftwarns of threats

Thousands of machines used to run public services in Londonderry are still running Windows XP. Microsoft says the rate of infection and vulnerability to hacker attack will grow signficantly when it ends support for the 12 year old operating system in just over four months time.

The Council suffers the third highest penetration of the 12 year old operating system (OS) of several public service providers covered by the Sentinel survey. Four hundred machines were still running XP or older systems in September. That’s 75 per cent of the machines running your bins, swimming pools and Hallowe’en shin digs.

But should you care? Microsoft long ago announced it was ending support for XP in April 2014. So from April 8 machines and networks running XP will be more vulnerable to security risk. Due to its general ubiquity and complete domination of the OS market until recently XP is a honeypot for malware, viruses and worms.

Two weeks ago Microsoft warned over 34k branches of Indian banks would become vulnerable when support ended. And earlier this year the Aichi prefecture in Japan said it would replace most of its XP machines but keep around 800 by disconnecting them from the internet; the rationale being - no ethernet cable, no hackers. So how vulnerable are machines used by the PSNI, Altnagelvin, schools and Roads Service.

The Sentinel found that whilst 75 per cent of Council machines were running XP in September, the Department of Social Development (DSD) was worse off. DSD told the Sentinel: “All of our machines currently run either Windows XP or an earlier operating system.” DSD has 9,640 machines but says 8,335 (86 per cent) of these run XP. Presumably, given the DSD statement (above) the remaining 14 per cent are no longer or not yet in use.

The Department of Justice (DoJ) also suffers a high degree of XP penetration (96 per cent). DoJ said: “As of September 2013, there are 544 machines operated by DoJ Core, which run Windows XP...DoJ plans to upgrade from XP to Windows 7 before Microsoft ends support for the operating system in March 2014.”

The Department of Regional Development (DRD) - responsible for co-ordinating the response to flooding and snow storms - was running XP on 57.2 per cent of its 2,338 machines. Over 43 per cent (1,788) of Department of Finance and Personnel (DFP) machines were running XP.

And the Department of Culture, Arts and Leisure (DCAL) had 118 machines (39.7 per cent) running on the Windows XP.

Yet several of our critical public service providers appeared to be further down the road towards migrating from XP to newer systems.

The Western Trust was running XP on around 16 per cent of both its laptop (89; 16.4 per cent) and desktop machines (880; 16.6 per cent). “The current PC replacement programme is still in operation with approximately 400 PCs to be replaced,” the Trust said.

Seventy (14.4 per cent) of the Office of First Minister and Deputy First Minister’s (OFMDFM) 485 machines were running XP. The PSNI said 765 workstations on its corporate network were running Windows XP. That’s 8.15 per cent of the overall police estate. Just 186 (six per cent) of the Department of Agriculture and Rural Development’s (DARD) 3,069 machines have the old system installed.

Reassuringly, few of the machines responsible for second level education run XP.

The Department of Education (DE) said it had 32 using XP or earlier, out of 721; 4.4 per cent. And just 27 (4.21 per cent) of the Department of Enterprise, Trade and Investment’s (DETI) machines ran the system. The Department of Health (DHSSPS) also had an extremely low penetration rate.

Twenty-five (3.64 per cent) of its 686 machines were running Windows XP.

Public authorities still have until the end of the current financial year to migrate from XP or to put in place appropriate contingency plans.

Microsoft, whilst clearly interested in selling its Windows 7 and Windows 8 operating systems, is strongly advising that they do so.

Holly Stewart, a security expert at the corporation recently cited Volume 15 of the Microsoft Security Intelligence Report (SIRv15), which warns infection rates are likely to rocket after April 2014, in a recent blog post.

“Once support ends, if Windows XP SP3 follows a trend similar to prior Windows XP versions which are unsupported now, we can expect infection rates to rise,” she wrote.

“In the first two years after Windows XP SP2 went out of support, the infection rate disparity between the supported (Windows XP SP3) and unsupported (Windows XP SP2) service packs grew.

“In fact, the infection rate of the unsupported version was, on average, 66 percent higher than the supported version (Windows XP SP3).

“After support ends, Microsoft security updates are no longer provided to address new vulnerabilities found, but that does not mean that new vulnerabilities won’t be discovered and exploited by attackers.

“For example, it will be possible for attackers to reverse-engineer new security updates for supported platforms to identify any that may exist in unsupported platforms,” she wrote.