EDMONTON – Technology – Windows XP is more than just a desktop and notebook computer operation system. It is also used in a significant number of retail point-of-sale systems (POS), restaurant systems and even ATM Banking machines are running it.
And with Microsoft ending support for XP today, April 8th, all of these systems will be vulnerable to severe data breaches such as theft of credit card numbers and other personal information.
Christopher Pogue, Director for Chicago-based Trustwave, an information and security company, said that everyone still using XP – and there is a significant number of them – should be concerned. “XP has been in production since 2001 and (is the) de-facto standard in many business verticals like point-of sale systems,” he said.
But even worse, he added, are those people who don’t even know their systems are running XP.
“Back in college,” he remembers, “when I was a waiter I would interact with a POS terminal (and) I had no idea that windows was running under the POS application. There was no keyboard, you couldn’t Alt-Tab or hit a button to hit Escape.”
It’s not that those working in retail, food services and the hospitality industry aren’t concerned about their customers’ security, he said. They are just more focused on taking care of their customers and making sure their businesses are making money. IT security is “just not part of their core competencies. (XP) is not even on their radar.”
Pogue is a veteran in the IT and security field; he is a former long-time computer crime and digital forensics investigator with the U.S. Army and IBM.
He estimates that between a quarter and a third of Windows current operating systems are Windows XP – a staggering number vulnerable to attack.
While Pogue suggests switching to the newer OS sooner rather than later, there’s still no guarantee users will be protected from attacks because of the shared code use within XP and newer versions of Microsoft Windows. If attackers exploit newer versions, which Microsoft will subsequently patch, Pogue says that the culprits will simply reverse engineer that patch and all of a sudden the exploit now also work on XP.
However, the functionality of the operating system only accounts for just one of the possible peril spots, or “threat vectors” as Pogue calls them. The “applications that reside on top of the OS can have security flaws” he said.
Pogue advises companies to develop what he calls a good “Defence and Depth Strategy,” that is, ensure their systems are properly administered, routinely review remote connection logs, maintain good network firewalls and toughen access and password controls. You should also install advanced malware defences which detect, protect and remediate against nasties like Trojan and viruses.
While this won’t guarantee 100 per cent safety, it can help companies reduce the probability of security breaches.
Pogue says the benefits – including decreasing risks of a security breach, losing customer data and faith in your business – far outweigh any cost of upgrading from Windows XP.
There is, however, one exception to the Windows XP support deadline: for those running Windows XP Embedded, a componentized version of the XP Professional operating system engineered specifically to support embedded devices and their manufacturers. According to Microsoft’s Product Lifecycle Support page, extended support, which includes security updates, will only end Jan 12, 2016.
Home users and do-it-yourselfers still running Windows XP can easily upgrade by buying a new computer. You will get $100 off your new computer and free data transfer through MicrosoftStore.com on any PC or tablet that costs $599 or more.
This deal runs from now through June 15, at MicrosoftStore.com or by bringing your old XP devices to their local Microsoft retail store.
Senior Editor Greg Gazin is a Syndicated Veteran Tech Columnist and Small Business and Technology Speaker, Author and Past Toastmasters District Governor. He can be reached at GadgetGuy.CA or on Twitter @gadgetgreg.Why not book Greg to speak at your next event? You can contact him at firstname.lastname@example.org.