Muscat: Microsoft has advised users to come out of the Windows XP environment "as soon as possible" before it stops providing support to the operating system on April 8, 2014, a top company official informed.
Tim Rains, director at Microsoft's Trustworthy Computing (TwC) group, on the sidelines of the recently-held Dubai 2013 Information Security Symposium, urged Windows XP users to upgrade to either Windows 7 or Windows 8 because the users will not receive any security updates, non-security hot fixes, free or paid assisted support options and online technical content updates.
In fact, many software and hardware vendors have already stopped or are in the process of discontinuing support to Windows XP.
"In Oman, about 17 per cent of computers connected to the Internet run on Windows XP. Oman is in a much better position than some other countries where the figure is about 50 per cent. But I do think that the danger is real after April… So the sense of urgency is getting greater. It (getting out of XP environment) is not too difficult for Oman because it has relatively less work to do," Rains said.
On an average, 17 per cent of computers worldwide encountered malware during the first half of 2013. And though Windows 8 and Windows XP encountered a similar amount of malware, XP users were six times more likely to actually be infected. Windows XP users also put their family and friends at increased risk.
Cybercriminals use such compromised systems to steal information and spread malware to others.
Attackers often use websites to conduct phishing attacks or distribute malware. Malicious websites typically appear completely legitimate and often provide no outward indicators of their malicious nature, even to the experienced computer users.
It has been found out that in many cases, these websites are legitimate but have been compromised by malware, SQL injection or other sophisticated techniques, in an effort by attackers to take advantage of the trust the users have invested in them.
"There are some quite good security systems in our operating systems that filter out these threats. They use a list of known phishing and malware hosting sites to warn users about malicious websites before they can do any harm. But the phishing and malware sites have many ways of winning the user's trust through social engineering. So I would say if you do not trust the source of the software, do not trust the software," warned Rains.
Transparent life cycle
The executive pointed out that Microsoft has a very transparent life cycle policy for each of its software. The enterprise users (or companies and institutions) are usually careful about not using expired software, but the situation becomes difficult at the general user level, and more so because the use of pirated versions is prevalent too, he added.
"Updating (of software) is the most effective way to protect your system's security. We provide updates to all our software regularly. The users must make full use of that. The updates are available for users of pirated software too," Rains said. Rains informed that the use of Microsoft's Security Development Lifecycle (SDL), which is a software development process, helps developers build more secure software and address security compliance requirements while reducing development cost. "It significantly reduces the vulnerability of the system, both at the user and enterprise level and also at the country level. I would recommend its use to build a safe software environment in any country," he added.