14 DAY TRIAL // Windows XP just turned ten, but despite it's age it is still the most widely used operating system in the world and one of the primary reasons for the high number of infected computers.
Windows XP was officially released to manufacturers on August 24, 2001. It was the launch of what was to become Microsoft's most successful operating system.
Ten years and three service packs later, Windows XP is still going strong and is installed on some 42% of the world's computers.
The problem with this, from a security perspetive, is that a decade-old operating system can't and shouldn't be expected to fight today's sophisticated threats.
Even with later security improvements like Data Execution Prevention (DEP), which was introduced in 2004 with Service Pack 2, Windows XP is still a long way behind Windows 7 when it comes to protection technology.
For exampke, it does not benefit from native address space layout randomization (ASLR), an anti-exploitation technology that makes it significantly harder to attack memory-related vulnerabilities.
Furthermore, Windows XP lacks User Account Control (UAC), a technology that allows users to run applications with lower privileges. Attempting to install any program that requires admin privileges, like most malware, prompts a confirmation dialog.
"Ten years is an eternity in this business. So it's no wonder XP's security architecture is not up to date," writes Mikko Hypponen, chief research officer at Finnish antivirus vendor F-Secure.
"As a result, attackers right now would be *stupid* to spend their time and money targeting any other operating system. That makes no sense as long as they have this huge, easy low hanging fruit," he adds.
Another problem with XP is people's tendency to not deploy security patches. There are a lot of pirated copies of XP out there and because of things like the Windows Genuine Advantage Validation tool, people have started disabling automatic updates.
Even for users who do have legitimate copies, the sheer number of important updates post-SP3, over 130, is discouraging. "The attackers have never had it so good. The easiest target is also the most common target. This can't change quick enough," the F-Secure security expert concludes.