June 23, 2014, 8:36 PM — A survey by antivirus firm Bitdefender finds that 18% of small and medium-sized businesses (SMBs) are still using Windows XP despite the end of support from Microsoft and the near-apocalyptic predictions that led up to its end of life.
Bitdefender conducted a three-month global study of more than 5,000 companies, speaking with companies in sectors like education, industry, retail, and medical. It found 18% still use XP while 53.4% run Windows 7 Professional. The rest used a mix of Windows 7 Home Premium, Windows 7 Ultimate, and Windows 8.1 Pro.
Catalin Cosoi, chief security strategist for Bitdefender, wrote in a blog post that he felt Microsoft issuing a patch to XP for a severe zero-day flaw in Internet Explorer just weeks after the end of life for XP sent the wrong message.
"This was an exception that shouldn't make enterprises believe it will happen again, so the migration from XP is a must," he wrote.
But, as Gregg Keizer noted a few weeks ago, the XPocalypse we were expecting has not come about. Had the massive unleashing of malware that was predicted by so many taken place, it might have lit a fire under stragglers to upgrade.
And then there was the discovery of a Windows XP registry tweak that can be used to trick the Windows Update servers into allowing your system to download of updates. The trick utilized the point-of-sale version of Windows XP and Microsoft has advised against it.
Bitdefender found one Web marketing firm that had to deal with almost 800 million malware attacks in the three-month analysis period (March to May) as a result of its refusal to upgrade.
Perhaps this stat is more telling: the report found that 13% of employees are still able to login to computer systems at companies they worked for in the past using old credentials. This means companies are being lackadaisical with their security. If they are that sloppy with old credentials, then it's no wonder they aren't taking security seriously.
These are the low-hanging fruit for malware writers. They look for the companies that are sloppy with security and exploit them greatly. That's how botnets can grow into the tens of thousands. Unfortunately, we all have to live with their dereliction of duty.