Windows XP holdouts vulnerable to hackers

Are you still running Windows XP? Many governments, utilities, banks and businesses are, and they could be vulnerable to malware and hackers, especially when Microsoft stops providing free updates in April, an Ottawa security consultant warns.

"Ultimately, if you're running critical software on an architecture that has security flaws in it, you're eventually going to be bitten," saidChris Dodunski, chief technology officer at Phirelight Security Solutions.

Dodunskiestimates that about half of government and business computers in Canada still use WindowsXPdue to the cost of upgrading.

Worldwide, as of January, about 30 per cent of desktop computers were still running the operating system released by Microsoft in 2001.

Microsoft is set to retire XP on April 8, and won't be providing support such as bug fixes after that, although it says it will extend anti-malware support until 2015. However, the company is encouraging users to upgrade to the latest version of its operating system, Windows 8.

• Windows 8.1 released by Microsoft

Dodunski said the system already isn't very secure even before Microsoft drops support.

"It's a flawed architecture, it's a flawed operating system in terms of security," he said, adding that there are lots of things hackers will find "far more easy [to do] on a machine that's running XP versus a machine that's not."

He said 75 per cent of U.S. bank machines run XP, but he doesn't know the figure for Canada. Kate Payne, a spokeswoman forThe Canadian Bankers Association, said he organization does not collect that information. However, she said Canadian banks "are well aware of Microsofts plans to stop supporting Windows XP in April and, where needed, are taking steps to make the necessary changes to their ABMs."

Dodunski said the risk of hackers compromising a bank machine is actually fairly low because they need to be able to physically open the machine up to gain access to the computer.

Power grids, water supply systems at risk

"The more serious threats are the systems that are running things like our power grid and our water supply system and everything associated with it," he said. "Alot of it is running on XP."

But malware can inflict a wide range of damage to anyone, he said.

"It can take over your system control completely, it can control your webcam, it can control your microphone, listen in on things, install and uninstall software, or just copy and remove data, or it can be just disruptive by deleting everything or locking you out."

In the case of businesses, hackers can use malware on vulnerable computers to steal passwords and break into accounts, putting the stored personal information of customers at risk.

Many businesses unaware of threat

Corrine Pohlmann, senior vice-president of national affairs for a group that represents small businesses across the country, said that's something she's concerned about.

"Once that information becomes breached, it becomes a liability issue for that business," she said. "If they are using systems where they are protecting personal information, they better make sure that they are upgrading to a new system, and I'm a little worried that a lot of them don't even know that they should be doing that right now."