When I got into this business, the distribution of operating systems was completely different from today. People had personal computers but there were also mainframes and one of the first systems I learned on was a VAX. The idea of carrying a computer meant picking up the desktop and moving it to another room. Considering how heavy they were, that wasn’t done often.
Of course, times change, and now everyone has a computer (or two, or three) on their person. The threats of 30 years ago aren’t applicable to today. I was interested in this change, so I decided to look at trends in operating systems and found a data set.
This data set covers between January 2009 and December 2016. Definitely more recent than what I started with, but not up to date. It was the data I found, so I decided to use it.
I started with some basic data analysis to look at the change between beginning to end.
In 2009, WinXP was still high on the list with 74.36%. In 2016 it had dropped down to 2.24%. Additionally, Android grew from 0 to 37.8%. This is 4 years ago, I’m sure the numbers have changed.
On April 8, 2014, Microsoft no longer provided support for Windows XP. That means, as of that date, there were no more security patches or updates provided. And yet, as of four years ago, there were still quite a few systems on the Internet that ran Windows XP.
I started writing this partly because someone mentioned finding a Windows 98 system on a network recently. I had to wonder how much vulnerability do we have to using out of date systems, so I started by looking at what those systems are.
And it is a vulnerability. Operating systems that are no longer updated for security problems but are still on the Internet are very vulnerable to attack. What steps should we take to mitigate this going forward? This isn’t a “Buffer overflow of the week” vulnerability but a vulnerable system that could affect the entire network.
DTRAP has a special issue on vulnerabilities. We want to hear from you on vulnerabilities, how to mitigate them, and how to coordinate.