CRN journalist Hannah Breeze had the bright idea in June of submitting freedom of information (FOI) requests to all 435 local councils in the UK, asking what operating systems they were using on their PC computers.
105 of the councils responded with details of the OSes in use, and it makes worrying reading considering that the UK government’s last-minute deal with Microsoft for a year’s extended support for Windows XP expired in April.
As CRN reports:
“Some 31 per cent of councils which responded said they are running Windows XP in some form and of all the PCs declared by the authorities, seven per cent are running the ancient OS.”
It’s pretty pathetic, isn’t it?
What galls me is that we can choose which businesses we do business with (note to self: don’t create an account on Ashley Madison), but we have no choice about sharing our personal information with public bodies such as our local councils.
As a result, you have to cross your fingers and hope desperately that they will do a competent job at keeping our data secure.
But, in my opinion, continuing to use Windows XP when Microsoft itself has begged people to stop, and no longer provides any support or security updates, is asking for trouble. They’ve even stopped updating their free anti-virus product for the platform.
And it’s not as though the demise of Windows XP in April 2014 came as any kind of surprise – the IT world had known for years that the operating system’s days were numbered, and that the best course of action was to switch to a more modern version of Windows or change operating system altogether.
Now, I’m not blaming IT departments here. I am confident they are aware of the issue, and those who have been told by management that there is no budget for switching to a new operating system have done their best to harden systems from attacks.
But clearly if your management team isn’t treating security upgrades for the software on your networked PCs as a priority, there is a serious problem.
And it’s not just Windows XP, of course.
Earlier this year, security firm Avecto submitted its own freedom of information requests to UK councils, revealing that only 6% were using the latest version of Java.
I wonder how many of those councils have since patched themselves against the latest Java zero-day being exploited in the wild? Actually, I probably don’t need to wonder… the answer is probably all too predictable.
And I’m sure this isn’t just a British problem… Around the world there will be many computers running outdated software, that is putting everybody on the internet at greater risk.
Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.