Security Advisor
The Cost of Keeping Windows XP
EDIT: I originally blogged that the XP study was done by Gartner. It was actually conducted by IDC. Apologies for the confusion.
Microsoft hasn't been shy about the fact that Windows XP will be losing support (which means no more monthly fixes for the newest batch of bugs) in a little less than two years. The company has been very forward about it, even making a point to highlight the 1000-day mark until its death. I'm actually surprised that there's not a running "death" clock on its home page.
Microsoft isn't in the business of making friends. It's in the business of taking your money. So, of course there is an ulterior motive to these constant XP death reminders: It wants you to upgrade to Windows 7.
And the next phase of Microsoft's nagging attacks? Paying for an IDC study that says keeping XP is more costly than upgrading to Windows 7.
According to IDC's analysis, titled "Mitigating Risk: Why Sticking With Windows XP Is a Bad Idea," it costs $870 for a shop to keep an XP machine running in a year's span. Counter that with $168 annual maintenance fee for Windows 7, and you could see how upgrading may be in your company's best interest.
IDC (with Microsoft looking over its shoulder, just to remind you) said this huge gap between maintenance costs come from XP lacking security and the loss of productivity from users working from older machines.
It's not only users who are losing precious working time -- Windows 7 is reportedly able to reduce the amount of time IT needs to patch by 82 percent.
What do you think of IDC's totally unbiased assessment? Do you find yourself spending more time with XP issues than Windows 7 problems? Share your thoughts with me at [email protected].
Iran Flamed With Surveillance Malware
In what is more than likely being shopped to Hollywood studios for a summer 2013 release, security firm Kaspersky has lifted the veil off of the "Flame" virus, saying it's the "most sophisticated cyber weapon yet."
According to the company, Flame has been running rampant in the Middle East the past two years, with the majority of infected computers located in Iran. But unlike most malware, which aims to steal your credit card info (which Flame can technically do), this worm has been just watching those that have been compromised.
This includes eavesdropping on Skype calls, rummaging through cell phone data that's connected to a Bluetooth device and watching every click of the user.
And like the Stuxnet and Duqu worms, Flame may be the work of a government body. Rumors have been circulating that Israel, Iran's unfriendly neighbor, could be behind this cyber attack.
Here's what Israel had to say about it: "Whoever sees the Iranian threat as a significant threat is likely to take various steps, including these, to hobble it," said Israeli Vice Premier Moshe Yaalon. "Israel is blessed with high technology, and we boast tools that open all sorts of opportunities for us."
I don't know about you, but that sounds like Israel is fessing up to being involved, without explicitly saying so.
Employee Social Network Monitoring On the Rise
Let's double up on the industry analysis. Although this one doesn't look like it was sponsored by Microsoft.
According to Gartner, IT's monitoring of those using Facebook and other social networking sites is posed to skyrocket.
It found that currently 10 percent of enterprises like to see what its employees did over the weekend. That number is projected to increase by 60 percent by 2015, thanks to the explosion of monitoring software in the market.
"The growth in monitoring employee behavior in digital environments is increasingly enabled by new technology and services," said Andrew Walls, research vice president of Gartner. "Surveillance of individuals, however, can both mitigate and create risk, which must be managed carefully to comply with ethical and legal standards."
Enterprises must balance using said technology to stop the loss of time and money that could be caused by increased security risks and loss of productivity, while at the same time making sure it's not pissing off its employees by creating an Orwellian work environment.
What are your thoughts on social networking monitoring? And what is the solution for balancing security and privacy? Let me know at [email protected].