Blog

Windows XP-based Protection Still Lacking Among Enterprise EPP Vendors

October 22, 2015

THE RESULTS OF NSS’ 2015 ENTERPRISE EPP EXPLOITS AND EVASIONS GROUP TEST ARE IN

Enterprises are rapidly adopting Windows 10 even though most technology professionals and decision-makers are still cautious about making the leap from the pre-Windows 10 OS era. This is primarily because of upgrade issues they encountered during earlier migrations.

Interestingly, Windows XP-based systems are still quite prevalent – even in North America, where they hold as much as 15% of the OS market share. In the Asian market, this number is as high as 25%. Even more remarkable is the fact that some critical systems in the defense, energy, healthcare, telecommunication and financial verticals continue to run Windows XP as their primary OS. This is largely because of the challenge of upgrading software across any large vertical and/or organization. Not only must the OS be upgraded but all dependencies must also be identified prior to the upgrade and this is a considerable undertaking. The tasks of determining whether applications are compatible with the new software and of migrating information in such a way that operations are not disrupted are not trivial and present challenges for even the most sophisticated information technology teams.

This continued use of Windows XP-based systems was one of the key drivers for the 2015 NSS Labs Enterprise Endpoint Protection: Exploits and Evasions group test. The test was based on the NSS Labs Endpoint Protection: Evasion and Exploit v4.0 Test Methodology. Its objective was to determine the exploit-based endpoint protection (EPP) offered by leading enterprise EPP vendors on Windows XP OS and the mainstream applications it hosts and supports.

Some key findings from the test:

  • Most of the vendors tested still lack comprehensive anti-exploit attack mitigation capabilities for browser-based exploits delivered against Internet Explorer and Firefox. These exploit-based client-side attacks allow attackers to remotely control compromised systems. The fact that 80% of the vendors tested missed these attacks is particularly worrisome.
  • Most EPP vendors are still not protecting against specific file-format vulnerabilities that are delivered against targeted applications such as VLC media player, QuickTime, and RealTime Player. This is important because attackers can create malicious files that trigger flaws in such applications and some of these file-format vulnerabilities can also be exploited on other platforms.
  • 60% of the EPP products were bypassed using vulnerabilities that are between three and five years old. This makes it relatively simple for attackers to go after Windows XP-based attack surfaces. NSS believes that as the deployment of windows XP has decreased, some vendors have dropped protection against older attacks, even though they are still being used. This puts a significant number of Windows XP-based systems at risk.

During the test, two of the 10 enterprise-class EPP vendors provided significantly better anti-exploit based protection and/or mitigation capabilities than the others.

  • In this test, file rendering was done inside the browser; this method of delivering exploits is different to the more traditional method, in which the user downloads and executes files.
  • Most of the attacks targeting browsers and common browser plugins that NSS used in this test are currently being used by cybercriminals to deliver malware.

For more on this group test, download the NSS Labs 2015 Enterprise Endpoint Protection: Exploits and Evasions Comparative Report.