But Bogdan Botezatu, senior e-threat analyst for the anti-malware software company Bitdefender, couldn't disagree more. He talks about the issue with the barely suppressed terror of a father watching his teenage son drive solo for the first time. "They're not panicky," he says, "and actually that makes me panicky."
Botezatu, who haunts underground hacking forums to keep an eye on looming security threats, claims that hackers are gearing up to raid suddenly insecure XP machines the minute Microsoft support ends. "When an operating system is announced as reaching its end of life, [hackers] are frantically looking for exploits, because then they can use it indefinitely," he says. "It's the holy grail of malware."
To take fullest advantage of the situation, black-market vendors selling new XP exploits have been stockpiling them, waiting to release them until after Microsoft is no longer monitoring and repairing security flaws. Though third-party security firms will continue to update anti-malware programs for XP, users not running or updating such software could be permanently vulnerable to an ever-growing set of exploits. Mercury Payment Systems' John Berkeley confirms that "If a hacker discovers [a vulnerability] a month or two after the end of [XP support], they have more time to exploit that."
These exploits could range from stealing credit card information from small vendors to even more dramatic forms of theft, many of them easily circumventing external security measures such as the semi-closed payments network. Botezatu says there have been reports of an ATM exploit through a mobile phone connected through an ATM's card reader. He also cites a legendary stunt by the security expert Barnaby Jack at the Black Hat security conference in 2010, where he demonstrated a "Jackpotting" hack that easily emptied an XP-based ATM machine. According to Botezatu, Jack, who died in 2013, never revealed the nature of this exploit, meaning that it could remain an unpatched vulnerability in XP-based machines.
Most troubling of all, Botezatu predicts that unsecured XP machines of all kinds will be compromised by hackers to form new botnets. This kind of system, in which hacked systems' processors are put to new tasks unbeknownst to their owners, can be used for everything from massive Denial of Service attacks to mining cryptocurrency, and would add substantially to the insecurity of the Internet as a whole. "I see a lot of trouble," Botezatu warns.
Whether April 9th brings a plague of cash-spewing ATMs, zombie PCs, and thieving credit-card readers remains to be seen. But Botezatu sounds exasperated that he even has to consider these scenarios. "It's an operating system that was released 13 years ago. Everyone should have started migrating two or three years ago" to avoid the mad rush and risks that come with the end of support. He hopes, at least, that this episode will motivate today's users to think about the future.
"This is going to happen soon with other operating systems," Botezatu says. "You should start upgrading from Windows 7 now."