Greater Manchester Police (GMP) has revealed to the BBC that one-fifth of its computers still run Windows XP, though the force says that they are “continually” reducing their reliance on the operating software.
This was revealed as part of a wider Freedom of Information request by the BBC.
Microsoft ended nearly all support for the operating system in 2014. Since then, experts have warned that it is vulnerable to cyber-attacks.
Last year, NHS systems were attacked by malware known as Wannacry. The virus left many files inaccessible.
GMP said that its use of a small number of specialist applications meant that it was necessary for many of the 1,518 PCs in question to run on Windows XP.
Christopher Boyd, an expert in malware at Malwarebytes, told The Register IT news outlet that, “we must ask how healthy these [specialist] apps are. Do the developers still even support them with security patches, or are they essentially ‘abandonware’ with no comparable equivalent available?”
“Given budget constraints, it seems they are being forced to slowly find replacements while dealing with increasing amounts of duct tape to keep everything ticking over, he said”
In contrast to GMP, the Police Service of Northern Ireland have five PCs running on Windows XP, 0.05 per cent of their total.
London’s Metropolitan Police Service was one of the Police forces that refused to provide up-to-date figures. The BBC has appealed this refusal. However, in June it said about 10,000 of its desktop computers were still running XP. At the time, the Service claimed that revealing more information “would reveal potential weaknesses and vulnerability.”
A spokeswoman for Greater Manchester Police, however, said that “the decision to share the figures on this has been made as the simple numerical response would not pose a significant increase to our organisational risks.”
Others disagree. Infospec expert Alan Woodward told The Register that, “by running so many XP machines, the police is effectively leaving more door handles exposed for hackers to rattle. Hackers are not targeted, so not disclosing this information won’t prevent attacks.
“From what I know this proportion of machines still running Windows XP is endemic across the public sector.”