ReutersTIME is finally running out for the 500m or so people around the world who still rely on Windows XP to perform their daily computing chores. In less than a year, Microsoft will leave them—your correspondent included—to fend for themselves. There will be no more security patches, bug fixes and free (or even paid) online assistance, as the firm ends its extended support for this operating system four years after it ceased offering mainstream support for the product. From April 8th next year, anyone who continues to use Windows XP will be at the mercy of hackers who find fresh ways to exploit vulnerabilities in the 12-year-old operating system and applications that run on it.
Windows XP (for “eXPerience”) was launched in 2001. It went on to became the most popular operating system ever, with more than 800m users. Though it hails from three generations ago (having been officially replaced by Windows Vista in 2007, Windows 7 in 2009 and Windows 8 in 2012), it still runs on 39% of computers currently in use. Only in the past six months has Windows 7 displaced it as the most popular operating system in use today, with 45% of the installed base.
What made Windows XP such a success was the way it combined the user-friendliness of a consumer product like Windows 95 with the industrial strength of Windows NT, an operating system built for professional users. As such, XP was the first version of Windows capable of being used with equal ease in business and at home. It remained popular long after it should have been pensioned off because its replacement, Windows Vista, was such a disaster.
But Windows XP also had its problems. Conceived in an era when crimeware barely existed, the default setting on Windows XP granted users full administrative privileges, so they could tweak the software’s settings and fiddle with its inner workings to their heart’s content. That made things easier for users, but it left the front door wide open for mischief-makers. Smarting from subsequent criticisms of XP’s inadequate protection, Microsoft endowed its successor with iron-clad security features. Unfortunately, the measures that made Vista secure rendered it cumbersome and impaired its performance.
Worse still were tales of woe about getting Vista to work with printers and other peripherals. When word got out, the majority of XP users opted not to upgrade. For most, XP worked fine. And thanks to a continuous stream of bug fixes and security patches, it became considerably more secure over the years, though never bullet-proof.
Those who continue to use Windows XP after Microsoft pulls the plug cannot hope to rely solely on firewalls and anti-virus software to protect their machines from malware. Such protection works only for known threats. If some new “zero-day” (ie, previously unknown and therefore unprepared for) flaw in the operating system is exploited, no amount of anti-virus software will save an XP computer from being seriously compromised.
The question is not if, but how often, such zero-day infections will occur in the future when Microsoft has ceased to support XP. Indeed, far from fading as a target for attack, as its share of the user base declines with age, XP is likely to be singled out by cyber-criminals for special attention—precisely because of its fragile underpinnings and lack of official support.
Organised crime is no doubt fully aware of the millions of computers running Windows XP that will be waiting to be subverted, unbeknown to their owners, and used as zombies for perpetrating scams and other online crimes. Even if XP’s share of the user base sinks to 10%, there will still be over 100m vulnerable computers capable of being enrolled in “botnets”.
Individuals concerned about their computers being compromised in this way have plenty of options. If they are predominantly consumers (rather than producers) of internet content, they can dump Windows altogether and rely on tablets with operating systems from Apple (iOS) or Google (Android). Alternatively, they can pay the Apple premium and sleep easier with a Macintosh.
Meanwhile, users happy to let the cloud manage their computing affairs can install Chrome OS on an old computer and run everything from within a browser. Others may opt instead for a free copy of Linux Mint with its Cinnamon interface, and be able to do anything they could with Windows, but without the fear of being infected. Linux software, like LibreOffice and Evolution, is more than a match for its Windows counterparts, Microsoft Office and Outlook.
Corporate users, however, have fewer options and more to lose from remaining with XP. As it is, computer break-ins cost American companies over $100 billion a year. One company had all its data on a $1 billion research programme copied by hackers in a single night (see “Difference Engine: Hackers’ paradise“, March 11th 2013). With so much at stake, it is surprising how many firms still have no plans for abandoning XP.
One problem is that upgrading a computer network of several thousand desktops and laptops can take two to three years to plan and execute. Another is the prohibitive expense involved. Over the years, many firms have developed custom software that is crucial to their business, yet runs only on Windows XP machines. In these circumstances, deciding how and when to migrate to another computer system can all-too-easily be deferred, especially when cash is scarce.
If the problem is simply the inability of legacy applications to run on later versions of Windows, then the obvious answer is to upgrade to Windows 7 and run Windows XP as a guest in a “virtual machine” such as Windows Virtual PC (free from Microsoft) or VM VirtualBox (free from Oracle). In functional terms, the virtual (ie, software emulated) XP machine will be identical to the physical one, and capable of running the custom software without any problems. And it will do so within a fully supported environment of Windows 7, albeit a little more slowly than would otherwise be the case.
But why bother with Windows 7 now Windows 8 is available? For three reasons, says Jack Schofield of Jack’s Blog. One is that Windows 8 requires users to do things differently—and people resist change, even if it is for the better. Another is that Windows 8 uses a touch-screen interface, which is not only an expensive addition, but also tiring (the “gorilla arm” effect) when used on an office computer with a vertical screen, rather than on a tablet held horizontally. A third reason is that many companies are still in the process of upgrading their computers from XP to Windows 7 anyway, and are unlikely to embark on yet another upgrade cycle for four or five years.
At this point, knowledgeable folk tend to ask why anyone would adopt Windows 7 or even Windows 8 when Windows Blue is around the corner? Whether this is to be a major upgrade (ie, Windows 8.X) or a whole new version (ie, Windows 9) is still not clear. Whatever, Windows Blue is being hurried out—just as Windows 7 was when its predecessor, Vista, proved such a flop. Windows 8 could turn out to be an even bigger flop. Whatever name it finally takes, Windows Blue could be on sale by August.
A handful of brave souls will no doubt make the leap direct from XP to Blue. But few will follow, for the same reason users have baulked at Windows 8—its different way of doing things. The fact is, the true successor to Windows XP is the vastly better but functionally similar Windows 7. As much as he appreciates the ingenuity that has gone into touch-driven Windows 8, your correspondent will, in due course, upgrade his remaining XP machines to Windows 7. It is not the easiest of upgrades, but there are now a number of tools that make the process less of a chore. Once done, he fully expects to get as much life from Windows 7 as the dozen years he enjoyed with Microsoft’s previous workhorse, Windows XP.
Click here to subscribe to The Economist