Almost one in five small and medium businesses worldwide is still using Windows XP months after Microsoft ended support for the operating system.
According to research by antivirus company Bitdefender covering the UK, Germany, Spain and the US, 18 percent of small businesses are still clinging to XP even though Microsoft has said it will provide no more security updates. As of early April, Microsoft stopped issuing patches or bug fixes (with one notable exception) for XP, which is now 12 years old.
Among those companies that had finally said goodbye to XP, more than half (53 percent) upgraded to Windows 7 Professional. Only a small percentage of SMBs surveyed are now using other Windows versions such as 7 Home Premium and Windows 8.1 Pro, the research found.
According to figures from Net Applications, Windows XP still accounts for around 25 percent of PCs connecting to the web. The distribution of Windows XP will vary according to environment — for example, home PC users are the least likely to have upgraded to a new OS because of the cost and their general lack of awareness of the potential risks of continuing to run XP, while enterprise customers driven by compliance and security concerns have mostly either migrated away already or mitigated the risk by signing up for extended support.
However , small businesses fall between the two. It's likely they are aware of the risks of using XP, but lack the funds and skills to move away from the OS as fast as they should.
Some may even secretly hope that Microsoft will swoop in and rescue them if anything bad does happen. Microsoft did actually backtrack on its pledge to issue no further updates once when it provided a fix for an Internet Explorer zero-day vulnerability to Windows XP users as well, despite the flaw being uncovered after its end-of-support deadline. But companies shouldn't expect it to happen again, according to Bitdefender, which noted "swift migration from XP is a must for all users".
There has been speculation that hackers have been storing up XP vulnerabilities to use once Microsoft has ended support. While there's no evidence of that so far, the research shows the scale of the potential victims out there. Bitdefender said the most-targeted company in the three-month analysis was a web marketing business that had to deal with almost 800 million pieces of malware attack.