The coming XPocalypse and five things Microsoft can do to prevent it

The coming XPocalypse and five things Microsoft can do to prevent it

Summary: It is in Microsoft's best interests, as well as those of their customers, to take some steps to prevent the XPocalypse.

SHARE:
178

Unlike the Mayan nonpocalypse, which was predicted by everyone but the Mayans, we know that April 8, 2014 will be an XPocalypse of epic proportions -- and even Microsoft agrees on the year, month, and day.

In fact, it's Microsoft that set the date. April 8, 2014 is the date that millions of computer users worldwide will become completely unprotected targets of criminals, ne'er-do-wells, evil dictators, and Apple ads. April 8, 2014 is the date that Microsoft stops supporting Windows XP.

First, lets establish a basic given.

Any corporation has a right to do whatever they want with their products. Over the past year, we've seen Microsoft exercising that right in the extreme.

They introduced Windows RT and the Surface RT, then went on to write down $900 million due to unsold RT devices (in my opinion, RT stands for wRong Turn). They introduced Windows 8 without a Start menu, when every Windows user on the planet has been using a Start button for more than a decade and that's how it works. They included Office on the Surface devices, but the license wouldn't allow Office to be used in offices.

They introduced the XBox One and then they alienated every Xbox user on the planet by telling people they couldn't sell used games. They then decided to alienate every serving member of the U.S. armed forces by insisting all XBox Ones would need a persistent Internet connection. They quickly backpedaled on that one. I'm guessing no one wanted the Marines pissed at them for any length of time.

There's more, of course, but it makes me just want to write "WTF" on Steve Ballmer's very slopey forehead. The point is, corporations can do whatever the heck they darn well want to do, and Microsoft has shown its innate understanding of that fact while also showing a complete lack of understanding of its customers needs and desires.

So anyway, here we are. Our own Ed Bott says there are roughly 1.5 billion PCs out there, and 33.66 percent of them run XP. That means that there are just about 500 million machines out there currently running XP. Still.

Think about it. 500 million exceeds the entire population of the U.S. (babies, kids, adults -- everyone) by a large margin. Clearly, that number will decline organically over time. However, it is unlikely to decline fast enough to protect the hundreds of millions of users who are about to become a truly target-rich environment for attackers.

Who are these users?

They're the people who don't want to learn an new OS. The people who don't want to buy new machines. The people for whom XP is good enough. The people who aren't technically savvy enough to upgrade their operating system. The people who have some legacy application they must run on an old XP environment and don't know how to make that work on a modern OS. The people who are just simply too lazy to upgrade and those that don't think the security problem is a real enough threat to them to justify doing anything.

In other words, we're looking at a population of defenseless, self-identifying sheep in a world where there are hungry wolves 200 milliseconds away.

We don't know exactly how "no support" will take form, but it's likely that Windows Updates won't work anymore. So, not only will no new exploits be fixed, but it's entirely possible that machines that haven't been updated prior to April 8, 2014 won't be able to be updated to the final patch level for XP.

If you don't think that cybercriminals have marked April 8, 2014 on their calendars with a big star, you're crazy. If you don't think they're holding back on launching some of their bigger exploits until after the patching ends, you're naive. For cybercriminals intent on skinning our 500 million sheep, April 8, 2014 is D-Day.

By abandoning XP on April 8, 2014, Microsoft will cease being a good shepherd of its most loyal customers. Microsoft is just leaving them out there, exposed, and unprotected. On April 8, 2014, those millions of remaining XP users will be like lambs being led to the slaughter. To paraphrase Jeremiah 11:19, they do not know that plots have been devised against them.

Next: the risk to Microsoft and the five things...

Topics: Microsoft, Windows, Windows 8

About

David Gewirtz, Distinguished Lecturer at CBS Interactive, is an author, U.S. policy advisor, and computer scientist. He is featured in the History Channel special The President's Book of Secrets and is a member of the National Press Club.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

178 comments
Log in or register to join the discussion
  • Good suggestions...

    ...I just don't know how anyone is still using XP. I guess if you bought the machine 2005, it would be running ok still. The costs of the W8 upgrades are definitely not encouraging users to upgrade. I am sure the XP market share will still be above 20% come next April.
    toph36
    • What about Java

      XPocalypse coupled with Javacolypse will create the perfect storm of vulnerable devices over the next few years.

      Java has more holes than Swiss cheese with defenses softer than warm butter and version 6 is already unsupported by Oracle. Oracle proudly claims it's running on billions of devices.

      Between the two, java is the larger threat. XP is still a somewhat avoidable crisis with some incentives the exposure can be significantly reduced.
      greywolf7
    • They are actually pretty bad suggestions

      Users must be urged to upgrade and 3 of the 5 suggestions would harm the effort to do that. 1 and 2 *are* support, and providing suppor for an obsolete product diverts atttention from reasonably recent software. The last suggestion, well, lets just say certain users and writers do not know what they are talking about, and are highly resistant to change, and so they would exert too much pressure.

      I would suggest that MSFT should have pushed along its abandonment of XP much faster--dropping XP well before Windows 8 came out. To mitigate the problems in doing that they should concentrate on support of one major release back as well as the current release. A big part of that is promoting windows *7* (NOT 8) for those resistant to upgrading. A huge part of the problem is that when MSFT releases a new OS the old one evapourates from the store shelves and from websites much too quickly. Users wo want to stay a version behind have to resort to scrounging around for media to exercise their hard-fought "downgrade rights", or vendors of new machines rape their wallets charging EXTRA for OLDER software.

      To that end, the biggest short term thing MSFT can do to help with the "XPocolapse" would be to "re-release" Windows 7 upgrade licenses for some small margin above cost (say $10 or maybe less). Have downloadable ISOs widely available fro Win7. Allow everyone to use Win7 "starter" if they want to run it on older hardware (ie. the netbook edition could be well suited to older desktops). Give these people no more lame excuses to stay on XP.

      In the long term MSFT has to abandon its antiquated distribution and business model. Learn from Debian/Red Hat/Canonical/Apple how you can upgrade between major releases on-line for cheap or free. It isn't rocket science, "apt-get dist-upgrade" has worked on Debian based OSes for FIFTEEN YEARS now. Time to get with the programme Windows! MSFT has to really believe in its new "services and devices" model. Windows has to release much more often and it has to be much cheaper--like they need to cut 75% from the proce of their OS.

      Better yet they should adopt a proper rolling-release model--continually updating with "milestone" or "checkpoint" builds every 1 or 2 years--and keep efficiency in mind so that system requirements remain modest. They are a closed source software business so this may entail a subscription model--but people will pay what is reasonable, especially if billed more frequently. People feel ripped off buying an OS for over $100, but allow users to pay $3 per month for unlimited access to the "OS Store" that keeps their Windows current and they will like it and adopt updates much more readily.

      Right now Linux OSes are the closest to doing things right, which is why Linux-based computers (when you include mobile devices) are the market leaders now.
      Mark Hayden
      • What about legacy programs,

        programs not supported by Win7 that the user cannot abandon? It then comes down to companies with deep pockets will pay for a Win7/8 version of the program and companies struggling in this economy will seek non-M$ options. I know, let's call this "a way for Micro$oft to encourage innovation and drive customer share to lesser known companies". How magnanimous.
        RyuDarragh
        • Exactly

          We have some business software that must run on XP, so we have a couple of machines left that run them. There are no updates available that would allow them to run on Windows Vista or newer, so we have no choice but to keep these machines.

          That being said, these programs do not require internet access, so come April 1st or so, we will take these machines off the internet and require everything to be run locally on them.
          cmwade1977
        • Legacy Programs...

          The best way I know to handle legacy programs is to put a VirtualBox virtual machine onto a Linux box. Next, turn-off the virtual machine's network interface. Create a permanent connection in Linux to the Windows share you need on the XP machine and share that mapping to the virtual machine. This way, the XP virtual machine can access the network share as if it were a local drive. Once the virtual XP machine is configured as desired, create a snapshot and clone the virtual machine for archival purposes. In the unlikely event the virtual machine does get hit with a virus or otherwise gets corrupted, restore to the desired snapshot - a process that only takes seconds.
          rich3page
      • #6 Tell all those XP diehards to...

        Go get themselves a Linux ISO, and burn it to a CD/DVD, then install it on their antiquated XP machine.

        Win XP is in the final death throws. Do you really want your XP machines turning into Zombies on you?

        #7 go to Craigslist and buy a Windows 7 PC NOW!
        chaz.broam@...
        • And How Do I ....

          ..run legacy software that will NEVER be updated on Win 7/8? I need to keep my XP Netbook running (it probably wont run Win 7/8 even if I didn't need XP!!).
          Gadsy
          • XP

            I run legacy apps in Windows 7 / Windows XP Mode (using VMware Player due to USB)
            lexxmt
          • The XP Compatibility VM mode goes out of support next April too

            It's considered "XP" and not "a component of Win7" in Microsoft's support lifecycle.
            Flydog57
          • Win7's XP mode virtual machine is crap

            I have a 16 bit program that won't run under Win7 64bit, so I tried the XP vm. Terrible, slow to load, the VM crashes if you look at it funny, in short, a complete POS. I'm using an old XP laptop when I need to access the 16 bit program.
            WhatsamattaU
          • 16 bit

            have you tried using DOSBox?
            mlashinsky@...
          • So, you have unsupported legacy software

            And you feel that Microsoft should be supporting it - because the software's vendor doesn't support it?

            Really?

            Software support costs money. Microsoft currently supports XP, Vista, Win7 and Win8 (and soon, Win8.1). It also supports the Windows Server equivalents (2003, 2003 R2, 2008, 2008R2 and 2012). How long and how many versions of Windows should Microsoft support so that your unsupported legacy app continues to run?

            I believe that Apple supports the current version of OSX and the one before it - and they release a new iteration each year (not a free service pack, a paid-for package). What would you be doing if your legacy software had run on a competive OS (like OSX).

            Geez, Apple has obsoleted their processor architecture twice during the history of the Macintosh (from 68000 to PowerPC to Intel). Microsoft works *very* hard to insure compatibility back to near the beginning of time, but gets slammed for EOL-ing a 12 year-old OS.
            Flydog57
          • Yeah, but...

            Apple made those transitions much smoother than M$ ever did. Also, the Apple of today is not the Apple of yesteryear. I don't use Apple products anymore because Apple moved in a direction I didn't want to go. If M$ continues going in a direction I don't want to go, I will abandon them as well.

            (Supporting Vista, that is their own fault. If they hadn't released that abomination, they wouldn't have to support it. Serves 'em right! But that is another rant...

            As for costing money to support all these OS's, most of them are similar code, and the vulnerabilities are in that similar code. How many XP only patches have they release lately? Most exploits are shared by all the OSs. It isn't that hard to make a patch applicable to XP once they have it for the other OSs.

            But even if it does cost money, how much money do they piss away on every failed project to defeat something else of someone else? Zune? Windows CE? Windows phone? Search, (and its 5 different names but still can't get the results right?) The browser wars? Heck, they lost a billion $ on XBOX before getting that right. How long could they support an OS for a billion$?

            Sure, M$ takes a lot of crap, but they have a habit of earning most of it.
            mlashinsky@...
      • You my freind can see the forest dispite the trees.

        There in is Microsofts issue:
        "In the long term MSFT has to abandon its antiquated distribution and business model"

        Of course Microsoft already sees this. In case anyone wonders if they have seen this, just ask yourself if you think Microsoft likes to make money or not.

        If Microsoft could care less about why thy have made less money on Windows than they would have liked in recent years then they may have never given a care, if on th other hand Microsoft wonders why EXACTLY it is they have had poorer sales than they would have liked, it must be abundantly clear that for every machine that is still in use and is still running XP that that is one less new licence they could have, and should have sold in the last few years.

        That means that they have taken notice of the fact that their product distribution model is old school and not particularly effective for software, which of course dosnt wear out through traditional old school means.

        The problem for us is they already clearly figure the solution is already heading this way on the not impossibly distant horizon. The solution Microsoft is planning on is the much ballyhooed "cloud computing solution" which many writers at ZDNet seem to think is the wave of the future that's mostly accompanied by cakes and ale.

        Cloud computing is going to end up being pretty much as you describe in some form or other:

        " allow users to pay $3 per month for unlimited access to the "OS Store" that keeps their Windows current and they will like it and adopt updates much more readily."

        ...but it will not be so much so a question of choice I am sure. The "complete cloud solution" will be a solution where companies like Microsoft, Google, Apple and probably others, will extract some monthly fee from users for the particular "service" they provide and the user wants, and Im betting the idea behind things like the iPad and Chromebbooks and Windows 8 (all in future versions) are the kinds of OS's that will be offered up as services, along with cloud storage capacity, that will be greatly needed when all our devices come without any, and what ever cloud based apps, games and entertainment content we will need to do anything.

        And then companies like Microsoft will have solved their interrupted income stream with a far more reliable rental type of income that provides for regular and permanent payments.

        So yes, Microsoft certainly sees the problem, count on it. They all do.

        But I for one don't want to live in that kind of a computer usage world where we have turned over everything, including almost all control to the big companies.
        Cayble
        • re: You my freind can see the forest dispite the trees. (sic)

          > But I for one don't want to live in that kind of a computer usage world where we have turned over everything, including almost all control to the big companies.

          The alternative is Linux/BSD - and a very good one at that. For the majority of uses and users, everything they need is available free, legally, and with the skilled and enthusiastic support of fellow users.

          One time I installed Linux on an old Windows computer that was dripping with malware. I had a problem getting a printer working and posted to the forum for the distro (distribution) I was using (Puppy Linux). I had the correct answer back from an EU in Australia, in 10 minutes. For free.
          jhecht@...
      • About Windows 7

        I've used it at the public library. Compared to XP, it takes too many clicks to do the same stuff. Win 8.1 might be better, but I won't have Windows 7 in my house.
        IanRoy
        • Near as I can tell,

          Win 8 is even a few more clicks than 7, assuming you can figure out where to click!
          M$ designs software by committee, and it shows. However, after you get over the Crappy Interface Formally Known As Metro, (CIFKAM) it runs fast and lean. When I set up a Win 7 box, I turn a lot of useless bells and whistles off, and it ends up looking a lot like Win 8, (after you install a start menu replacement utility.)

          One of the most annoying things about using M$ software is that every time they add something good, they also lose something good. I never feel like I got ahead. Instead, I feel I am trading one set of good and bad for another set of good and bad with no net gain. I don't see the point.
          mlashinsky@...
    • Easy enough to upgrade some older machines

      I did it with an old Dell latitude D610 which was given to my 8 year old daughter, I simply put 2gb of new ram in it & installed a 32 bit version on W7 which runs fine and should keep her going for a couple of years. I am no computer expert either I just looked up on the net how to do it & it was pretty straight forward.
      victor1959
      • Sure you did

        I quote.

        "They're the people who don't want to learn an new OS. The people who don't want to buy new machines. The people for whom XP is good enough. The people who aren't technically savvy enough to upgrade their operating system. The people who have some legacy application they must run on an old XP environment and don't know how to make that work on a modern OS"

        And many of them are the people who install the toolbar, blindly click through ending up with unwanted maleware etc, better get out there and offer your services to them!
        dookus