Your perilous future on Windows XP

Your perilous future on Windows XP

Summary: You've been getting warned for ages about the impending end of support for XP. Things are even worse than you've heard (especially if you run Internet Explorer). Expect a flood of new vulnerabilities and no help for them.

SHARE:
TOPICS: Security, Windows
454

An older relative (a really frugal but sharp guy in his 80's) once bemoaned to me about the scam in the computer industry pushing people to upgrade all the time. "Why" (I'm paraphrasing here) "should I upgrade a computer which does what I want it to do?"

We're coming up on one really good answer to his question. As Mary Jo Foley reported the other day, Microsoft is stepping up their warning campaign about users still running Windows XP, which will reach end of life on Patch Tuesday, April 8, 2014.

Security is the reason my relative doesn't appreciate for why running old software is often an inherently bad idea. Security technology in Windows XP was never really that great, even if it got a lot better with SP2, but the product was a runaway smash hit to such an extent that we may never be rid of it. Next April will be 12 years since Windows XP was made generally available; this is an astonishingly long time to keep supporting a software product. Nobody else keeps support life spans like Microsoft; with Windows XP they actually extended the normal 10 year life by 2 years, a move I consider a grave error. In fact, they should seriously think about cutting the 10 year standard down.

Partly as a result of their policies and partly because of people like my relative, Windows XP is still a massive presence in the market, and it's a massive target of attack. So are later versions of Windows, but those versions are far better able to defend themselves against attack. See the stats in this blog entry by Microsoft's Tim Rains which explains just how much more vulnerable to breach XP is than Vista, Windows 7 and especially Windows 8. Imagine how vulnerable it will be when you can't even get patches for critical vulnerabilities anymore. Only a fool would rely on it.

One point Rains didn't make that I think is worth emphasizing: If you're using Internet Explorer on it, and I bet many XP users are, you are stuck with a version that will soon be 3 generations old and without critical updates anymore. Don't keep using XP but, if you do, use Chrome or Firefox. (This reminds me of the old line "Don't stick your hand in the garbage disposal but, if you do, use your left hand.")

Some other points: If you're on XP and you care about updates you're probably using Windows Update, and therefore automatically running the Malicious Software Removal Tool every month. Not any more after April 2014.

And it's not exactly a wave yet, but more and more software is not supporting XP, or at least not well. You can make a good case that this is irrelevant, since the users sticking with XP are likely sticking with the software they already have, but it's another thing to consider.

One thing you don't have to worry about is antivirus support. I asked Kaspersky about their plans for XP. Elliot Zatsky, Senior Director of Consumer Partner Services at Kaspersky Lab said that about 20% of their user base is still on Windows XP (!). It's slowly trending down and they expect, as a result of the end of XP support and the release of Windows 8.1, their XP decline will "increase slightly and continue on this steady downward trend for a few years." Zatsky says the company plans to include support for Windows XP in their 2015 product line and, therefore, for at least 2 more years.

I also asked whether the inevitable increase in unpatched vulnerabilities on systems makes it harder for antivirus to do its job. Obviously this increases the chance that a system will be infected in some way, but Zatsky says that their multiple layers of protection should catch any malware in real time even if it is trying to exploit a vulnerability.

I think they may be a bit optimistic with that last point. Things will certainly get worse for Windows XP. Once there are no more patches, demand for vulnerabilities may increase considerably. It wouldn't surprise me if some are being stockpiled for next year; it's a risk since someone else may discover it, but if you release an exploit for which there will be no patch, users will be helpless.

You out there, the one running XP! That's you I'm talking about when I say "helpless." When the new models show up for the holidays it's time to go computer shopping.

Topics: Security, Windows

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

454 comments
Log in or register to join the discussion
  • Upgrade!

    I've been anti-XP for years now and people should just move on already. They complain about the cost of Windows but then they demand support for it for 10 - 20 - infinite years. Not even open source comes with support lifetimes like Windows.

    But then again, Evil Microsoft suck. They'll probably get branded evil for ending support on a product this old.

    People. Pfft.
    Dreyer Smit
    • Ahem ...

      Perhaps if they made a quality secure product in the first place people would not mind only paying for it but paying even a HIGHER price !

      The problem is that MS produces TRASHWARE and deliberately build security holes in it to facilitate marketing to us by BIG CORPORATE interests. Hey, how about first of all telling those guys to go to hell and stop that practice. First of all, PROTECT YOUR CUSTOMER.

      But no, MS undermines us and then adds insult to injury by asking us to pay yet again for the same garbage renamed something else ! Ok ok they change some colors and move things around to confuse us but it is the same old S*it !!!

      No thanks. No more. You can fool me 9x but not 10!!!
      Albert Shurgalla
      • Windows is a quality product.

        That's evidenced by people being unwilling to switch from what works.
        ye
        • No, that is a product of "locked into data formats not available elsewhere"

          Not that they are unwilling to switch. And it is an assumption that it actually works.
          jessepollard
          • If it doesn't work then why would you continue using it?

            Makes no sense.
            ye
          • Maybe they don't realize that Linux is the only sustainable solution.

            Unless they want to continue giving the NSA all of their customers private data through the Microsoft NSA backdoor.

            1) http://www.theguardian.com/world/2013/jul/11/microsoft-nsa-collaboration-user-data
            2) http://www.washingtonsblog.com/2013/06/microsoft-programmed-in-nsa-backdoor-in-windows-by-1999.html
            T1Oracle
          • Not this wives tale again.

            Is it any wonder no one takes your comments seriously?
            ye
          • What a load

            I looked at those articles, one was a blog by some random person and the other said nothing about backdoor exploits built into Windows. Stop being paranoid and use whatever operating system that works best for you.
            Brock Jones
          • Then read this

            1) http://www.zdnet.com/german-government-refutes-windows-backdoor-claims-7000019739/
            2) http://www.cnn.com/2013/07/12/tech/web/microsoft-nsa-snooping
            T1Oracle
          • Or you can read it from the horses mouth

            In Microsoft's own words:
            http://www.microsoft.com/en-us/news/Press/2013/Jul13/07-11statement.aspx
            T1Oracle
          • WRONG

            Fact 1
            Linux has very little to no gaming support (except Steam recently released on Ubuntu)
            Fact 2
            all hackers use Linux so therefore CAN hack it
            Fact 3
            Whatever the masses use WILL be the target of hackers, they want to hit the largest audiance with the least effort!

            so if everyone went Linux in 6 months it would be filled with attacks, case in point Android on SmartPhones
            c0ldbr3w
          • Hold the Phone!

            "Fact 2
            all hackers use Linux so therefore CAN hack it"

            That is not a fact, that's an assumption. And I know for a fact that the infection rate on Linux is so low it might as well be nil. The Only recently successful Attack on Linux came in the form of a Trojan, and by successful i mean it only sort of worked. It was able to infect the machine but other wise failed to achieve its programmed objectives.

            So no, even if hackers used Linux exclusively, the evidence Indicates that they are actually really bad at hacking Linux.
            rockfanMCE
          • No. The evidence is that ...

            ... there are too few Linux desktops to bother with hacking.
            M Wagner
          • hackers

            To look if Linux can be hacked look to the server market. More Linux servers are hacked, but that is probably because most of the hobby servers are Linux and aren't as well protected. Still it does show that if the Linux desktop becomes prevalent, it will be vulnerable.
            hayneiii@...
          • Think so?

            I know of many departments of the DoD replace Windows with Linux as soon as the PCs come in the door.

            You don't know how many Linux desktops there are because we aren't in the business of telling the world.

            MS is in that business, so they have to tell everyone. Doesn't mean what they say is true.
            jessepollard
          • Another assumption from troll.

            My friends uses windows to hack the wireless connection.
            me_myself&someone_else
          • Sorry

            You don't seem to know what you are talking about.
            Try listening to experts on security instead of know-nothing Windows apologists like you'll find around here.
            radleym
          • public acts of stupidity

            I see you're completely unafraid of making yourself look stupid in public.
            As all those who try to speak authoritatively on subjects they don't actually know anything about do.
            You don't even know the difference between hackers and crackers.

            Stick with Windows, you and it are well suited.
            salparadyse
          • Hackers don't use Linux because they can hack it...

            They use use because they know it is more resistant to hacking and want to save their own skin.
            DCGideon
          • Hacker is ????

            D'ya now anything about definition of hacker, or the diffrences between hacker and cracker?
            me_myself&someone_else