Upgrade already! If you're still using Windows XP, you're a menace to society

And, if you're an IT pro with decision-making capacity in an organization that continues to use XP, you should be fired.
Written by Jason Perlow, Senior Contributing Writer

Response to my last piece -- "Why Windows must die for the third time" -- was overwhelming. Hundreds of thousands of people read that article, and we had some very spirited talkbacks, indeed.

A bunch of you came right out and said it: You don't want to upgrade from Windows XP. You're angry that Microsoft made you upgrade from XP to 7, and 7 to 10. You're angry you need to update software continuously.

A handful of you even suggested inflicting bodily harm on the hard-working programmers that write the software you don't want to upgrade to.

Look, I have brought up many reasons why upgrades are necessary. As my friend from Jersey, Johnny T., likes to say, "You gotta do it."

It doesn't matter how many times I techsplain this, because some folks will always refuse to listen. Maybe it's because I write in long form and anything longer than 300 words is considered to be TL;DR these days. That's sad, and a topic for a different day.

Let me say this as simply as possible: If you are still using XP, you are the end-user equivalent of an anti-vaxxer. You are a menace to society and everyone around you. You are a walking malware vector. You should be shipped out to a remote island with no internet access to fend for yourselves so you can't infect anyone else.

And, if you are an IT professional who serves in a decision-making capacity with an organization that continues to use XP or Windows Server 2003 and SQL Server 2005, you should be fired. You should never be allowed to work in the computer industry again.

You should not be allowed to touch a computer again either because you too are a menace. You are perpetuating the computer software equivalent of polio and smallpox.

Sounds harsh? You betcha. But over the weekend, the internet got hit with a massive cryptoware malware attack that compromised untold numbers of Windows XP systems, including the UK's National Health Service, which was warned years ago that it was open to exactly the kind of life-jeopardizing malware attack it is now dealing with.

Read also: Is Windows 10 S for you? The good, the bad, and the target users | Ransomware attack: The second wave is coming, so get ready now | It's the year of Linux on the Windows desktop | Why patching Windows XP forever won't stop the next WannaCrypt (TechRepublic)

The entire industry was warned. Years earlier, in 2014, XP was issued its final end-of-life notice by Microsoft. ZDNet covered this extensively during that period, with special features and editorial coverage. We had sermons on the mountaintop even.

The malware attack this weekend was so severe and so widespread -- with systems in 74 countries affected -- that Microsoft took the unusual step of issuing an emergency patch for Windows XP.

Windows 1.0 to 10: The changing face of Microsoft's landmark OS

If you are still using Windows XP and Server 2003, God help you. God help the people who depend on you for anything involving their financial, legal, and medical data.

The first thing you need to do is install that patch. The next thing you need to do is migrate your critical data off that machine, and replace it with something more modernized.

I understand end-users who keep XP because they can't afford to upgrade their personal systems. Your system is so old that you can't install a newer version of the OS or it costs too much money to put new software on it.

XP is so old that Google won't support it with new Chrome builds anymore. But that hasn't stopped you from using Internet Explorer. Oh no.

You need your Facebook, your email. Then, by all means, install Ubuntu on it. If you lack the technical sophistication to do that, then try something like Neverware's CloudReady, an excellent third-party Chromium OS distribution.

If all you use is web applications, like Facebook and Gmail and Google Apps, then it's perfect.

I just put CloudReady on my mother-in-law's seven-year-old Dell laptop as a backup machine, and it works beautifully. It took 10 minutes to format the drive and install it with a USB stick. It doesn't use a lot of system resource and it's fast and efficient.

Sign into it with your Google account, and you're off to the races.

And, if you can't install CloudReady because it's too difficult, or you can't find a friend to do it for you, then Chromebooks are really, really cheap now (as low as $150). You can even plug your existing monitor, keyboard, and mouse into it.

Don't want to use Chrome OS? This summer there will be Windows 10 S systems to choose from in similar price ranges. They can't arrive quickly enough, IMHO.

However, if you are a business -- particularly those involved in healthcare or is responsible for safeguarding personal information of any kind -- then you have zero excuses for not upgrading.

If you are a physician's office, you need to take stock of your systems and get this stuff remediated immediately. You are one malware attack away from a massive HIPAA or PCI compliance breach. Your practice is in mortal peril.

If you are a vertical systems integrator or ISV that makes its living off legacy code and refuses to support newer versions of Windows, you deserve to be litigated into oblivion if your software is involved in a breach.

I'm talking about the huge companies that make embedded systems controllers for things like radiology machines and other medical systems and specialized hardware that are slaved to XP PCs and provided no upgrade path. You know who you are.

If you're a business that depends on ISVs like these that will not certify apps on Windows Server 2008, Windows Server 2012, Windows Server 2016, Windows 7, or Windows 10, then you should be demanding indemnification against any litigation that arises from a software-related data breach, or from families of people that die as a result of these systems becoming incapacitated, stat. You should be immediately looking for new vendors.

This is the software equivalent of ill-maintained and crumbling public infrastructure, where lives are lost as a result of that negligence. You can't blame the architectural and civil engineering firm that designed the bridges or the people that built it. It was designed to last only a finite period of time, and they warned you to replace it. Multiple times. You refused.

Microsoft even gave you two extra years to prepare. You still refused.

Now we have the XPocalypse. The XPiration. I mean it's not as sexy as the marketing for Y2K, but this is potentially far, far more serious.

People understood in the 1990s why we needed to remediate for the Y2K bug; it was simple to explain it. And it all went off without a hitch because we all collectively did our jobs in that effort.

But there's so much misdirected anger at Microsoft for this that even a catchy marketing phrase and years and years of pleading with people to upgrade wasn't good enough.

We are a reactive, not a proactive IT industry. And now we are about to reap what we sow.

Upgrade or replace your systems. Now. You gotta do it. Talk Back and Let Me Know.

Editorial standards