The end is nigh for Windows XP: Are you ready?



This article is by David Tuffley, Lecturer in Applied Ethics & Socio-Technical Studies at Griffith University. It originally appeared on The Conversation.

analysis Almost 13 years after its release in October 2001 to a world still in shock after the 9/11 terror attacks, the sun is finally setting on Microsoft’s Windows XP. The operating system has been the software in many home and work PCs but for die-hard users who continue to use XP, danger that way lies.

All operating systems have a service life, and Windows XP has had an exceptionally long one. The problem for XP, short for extended user “eXPerience”, is that it is still being used on hundreds of millions of computers globally.

In February 2014, just under 30% of PCs around the world are still running XP, despite there being three later versions of Windows to choose from (Vista, Windows 7, Windows 8 and its tweak edition 8.1).

While some die-hard XP users will be in the process of moving on to Windows 7 or 8, there will certainly be those who soldier on after the expiry date on April 8. After all, XP is a robust operating system that has given them many years of service despite numerous patches and updates.

The problem for people who continue to use (internet-connected) XP after support ends will be a growing number of security vulnerabilities that will not be solved by the periodic updates and hot-fixes from Microsoft. Nor will those users be able to get technical support for any other problems they might have with XP.

Microsoft admits: “If you continue to use Windows XP after support ends, your computer will still work but it might become more vulnerable to security risks and viruses.”

As in any ongoing war, when defenders withdraw from battle, attackers (and hackers) take advantage. They have almost certainly been making plans in anticipation of the day when millions of XP computers become more vulnerable. That day is April 8, 2014. Microsoft’s director of trustworthy computing, Tim Rains, issued a statement last August warning that security patches for later versions of Windows could inadvertently give cyber-criminals the information they need to reverse-engineer a successful attack on unsupported versions of Windows.

This can happen because under the skin, there is a large amount of program code in common between the different versions of the Windows operating system. So patch the code for Windows 7 and 8 and you reveal the a potential flaw in XP that won’t be patched.

It is true that up-to-date XP still has reasonable capability to withstand attack, and anti-virus and malware detection software can do a good job. Nonetheless, the risks of being hacked will rise substantially, particularly when older iinternet browsers are still being used. The Microsoft Security Intelligence Report goes into detail for those who are interested.

Individual users can take the obvious course of updating to a later version of Windows at their convenience (and Microsoft offers some advice here), or they might take the opportunity to switch to an alternative operating system. There’s several to choose from. For those on a budget, the growing number of online retailers selling computers at close to wholesale prices is making the purchase of new or nearly new equipment surprisingly affordable.

For organisations though, particularly larger ones, the task of migration can be a lengthy one that requires months if not years to complete, not the days and weeks left to them before the sun sets on XP support.

For these folks, some timely advice for staying safe is in order. The Information Security Manual, a publication of the Australian Signals Directorate (ASD) gives some useful advice for anyone wanting to protect themselves against the threat of cyber-attack.

  • Application white-listing. Where a list of verified, trusted programs is created for the PC based on the job it is required to do. If these are the only programs permitted to be installed on the computer, then potentially dangerous programs (including Dynamic Link Libraries or DLLs), scripts and installers) can not be executed
  • Patching applications. As soon as they become available, install updates and fixes to the white-listed applications, including Java, PDF viewer, web browser, Microsoft Office and others. Older versions of internet browsers are particularly vulnerable
  • Patching operating systems. Automatically download and install the latest security patches and hot-fixes as soon as they become available. The ASD specifically recommends not using Windows XP due to the inherent risk
  • Restrict administrator privileges. Only those people whose job requires them to install and make changes to operating systems and applications should have admin access.

If implemented, these four security measures have proved to be very effective. For XP users, performing the three out of the four that are possible, plus using up-to-date anti-virus and anti-malware software, will go a long way to protecting an XP computer until you are ready to migrate to a supported operating system.

To get really serious about this, see the full list of 35 Strategies to Mitigate Targeted Cyber Intrusions (and be ready for some fine print).

As the sun finally sets on venerable old XP, it is timely to reflect a moment on the end of an era when a single operating system dominated the market. Those days are fast disappearing with new paradigms of computing (Android, iOS, cloud computing, wireless mobile, open source) taking a growing share of the overall market. The folks at Microsoft must be more than a little concerned.

David Tuffley does not work for, consult to, own shares in or receive funding from any company or organisation that would benefit from this article, and has no relevant affiliations. This article was originally published on The Conversation. Read the original article. Image credit: Microsoft

The Conversation


  1. After all, XP is a robust operating system that has given them many years of service despite numerous patches and updates.

    Sorry David, you’re wrong. Any OS that routinely treats the LAN as “hostile” is by definition delicate and infirm. Microsoft’s best and most robust OS to date has been W2K.

    OK, Windows (bad)XP(erience) was W2K with bells and whistles. But all the B(ullshit) and W(oo) only served to make a maintenance nightmare, by introducing features we certainly did not ask for or want.

    Oh, the hostile LAN? It was a default security setting outside of Network Settings, which totally ignored the WAN, treating that as fully kosher and halal. Being default, it routinely reset itself, frquently and unpredictably.

    Robust? I was using W2K Pro SP4 Rollup 1 until early 2012 when my old box developed severe Alzheimers, to be replaced by the new box for which I could not get W2K drivers. And that’s the ONLY reason I’m using W7 now.

    • pretty strong words, saying that the author is flat out wrong. plenty of users and sysadmins would strongly disagree, me being one of them.

      i would hardly consider xp a ‘maintenance nightmare’. perhaps you were doing it wrong?

      and i don’t know about w2k being more reliable/stable than XP… millions of users worldwide would probably disagree.

      xp treats the LAN as hostile?? not sure what network you are running, but i’ve never had any problems with xp and the LAN…

      • hardly consider xp a ‘maintenance nightmare’. perhaps you were doing it wrong?

        Good thought. Never had to do maintenance with W2K, it didn’t break. BTW, On W2K, the only update/patches it ever got were SP4, rollup 1, and Visual C Redistributables. XP got SP2 and SP3. Then I had to download something every month when some “feature” broke. With hindsight, probably should never have installed the Service Packs.

        xp treats the LAN as hostile?? not sure what network you are running,…

        Already said default security setting outside of Network Settings. I don’t try to set up funny networks. In this case it was in fact a WLAN, but the security setting specifically said “treat LAN as hostile”, so while the lappy could surf the web with zero problems, it could only talk to in-house boxes if that setting was UNset. Frequently. And using Cat5 didn’t help.

        Win XP = DOS 4.

  2. Got one windows XP machine left here it is on the companies directors desk sitting next to his new Windows 7 workstation. I’ve told him a few times that windows XP machine loses internet access on April 8

  3. I think the weirdest moment i had was when we ordered the new admin computers for the primary school i work at here in WA.

    Had to ring the departments desktop team helpdesk to get them to assist in working out how to get the onboard speaker to work (after using their XP image on the comp), new computers were Intel, old ones were AMD and the AMD ones were easy to do.

    I remember hearing in the background when the lovely lady had to ask her supervisor for help, the supervisor in the background was all like:

    “Why are they still using windows XP?” (he had other profanities in there too), i was about to abuse the crap out of him for that statement, only reason the admin computers are still on XP is because the department hasn’t resolved an issue with the RM Finance software we have to use where it breaks on 64bit Win7.

    What’s worse is they plan on removing the XP image come April.

    So i don’t mind XP support dropping, but it would be nice if certain places *coughDETWAcough* getting their act together.

Comments are closed.