While Microsoft has extended the end-of-life deadline Windows XP several times under consumer pressure, not least from Enterprise customers, we have reached that line in the sand. The party’s over.
Officially, Windows XP is now dead, but it’s not gone. Choose your stats carefuly; conservatively, between 20 and 27% of computers connected to the Internet still run Windows XP. Yet as of April 8th, we’re at the”end of support” – so what will happen to all those Windows XP systems now?
It will continue to run and activate, using the same activation process that checks with Microsoft to ensure you’re using “genuine” software and not a pirated version of Windows. The activation servers will continue to run for the foreseeable future. The only noticeable difference you’ll see is a monthly message that will appear to remind you that XP is now defunct. This message can be hidden, and will only appear on home computers, not on networked, managed business computers.
But as of April 8th, Microsoft stopped releasing new security patches for Windows XP. While Windows Update continues to function and you can install all the existing security patches onto any Windows XP installation, there will be no new security patches for the inevitable holes in Internet Explorer 6, 7, or 8. Pass-through attacks on other parts of the XP code base, via the Windows networking stack (TCP-IP, FTP, SSH) will also go unpatched. Windows Firewall will similarly go unpatched.
If you have Windows Defender or Security Essentials, pledged to support XP into 2015, you may avoid some attacks, but anything that gets through will be increasingly difficult to remove. There is a significant risk of data loss.
Software to ditch on XP, then:
- Internet Explorer – go for secure browsers such as Chrome, Firefox, or Opera.
- Office 2003 – move to Office 2007 or 2010.
- Outlook Express – go to Outlook 2007 or later.
- Java is notoriously insecure to its DNA – if you don’t need it, dump it. If you don’t know whether you need it, you probably don’t, so dump it anyway.
- Adobe Shockwave player plugin. Seriously – is there any worthwhile content for this any more?
Add to that third party software such as the Adobe Flash browser plugins and Adobe’s PDF Reader. Updates are going to stop at XP; there are alternative flash plugins and PDF readers which are inherently lighter and smaller targets; most PDF exploits only work in Adobe Reader, so if you don’t need extra Adobe features, ditch it.
The huge volume of Windows XP installs means it isn’t simply going to vanish overnight. Browser makers Google (Chrome), Mozilla (Firefox), and Opera (err, Opera) aim to clean up after defunct Internet Explorer versions by continuing to support XP but soon XP-specific bugs are going to be to costly and technically challenging (perhaps even impossible) to work around. IE9, 10 and 11 won’t run on XP, so no help there.
Don’t expect backwards compatibility to go on forever. Software vendors will eventually stop supporting Windows XP as is already happening; Microsoft’s own Office 2013 won’t run on Windows XP, and most current PC games don’t support Windows XP either; it simply can’t handle complex multi-threading and high resolution graphics.
So Windows XP systems will become increasingly vulnerable over time as more vulnerabilities become known but not closed. It is believed that malware writers have held back attacks until after the April 8th deadline, to exploit flaws in this new Wild West in which the sheriff has thrown up his hands and walked away.
You will be thrilled to hear there is a paid support option for Windows enterprise customers; large organizations and government departments stuck with legacy applications and networks that will only run XP and can’t be upgraded. In some cases the cost of support for a year or two is less than the cost of re-writing or replacing those legacy applications; at best it provides a stop-gap and buys time to do those very large projects.
The “custom support” program costs about $200 per PC per year and will likely escalate each year. Microsoft will release fixes only to paying customers and only for problems rated “critical.” “Important” flaws are on a special additional rate card and anything rated “moderate” or “low” won’t see any fixes. This could actually be a good gravy train for Microsoft for a few years yet.
For the typical home user, you might as well buy a new PC with a Windows 7 or 8 license than pay Microsoft for scraps. Which begs the question of how much life is in Windows 7 (we’ll skip over Vista) given the lacklustre take-up of Windows 8? Will there be a Windows 9 desktop of the character we’ve used since Windows 3.1? Will tablets and smart-phones really take over as the futurologists insist? And how long with that take? I wish I knew. AJS