Please, Microsoft, don’t put Windows XP to sleep on April 8 – the world isn’t ready yet!
ExtremeTech:On April 8 2014, almost thirteen years after it was first released, Windows XP will finally breathe its last breath and die — officially, anyway. From that date, Microsoft will no longer support the inveterate OS, meaning instability bugs and security vulnerabilities will go forever unpatched. With Windows XP’s desktop market share still around 30%, and many enterprises still months or years away from upgrading to Windows 7/8, these unsupported and insecure machines represent a serious risk to the health and security of the internet and other high-tech infrastructure. If just a single zero-day vulnerability is found after April 8, it will never be fixed. There’s no telling what damage cybercriminals might sow with such an exploit.
It’s important to note that the Windows XP EOL/EOS (end of life/end of support) has been a long time coming. We’ve known since June 2008 that Microsoft would withdraw paid assisted support, security updates, and non-security hotfixes for Windows XP on April 2014. There will also be no further updates to online technical documentation. While this is obviously an issue from a security perspective, the larger issue is compliance — if you manage personal data (which is basically every big company), there are industry and federal regulations (PCI, Sarbanes-Oxley, HIPAA, etc.) that you need to comply with. Using a non-supported operating system, and thus dangerously exposing your client database to hackers, is a compliance no-no.
According to Net Applications, Windows XP still had a 29% share of the desktop market at the end of December 2013. Realistically, most big western enterprises and institutions have probably already upgraded to Windows 7. The bulk of the 29% probably consists of China’s infamous love affair for pirated copies of Windows XP, and a lot of mom-and-pop desktops and netbooks. Windows 7 only came out four years ago, and the widely reviled Windows Vista came before that. When you factor in the slowing pace of the PC market, and the small performance gains from new hardware, it’s not hard to believe that there’s a bunch of Windows XP machines still floating around. (Read: PC obsolescence is obsolete.)
The other area where Windows XP still rules supreme is in legacy systems. For large institutions, such as banks, upgrading from a legacy (and often bespoke) system is time consuming, expensive, and dangerous. As a result, there are banks, airline companies, and other huge enterprises that still have back-end systems that are much older than Windows XP. Case in point: According to Bloomberg Businessweek, 95% of the 420,000 ATMs (cash machines) in the USA run Windows XP. Come April 8 2014, if a serious security flaw is found in Windows XP, the banks will be on their own to defend against increasingly high-tech criminals. (Read: ATMs running Windows XP robbed with infected USB sticks.) The banks do have plans to upgrade these machines, but it will take time — probably a few years, if not more.
It’s hard to get a fix on the total number of desktop PCs in the world, but it’s somewhere between one and two billion. At 29% of the desktop market share, a botnet of epic proportions could be fashioned if a suitable zero-day vulnerability was found. I guess we should be glad that Microsoft has an excellent reputation for taking down botnets, eh?
Anyway, the point is, if you have a friend or family member who’s still running Windows XP, help them upgrade to Windows 7 as soon as possible. In case you were wondering, Office 2003 also has the same EOL/EOS date — but unless you’re in the habit of opening random email attachments, it’s much less of a potential security risk.