A picture taken on October 25, 2001, shows Bill Gates with a copy of the Windows XP operating system during its launch in New York’s Times Square. (AFP)
April 8: Microsoft is releasing the final batch of security patches for Windows XP today, leaving anyone still running the 13-year-old operating system without potentially critical security updates.
Estimates suggest that almost one in five PCs worldwide still run XP. While this figure has dropped from 25 per cent last year, it is expected to remain stubbornly high for some time.
Windows XP will not suddenly stop working — consumers are entitled to carry on using XP for as long as they like, and it will continue to look and feel the same as before. However, those who continue to use the operating system will be much more vulnerable to cyber attacks.
This is because, every month, Microsoft has released a set of security patches for Windows XP to address any new vulnerabilities that may have been discovered. After today, no more patches will be released, meaning that any new vulnerabilities will be open to attack.
It may seem surprising that there are still vulnerabilities in such a mature operating system. Over the past 13 years, most of the bugs in the Windows XP code have been worked out, and it has probably never been more stable as a platform.
However, attackers continue to find new ways of targeting particular holes in XP’s architecture, which allow them to inject malware and viruses into the operating system.
While attacks on Windows XP decreased after Windows 7 began rolling out in 2009, they have resurged in recent months, as the deadline for XP support has approached. There is also concern that some attackers have been holding back exploits, so they can unleash them after Microsoft has stopped producing security updates.
“Fundamentally what you’re doing as a consumer if you don’t move away from Windows XP is you are making yourself wide open to security breaches. That means phishing attacks, hackers stealing your bank login details, all the sorts of things that can make life really miserable for consumers,” said Garry Owen, product marketing manager at VMware.
However, the end of support for Windows XP is probably less of an issue for consumers than it is for businesses. Recent research by UK software company AppSense revealed that 77 per cent of UK organisations — including around half of the UK’s councils and large swathes of the NHS — are still running Windows XP somewhere in their IT estate.
The picture is even more complex with XP still running on computers embedded in systems that are difficult to upgrade, like ATM machines, kiosks, airline ticketing or military systems.
Experts believe that around 95 per cent of the world’s ATMs still run the software, although at least some of those run on a variant called Embedded Windows XP.
Owen said that, within businesses, the refresh cycle is typically three to five years for most PCs. However, the global economic downturn has resulted in a lot of organisations delaying their PC upgrades to save money.
Many of these PCs now run business-specific applications that have been developed on Windows XP and will require significant development and cost to migrate to another operating system.
For companies running Windows XP today, time ran out a long time ago. Microsoft estimates that migration of an average company comprising 5,000 PCs or more takes between 18 and 36 months. Owen warns that those who remain on XP without support after today are putting at risk their compliance, the safety of their corporate data and, critically, their shareholder value.