After April 8, 2014, Microsoft will no longer support Windows XP. Period.— Tim Rains, director, Microsoft Trustworthy Computing
Microsoft released Windows XP way back in October 2001. It was the first substantial upgrade to the Windows 95 family of operating systems, which included the so-so Windows 98 and the belly flop that was Windows ME.
XP's wasn't initially hailed as a stunning success -- that would come later, after a couple of service pack updates -- but it eventually found its way into virtually every home and business worldwide. Today, that ubiquity has introduced risks for people still clinging to the venerable operating system at the end of its supported lifecycle.
What's the Fuss?
Microsoft is ending support for Windows XP on April 8, 2014. After that date, the company will no longer support Windows XP. Period.
The most serious implication of the end of the extended-support phase is that users will no longer receive security patches. Microsoft's Tim Rains, director of Trustworthy Computing, noted that between July 2012 and July 2013, Windows XP was affected by security risks significant enough to warrant an official security bulletin -- 45 times.
So, the end of security patches for Windows XP means that you are at considerably greater risk from targeted attacks, because Microsoft's security updates for newer versions of Windows help the bad guys figure out the best ways to attack XP in ways that cannot be fixed.
The risk for un-patched users can't be overstated. When Microsoft releases security patches, it releases them for all versions of Windows simultaneously. Hackers get these patches and reverse-engineer them to see what parts of Windows were fixed. After April 2014, these patches will cover Windows Vista, Windows 7, and Windows 8, but not Windows XP. The bad guys can see the corrections and identify the problems the patches fix for everything except XP. The result? They can develop targeted attacks that focus specifically on uncorrectable problems in XP. They can even develop attacks with such sophistication that XP users may not even know they've been compromised.
It's like the police department publishing a monthly neighborhood map, identifying which houses have strong locks and which don't, and giving it out for free to everyone who's been convicted of breaking and entering. After April 2014, XP users will be permanently placed on the "weak locks" list.
XP at Home
Just because a home PC running Windows XP is chugging along nicely today doesn't mean it'll work well after security patches stop rolling in. The risks are real -- they're not just a scare tactic to sell new computers or unnecessary upgrades.
Windows XP is reliable and familiar. If you still use it at home, it's probably because you love its familiarity and don't feel a burning desire to shell out hard-earned cash to do what seems like a non-essential upgrade. You might even think that you're really not at risk because they run anti-virus software and don't visit unsafe websites. So why upgrade?
Think of the 2001-vintage Windows XP like a 2001 Ford Ranger. It's dependable. It may not have the sleekest lines on the expressway, but it'll get you from Point A to Point B safely and without incident.
When the extended-support period for Windows XP ends, it's like deciding to stop changing the oil on that Ranger. As the months and miles accumulate, however, you might see signs of trouble. But maybe you won't: Maybe all will be fine until you blow the motor. Same with XP -- for a while, the end of security patching might not make an obvious difference. Eventually, however, the sheer volume of malware -- and the lack of security patches to protect against it -- means your XP installation will be at a very real, and very substantial, risk of "blowing the motor."
What could happen? You could see viruses that Windows can't handle. You could be infected by spyware that steals your personal information. You could be roped into a botnet, so your computer gets used without your knowledge to attack other computers on the Internet. Worse yet, more and more software vendors will stop supporting XP, too.
Without routine security patches to protect you from targeted online attacks, your risk isn't a matter of "if." It's a question of "when."
XP in the Office
Microsoft estimates that slightly more than half of mid-sized companies know XP is sunsetting -- and that 70 percent don't know what the end-of-support cutover entails.
Microsoft's own documentation paints a stark picture for companies: Working in an unsupported and un-patched computing environment represents a genuine and well-established risk under generally accepted internal control policies. For most companies, choosing to run an unsupported computer system is a regulatory strike that eliminates good-faith safe harbors for data breaches or other IT-security problems.
In an August 2013 column, veteran Microsoft watcher Mary Jo Foley of ZDNet informally surveyed her readers about why they're still clinging to XP. Many cite customized, mission-critical apps built on the Internet Explorer 6 framework not supported by Windows 7 or Windows 8. Others -- especially government users -- point to a lack of funding for such a significant upgrade project.
More worrisome, though, are Microsoft's own estimates that 45 percent companies employing five to 250 employees don't even know that Windows XP is nearing the end of its supported lifecycle. And of those companies that do, a whopping 70 percent don't understand the implications.
Not only do always-on computers on medium-sized corporate networks present a security risk in themselves, but they also subject customer records, trade secrets and sensitive information to widespread theft, destruction or illicit modification.
Your best bet is to upgrade, but if you can't, a mix of careful online activity and even desktop virtualization can help. You could even try the Mac or Linux.
If you like Windows and have software you don't want to lose, your best option is to upgrade to Windows 7 or Windows 8. Remaining on Windows XP is a security risk, plain and simple. If your computer cannot support Windows 7 or Windows 8, consider buying a new machine. Hardware costs have declined, with low-end machines far more capable than your old XP box for a fraction of the price.
If upgrades just aren't in the mix, be sure to install modern anti-malware software and run scans frequently. After all, just because Microsoft no longer supports Windows XP, that doesn't mean you can't find third-party protection.
You should also be very careful to follow computer security best practices: Avoid sketchy websites and err on the side of caution with unusual emails. In an unpatched environment, one security lapse could be all it takes to trash your installation of Windows XP and require a complete reinstall to resolve.
Another option: Your Windows XP computer can also run the free Linux operating system. Linux requires fewer system resources than Windows, supports a large base of free programs and doesn't cost a dime. Although there's a learning curve associated with Linux, for users accustomed to XP, Linux may be easier to grasp than the new Windows 8 interface. Check out Ubuntu Linux or Linux Mint for versions that are easy for new users to learn.
And if you don't like Linux or the new Windows 8 operating system, there's always the Mac. The downside of switching to Apple, though, is the same as installing Linux: You'll have to learn a new OS and get all new software.
- Photo Credit Kevin Lee/Getty Images News/Getty Images