File Under: Security, Software

Microsoft Gets Ready to Pull the Life Support on Windows XP

That’s the end of the line. Image: Johan Larsson/Flickr

Today marks the first day of the last year of Windows XP’s long and storied life.

On April 8, 2014, Microsoft will officially stop supporting Windows XP, meaning there will be no more security updates or other patches. When April 2014 rolls around Microsoft will have supported Windows XP for nearly 12 years.

Should you chose not to upgrade before next year, you will be, in Microsoft’s words “at your own risk” in dealing with security vulnerability and any potential malware designed to exploit them.

According to NetMarketShare, just over 38 percent of PCs connected to the web are still running Windows XP. Given that current XP users have already ignored three OS upgrades, it seems reasonable to assume a significant number of XP diehards still won’t upgrade even now that Microsoft is no longer issuing security updates — all of which adds up to a potentially huge number of vulnerable PCs connected to the web.

NetMarketShare’s OS statistics for March 2013. Image: Screenshot/Webmonkey.

Starting around this time next year expect black hat hackers to have a botnet fire sale.

With so many suddenly vulnerable PCs on the web, it’s really only a matter of time before unpatched vulnerabilities are identified and exploited, which could mean a serious uptick in the amount of botnet spam or worse — imagine even a small percentage of those 38 percent of PCs being harnessed for distributed denial of service attacks.

For individual users upgrading Windows XP shouldn’t be too difficult, barring a dependency on software that’s never been updated. If Windows 7 or 8 aren’t to your liking there’s always Linux (I suggest starting with Mint Linux if you’re new to Linux).

Upgrading enterprise and government installations is somewhat more difficult. Microsoft puts the matter quite bluntly on the Windows blog: “If your organization has not started the migration to a modern desktop, you are late.”

The Windows blog post contains quite a few links designed to help anyone looking to upgrade, but at the enterprise/government level it may well be too late anyway. “Based on historical customer deployment data,” says Microsoft, “the average enterprise deployment can take 18 to 32 months from business case through full deployment.”

Windows XP isn’t the only Microsoft product that will be getting the heave-ho this time next year. Internet Explorer 6 on XP, Office 2003, Exchange Server 2003 and Exchange Server 2010 Service Pack 2 (newer service packs of Exchange Server 2010 are still supported) will all be cast adrift. It’s also worth noting that this affects virtual machines as well, so if you’ve got a Windows XP virtual machine for testing websites, well, be careful out there.