The world today is a much different place than it was in 2001 when Microsoft released Windows XP. With Windows XP Microsoft combined features to handle games and multimedia for consumers, and to provide stability and reliability for businesses. This strategy made for a wildly popular operating system. Now, thirteen years later, Windows XP comes to an end of sorts on April 8, 2014. After this, Microsoft will cease providing security updates or support for this venerable operating system.
Consider how your own use of technology has changed, in the last 13 years: In 2001, my home PC had an Intel Pentium 4 processor that ran at 1.8GHz and a gigabyte of RAM. Today, my home PC has an Intel Core i7 processor that runs at 3.7GHz and 32 gigabytes of RAM. While the processor in today's PC appears to be only twice as fast as my computer from 2001, such comparisons are misleading. The actual difference in performance between the two is closer to 60-fold, and even faster for some operations. And my Internet connection? That went from just under a megabit-per-second to 20 megabits, a twenty-fold increase in speed.
Technology evolves, and just as our computers have changed, so has the software they run. Microsoft Windows is no exception to the rule, especially when it comes to security.
Numerous updates to Windows XP were released over the years, including three giant Service Packs in 2002, 2004 and 2008 that not only fixed numerous vulnerabilities that had left Windows XP open to attack, but added new features. In 2007, Microsoft's struggle to release the successor to Windows XP ended with the release of Windows Vista. Microsoft then resumed releasing operating systems on a two-year cycle. Windows 7 arrived in 2009 and Windows 8 in 2012, just a little behind schedule.
Each new version of Windows has not only brought new features, but greatly strengthened security. The six-year gap between Windows XP and Windows Vista and the lackluster response to Windows Vista meant that a lot computers remained on Windows XP. Those computers remained vulnerable to attacks that, if they were not blocked completely by newer versions of Windows, were at least much more difficult for attackers to exploit successfully.
What you can do
If your home or business PC is still running Windows XP, it is not too late to upgrade.
I do not recommend going to Windows Vista, simply because support for it will be ending in 2017. Microsoft will stop supporting Windows 7 in 2020, and Windows 8.1 in 2023. From a security perspective, Windows 8.1 is a great improvement, but the interface is very touch-focused. Unless you are using a touchscreen, you might be better off upgrading to Windows 7 or using a program that makes the Windows 8.1 interface more like an earlier version of Windows. Computers running Windows 7 are still available from stores and computer manufacturers online.
The business-focused editions of Windows 7 (Professional, Ultimate and Enterprise) can run Windows XP Mode, which embeds the older version of Windows inside the new one. This might let you run a last remaining application requiring Windows XP, at least until it is replaced. Keep in mind Windows XP Mode suffers identical issues to Windows XP and is a bridge to replacement of Windows XP, not a means of prolonging XP’s life. Windows XP Mode is not available for Windows 8.1.
XP Questions and Answers
Q: What exactly happens on April 8, 2014? Will Windows XP stop working?
A: On April 8, 2014, Microsoft will release its final security updates for Windows XP, and stop providing support and fixes for it. The operating system will still function the same way it has, and all old updates and fixes will still be available.
Q: Will all versions of Windows XP cease being supported by Microsoft after April 8, 2014?
A: No, not all. Windows XP Professional for Embedded Systems, a special version of Windows XP used in devices such as cash registers, ATMs and ticket machines, as well as various industrial and scientific equipment, will be supported until December 31, 2016. However, that date is fast approaching and if you have devices running XP Embedded you will eventually need to replace or update them.
Q: Are other Microsoft programs going to cease being supported?
A: Microsoft Office 2003 will no longer be supported after April 8, 2014. The next major end of life date is July 14, 2015, which is for Windows Server 2003. If your office has any servers left running Windows server 2003, you should be planning on updating or replacing them as well.
Q: I have to run Windows XP and cannot upgrade or replace my PC. Is there anything I can do to protect myself?
A: Make sure that your copy of Windows XP is fully patched; all your applications are on the latest versions with the latest patches as well; your PC is not just regularly backed-up, but you are testing those backups by periodically restoring them; your PC is running up-to-date security software; and you should also be figuring out how you can move away from Windows XP to a newer version of Windows.
Q: Where can I learn more about these issues?
A. I have provided a list of resources below. You might also find my podcast on security for older systems helpful. And I have written up 5 tips for defending Windows XP machines.
Resources: Windows XP-specific
- Cash crash ahead? ‘Death’ of Windows XP could leave 95% of world’s ATMs vulnerable
- Microsoft offers brief reprieve to Windows XP users – with antimalware updates until July 2015
- Podcast: Windows XP not dead yet
- Windows XP users facing malware invasion
- Cyber criminals saving up malware attacks for Windows XP end of life
General Advice: How to secure a PC
Resources: Windows 8-specific
- Windows 8 security features
- Podcast: What's new in Windows 8.1 security
- White paper: 6 months of Windows 8
- White paper: Windows 8.1 security improvements
We will have more to say about XP's retirement on We Live Security. Let us know your concerns and we will endeavor to address them