Over 14 years old and unsupported for almost 5 years, there are still millions of Windows XP users out there. That isn’t great news.
While usage has been steadily declining, a hardcore of 3.5 to 4 percent of the world’s PCs still use XP. It turns up in the oddest places.
Festival-goers at Glastonbury last weekend got a glimpse of XP’s re-boot screen when the video backdrop failed during Nenah Cherry’s comeback set.
Neneh Cherry’s visuals at Glastonbury crashed and rebooted revealing Windows XP and I can’t decide if that’s terrible or the most retro cool thing ever pic.twitter.com/oCKi2ZyC2i
— Seb Lee-Delisle (@seb_ly) June 29, 2019
In computing terms XP was a smash hit, but that doesn’t fully explain why so many people are still using it when Microsoft abandoned it long ago.
Machines running XP are sitting ducks for cybercriminals looking to steal personal data, and the only feasible solution is to upgrade to Windows 10. So why isn’t it happening?
These days most things tech related are on a 6-month or annual upgrade cycle with regular updates in between. Why wasn’t XP binned along with the last Windows Phone?
For many people the answer is simple. XP worked.
It had a simple interface. It brought stability to PCs that had been buggy using Windows 98. It was arguably the first consumer version of windows that really delivered on its promise.
And the Windows systems that followed it – Windows Vista and Windows 8 – were widely un-loved. With the improvements to Windows 10 that seems to be over, but there are still notable holdouts.
XP in the military
The Pentagon also finds it hard to move on from its XP-based systems.
While most have been done away with, some of the mission-critical functions of military applications can’t be easily upgraded —which is why the US military sometimes needs to hand Microsoft multimillion-dollar contracts to provide bespoke support for specialised systems running on Windows XP, Windows 2003, and other legacy products.
Maintaining legacy computing systems long past their expiration date creates problems that pile-up as time goes on.
Hardware gets faster, processers get faster, and software applications become more robust.
Old operating systems eventually can’t keep up with computing requirements, so add ons and workarounds have to be created.
It’s the IT equivalent of duct tape and chewing gum.
And it opens the door to security vulnerabilities.
If you’re on the latest version of Windows, you benefit from an ecosystem of hundreds of millions of end users who help uncover security bugs and exploits through normal computer use.
That reduces the risk of undiscovered flaws remaining undiscovered until a clever cybercriminal identifies an opportunity to hack.
That’s no small consideration given how nation-state and other cyber rogue actors might exploit flaws in Windows XP or other legacy systems in use by the U.S. military.
But you don’t need to go to the extreme of life or death impacts to systems that support armed combat.
The hugely damaging WannaCry ransomware attack of 2017 was enabled in part by many XP machines still in use at the time.
While the vast majority of infected machines were on Windows 7, the 2-3 per cent of XP infections impacted critical systems – in particular the NHS.
Sixty percent of NHS trusts were still using some form of Windows XP during the attack, which forced the cancellation of 19,000 medical appointments and cots the NHS close to £100 million to fix.
In an eerie echo of that time, Microsoft has actually issued a rare security patch for those still on XP this week, that fixes a newly discovered WannaCry-like vulnerability.
The last time it issued an XP patch was just prior to the WannaCry outbreak in 20187 – a patch that many organisations, NHS trusts included, delayed or ignored.
Making legacy systems safe
There are going to be cases where an organisations has a specialised system or in-house built application that requires an older version of an operating system to sustain it.
Wherever that’s the case we hope there’s a plan to replace those systems – and soon.
But for now, if you or your company thinks it’s necessary to carry on with OS nostalgia, here are a few tips to minimise the risk of attack:
Install dedicated antivirus software
In 2019 you should have this on your machine already, but if you’re running an older OS its is absolutely essential – and we’d recommend going with the paid version rather than the basic free offering.
Keep XP ‘up to date’
At minimum make sure you have installed all updates that were available to the April 2014 cut off for XP support – and the two more recent patches for WannaCry and the new ransomware vulnerability revealed this week.
Stop using Internet Explorer
Microsoft’s legacy internet browser for XP also lost support in 2014. You need to install one of the popular alternatives to minimise the risk of infection via a web-based exploit
Stop using Java
Whichever browser you select, go into settings and switch off java. Those mini applications within a web page can be a potent source of malware infection.
Don’t use an account with Administrator permissions
If your machine is hacked, best that it happens to an account that only has basic machine permissions. Save Admin mode for changing settings or other occasional higher level requirements.
Add a Virtual Machine
For those apps that will only run n XP, consider adding a virtual machine programme to your PC that allows you to use XP and associated software in isolation from the machine’s normal OS and hardware. You may need to add RAM or a faster processor to accommodate this.
Finally, choose what you install on your XP machine wisely. Restrict its use to must-have functions that aren’t yet available for new operating systems.
And make a plan to replace old operating systems entirely. For safety’s sake, it’s time to kiss your favourite legacy OS goodbye… and quickly!