Kill your Windows XP systems, before they kill you!

Paul Thurrott just published The Coming Windows XP Apocalypse reminding us that support, including security patches, for Windows XP is coming to an end.  For a more in-depth examination on why you need to run from Windows XP as fast as you can see my blog entry from two years ago.

Last month I experienced just how difficult it was going to be to fully put the nail in the coffin of Windows XP.  I went to the open house for a new hospital and when touring around noticed that their PCs were running Windows XP.  That’s right, a new deployment of XP in a mission critical environment just months before all support for XP ends.  Oh, and a new deployment in an environment with extreme privacy requirements.  In an environment in which malware could quite literally cause loss of life.  I tweeted about this and someone from Microsoft already went off to work on making sure the hospital had a migration plan in place.

No doubt a new deployment of Windows XP is not done because the IT department desired it.  All controversy about Windows 8 aside, Windows 7 is something IT can and does have a love fest with.  The problem is likely ISV software, and support for specialized hardware, that hasn’t yet made the migration to Windows 7.  Or perhaps in this case, the hospital’s parent organization has a migration plan but this hospital was opening before the rest of the organization was ready to migrate.  Let’s just hope they complete the migration in time.

There are a few points about Windows XP usage and what happens when support ends in April 2014 that I wanted to make.

First, the Netapplication numbers Paul used are worldwide numbers.  Netapplication wants $300 to let you filter by country, which I think is fair except that I can’t justify paying them just so I can write a blog article.  Using StatCounter data we see that July 2013 worldwide XP usage is 20.45% while US usage is 11.67%.    Note how StatCounter and Netapplication (37% worldwide XP share) differ dramatically because of methodology.  And the truth is that actual market share may be quite different than either of them report, because lots of systems in business are not used for web browsing (which is how both gather their data).  All that matters is that Windows XP usage is still quite substantial no matter what the actual number or its source.

The worldwide numbers may greatly overstate the situation in individual countries or regions.  For example according the StatCounter Windows XP remains the most used operating system in China at 54.69%.  By contrast Australia is at about 9%.   This also explains why the drop in Windows XP usage appears to be slowing.  In some countries the move away from Windows XP is almost over while in others it has barely begun.  And for the latter, often dominated by pirated copies, it isn’t clear that the loss of support holds much meaning.  Thus they just aren’t moving!

I expect that in places like the U.S. there will be one more major downward move in XP usage before April 2014.  The reason is simple, public company corporate governance requirements will force IT’s hand on the migration.  Risk Management Departments are going to be making this a CEO-level issue as they understand, if they haven’t already, just how much exposure the organization is taking on by using Windows XP after April.  And while not everyone will complete migration by April 2014, they will be well into migration by then.  What we’ll be left with is the millions of personal or small business PCs where the owner just doesn’t care.  And just as there is still usage of Windows 9x out there, there will likely still be some XP usage a decade from now.

One last thing I wanted to talk about was the comparison of the end of Windows XP support to Y2K.  Sorry folks, there is no comparison.  Y2K was about driving off a cliff while this situation is more like stopping maintenance on a bridge.  Cracks will develop.  Bolts will fall out.  Rust will set in.  But it will take years before the bridge actually collapses.  And in the case of Windows XP, as long as security vendors continue to produce anti-malware software for it most cracks will be patched.  Although with bubble gum rather than a weld.  To switch analogies, after April 2014 leaks in dikes will be plugged with fingers rather than properly repairing the dike.  Eventually fingers just won’t be enough, the dike will be breached, and the city washed away in a flood.

I think people are nuts to keep using Windows XP.  I thought so the moment Windows 7 hit the market.  With support ending in April 2014 there are no more excuses.  And I still have hope that, at least in western countries, that corporate migration off of Windows XP will largely be complete by April 2014 or shortly thereafter.  If your organization is not on track, you need to push it to get there.

As for moving individuals off of Windows XP?  Well, maybe the upcoming holiday season should be all about giving your family and friends the gift of modern computing.


About these ads
This entry was posted in Computer and Internet, Microsoft, Privacy, Security, Windows and tagged , , , . Bookmark the permalink.

31 Responses to Kill your Windows XP systems, before they kill you!

  1. Bob - Former DECie says:

    I have to wonder about all those small business POS systems running some variant of XP. They are not usually connected to the internet but many do credit card validation via dialup. Will they cease to be PCI compliant at that point? Will there be any way for them to know? Will there be any penalties?

  2. Bob - Former DECie says:

    On a different level, I know one person in a non-computer related forum that I frequent, which has several computer-savvy people in addition to myself, that loved XP so much that when their XP laptop died a few months ago, they went and bought a used XP laptop, despite universal warnings not to do so. You can lead a horse to water….

  3. Tim says:

    Last night I updated my side-project web app with a note stating that the app will no longer support XP after the end of this month. XP requires the older IP-based TLS protocol instead of the newer SNI-based protocol. My problem is that Microsoft charges a prohibitively high fee ($39/mo!!) to support IP-based SSL on Windows Azure. This just doesn’t make economic sense for a low traffic site. But the reality is that relatively few visits to my app come from XP machines anyway.

    On another note, Microsoft unfortunately still charges $9/mo for SNI-based SSL, but at this point I’m already hooked.on Azure.

  4. Andrew says:

    I’ve found lots of PCs running Windows XP in academic environments because there is software – which has been published and validated, but is no longer supported – which only runs in XP; and sometimes this is control/driver software for equipment costing thousands or hundreds of thousands of pounds. Not clear what the solution is in cases like this.

    • halberenson says:

      I think this is true across organization types. Embedded systems, to point out a large sub-class, aren’t usually upgraded independent of replacing the piece of equipment in which they are embedded. So if you have a computer-controlled manufacturing machine, medical equipment, POS system, etc. whatever OS was in use when you purchased the machine is what will be used until the day you swap out the equipment. No doubt there are still PDP-11/RSX-11 based systems still floating around in the world, two decades after DEC stopped production. Indeed one of my first jobs was to reverse engineer a PDP-8 NC machine binary because the company that created the NC machine was out of business and my employer wanted to make changes to it. So while supportability has always been an issue, it’s the connectivity to the Internet that causes real problems.

      There are also many systems which are not technically embedded but otherwise have the same characteristics. The need to run software which is no longer developed or supported, and won’t run on newer platforms. Or just a system that lives in a closet and is never touched, cranking away at its “job”, with no resources or expertise around to migrate it.

      There will always be some of these floating around, and that’s not the major concern. Not that it isn’t a concern, particularly after we’ve seen what Stuxnet can do. But if you focus on the vast bulk of the security problem, which is bad guys seeking financial gain, getting the population of XP systems down below 5% would make it uninteresting for bad guys to waste their time on. This is the dynamic that has helped keep OS X, for example, relatively safe all these years.

      • yuhong says:

        On the matter of embedded XP, Embedded Standard 2009 and POSReady 2009 is supported until 2019, and is based on XP. When WEPOS SP2 support ended after plain XP SP2 support, they just put up the plain custom support patches without any checks at all. I wonder what MS will do about it this time.

  5. Neil T. says:

    Where I work, we’re only now upgrading the last computers to Windows 7.

    • Bob - Former DECie says:

      There are many, many businesses who are just beginning the upgrade to Windows 7. I know a very large international software consulting firm that just finished the corporate upgrade from XP in the past 6 months.

  6. DrM says:

    I think that we should move to user friendly Linux distros like Linux Mint which comes in different flavours, or lightweight Linux distros like Antix and Puppy Linux. These two distros can run on old Pentium Three PC’s with 256 MB of majn memory. In times of economic hardship and austerity, it’s a good thing to keep old hardware using!

  7. Jason says:

    Half our workforce is still on XP, me included.

  8. A Rowland says:

    Windows 7 is very nice in many ways, especially the installation and device recognition, but from a sheer usability standpoint, XP still just takes the crown. Where, in Win7, is there the ability to ctrl-click an Explorer window to open the parent folder in a new window? Or to ctrl-double-click a folder to open it in a new Window (you have to right-click, use a menu…). And why does it keep landing you in those annoying libraries with no way out to real directories? I want to know where I am saving to! Not to mention the way I still spend ages hunting for configuration options that have moved somewhere odd. It wins on renaming — press F2 and the filename is highlighted sans extension, but on the whole I prefer XP. People on this blog tend to look at technical and security issues. Fair enough, but for end users it is often the little things.

  9. John3347 says:

    I am still using Windows XP because it is significantly more stable than Windows 7. It is also easier to change something that I need to change. (Change how something works) The file system in Windows XP is FAR superior to Windows 7. I am also using a Windows 2000 computer for certain tasks. I look forward to Microsoft ending “support” for Windows XP because that means that I will be getting no more faulty updates. This is a good thing proven so by the end of Windows 2000 support. End XP support today.

  10. eoin says:

    what happened to having the software that does the work drive the choice of OS? xp works. we do not rely on the OS to protect users – we shield naiv users a thousand ways besides that.

    • halberenson says:

      A 1934 Ford might also be perfectly safe on the road as long as it doesn’t hit (or get hit by) anything. That doesn’t negate that it is an inherently unsafe vehicle compared to any late model car. All you have to do is drive it slowly around an indoor track and I’m sure you’ll be just fine.

  11. jelabarre says:

    1: can you find a cheap, affordable and *legitimate* (which automatically excludes 99.99% of the sales on eBay) version of Win7? I’m talking about a *BASIC* version; I don’t want all that cr*p and cruft and un-needed applications that come wiith the Super-Mega-Ultimate-Premium versions that are the *only* versions of Win7 you can even find now.
    2: Does Win8 run on the physical machines in my house, and my brother’s house that it would have to be installed on (this is excluding the machines in my house running Linux, which are the majority)? No, WIn8 does *NOT* run on those machines.

    So, given that neither newer MSWin option is feasible, it’s either stick it out with XP, or move the remaining systems to Linux.

    Here’s where ReactOS would be handy, if they were, oh lets see, about 10 years further along in their development.

    • halberenson says:

      Because the cost of installing, learning, etc. Linux is much less than the few hundred dollars it would cost to replace each of your PCs. Right.

      BTW, Windows 8 will run on any PC that Windows 7 runs on. Though Metro apps might not.

      • jelabarre says:

        Well, seeing as *I* have been running Linux as the primary OS on my own desktops for the last 12 years, and done Linux support for most of that time, I think I have learned plenty. So *YES*, the cost of installing and learning Linux is SIGNIFICANTLY less than buying new hardware. Next excuse???

        And NO, Win8 requires PAE/NX, and hardware that is quite capable of running Win7 (and yes, I have actually tried Win7 evaluation version on hardware as old as a ThinkPad T23 and it ran just as well as XP) will NOT run Win8. Will not install, will not run. AT ALL. Next excuse???

  12. Bob - Former DECie says:

    Since you have the skills to support Linux, I don’t understand why you don’t just load Linux on your remaining Windows systems and never have to worry about Windows again. On the other hand when your existing hardware dies, any new system you buy will be able to run Windows 7 or 8.

    • jelabarre says:

      I’m pointing out the issues and problems with moving away from XP. I was at what options I had for keeping my brother’s machines on MSWindows come April 2014, as well as having a MSWin VM for my own purposes. I’m pointing out the problems a lot of people will have in trying to migrate away from XP, not just my situation.

      At least for *my* usage (XP in a VM) I have one less reason to use XP (and possibly the last un-replacable one, with the exception of tax software) now that my daughter’s LeapPad Explorer quit working, and I no longer need to use the MSWin-only sync software.

    • Lorand Juhasz says:

      I dont know if moving to Linux requires more skills than getting used to changes in Windows. Altough I do agree that moving will be the best option after XP is dead. My hardware runs the best with Linux or XP, they have eighter less useless special effects than the newer Windows versions or give offer more configurability. If my current hardware dies, Im not likely to buy new one eighter, rather something used, which is perfect for my needs, and costs with OS pre-installed about the same as A DARN WIN7 CD, or HALF A COPY OF WIN8!…

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s