Windows XP was released on August 24, 2001. It was officially retired by Microsoft two years ago on April 8, 2014. This makes WinXP almost 15 years old, which in operating system years is about 500 years old. Sophos reported:
“Windows XP was still running on 10.9% of all desktops as of March 2016, according to stats compiled by Net Applications.
To put that in perspective, according to Net Applications’ figures, Windows XP is still the third-most popular desktop OS, trailing only Windows 7 (51.9%) and Windows 10 (14.2%).
And there are more PCs running XP than Windows 8.1 (9.6%), and all versions of Mac OS X combined (7.8%).”
And this is a huge problem, because security vulnerabilities that have been discovered and exploited for Windows XP after Microsoft ended support means that these operating systems will remain vulnerable forever.
I get it. I have met and worked with many of the hold-outs, who tend to be older users who are uncomfortable with the user interface changes that have happened. Many users avoided the upgrade to Windows Vista based on all the bad press about this OS, and then skipped the excellent Windows 7 product because “it was too different.” Moving from XP to 8 was a disaster for users who traded up when WinXP was retired, with some returning to the old but familiar OS. Windows 10 was not an improvement for this group of users.
To put this in perspective from a security point of view, this is no different than locking your doors with an old style thumb-button knob lock that can be defeated with a credit card inserted into the door jam. Just not going to keep the bad guys out.
And it gets worse. Most of the free and paid for versions of anti-malware security products will not install into Windows XP either, which leaves these users running an unsupported operating system with security that can no longer be updated for new malware signatures. Pick the worst neighborhood you can think of, and go for a walk their after midnight. This is what your online life is like every day.
In my professional life, when we perform vulnerability assessments for corporate clients, we often uncover a Windows XP system that is happily chugging along supporting some sort of home-grown application that was developed by someone on staff who left the company years ago. No one can figure out how to update it (no documentation, another problem), but the application is still in production, and only works on XP. If this is true for your business, you just need to bite the bullet and move up to something new. These systems are targeted by cyber-attackers as an entry point and pivot point to extend their attack into your network, to servers and data stores where the good bits are.
This is the year to finally retire these relics of a bygone era.
About the Author:I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com