So almost one-third of Windows machines are about to be unsupported. That sounds scary, but what percentage of those XP systems are anywhere near current with updates anyway?
Non-IE browsers still have vulnerabilities. And that's without taking exploits in third party plugins into account (Flash and Java being two popular vectors for attack)
Most antivirus solutions are notoriously bad at new threats and while firewalls might highlight malware trying to phone home, by that point you're already infected.
Security is only as strong as your weakest link and thus OS security updates are as vital as updates on any other part of the software stack.
And don't think common sense will save you as ad banners are sometimes known to be boobytrapped; legitimate sites get hacked to serve malware too.
Does anyone know what banks, governments etc will do once XP doesn't have support anymore?
I had a discussion with a coworker a couple of times now, and he said a big company can always just pay Microsoft money to support them onwards. Any truth in this?
Dangerous ports are already turned off with group policy (USB, removable media etc), BIOSes are locked down, hardware is still available that will support XP, the networks aren't directly connected to the Internet so they will either be airgapped or have massive edge content filters and firewalls. There aren't many infection vectors for nasties. In fact most of the machines probably don't even have latest updates on them already. Possible not even SP2.
Microsoft probably won't be paid other than through their select agreements which allow XP use indefinitely. 3rd party consultants will swarm to help any issues for a fee which is still cheaper than upgrading.
The world will still spin and lots of "meh" will be chanted as Windows 7 boxes slowly trickle into production with an old ancient IE9 build on them as and when they feel like it...
This really isn't a big issue for companies and governments despite technology news panic stations and sensationalism.
To be fair, I consider that I'll be using Windows 7 until possibly after EOL as it does what I need. I'm sitting on a second hand 2008 circa Lenovo T400 and have a spare one in the cupboard. It'll do me fine until 2020 - progress hasn't exactly been rapid in IT in the 6 years.
"I'm sitting on a second hand 2008 circa Lenovo T400 and have a spare one in the cupboard. I'm sitting on a second hand 2008 circa Lenovo T400 and have a spare one in the cupboard."
Do you boot up the spare one now and again or have you simply removed the battery and bagged it? Just interested as I'm considering a similar move with X series Thinkpads.
It gets booted up every 3 months or so to apply windows updates so it's ready to roll if this one fails. If it does, I'll repair this one as they're pretty easy to fix even with massive failures. I've got another T61 running FreeBSD which gets used regularly as well.
The battery is removed and placed in a box. It's a second hand 9-cell battery with 12 recharge cycles (Paid £20 for it!) so it's been charged to 80% and will be maintained at that where possible. I've investigated rebuilding the packs as well in the future and it's not impossibly difficult.
I'd definitely go for it. There is a vacuum of quality hardware now. Even the latest Lenovo T/X series are cruddy machines.
I'll go back to desktops if the situation doesn't improve by 2020.
It is possible to continue to pay for support,but I'm not sure whether this is guaranteed to include security patches.
Those large organisations who care about security but are forced to keep XP for some reason will presumably rely on some solid firewalling. If I had an XP box on a dedicated network without internet access then I wouldn't be too concerned in the short term.
I had a discussion with somebody who knows about XP Embedded, which is apparently a lot scarier than regular XP. For one thing it's used in a lot of applications where credit card readers are attached, and for another thing the system requirements went from 128MB to 1GB between XP and 8 which makes upgrading really unattractive.
The path of least resistance for the people I talked to seems to be moving to embedded Linux or a Android and rewriting all the software. But they weren't terribly happy about it.
I have a lot of clients still running XP. I have warned them that once MS stops the updates, the bad guys can examine updates for Vista or Win7 and see if the security hole exists in XP. I am guessing that with an April cutoff XP will be unusable as an internet connected device by October.
How many of these "holes" are in IE as opposed to the more integral components of the OS? I don't think it'll be as bad as MS wants you to think; after all, I witnessed 98SE's EOL and they said the same thing, used it until late 2010 (dualbooting with XP), but 16 years later a lot of modern malware won't even run on it.
Legacy software (and hardware) - some stuff for embedded development that used to run in DOS, and was OK with 98SE, but wouldn't work in anything NT-based. But mostly I'm a "don't fix it if it ain't broke" type of person, so if it weren't for the fact that a lot of other software I had to use wouldn't run in 98SE, I probably would still be using it.
The file manager in Win98 is also surprisingly responsive when compared to XP, Vista, and 7, even on older hardware that's many times slower in benchmarks. Things seem to happen instantaneously, whereas in XP, Vista, and 7 there is a slight but noticeable delay every time e.g. you open a folder or scroll around. I think it's a little amusing that, even though it can only use 1 core, on my i7 system Win98 feels so much faster and less "intrusive" in many ways.
Probably the most common hardware feature of DOS-era PCs that the official version of DOSBox doesn't emulate is the parallel port that was used to connect most printers, since very few games can make use of a printer.
I'm not just playing games with this, I have some hardware that needs a parallel port and relies on direct access to the ports, so any sort of emulation layer etc. would likely not work well.
I know very little about this type of security, how can one remotely hack into a computer just because it is connected to the internet and has some known vulnerability?
I mean as far as I know my computer does not execute arbitrary code someone sends it through the internet without asking. So how do you exploit those vulnerabilities?
I understand how you can exploit a vulnerability in a browser, those things actually execute whatever code happens to be on the pages you visit, they load images etc. by default. But just Windows XP with an open internet connection... how does code execution happen there?
Imagine a problem in tcp packet handling that happens due to a problem parsing a tcp packet and further on up the chain the affected service has a buffer overflow in how it reads the data contained in the tcp packet(s) allowing you to inject arbitrary code into that service, lets say the service is RDP or whatever.
Then just by having a system being online and able to accept malicious packets to this service, you can with say shodan scan for that vulnerable port across the entire internet, see if the ip is running xp via tcp fingerprinting, then send your malformed packets to the system and add your shiny new xp machine to your botnet for whatever nefarious purposes you need. Also probably patching the hole you used to get in so that nobody else can use it for their purposes.
Now this is highly high level and remote vulnerabilities like these are much rarer than browser vulnerabilities, but from what I've heard there are a number of these vulnerabilities floating around just waiting for microsoft to abandon support for xp. Once that happens we might see more xp botnet nodes showing up and causing havoc.
A little late to reply but... my clients are using XP for web access and email. So its just a matter of time before they get infected via an unclosed security hole.
Does anyone know how these figures are collated as Windows sales might include PCs running Linux, some people build machines and then pirate Windows and web site statistics are open to a whole slew of problems from selection bias through to easy OS spoofing.
I've not heard of an accurate way to produce these statistics yet cnet are displaying floating points as their percentages and publishing them as fact. So I'd hope they have a reasonably accurate method of collation which I'm unaware of.
> This report lists the market share of the top operating systems in use for browsing (not servers). This data is derived by aggregating the traffic across our network of websites that use our service.
Which isn't all that helpful, as it doesn't say what the network of websites consists of.
I would imagine that, with the approaching death of XP, many organisations still stuck on XP are shifting from desktop apps to browser-based apps wherever possible, in order to smooth the transition. This would lead to a rise in traffic from XP machines to SAAS sites.
In France, most of the PC have a Windows license sticker even if there are running linux. I think the statistics are biased by the fact that it is difficult to buy a PC without a windows license. Among the last 3 computers I have bought, none are running windows, but 2 have the license.
I took a picture on the train the other day, in the echo chamber that is Silicon Valley on CalTrain it was macbooks all the way down the car. It was the first time I had seen the entire car with nothing but Macbooks.
That said, the particular infographic is misleading in a number of ways, MacOS 10.9 but none of the other versions? Windows 8 and 8.1 are differentiated by not Windows Vista, SP1, and SP2?
Microsoft's biggest problem is that XP is "good enough" on hardware that will never run Windows 7. That leaves them asking someone to spend anywhere from $500 to $1000 to "upgrade" a machine that is working fine for the intended purpose, sometimes several thousand machines. And who wants to do that?
If someone wants to do something crazy at Microsoft it would be to target windows 9 to every single windows capable platform from XP to present. That would be a huge amount of work and so I doubt they will even attempt it, and they would have to back port drivers for hardware where the vendor no longer exists. But it would solidify their OS position once again.
Steven Sinofsky even did a demo to us where he got Windows 8 up and running on an ancient laptop originally manufactured for use with Windows 95 or 98 (piece of x86 hardware that was close to 20 years old.)
Windows 8 has lower system requirements and a smaller storage requirement than Windows 7 - this was necessitated by the requirement to support ARM architecture beginning with Windows 8.
The problem is that Windows XP exists predominantly in two environments that are historically tricky for Microsoft:
1. Pirated copies, largely in Asia and
2. Deeply barnacled enterprise deployments, especially in Governments.
The reason why Microsoft's bothered supporting XP for so long is because of the amount of revenue tied up in #2.
If Microsoft dynamites support for XP and those barnacled enterprises have to reinvent their entire IT infrastructure around something new, there's a very strong possibility in some cases that a Linux-based solution might win, particularly in the public sector.
So it's a tricky issue, but Microsoft won't ultimately be able to kick the can down the road forever. What will ultimately move people off of XP is when third party developers decide to stop supporting it, which they largely still do.
"Steven Sinofsky even did a demo to us where he got Windows 8 up and running on an ancient laptop originally manufactured for use with Windows 95 or 98 (piece of x86 hardware that was close to 20 years old.)"
Interesting. So I could buy a retail copy of Windows 8 and install it on this X61s (Duo Core 2, 3Gb RAM, Lenovo BIOS, Intel 945 graphics, Atheros WiFi) and it would run reasonably quickly?
In theory - the poster below pointed out that they added a requirement later which eliminated support for any pre-2003 CPU. The demo I referred to happened about a year before Windows 8 RTMed.
I've often wondered that myself - to be honest, I can't recall Microsoft making a strong push for upgrading the OS of existing machines since Windows Vista; primarily, I think, because of the huge disaster that ensued with aforementioned push.
The "Upgrade from XP to Vista" rollout backfired for a ton of reasons, but if I had to summarize it was due to these facts:
1. Microsoft did not work closely enough with device manufacturers to ensure device compatibility from Windows XP to Vista. Printers and video cards primarily.
2. Consumers now had to choose between 6 versions of Vista instead of "Pro" or "Home", which was confusing.
3. x64 architecture was introduced, which doubled the number of possible choices consumers had to make and inevitably lead to some consumers being very disappointed with their purchase.
4. Due to the introduction of Aero and some poor quality control on the part of the Windows team, Vista required vastly more resources than what many Windows XP machines were capable of delivering. Vista's minimum install footprint is something monstrous like 16-24GB, which was a stretch for Windows XP machines manufactured as long as 6 years prior. Since then, each version of Windows has required less resources than the edition before it. Sinofsky emphasized that.
So in short, I think Microsoft realized that the QA burden is a lot greater than they previously thought and have left it up to their most technical consumers to decide whether or not to upgrade, relying instead on hardware refresh cycles to do most of the heavy lifting for the bulk of their consumers.
Unfortunately with the advent of the "multi-device consumer," those upgrade cycles can often be much longer than three years now.
Despite those concerns, Microsoft sold copies of Windows 8 for something phenomenally cheap initially, $49 IIRC, in hopes of getting people to upgrade their existing hardware. I believe they discontinued that practice 6 months after the initial release of Windows 8.
> Despite those concerns, Microsoft sold copies of
> Windows 8 for something phenomenally cheap initially,
> $49 IIRC, in hopes of getting people to upgrade their
> existing hardware.
I would have taken them up on that deal if they had said "will work on your XP machine", my experience with Vista was that "new release" was fundamentally incompatible with old hardware.
That echo chamber is particularly strong though. Here in Atlanta, I usually don't see a single MacBook when I go to Starbucks to work in the afternoon. Lots of iPhones and iPads as auxiliary devices, but almost entirely PCs getting work and study done across every demographic.
UK, Birmingham to London train. Mostly corporate Lenovos with about one quarter Apple laptops in First, Lenovos and iPads with a few smaller Apple Air in Second. Remarkably few generic brand laptops. Tablets are winning in Second I think.
UK, Birmingham coffee shops, chain and independent: Apples, some netbooks. A lot of iPads and book readers of various kinds. Again, very few generic laptops. I really notice now when someone has a 15ish inch laptop with DVD drive &c. Perhaps people have those in their houses.
Edit: Phones everywhere. Samsung, iPhones, Blackberrys still popular, generics.
I wonder how that varies regionally. I spent a couple of years traveling and working at coffee shops, and my observation is that most places, similar to where I live in Minnesota, have a high degree of MacBook usage in coffee shops. When I go out here, it's usually about 80% macs.
A website I've run for several years is now visited by 30% Mac OS, growing from 18% in 2008.
When it comes to website traffic, it definitely depends on your audience. I have a consumer-facing website that serves a few million pageviews per month and has never cracked 5% OS X visitors (3.6% last month). On the other hand, my blog sees nearly 10% OS X traffic even though it has a lot of content targeted toward Microsoft developers.
The battery life of the Macbooks may skew the number of machines seen in open public spaces. I see a lot of coworkers with windows notebooks lugging their power cable everywhere they go and getting the computer out only if they secure a power outlet.
I recently moved from a MacBook Air (running OS X, not Windows) to a Samsung Ultrabook and haven't seen any noticeable difference in battery life pro or con. That's with it driving a 3200x1800 display and a Core i7 processor too.
There are definitely $400 PC laptops out there that just suck from start to finish (including battery life), but good Wintel laptops are pretty easy to find these days.
I think there was definitely a time when Apple made the best hardware to run Windows on.
It's a compromise though. MacBook keyboards are weird to use in Windows and the hardware drivers were never optimal. I ran Windows 7 on my MacBook Air, off and on for years, but could never get it to run as well as it did on the similarly-spec'd Dell m1330 that I had before.
Now that there's Apple-quality (better in some aspects, I'd argue) Wintel hardware readily available, it doesn't make sense to deal with those drawbacks if all you want to run is Windows.
That would make Windows 9 so much money. Having to shell out a huge amount of money for upgrading is keeping our customer base (school districts) from making the leap before the last possible moment.
With the advent of thin clients and visualization, having a low-powered machine with a low-overhead operating system is looking more and more normal.
Well one could argue that folks already paid it forward. One could decide to take a couple of billion out of the cash on hand pile and invest it in reinforcing the OS footprint. I think ultimately that is what Apple is trying to prevent with their low cost OS upgrades.
But as a strategic move it would fix a number of weaknesses in Microsoft's current situation.
That's what Apple does every 3-4 years but with much more expensive hardware. Any Mac computer will not be supported within 3-4 years. Why does Microsoft get in trouble for only supporting 10+ years for the same system...
Not to mention Apple gets away with doing this to $1000+ hardware which then is non-reusable, while Microsoft gets neck deep in shit for not supporting a $100 OS license 15 years down the road when the HW is perfectly reusable with a much cheaper OS update.
>in the echo chamber that is Silicon Valley on CalTrain it was macbooks all the way down the car. It was the first time I had seen the entire car with nothing but Macbooks.
I notice this in the front cabins of flights nationwide, as well as on the Acela. I think it is less a phenomenon of Silicon Valley than that of crystallising class boundaries.
This reminds me of election polls in the UK. Before an election some agency will phone up a thousand or so people and ask them what they plan to do on election day - tick the red box or the blue box. Sometimes they also go door to door or ask people in shopping centres. Despite their methods they do get to miss a lot of folk - those that do not have phones and those that are out working rather than waiting for the pollster to ring their doorbell. Consequently the results are not necessarily representative of true voter intentions.
As for the total XP installed count, what about all those machines that get used every day in some workplace for something as ordinary as printing labels but never get to go online? Or those rooms full of PCs that only get occasional use because people bring their own device or do their personal surfing on a phone? Or those PC's in back rooms that generally collect dust? These machines are like the voters the pollsters miss.
