Why Microsoft Dropped Windows XP Support And What You Should Be Doing About It

Microsoft’s Windows XP operating system was released the same year that Alicia Keys’ “Fallin’” hit No. 1 on Billboard, 2001. Yet Microsoft has continued to support and update the aging OS -- until now.

As of this Tuesday, Microsoft has officially pulled the plug: no more patches, no more security updates for what’s still the second-most-popular desktop operating system in the world. Windows XP powers numerous businesses, home computers and bank ATMs, but its technical support is still going offline.

Microsoft is not unaware of XP’s success and continued user base, of course. Tom Murphy, director of communications for Windows, acknowledged XP’s success. “Windows XP was a great operating system,” he said. “But it was launched 12 years ago. ... Twelve years in technology is like a lifetime.”

Twelve years ago, most people didn't even have a cell phone, let alone one that could send and receive text messages. So it’s no surprise that Microsoft wants to move its user base to newer and better things. But why couldn’t you stay with Windows XP, as long as your surrounding computer hardware lasts? Surely an invention that old has been perfected.

Not so. Though Windows XP looks the same as it did more than a decade ago, the last version (updated on Tuesday by Microsoft, following the support deadline) is completely different under the hood; it’s not the same thing originally loaded to PCs in 2001.

“There’s more to exploit [on XP],” said Jon Callas, CTO of Silent Circle, a communication encryption service. He explained that there’s only so much Microsoft could do to improve XP. “The design is not built for modern threats. You wouldn’t want to be running a version of any operating system that dated back to 2002.”

Computers, and by proxy computer exploits, have evolved way beyond the scope of XP’s possibilities. No matter how much Microsoft did, there had to be an end date. “A lot of the engineering and design happened in the late '90s,” Murphy said. “It was never designed to protect users from the kind of threats we see online today. Those threats didn’t exist.”

Still, Microsoft originally announced the end of support for XP in 2007. So why are so many businesses still using such an old system?

“[Businesses] traditionally like operating systems that have been on the market for longer,” said Jordan Edelson, the CEO of Appetizer Mobile, a software and design company. “They’ve been vetted; vulnerabilities are more likely to have been discovered.” But, as Callas explained, even a decade of work doesn’t net a perfect system.

Not even for America’s banks.

As of Microsoft’s official service termination, around 95 percent of all U.S. bank ATMs still ran on a version of Windows XP (Windows XP Embedded SP3). Official support for that version of XP doesn’t actually terminate until January 2016, according to Murphy. Still, software transitions can be lengthy processes for large businesses like banks. Some, like JP Morgan Chase, have purchased special “extended service contracts” from Microsoft, to ensure their XP-based computer systems will be protected until the transition to the next phase (Windows 7) in finished.

It’s common practice, but as Murphy emphasized, “It’s a temporary offering.”

That said, it’s been speculated that XP-equipped ATMs are in extra danger now. The fear is that, now that XP will no longer be officially supported, a floodgate will open and allow hackers, criminals and other with ill intent to swoop and steal all of the money.

This isn’t the case, however. ATMs aren’t usually connected to the Internet, so the possibility of someone stealing funds from one while lounging on a couch in rural Wisconsin is slim to none. ATMs are as secure -- or insecure -- as they’ve ever been. The danger, Edelson explained, is “more so in localized attacks.” Basically, a localized attack is when someone physically breaches an ATM, and it’s doubtful that any software could stop a criminal with a large enough hammer.

Information stored on networked computers, however, is definitely at risk. Windows XP still remains the second most popular desktop operating system in the world, partially because of Microsoft’s support. Microsoft has revamped and recoded bits of the OS over the years in response to security threats like viruses and malware, publishing “Windows Security Updates” that helped take care of things behind the scenes.

But what if there were a large-scale security breach? Should the company worry about supporting lagging consumers? When asked, Murphy was ambivalent, but reiterated the company’s stance on upgrading: “Our guidance is absolutely clear: [Users] should be moving from Windows XP to ensure they’re secure moving forward.” Microsoft hasn’t said that you’ll be left in the dark if your system is attacked, but there’s no harm in hedging your bets.

Here are the options for XP users (both personal and corporate):

Stay with XP. Most banks (and some national governments, like Britain) have struck deals with Microsoft to receive direct, personalized support for Windows XP for undisclosed amounts of time. Banks seem the most proactive about this; TD Bank has already switched its systems to Windows 7, but most other major U.S.-based firms have purchased extended support contracts from Microsoft. Banks have the funds for personalized support, at least enough to hold them over until they switch and adapt to Windows 7; most personal users don’t have that capital. This is generally regarded as a poor decision.

Move to Windows 7. This is the most popular selection in both the business and personal computer markets; around half of the world’s computers currently run on Windows 7 already. Banks and businesses prefer Windows 7 to Windows 8 as well, for one of the same reasons they’ve stuck with XP for so long: stability. Windows 7 has been on the market for five years now, and has taken its place as the most popular OS in the world.

Windows 8. Adoption of the latest Windows version has been slow, despite Microsoft’s aspirations. The system is too new for corporations and banks to feel comfortable switching to, but there are other problems. The chances that an original XP machine could run Windows 8 are slim at best, so new hardware would be needed. That, combined with the extra training users would need to adjust, pushes the expense factor too high for businesses right now -- Windows 8 is touch-based; it’s more akin to a tablet or smartphone than a traditional desktop system.

So what is the path forward? Jon Callas summarized it neatly:

“The fix is: You go to the new operating system.”

Join the Discussion