Windows XP End Of Support; The Ticking Time Bomb

October 2001 saw the release of Windows XP, Microsoft's flagship OS to replace Windows 2000 and Windows ME. It was the first OS targeted at consumers and came with a minimum hardware requirement of a 233MHz CPU, 64Mb of RAM and 1.5Gb of HDD space. On April 8th 2014 Microsoft will officially end their extended support of Windows XP, but what does this mean for the end user?



Service Packs and Windows Updates are a common occurrence for Windows users. They keep your operating system up to date, protected from the latest threats and running smoothly. On April 8th 2014 if you happen to still be using any variant of the Windows XP operating system (OS) you won't be seeing another update again. Ever. Microsoft will not be patching newly discovered security holes, providing new features for the latest tech or delivering those little performance boosts with software updates. You're going to be on your own.


Just how old is old ?

First released in August 2001 with a GA in October 2001, Windows XP is now a staggering 12 years old. Right about the same time you were buying your first Windows XP computer you were also buying one of these 2 groundbreaking bits of kit.





Since the release of the first iPod on October 23rd 2001 we have seen 24 different versions. The original Xbox console released November 15 2001 is, at the time of writing, just about to be superseded by it's second major hardware revision, the Xbox One. Both of these devices have progressed leaps and bounds in recent years, as has Windows XP, but there comes a time when you just need to put them in the cupboard and be satisfied with them becoming fond memories.


So what's the big deal?

Well it would seem that Windows XP is still fairly prolific. Over the last 12 months, from October 2012 to October 2013, Windows XP has reduced from a 27% market share to a 20% market share in the operating system space.



That means that an astonishing 1 in 5 web connected devices in the world are still running some variation of Windows XP. Couple that with the rate of decline and the impending end of support and it means come April 2014 there are going to be vast amounts of users exposed to great risk. The problem isn't just down to consumers either. There are huge swathes of corporate environments still running Windows XP that have yet to migrate or in some cases, are not even planning to migrate.


But what's the point?

And why should we be forced to upgrade our OS at great expense to line the pockets of Microsoft? Well, here's a few reasons.

1) Security. By far the biggest and most prominent reason to upgrade beyond Windows XP is your own security. Windows Vista saw the introduction of User Account Control (UAC) designed to protect the user from inadvertently running malicious software. Microsoft aren't going to reverse engineer these changes into a Service Pack for Windows XP along with a whole host of other kernel changes aimed at security. Windows 7 saw the introduction of even more security features designed to prevent a user performing privileged operations without explicit consent. Arguably the worst security risk is the lack of patches for new exploits. If a new security flaw is found in Windows XP that allows an attacker to compromise your system it will never be fixed.

2) Compliance. The Payment Card Industry Data Security Standard (PCI DSS) is a worldwide security standard for any organisation that handles credit, debit, pre-paid and other forms of payment card or POS. It was created to increase security controls surrounding card holder data to prevent fraud. Requirement 6.1 of the PCI DSS specifically states (source):

Ensure that all system components and software are protected from known vulnerabilities by having the latest vendor-supplied security patches installed. Install critical security patches within one month of release.


So, once Windows XP reaches 'end of life' Microsoft will no longer be looking out for new vulnerabilities or security flaws and will not be providing patches for them. This pretty much makes any Windows XP based system a prime target for hackers because if they do find a flaw that allows them to exploit a system, it will never be fixed. (So important I said it twice)

3) Performance. During development through Windows Vista, 7 and then 8, Microsoft have dropped support for old outdated hardware and introduced support for new more cutting edge hardware. To keep implementing support for hardware that is more than a decade old would be a waste of resources that could be better spent on implementing support for newer technologies. As Microsoft's operating systems have matured through the years they have become more and more efficient. Windows 7 and Windows 8 now provide significant performance advantages over Windows XP on the same hardware!

4) Software compatibility. An ever increasing number of applications simply won't run on Windows XP. Visual Studio 2012 won't, neither will SQL Server Management Studio 2012 or version 4.5 of the .NET Framework. This means that developers using the latest technologies have to target older versions of .NET and lose all of the great new features in the up to date versions.


You're using what browser version?!

That's right, Internet Explorer 8. The most 'up to date' version of Internet Explorer that you can possibly run on Windows XP SP3 is IE8. This twice superseded browser doesn't even come close to meeting the requirements of today's modern web and you're stuck with it. The reason for that is the highly criticised marriage of Windows OS and IE browser. A US anti-trust law case was brought against Microsoft for this very reason (source):

Microsoft stated that the merging of Microsoft Windows and Internet Explorer was the result of innovation and competition, that the two were now the same product and were inextricably linked together and that consumers were now getting all the benefits of IE for free. Those who opposed Microsoft's position countered that the browser was still a distinct and separate product which did not need to be tied to the operating system, since a separate version of Internet Explorer was available for Mac OS. They also asserted that IE was not really free because its development and marketing costs may have kept the price of Windows higher than it might otherwise have been.


Of course you're free to grab the latest version of your favourite browser which will run just fine on Windows XP. Chrome, Firefox, Opera and even Safari have no problems running under Windows XP, but the problems start in the corporate world. In large scale deployments having a 'standard' endpoint in front of every user provides many benefits. Redeploying machines becomes easier with 'standard' images. Developing web applications for your 'standard' user becomes easier when you know what browser they are all using. Pushing out updates and patches becomes less risky when you only have a 'standard' environment to test against. Keeping everything as 'standard' as possible when catering for potentially tens of thousands of users and endpoints has immeasurable benefits. Unfortunately we have long passed the tipping point on the scales where maintaining these archaic systems is beneficial but many still see the cost of an upgrade being greater than the cost of maintaining these decade old systems.


The end is nigh

The unarguable fact remains that come April 8th 2014 users of Windows XP will become prime targets for hackers and will be exposed to an ever increasing risk the longer they remain. Websites are ditching support for IE8 by the boat load and the cost of developing or maintaining applications for Windows XP takes a step up with every passing day. For large scale organisations if you haven't already started the migration to Windows 7 or Windows 8 then you're late to the party. Home users should look to upgrade their OS where possible or if required purchase a new PC that comes with Windows 7 or Windows 8 out of the box. This isn't about a glitzy UI or some bells and whistles, this is about much more serious concerns like security and safety. The Windows XP end of support is coming, the question is, are you ready?


Short URL:
Countdown site:

Author image
About Scott
Researcher, blogger and international speaker. I'm the creator of and, free tools to help improve online security.