NEW YORK -- Microsoft will end support for the persistently popular Windows XP today. With an estimated 30 percent of businesses and consumers still using the 12-year-old operating system, the move could put everything from the operations of heavy industry to the identities of everyday people in danger.
“What once was considered low-hanging fruit by hackers now has a big neon bull’s-eye on it,” says Patrick Thomas, a security consultant at the San Jose, based firm Neohapsis.
Microsoft has released a handful of Windows operating systems since 2001, but XP’s popularity and the durability of the computers that it was installed on kept it around longer than expected. Analysts say that if a PC is more than five years old, chances are it’s running XP.
While users can still run XP after today, Microsoft says it will no longer provide new security updates, issue fixes to non-security related problems or offer online technical content updates. The Redmond, Wash.-based company says it will provide anti-malware-related updates through July 14, 2015, but warns that the tweaks could be of limited help on an outdated operating system.
Most industry observers say they recognize that the time has come for Microsoft to end support for such a dated system, but the move poses both security and operational risks for its remaining users. In addition to home computers, XP is used to run everything from water treatment facilities and power plants to small businesses like doctor’s offices.
Thomas says XP appealed to a wide variety of people and businesses that saw it as a reliable workhorse and many chose to stick with it instead of upgrading to Windows Vista, Windows 7 or 8.
Thomas notes that companies that don’t like risk, generally don’t like change. As a result, companies most likely to still be using XP include banks and financial services companies, along with health care providers. He also pointed to schools from the university level down, saying that they often don’t have enough money to fund equipment upgrades.
Marcin Kleczynski, CEO of Malwarebytes, says that without patches to fix bugs in the software, computers using XP will be prone to freezing up and crashing, while the absence of updated security protections make them susceptible to hackers.
He added that future security patches released for Microsoft’s newer systems will enable nefarious people to reverse-engineer ways to breach now-unprotected Windows XP computers.
“It’s going to be interesting to say the least,” he said. “There are plenty of black hats out there that are looking for the first vulnerability and will be looking at Windows 7 and 8 to find those vulnerabilities. And if you’re able to find a vulnerability in XP, it’s pretty much a silver key.”
Those weaknesses can affect businesses both large and small.
Mark Bernardo, general manager of automation software at General Electric Co.’s Intelligent Platforms division, says moving to a new operating system can be extremely complicated and expensive for industrial companies. Bernardo, whose GE division offers advisory services for upgrading from XP, says many of its customers fall into the fields of water and waste water, along with oil and gas.
“Even if their sole network is completely sealed off from attack, there are still operational issues to deal with,” he said.
Meanwhile, many small businesses are put off by the hefty cost of upgrading or just aren’t focused on their IT needs.
Barry Maher, a salesperson trainer and motivational speaker based in Corona says his IT consultant warned him last year about the end of XP support. But he was so busy with other things that he didn’t start actively looking for a new computer until a few weeks ago.
“This probably hasn’t been as high a priority as it should have been,” said Maher, who bought his current PC just before Microsoft released Vista in 2007. He never bought another PC because, “As long as the machine is doing what I want it to do and running the software I need to run, I would never change it.”
Mark McCreary, a Philadelphia-based attorney with the firm Fox Rothschild LLP, says small businesses could be among the most affected because they don’t have the same kinds of firewalls and in-house IT departments that larger companies possess. And if they don’t upgrade and something bad happens, they could face lawsuits from customers.
But McCreary doesn’t expect the widespread malware attacks and disasters that others are predicting – at least for a while.
“It’s not that you blow it off and wait another seven years,” he said, “but it’s not like everything is going to explode on April 8, either.”
McCreary points to Microsoft’s plans to keep providing malware-related updates for well over a year, adding that he doubts hackers are actually saving up their malware attacks for the day that support ends.
But Sam Glines, CEO of Norse, a threat-detection firm with major offices in St. Louis and Silicon Valley, disagrees. He believes hackers have been watching potential targets for some time now.
“There’s a gearing up on the part of the dark side to take advantage of this end of support,” Glines said.
Meanwhile, without updates from Microsoft, regular people who currently use XP at home need to be extra careful.
Mike Eldridge, 39, of Spring Lake, Mich., says his computer is on its last legs, so he’s going to hope for the best until it finally dies.
“I am worried about security threats, but I’d rather have my identity stolen than put up with Windows 8,” he said.