Why is Microsoft backtracking on Windows XP end of life?


As Microsoft’s nearly 13-year-old operating system, Windows XP, nears its official retirement date, the company has announced that it will continue to offer anti-malware support until 14 July 2015, more than a year after doomsday.

Catering to the stubborn

Microsoft had previously insisted that all support for Windows XP and its associated software would end on April 8th 2014, meaning that any security vulnerabilities subsequently discovered would forever remain unpatched.

According to NetMarketShare, XP still represents nearly 30% of PC users, meaning that such a sudden cessation of support would spell disaster, even when only considering private PC users alone. However, Microsoft gave more than ample warning to its customers about XP going out of commission, having announced the end-of-life date in early 2012.

Despite this, many people have been reluctant to upgrade. Could Microsoft be backtracking exclusively for the sake of these stubborn XP users, or could there be some other motivation for the company to continue to offer support for such a geriatric operating system?

Windows XP, under attack

According to Robert Johnston, a marketing director at one of the largest ATM suppliers in the US, as many as 95% of US ATMs still run on Windows XP. Because many of these ATMs are as old, if not older than the operating system itself, they don’t possess hardware capable of running the newer operating systems that Microsoft recommends. An upgrade of such magnitude would require a complete physical overhaul of the ATMs themselves, and banks have been reluctant to comply.

Upgrading even a single ATM to run Windows 7 can cost upwards of thousands of dollars, especially if new components are required. That aside, XP has already been exploited by hackers looking to attack ATMs.

In 2013, a high-profile criminal group in Europe took advantage of a security vulnerability in XP that allowed them to use flash drives to infect ATMs with malicious software, emptying the machines of cash one-by-one. Researchers estimate that they may have gotten away with millions of Euros.

Considering how vulnerable the aging OS has been in recent years, it goes without saying that it would represent a potentially catastrophic security risk without any ongoing life-support from Microsoft. The period of extended malware support following the end-of-life date is likely a last resort for the company, allowing primarily for banks to play catch-up, as well as any fortunate lollygaggers still running the OS on their home computer.

Nobody likes change

It should come as no surprise that many have been reluctant to upgrade. Windows Vista, the OS that came out immediately following XP, suffered a dismal public reception, putting many users off the idea of switching for years after-the-fact. Although Microsoft’s subsequent operating system, Windows 7, fared significantly better, their most recent incarnation, Windows 8, hasn’t done as well.

This hit-and-miss pattern is bound to make any consumer wary, but it must be said that the risks of staying with XP far outweigh the comfort and familiarity it offers. As time moves on, computers running on XP will only continue to become slower, more unstable and significantly more vulnerable to malicious attack.

  • Edward Jones works for Firebrand Training overseeing community engagement. Having worked in the industry for 3 years, Edward has experience with a range of Microsoft technologies and operating systems. Edward writes for a variety of blogs and technical publications on all things technology.

  • Trey

    Hey Ed,

    I appreciate the article on XP End of Life Support. My partners and I have recently released a software service known as “XpExtend” which continues XP/2003 and Office (XP/2003) support for a few dollars a month.

    We think it’s ridiculous Microsoft is dropping support for such a widely-used platform. Hopefully people using XP will choose someone (us?) who will keep their systems up to date. Otherwise there are many more targets out there for malware authors.

    Check it out at xpextend.com