Technology in terms you understand. Sign up for the Confident Computing newsletter for weekly solutions to make your life easier. Click here and get The Ask Leo! Guide to Staying Safe on the Internet — FREE Edition as my thank you for subscribing!

How risky will it be to keep running Windows XP?

I’ve had a few people mention to me a recent blog post by Microsoft1, discussing what the company feels are some of the many risks associated with continuing to run Windows XP after the end of support in April of 2014.

I’ve had more people point me at “press” (I put press in quotation marks because many don’t actually deserve to be referred to as legitimate and reputable) reports based on that same post. These run the range from a relatively accurate reporting of what was said to an all-out “Microsoft is introducing zero-day vulnerabilities in XP that they won’t fix so you’re forced to switch!!!” hyperbole.

As is so often the case, the truth is much more nuanced than that.

And yet, it is important.

Become a Patron of Ask Leo! and go ad-free!

No one is intentionally introducing vulnerabilities

Let’s start by clearing that one up.

The notion that Microsoft would intentionally introduce vulnerabilities into their software to force people to upgrade is patently absurd to me. I know the Microsoft-haters want it to be true; sadly, some will actually believe it.

That notion is simply not good business and it’s not necessary.

The transition is happening, albeit perhaps more slowly than Microsoft might like. At best, that kind of self-sabotage would only hasten the inevitable at the risk of further reputation-damaging press as well as potential legal action. I don’t believe Microsoft is so stupid as to risk those kinds of results just to accelerate a timetable.

Besides, they don’t have to do that. Windows XPThe vulnerabilities are already in there.

They just haven’t been discovered yet.

Software has bugs – complex software has lots of bugs

It’s difficult for many people to grasp this concept, but it’s as true today as it’s ever been.

All software has bugs; unintentional errors that creep in during development and revisioning. The vast majority of these bugs are so benign as to be inconsequential or go completely unnoticed for years.

Or decades.

Even though Windows XP has been out for well over a decade, there are still bugs in the software that have not been discovered. An operating system like XP is almost unimaginably complex and the probability that all of the bugs that it contains will ever be discovered and fixed is exactly zero. It won’t happen.

Over time, some of those bugs will be discovered. And they will be exploited by malware authors.

How bugs found in Vista, 7, and 8 may impact XP’s security

Windows Vista was not a complete rewrite of XP. Windows 7 wasn’t a complete rewrite of Vista, and 8 wasn’t a complete rewrite of 7. In each case, some components were rewritten, some were altered only slightly, and others were left alone.

Windows Vista, Windows 7, and Windows 8 each contain some code that dates back to Windows XP. And with that code comes the potential of bugs.

So here’s the scenario that could happen after April of 2014:

  • A vulnerability is discovered in some part of Windows 8 (or 7 or Vista) – a vulnerability that could be exploited by malware.
  • The vulnerability is patched and the affected software updated – but if they are affected, only Windows Vista, 7, and 8 are fixed.
  • Malware authors examine what was fixed, how it was fixed, and figure out what the original vulnerability was.
  • They then ask an important question: “Was this vulnerability in Windows XP?

If so, they can write malware that targets the vulnerability in Windows XP, which they know will never be patched.

The accusation

If you follow that scenario closely, you realize that it can be interpreted this way:

  • Fixing bugs in Windows Vista, 7, and 8 can cause vulnerabilities in Windows XP to be made public.

And indeed, that’s true. Hackers will use the information. They can reverse engineer bug fixes in supported versions of Windows to exploit any vulnerabilities that might remain in unsupported versions, like Windows XP.

And that’s exactly what the Microsoft blog post warned about.

Some people, or perhaps media outlets looking for sensational headlines, claimed that this scenario was entirely somehow premeditated maliciousness on Microsoft’s part.

In reality, it’s nothing more than an expected side effect of exactly what has been planned and publicized all along:

  • Microsoft will continue to fix bugs in supported versions of Windows, as they should.
  • Microsoft will not fix bugs in unsupported versions of Windows, as they’ve been warning us for years.

The other accusation

There’s another scenario that I’ve heard that is unprovable at this point. It goes like this:

Microsoft knows about vulnerabilities in Windows Vista, 7, and 8 that they are choosing not to fix and leaving those systems vulnerable until after the Windows XP support end date, so that they won’t have to fix them in Windows XP.

In other words, it’s a conspiracy theory!

I’ll stick with what I said: it doesn’t make business sense for Microsoft, and it’s just not necessary.

Until presented with cold, hard facts (and not hearsay), I give that accusation exactly zero credibility.

What it all means to you

If you’re still running Windows XP, I’d seriously encourage you to consider an alternative come April.

It doesn’t have to be Windows. Particularly if you’re keeping an older machine that’s incapable of running later versions of Windows, variants of the Linux operating system2 are viable and useful alternatives. Best of all, they’re free.

While it probably won’t be as bad as the scare-mongers might have you believe, the bottom line is that by continuing to run Windows XP beyond the end of support date, you are intentionally choosing to take on some additional risk.

Is that risk worth taking? Only you can answer that.

If you do go down that path,  I encourage you to stay on alert and keep your defenses strong. Up-to-date anti-malware tools, common sense, and regular backups will be more important than ever.

Do this

Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.

I'll see you there!

Footnotes & references

1: The original blog post has been removed, apparently. Closest equivalent I can now find is here.

2: While I don’t consider myself has having enough depth of experience to make formal recommendations in the Linux world, I do run Ubuntu on several machines, and have heard several good things about Linux Mint. Ultimately, however, there are many, many worthwhile distributions.

64 comments on “How risky will it be to keep running Windows XP?”

      • Mark (or Leo!) I am not a PC Geek so tell me what I would have to do to run these systems you speak of. Presently I have a Dell Optiplex GX 280 and my OS is Win XP Pro SP3. I seldom use my IE7, preferring Firefox instead.

        Please keep in mind although I’m not a novice user I am not up on all the “technical speak” so don’t be too hard on me, it doesn’t take a lot to go over my head!

        Leo I really enjoy your articles, I look forward to them each week. I have learned a lot and you have helped me in many respects with minor problems etc.

        Thank you,
        Danny

        Reply
        • Yes Leo, please give not only recommendations of what Linux software to get, but how do you install a new system and get rid of XP. If possible, I would like to safely continue using the old (but still working) home computer on the internet and not have to purchase a new computer.

          Reply
  1. I know some people who used Windows 98 after support had run out, and I haven’t heard of any major problems. This may lead people to a false sense of security in continuing to use XP. When 98 was in use, there weren’t nearly as many computers at the time, as the big explosion of computer use came with XP. By the time support for 98 ran out, Windows 98 didn’t have nearly the % of market share as XP has now, not to mention the sheer number of users. I estimate 25%-30% of people will be using XP next April. This will be a very tempting target for hackers, and I believe the incidence of infection will be much greater than with previous versions of Windows when support stopped.

    Reply
  2. Whilst XP, the operating system itself will not receive any updates after support ends; will installations of Microsoft Security Essentials still receive definition updates, or will those stop also?

    I could live for ‘a while’ without the OS updating, but not my AV solution of choice!

    I understand that newer revisions of the underlying engine itself will not update, but how about those definitions?

    Reply
    • HMM that is a good question i can say this if they are not going to support the operating system, i think maybe the support for programs may end as well don’t take that as a yes as i really can’t say for sure but it makes since that they would not continue making the program compatible. And i would think running a outdated version of MSE would leave you open to security vulnerability as well. Because programs are updated to fix vulnerability’s as well.

      Reply
    • The phasing out of support for XP doesn’t have anything to do with support for MSE. They are two completely different animals. If and when MS decides to replace MSE with another antimalware program or simply stop supporting it, they will announce it, and you’ll have time to upgrade to MS’ new AV or look for another AV solution. If you sign up for the Ask Leo Newsletter, you can keep abreast of these things.

      Reply
    • To be honest I’m not sure. I would expect updates to MSE to continue until MSE itself becomes dependant on features in later versions of Windows. But I can’t say for certain.

      Reply
      • In the same vein, wouldn’t Norton come through with updates that search out malware that arises from newly discovered vulnerabilities MS won’t be fixing in XP?

        Reply
  3. Also awesome write up on Windows XP Leo i like how you put it in to context that Microsoft is not going to open up security holes in there operating system,I totally agree the media hype around this is way out of control,those company’s like to blow things way out of context for sure. Thanks for bringing it all in to light for those that use this operating system.

    Reply
  4. I have a scaled-down version of XP on an Acer netbook. Presumably that will be affected. What should I replace it with?

    Reply
  5. Hi:
    I own several very expensive legacy digital cameras that still serve me well. Although their software interfaces for tethering the cameras to computers are no longer supported, I continue to operate them on XP. The best solution for protection from malware? I just keep those dedicated machines off the Internet.
    Jim

    Reply
  6. We have a legacy business software that only runs on XP or earlier. The single XP machine running that software is not connected to the internet. Would it be correct to assume that an XP machine not connected to the internet is safe after support runs out?

    Reply
    • Whilst the Internet is apparently the most likely source, keep in mind any other “external” sources such as SD Cards, USB Sticks, Bluetooth etc, could introduce such problems.

      Back on our company network, we had more problems introduced by such means, than from the Internet, e-mails etc.

      There is also a very slim chance that your solitary XP PC already has some malware on board, waiting to be triggered by a specific circumstance, such as Date and/or Time etc.

      Reply
  7. mtrphx:
    There are no free alternatives that act like windows and will run your windows software. Linux is a completely different system and needs software that is designed for it.
    If you are still running an old computer with XP, it is possible that the newer versions of windows will not run well on it. It may not have enough processor power or memory or need drivers for things that are old enough that the companies never bothered to make new drivers for them.

    My best suggestion is to look at what it might cost to upgrade your computer vs buying a new faster one that can run the current operating system.

    Reply
  8. I will continue to keep my antique IBM R51 running XP to run a few odd programs. Of course it will not be connected to the internet. XP was born into a world not fully dependent on the internet.

    Would love to transition to Linux but am a heavy CAD user and cannot afford the transition time.

    Reply
    • I’m in the same boat. I depend on a few low cost engineering and CAD programs which run on Windows and NOT Linux. I have a large investment in hardware, that I can’t afford to replace.

      Reply
  9. I run XP because I really like it and it’s been super reliable. I have Windows 7, but haven’t installed it because I don’t know of a painless way to make the switch. Is there anything out there that will allow switching to Windows 7 without having to reinstall all of my personal and support programs??

    Reply
    • Unfortunately, installing programs from scratch is the only option. If you use a lot of freeware the Ninite installer can save you a lot of time by installing most of the popular freeware programs automatically and most importantly for many, making sure toolbars and other foistware are not installed along with the programs.

      Reply
  10. “you are intentionally choosing to take on some additional risk.”

    I suggest that it should read-

    “you are intentionally choosing to MAINTAIN THE PRESENT LEVEL OF risk.

    The vulnerabilities within XP (in this case) remain the same, so there is no difference in the level of potential risk, ie it remains the same whether later versions of WINDOWS are introduced or not, as XP itself is not being supported or updated after April 2014, there will be no truly additional risks added to it.

    How many “bug corrections” have introduced their own new risks?

    And as at present and in the past, all or any of those potential vulnerabilities only become actuals if someone discovers them and produces associated malware, whether that be by direct research and examination; or by back-engineering Microsofts updates etc.

    As more people move on to later versions of WINDOWS; XP usage reduces by natural attrition, fewer will find writing malware for a reducing XP community an attraction, so generally the risk seems more likely to diminish.

    Has anyone made any observations of the corresponding situations over the earlier transitions of WINDOWS to later versions?

    Reply
    • Comparing XP’s end of support with other OS transitions wouldn’t necessarily yield useful data. XP is the “baby boom” of operating systems. It was vastly more popular than previous OSes. XP was the main OS during the time the Internet and home computer use were coming of age. XP has a market share of about 31% while Win 7 and 8 respectively have market shares of 37% and 4%. I believe this will make Win XP a more interesting target than previously phased out OSes.

      Reply
    • I stand by my statement: “you are intentionally choosing to take on some additional risk.” – While the vulnerabilities are still there, the increasing risk comes from their eventual discovery and accumulated exploits over time. The fact that XP’s market share remains high means that this risk will remain, and indeed increase, before it gets better.

      As someone else said comparisons to previous Windows transitions are, essentially, invalid. Windows XP was a watershed moment for Windows – no version has had as many people hang on to it for as long as they have XP.

      Reply
  11. I understand your explanation, and it makes sense, thanks.

    But what I can’t understand (and never have) is why Microsoft always insists on fixing what simply isn’t broken! I haven’t come across a single person who’s upgraded to Vista, W7 and W8 who doesn’t yearn for the simplicity and user friendliness of XP.
    I upgraded to W7 and quite frankly, I hate it.
    Jo

    For me XP was just about perfect.

    Reply
    • “I haven’t come across a single person who’s upgraded to Vista, W7 and W8 who doesn’t yearn for the simplicity and user friendliness of XP.”

      Well, count me then as the first person you’ve encountered who honestly prefers Windows 7 (and yes, even 8).

      In fact, I hear often from people who share my sentiments and prefer 7 or 8. The problem is that people who dislike 7 and 8 are the ones more likely to complain about it, so it can often seem that they are the only ones out there. In reality the rest of the people who are just fine with 7 and 8 are quietly moving on and getting work done.

      Reply
      • Count me in too. I learnt on Windows XP, but when my computer crashed it got upgraded by the technician, and I simply came back home and learnt the new way on Windows 7.

        I think a lot of hate comes from reluctance to accept change or learn new things. My grandparents didn’t refuse to use electric lights in favour of the old oil lamps or candles.

        Reply
      • Before I tell you my thoughts on XP, I need to give you some background…
        I have no formal training in networks, domains or computer support. (My background is electronics engineering.) However, when I signed on with my current employer, they put me in charge of their entire computer system. (I didn’t want the job.) My hands tied tightly by a very restricted budget, I somehow succeeded in upgrading the system from a peer to peer mess to a solid Windows 2K domain. I established backups, security systems, business software, email, etc. I had to maintain 25 desktops and laptops, and 3 servers, running OS’s ranging from DOS 6.22 to Windows 3.1, Windows Me, Win2k and XP. All the while doing my full time engineering job at the same time! It was a THANKLESS JOB for PITIFUL PAY.

        As our business grew, we were hampered by the limitations of dialup internet. I fought battle after battle for funding. I tried repeatedly to negotiate affordable deals with hi-speed providers. But they just wouldn’t run lines to our rural location. Satellite was terribly unreliable. Management blamed me for the slow internet. The job was taken from me and given to a college educated “wonderkid”. A week after he arrived, one of the ISP’s I worked so hard to entice walked into the building and laid everything I fought for on the wonderkid’s lap. He got all the credit.

        A couple years later, the wonderkid left, and a new IT specialist took over. Upset that I had been allowed to keep my administrator passwords and access, she succeeded in convincing managment I was a “threat” to the system. (I did NOTHING to deserve that.) My administrator passwords were disabled. My local rights were downgraded to “user”. Humiliating, and demoralizing to have to beg the woman for every upgrade or change I need.

        So my perspective is not one of an IT specialist, but of a power user, who was forced to support generations of Windows products. My conclusion? Of all the OS’s I worked with over an 8 year period, I prefer XP. It has been the most reliable, stable, easy to configure and user friendly. It worked with all the hardware we had. It didn’t lack any features that we needed. It was fast and did not overload hardware resources.

        I was recently forced to switch to Windows 7 on my work machine. It has bugs our IT specialist has not been able to resolve: Disappearing icons. Files that suddenly change ownership and can’t be renamed, deleted, or moved. CONFUSING menus for display settings, windows, taskbars, etc. Frequent crashes or freezes. Hardware that I used or depended on for my work, won’t run under Windows 7. It has not been replaced. (No current drivers.)

        I haven’t had a payraise in 4 years. I’ll keep XP running on my home PC. If I have to block internet access, to make is secure so be it. I will setup a cheaper machine with Linux for Internet access.

        Reply
    • I too think the UI changes made in Windows 7 were all for the worse. Change for the sake of change. The Windows 8 UI changes are indescribably bad.

      Reply
    • I don’t understand comments such as these: “I upgraded to W7 and quite frankly, I hate it.”

      I got Windows 7 when I purchased my laptop. Yes, it looked different, but I found it worked just like XP. Yes, Windows Explorer is different, but it still does what it always has; the menus have just been rearranged. Yes, the Start menu is different, but it is still present and does the same thing: launch programs, frequently used programs show up first in the menu, the right side of the menu has shortcuts to Documents, My Computer, etc., just like it was in XP.

      So what is so wrong with Windows 7?

      Reply
  12. “Malware authors examine what was fixed, how it was fixed, and figure out what the original vulnerability was.”

    The patches are distributed as executable code. Is it really feasable to carry out reverse engineering and to determine the original vulnerability?

    Reply
  13. Well, I am now 90 years old and have been an old geek since 1992 and have gone through several versions of Windows, starting with 3.1. I have no intention of upgrading my 11 year old PC to 7 or 8. It works fine. I keep it clean. I back up regularly. Someday I will have to go to assisted living. The thought of giving up my computer is more than I want to think about . I do all my financials, personal contacts, etc. on that PC . I may have the machine cremated along with me. In the meantime, all you malware SOB’s, do your stuff. I’m not afraid.

    Reply
    • Do yourself a favor and logon to your XP machine as a limited/restricted user rather than an Administrator. Each userid can have the same password if you find that easier. Doing so adds a bit of inconvenience and there will be times when you need to logoff the restricted user and logon as the admin. But, I think the added safety is worthwhile, since you will be using an OS with a target painted on its back.

      And, some of your backups should be “image” backups rather than file backups. Search this site for articles on Macrium Reflect for more on image backups.

      Reply
      • There is a reason it’s called a FIXED income-it neuters you pretty good. I have to slap computers together with bologna rings and dental floss as it is.

        And LINUX LINUX LINUX…no. I was thrilled to leave writing DOS shells behind in the mid-80s and why does everybody push it or alt. browsers on me every time I mention a ‘hiccup’? Like our older commenter here I got my first PC in 1992 and I had another 14 previous years of experience with everything from TRS-DOS to HP 3000. Should I have tried harder in 1984 and learned FORTRAN and COBOL? Ehh, that’s probably highly unlikely.

        IS Windows XP a soft-landing dBase IV? No, but it’s longevity speaks to an unaddressed need for stability in users’ lives…they don’t really need fancy UIs that are somewhat foreign and those that exist for mobile devices aren’t very good for the desktop experience.

        Every day I see old CRT monitors on classifieds sites that have to be given away, there are so many and people will accept a CRT television and adapter box for sale…it depends on what the USAGE is I guess. Truck drivers will overhaul their rigs for 30 years or more, railroads use 1950s diesel locomotives in the yard if it’s economical, audio enthusiasts restore vintage stereo gear. It’s a universal trait to make things last when the alternative is too expensive, complicated or downright unsatisfying or inferior. XP meets those criteria.

        Microsoft hasn’t invented a new XP yet. I can’t afford to upgrade either and as I said I am hardly enamored with learning the ‘new geekspeak’.

        Getting infected from external storage is as old as Granny’s tonic. The real focus should be that these exploits need to be traced and the creators stopped. Just being reactionary is allowing the problem to grow without end. I’m certain that by now some of the people responsible for some dubious content are also triggering malware to try and profit from the ‘cure’ of going there. Ethics becomes layered like a cake in that case.

        Until a reasonable, affordable and practical Windows is available and people can find better reasons to migrate than ‘new OS smell’ there is little a lot of people can or want to do. They don’t see a computer as a lifetime experiment, it’s a MACHINE, another appliance and in their minds it ought to work like a toaster or a TV.

        Mr. Ballmer did not fail because he couldn’t address the mobile market, he failed because he could not introduce better quality core software. This point needs to be addressed.

        Reply
    • Congratulations Lou. There are people 20 or 30 years younger who’re still scared of technology. Keep on going until you can’t go anymore.

      Reply
  14. I disagree with your conclusion that Microsoft would/could find it a bad business decision to with hold updates to the later versions of Windows until the drop dead date for XP. No one would be the wiser. And stories about people whose computers became infected after the drop dead date would abound, creating a stampede to one of the newer versions of Windows.

    You can count me as one of those who wish XP wasn’t dying. I’ve already transitioned the 7 computers I manage to Windows 7 and have endured far more problems than I like. I understand Windows 8 is having its share of problems as well, hence the release of Windows 8.1 and free copies to those registered Windows 8 users.

    Reply
  15. As ever, I wouldn’t disagree with any of Leo’s wise words, but I do sometimes wonder whether that extra risk to which he alludes is quite as serious as some people suggest. I know people who don’t bother with Microsoft’s updates, and I can’t say I’ve noticed them suffering noticeably more malware infections than those who do. I would imagine that the security program vendors will take a little more trouble over protecting XP systems for as long as they continue to support them, which will probably be for a few years yet.
    I obtain additional security by using Horizon Rollback or Comodo Time Machine to keep easily loaded clean snapshots of my system in case of malware or other corruption, but such programs have to be used with care.

    Reply
  16. I see so many comments saying things to the effect of, “If it ain’t broke, don’t fix it.” I understand the pain people go through learning the new user interface. Leo compared it to moving the controls on a car radio. I compare it more to the experience I had learning to drive a British car and shifting with my left hand, not to mention having to drive traffic circles in the opposite direction.
    What many people don’t understand is that the real changes are under the hood in a new OS as well as in a new car.
    I think MS should have included a legacy interface, but since they didn’t, it’s like most other annoyances in life, we could better spend the time we would have spent complaining to learning the new way of doing things.
    I could have gotten mad at the Brits for driving on the wrong side of the road and making me learn a new way of driving (I did curse a little ;-) ) but I just adjusted to the reality of the situation and got on with my life.

    Reply
    • Very true, but we all focus on different aspects of something like this and base some motivations off of personal experiences. I’ve been using W7 since 2009, it sure took out Vista, and it should have taken out XP too right? But it didn’t, so overall there is a pattern beyond the personal or should we say in aggregate of he personal experiences that led to what now amounts to an overwhelming “deathgrip” on the XP operating system. Not all for good reasons either; China for example is estimated to be running 72% of their XP computers with pirated versions.

      Overall though this is an entirely different phenomenon than resistance to change and unwillingness to learn something new, otherwise someone better explain why a more recent Windows OS is a relic, and the ancient one is not. If there is an answer, consider it again, because I just might have you coming and going on that one.

      I’m not impressed with anything “under the hood” on all three (four?) recent OSes, third party software almost always has it beat on every front and that is the Great Equalizer as I say, which together with the U.I. which I find ever so simpatico to heavy daily use…well, it keeps me coming back strongly even after learning the less efficient “new ways.” Somewhere in the last decade Microsoft’s motivations changed from just building a better OS to building something different and hyping that as revolutionary but it’s nothing of the sort, it’s evolutionary at best because they’ve also made changes that restrict a user in so many more ways in order to better enforce their copyright. No one, including me wants to see a country with 72% pirate rate, but that doesn’t stop me from also finding all the restrictions bordering on draconian now, a very bitter pill to try and swallow when I have so much freedom with my OS now. Sorry, Microsoft’s OS :) and from my experience, over more than a decade now with XP, is that windows updates are perhaps the least critical aspect of security IF a proper regime of basic security is already followed. In fact, I think social hacking will be the biggest threat because that affects the most vulnerable component (the user) regardless of Windows OS and I don’t think there’s been any security updates for that for many a year now. : )

      Reply
  17. This action by microsoft is not new, all older versions of Windows have been phased out in the same method. Windows XP is one of my favorites and I still use it on one computer, minimul hard drive and memory needed and still one of the easiest operating systems ever. Security is the key to how much longer you can use it. I installed Windows 95 and then 98 on an old machine last year just to rememberr how they were, XP is still great.

    Reply
  18. I noticed a disturbing trend decades ago…
    1) a programmer with current technology writes a useful application.
    2) application becomes popular and makes programmer a lot of money.
    3) programmer takes his new wealth and buys himself a lot of new toys, including a state of the art computer.
    4) using the latest hardware’s capabilities, programmer makes application do more cool and useful stuff.
    5) new version of application now requires better hardware.
    6) hapless user is forced to buy new hardware if application is important.

    Here is my question…
    Does that make the programmer responsible for the hardware upgrades that the new application requires?

    Reply
    • Not at all but that trend has most definitely come to an end or at least slowed to a crawl. Demands are to run more efficiently on less powerful hardware now, limiting both heat production and maximizing battery life.
      The key to easy street now is a hot-selling app that runs on portable devices.

      Reply
  19. My suggestion for those who must run legacy software is get a newer system and install virtual box from Oracle – it is free! It will make those old programs feel like new. It was a joy installing an older OS with the message this will take 2 hours and have it finish in under 20 minutes. In the old days those time estimates were pretty optimistic and usually took longer.

    It really is a good solution. A decent pc can be had for $300 much better and faster than older equipment add a Virtual Machine and you can run Win 8, Win 7, Win XP, 98, 3.1, ME, etc.

    Reply
  20. Leo, for users who want to continue surfing the internet using Windows XP after April 2014, would sandboxing the browser significantly reduce the risk of doing so? (I’m assuming it is not possible to sandbox the XP operating system itself.) Thanks…

    Reply
    • “Significantly”? That somewhat depends on your habits, but yes I do believe it’s a good addition to the security arsenal for those remaining in XP.

      Reply
  21. Of course we have to keep pace with development, but Microsoft’s financial plans do not always sync with mine. I’m not ready to upgrade from XP, so I’ll either have to change to Linux or I’ll have to live with the risk and rely on constant backups. Microsoft is a business and we can’t prescribe how they should run it, but it is alarming that so many third party authors and support sites move on and discard older systems so over-eagerly. I don’t care about percentages, but I am certain that, in terms of sheer numbers, there will still be millions of people using XP for the next few years, regardless of all the arguments urging them to upgrade. The overzealous sites will lose the XP fraternity. And, no, I’m not saying we have to be stagnant – just that we should not ignore the real facts on the ground. Microsoft is making computing more and more expensive and many home users simply cannot keep pace with buying new software, hardware and everything else that comes with the latest OS’es. Neither are they into doing geeky things like installing virtual stuff, etc.

    Reply
  22. DISCLAIMER
    Just noticed there’s more than one Tony in this thread. The two posts on 26 AUG 2013 are not mine. I posted on 31 AUG 2013.

    Leo, do you have a username “protocol” (if that’s the right expression to use)? There was no flag when I registered a few years ago, indicating the username was already taken. Obviously no flag when the other Tony registered either, if he came along after me.

    Reply
    • Since there is no registration for posting a comment on Ask Leo!, there is no exclusivity for user names. If you want to identify yourself more specifically, you can use an initial or 2. Or to really pin it down you can use a Gravatar which can be your photo or an avatar of your choosing.

      Reply
  23. Maybe this oversimplifies it, and Leo, you can correct me if I’m wrong. Yes, my XP computer is connected to the internet, but it’s through a NAT router, so if I understand it correctly, someone can’t just “hack” into my computer. So for a security vulnerability to get into my computer, I would have to invite it in.

    Considering that my wife and I are smart enough not to click on unknown links and we don’t download and try new software, I would think that the risk of continuing to run my XP computer after next April would be nearly nil. The XP computer has all the software that it is likely to ever run, so the only installations are updates to existing software (e.g. Firefox, Flash, Adobe Reader) and I think we can trust Mozilla and Adobe to make sure that their updates are malware free.

    Reply
    • That would give you some degree of safety, but if you accidentally go to an infected website or even a legitimate website which has been hacked, you’d be more vulnerable than you’d be with a patched system. I don’t mean to be an alarmist, but there are dangers out there.

      Reply
    • I would certainly not say “nearly nil”. There are still ways you could be infected.

      If you visit malicious sites – even accidentally – you could be “inviting in” malicious software. Similarly if a trustworthy site is hacked (say, God forbid, Ask Leo! were hacked) then it’s very possible you could download malicious software from sites you trust.

      There are other vectors as well (infected removable drives, and so on).

      Having good internet habits absolutely helps – in fact it helps a lot – but I don’t want you to have an over-inflated sense of safety, there will still be the potential for issues.

      Reply
  24. My problem with the constantly changing OS is the same as a few others have expressed. I’m not against learning a new interface, but I can’t afford to update all my software and peripherals. I thought I saw a good resolution in Windows 7 Pro, because it could still run XL software and drivers. I guess I waited too long to try to update though. A couple of months ago, I decided to buy a large (17″) laptop to use as an alternative (but not replacement) for my desktop computer. I found a new Dell that had almost every feature I wanted, but they wouldn’t load it with Windows 7 Pro. The only laptops available with that OS are business versions that cost considerably more and omit several of the features I want. I wound up not buying a new computer at all. I’ll run this 8-year old Dell until it drops. I replaced a bad graphics card last week and ordered a new monitor for it this week. If I have to switch to Windows 8, I’m afraid my wife will stop using the computer altogether. She is very tech shy, and I doubt if I can convert her, although I’ll try.

    Reply
      • But I’m still stuck with the problem of updating all our software. She doesn’t have the full Office Suite on her laptop, because she wouldn’t use it. She uses Word 2003 to write letters to those who don’t have email and Thunderbird (grudgingly) for those that do. Sometimes she’s forced to use Thunderbird, but she doesn’t like it anymore than she did Explorer, maybe less. The kids talked me into giving her a Kindle several months ago and she’s charged the battery, turned it on, and gave up on it. Hasn’t used it since. I use my desktop PC a lot, including the full Office Suite 2003, a couple of CAD programs, an older version of PhotoShop, and Studio 10 for videos. Really can’t afford to replace them all and am also concerned if I’ll be able to use our present printer and scanner.

        Reply
  25. Hi Guys, reading through your q and a has succeeded to scare me to this extent.i have an advent laptop and hp pavillion desktop ,both running Xp ,so please tell me how to dispose of all the information on them permanently.am to old in the tooth to understand tech problems ,so will seriously consider buying new computer and so system.

    Reply
  26. KEEP winXP

    I started-out in Computers in 1965 (when “Mega” anything did not even exist) writing in Machine Language – no not even up to Assembler Language, at that point, on a 10K yes 10K CPU Mainframe.

    Those who aimlessly let Microsoft push them into changing operating systems because Microsoft wants more revenue are too stupid to own a computer. Those are the same people who would admit that Obama knows what’s best for them.

    End of Life support is a GOOD THING –
    it means that they are 99.99999% DONE debugging it !

    Reply
    • I don’t think you are quite understanding how this so-called “debugging” works. A good portion of patches made to any operating system are because actively working malware creators are constantly looking for vulnerabilities. When they find one they exploit it. After the attack is discovered the software developer works to cover the hole. So the end of XP support means that vulnerabilities will no longer be patched.

      Leo has a great article on that here: http://askleo.com/whats-an-exploit/

      Reply
  27. I have an hp mini.not enough ram to upgrade,and i dont think i could get the ram required anyway, not enough money either. So does this mean i have a really cool typewriter? I mean i couldnt use it on the net safely ever right?. So aggravating!

    Reply
  28. I have a desktop that runs the XP operating system. I am not very savvy with all that has been said but I do like the XP version. I am on a fixed income, I am a senior citizen and dont have the additional cash to buy another computer, I need that money for food and fuel. Can MS help me financially to get another computer since they are the ones that have to decided not to support XP any more? Microsoft Can You Help Me?

    Reply
  29. I would advise any one with XP to upgrade now, it’s an old system with so many patches (several hundred), IE8 is well outdated, also if you want more than 3GB of Memory you need a 64 bit Operating System. It’s a bit pointless running a 32 bit operating system on a 64 bit hardware system (and most are and have been for a few years now)
    Sadly Windows 7 retail finished last year and OEM finishes in September this year so you are pretty much forced to buy the terrible Windows 8 as Windows 7 copies are pretty extinct apart from the illegal downloads, even with the 8.1 Start menu “replacement” Windows 8.1 is still awful to use for users and admins alike. If you can stomach a Linux operating system you might be better off, support for it is improving considerably especially as manufacturers are now selling units with it.

    Reply

Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.