Sign in with
Sign up | Sign in

Is It Still Safe for Businesses to Use Windows XP?

By - Source: Tom's Guide US | B 24 comments

Credit: Luis Louro/ShutterstockCredit: Luis Louro/Shutterstock

After April 8, 2014, Microsoft will no longer support the Windows XP operating system. There will be no more security fixes, software updates or technical support, although Microsoft will still provide some anti-malware support for an unspecified amount of time.

Computers that continue to run Windows XP will be at increased risk for malware infection after April 8, yet many businesses have critical XP-only applications. Others can't afford to upgrade to new PCs. How much of a risk are they running?

MORE: Best PC Antivirus Software 2014

Microsoft has given Windows XP users plenty of warning that XP support will end soon, but a study released in January by cloud-services provider Evolve IP found that nearly one in five information-technology decision makers were unaware the so-called "XPocalypse" was coming.

Cloud-security firm Qualys recently found that although there has been a steady decline in the number of computers using XP, at least 15 percent of U.S. companies still run the 13-year-old OS. 

It's clear that there are a lot of companies, both large and small, that need to upgrade their computers. Small and medium-sized businesses with tiny or outsourced IT staffs may not have the time or the budget to do so before April 8.

Jackpot for hackers

A lack of software support can create security problems.

"Every standard desktop-security risk that a computer faces will be amplified, because there are no fixes being written by Microsoft," said Scott Kinka, chief technology officer at Evolve IP in Wayne, Pa.

"This involves every form of malware possible," Kinka said. "Just assume someone is on your PC while you're working. Every password, trade secret and bit of personal information is at risk."

Most versions of Windows are based on previous versions, Kinka added, and patches to the newer versions could put XP users at greater risk.

"When an exploit is identified in a newer operating system that is still widely used, it's generally also a risk on older versions of the operating system," Kinka said. "As a result, Microsoft has made it a practice to patch all of their supported operating systems at the same time."

Let's say a vulnerability is found and patched in Windows 7 a few months after April 8, when there will still be millions of people using XP. When the update comes out, not only will XP not be patched, but hackers can examine the Windows 7 update to learn where the same vulnerability exists in XP.

"You just invited them in the front door," Kinka said. "To some extent, patching Windows 7 or 8 provides a potential road map to hackers into XP machines."

It's also important to remember that it isn't only the OS that loses support at the end of a Windows life cycle.

When Microsoft stops supporting Windows XP, it will also stop supporting Office 2003. Many third-party developers will follow suit and end support for XP-compatible versions of their own software. Users may not be able to call those manufacturers for assistance with critical software that runs on XP.

"End of support will not just affect the operating system," Kinka said, "but every piece of software that runs on it — whether it's written by Microsoft or not."

There is some good news, however, regarding Web browsers and anti-virus software. Google will support the XP version of its Chrome Web browser until April 2015, and Mozilla has no plans to stop updating Firefox for XP. Most anti-virus software makers plan to support XP until at least April 2016.

A possible workaround

Windows XP users may already be experiencing problems with software upgrades. Operating systems evolve with every iteration and become more sophisticated with the addition of new features that serve an increasingly demanding ecosystem of software, peripherals and users, said Victor Thu, director of desktop product marketing at virtualization-software maker VMware in Palo Alto, Calif.

As a result, the most up-to-date OS usually takes up more memory and requires faster processors than its predecessors in order for users to take full advantage of its advanced capabilities.

Wolfgang Kandek, chief technology officer of Qualys in Redwood Shores, Calif., said there are three types of users who continue to use XP: those unaware of the impending end of support, those who don't care and those who use Windows XP-specific software or applications.

"The third category is those that we can more effectively encourage to move over to a more secure operating system," Kandek said. "You don't have to abandon or change the applications you use just because Windows XP is losing its support — a common misconception. Users can simply isolate the applications and run them via the built-in Windows XP Mode within Windows 7 [Professional, Enterprise or Ultimate editions]."

Such XP-enabled virtual machines give Windows 7 users the best of both worlds:  updated, more secure operating systems without the cost and hassle of updating applications. (Microsoft recommends "you only use Windows XP Mode if your PC is disconnected from the Internet" after April 8, 2014.)

MORE: How to Migrate From Windows XP Before Microsoft Pulls the Plug

While Windows 7 is not the most recent version of Microsoft's operating system, it is one of the most secure and it is well supported by IT administrators. (Windows 8 does not include Windows XP Mode.)

No matter what the reasons are for staying with Windows XP, its users will be significantly less secure beginning April 9. Vulnerabilities will be forever left unpatched, and attackers are expected to take full advantage of them.

Change is hard, both in terms of moving information and in learning a whole new OS. But if security is important to a company — and it should be — changing to a more recent and more secure OS is the only option.

Discuss
Add your comment Display all 24 comments.
  • -5 Hide
    web11 , March 31, 2014 7:33 AM
    If you are still using XP for your business then you deserve to be hacked. And yeah I know some people will say the MUST use XP because they still use old software but that's not a good excuse anymore, if your software developer company still doesn't have an updated version that will work with Win7 then you should migrate to something else with better support.
  • 1 Hide
    bak0n , March 31, 2014 7:46 AM
    You obviously have never been self employed living paycheck to paycheck. I watched my father do it working 12 to 16 hours a day. The cost of software isn't a torrent site for an office system so unless you are willing to fork over $1000+ to each and every business person in the nation (or world) running XP, maybe you should try living in their shoes.
  • -1 Hide
    permanoob , March 31, 2014 8:09 AM
    Windows 7 has been out for almost 5 years. If they haven't been able to eek out enough money to buy a new computer, or buy a copy of Windows 7, in the last ~5 years, they might want to consider switching to a new profession.
  • -1 Hide
    Lan , March 31, 2014 8:16 AM
    No, but I have. My father has, and still is. There is no excuse not to be done with Windows XP, none. If you value security, then you will make it a priority. If you don't, then you will be hacked and your information sold on the internet. It's that simple. Anyone not upgraded by this point deserves it.
  • -1 Hide
    red77star , March 31, 2014 8:18 AM
    It is safe cause Windows is not safe anyways otherwise we wouldn't have Tuesday Patch every week. Just have a good Antivirus and Firewall and don't use IE and XP is good to go.
  • 1 Hide
    ahnilated , March 31, 2014 8:47 AM
    "As a result, the most up-to-date OS usually takes up more memory and requires faster processors than its predecessors in order for users to take full advantage of its advanced capabilities. "Don't you mean more bloated and with more memory leaks so it requires more of a system to run it? When XP was released it had 63,000 known bugs in it. Shall we guess on the newer OS's?
  • 0 Hide
    darrenn , March 31, 2014 9:26 AM
    What about using reboot restore rx? Would that work? Or would you end up rebooting every five minutes?
  • 0 Hide
    canadianvice , March 31, 2014 9:34 AM
    Quote:
    It is safe cause Windows is not safe anyways otherwise we wouldn't have Tuesday Patch every week. Just have a good Antivirus and Firewall and don't use IE and XP is good to go.
    False. An AV can only really work within the bounds of the operating system. Many won't even support XP any longer, and the fact is you can't build a stable building on a cracked foundation.Do you not understand how incredibly stupid it is to say Windows is not safe anyway and therefore you should not upgrade? The difference is a boat flooding and taking more holes, while other MS operating systems are programmed to be more secure at a base level - and unlike XP, they're still being patched.Seriously, I know this is ranting, but why do people say something so appallingly ill-thought out? Simple, they don't know what they're talking about. XP is far less secure than newer versions of Windows, and it isn't getting patched to boot. You put two and two together.
  • -2 Hide
    canadianvice , March 31, 2014 9:38 AM
    Quote:
    "As a result, the most up-to-date OS usually takes up more memory and requires faster processors than its predecessors in order for users to take full advantage of its advanced capabilities. "Don't you mean more bloated and with more memory leaks so it requires more of a system to run it? When XP was released it had 63,000 known bugs in it. Shall we guess on the newer OS's?
    Well, let's see here - hardware has improved substantially and therefore it's not bloat - the OS can take better advantage of it. Relative to the hardware available, I would contend that Windows 7 is much lighter than XP.That first bit was kind of opinion, the second is cold, hard fact. Ever heard of something called "Learning"? I doubt MS has replicated many of the bugs in XP in coding something like 7 or 8. Plus, If XP was a buggy piece of crap, wouldn't it go to reason that you should be using one that is still being patched and built to be more resistant?
  • 0 Hide
    Cazalan , March 31, 2014 9:45 AM
    The customers I've worked with that will keep some XP systems are doing it because of 3rd party drivers for hardware, not software. They made a product with an older technology and they won't support 64bit without a substantial investment. In most cases though you can go to either Win 7/8 32bit and things will still work. If it were just the cost of a new PC and new OS that's a no brainer.
  • 0 Hide
    d_kuhn , March 31, 2014 9:55 AM
    Q: "Is it still safe for Businesses to use Windows XP?" A: Not if those machines are connected to a network.
  • -1 Hide
    koss64 , March 31, 2014 10:14 AM
    Quote:
    You obviously have never been self employed living paycheck to paycheck. I watched my father do it working 12 to 16 hours a day. The cost of software isn't a torrent site for an office system so unless you are willing to fork over $1000+ to each and every business person in the nation (or world) running XP, maybe you should try living in their shoes.
    I don't know where you have been getting your numbers but its nowhere near that for a windows license. Depending which channel you use you can easily get a copy downloaded between $50 and $200 depending on the version you want. BTW those are for Windows 8, Windows 7 licenses and computers are just way too expensive.
  • 2 Hide
    skit75 , March 31, 2014 10:21 AM
    Eek out enough money? Some small business' invested in multi-user application licenses that exceeded $12,000+ per user and the cost to upgrade that license into Windows 7 is even more. Maybe mega-corps can scrape up that cheddar easily but a small business owner is likely to find a work-around such as moving XP machines off the WAN to continue using them.
  • 0 Hide
    JOSHSKORN , March 31, 2014 10:30 AM
    I went to a medical facility recently that was running Windows Vista. Now tell me that isn't worse...is it?
  • 2 Hide
    pjmelect , March 31, 2014 11:01 AM
    I still have to support Windows 3.11 and windows 98 because of some very expensive hardware that is attached to these machines that will not run on Windows XP, even though these machines can connect to the internet I have not seen any virus problems with them. Hopefully it will be the same for Windows XP.
  • 1 Hide
    knowom , March 31, 2014 12:28 PM
    Quote:
    Q: "Is it still safe for Businesses to use Windows XP?" A: Not if those machines are connected to a network.
    The problem with that blanket statement answer is that no OS are 100% safe connected to a network. User error is still a probability factor independent of OS choice. Mozilla is still supporting XP and far safer than IE outside of Java and maybe flash as well to a lesser extent which affect other OS's as well.
  • 0 Hide
    Kman9637 , March 31, 2014 2:41 PM
    I know it's outdated and yes I have updated, but too many businesses and offices use it. Leaving no support to banks and offices isn't a very good idea. Please sign here bit.do/winxp it'll only take a second and help 30 percent of PC users
  • 0 Hide
    indian-art , April 1, 2014 12:25 AM
    Stay safe with Linux.There is a very good chance Linux OS will run well with older hardware with lower specsSwitch to the free, safe, secure & awesome OS: www.ubuntu.com/download Its the worlds most popular free OS. It has free upgrades & security updates. It has a free office suite that comes standard along with other great apps/programs.For those who like the Windows look, I would recommend: www.kubuntu.com & for older computer with lower specs www.xubuntu.com or http://lubuntu.net Or try Linux Mint: http://linuxmint.comBecause the Linux option is free & now so easy (user friendly) one must give it a try. You have so much to gain.
  • 0 Hide
    zac6x9 , April 1, 2014 2:00 AM
    For $100 on ebay you can pick up a windows 7 box with a valid COA chances are it will be faster than the xp box you are currently using that is an easy fix for the don't know and don't cares, The one I got had an 7 pro sticker which may help with some of the folk with technical problems.
  • 0 Hide
    LarryXP , April 1, 2014 7:21 AM
    Is there a way to set up Win/7/VM/XP Mode so that the Win/7 partition has internet access while the VM/XP Mode partition is isolated and not exposed to the internet?
Display more comments
React To This Article

Tom’s guide in the world
  • Germany
  • France
  • Italy
  • Ireland
  • UK
Follow Tom’s guide
Subscribe to our newsletter