Still Running Windows XP? Here's What to Do When Support Ends

After April 8, most users of the Windows XP operating system will no longer receive security patches, application updates or any kind of support from Microsoft.

Windows XP machines will be more vulnerable to malware than ever before, and users' personal and financial information will be at greater risk of compromise by identity thieves.

So what should Windows XP users do? Do the dangers of running XP after April 8 warrant upgrading an old PC to a newer version of Windows? Or would it make more sense to simply buy a new computer?

MORE: How to Migrate from Windows XP Before Microsoft Pulls the Plug

"The main thing consumers have to worry about is that every month, there are [new] vulnerabilities found in Windows," said Wes Miller, research vice president at Directions on Microsoft, an information-technology consulting firm in Kirkland, Wash. "New exploits generally are made to take advantage of those vulnerabilities. 

"Nobody really expects that to stop," Miller continued. "In fact, in some ways, it could likely increase after April. There is really limited protection that people can put into place to protect themselves, because Microsoft won't be patching the [default] browser, Internet Explorer 6, or the OS."

Microsoft will be publicizing security holes that get fixed in Windows Vista, 7 and 8. Unfortunately, many of those holes will exist in XP too, with the result that malicious hackers will have a Microsoft-drawn treasure map to XP exploitation.

Roger Kay, principal analyst at Endpoint Technologies Associates, a technology-marketing consultancy in Massachusetts, thinks many consumers won't need to worry about the end of support for Windows XP.

Most consumers usually buy a new operating system when they buy a new PC, he noted — and the last time new PCs running Windows XP were for sale in retail outlets was at least four or five years ago.

Still, something between 20 and 30 percent of PCs worldwide were running Windows XP in December 2013. Many, perhaps most, of those machines won't be discarded or upgraded by April.

Sticking with XP? Here's what to do

People who absolutely must use Windows XP for some reason, such as to run specialized software not available for later versions of Windows, or perhaps because they can't afford a new PC, should take several precautionary steps.

— Ditch Internet Explorer. XP users should switch from Internet Explorer to third-party browsers such as Google Chrome or Mozilla Firefox, Miller said. Both browsers will support XP, and continue to receive patches, beyond April.

"Because IE [Internet Explorer] is part of the OS, the day support stops for Windows XP is the day it stops for IE," he said. "That's your connection to the Internet, and it's your first vector of infection."

— Ditch Outlook Express. "Same thing with an email client," Miller said. "I would also avoid using [the business application] Outlook 2003, which will pass away on the same day."

Outlook Express fans might want to consider the Mozilla Thunderbird email client or shifting all email to a Web-based service, such as Gmail or Microsoft's own Outlook.com.

— Install anti-virus software. If an XP user doesn't already have a robust anti-virus software product, he or she should install one right away. Free anti-virus software is fine, but paid is better. Most anti-virus software makers will support XP until 2016.

MORE: Best PC Anti-Virus Software 2014

— Segregate user accounts. Any home user with an XP machine should restructure user accounts so that only a seldom-used administrator account can install or modify software. Everything else, especially Web and email use, should be done using limited accounts without administrator rights. Limited accounts limit the damage malware can do.

"If you have a five-year-old PC and you don't want to buy a new one, and you have XP, what should you do?" Kay asked. "There aren't a lot of great answers."

"You could continue to use it [the old PC], and the chances are relatively low that something bad will happen," Kay said. "But you have to apply the normal hygiene that you would expect to apply anyway, like being careful about what sites you go to, and what links you click on, and what email attachments you open, and so on."

You could also back up all your files, then erase the hard disk and replace XP with a free operating system such as Ubuntu Linux. Linux applications can open most old Windows files, but you won't be running Windows at all.

Upgrade the OS or the machine?

If you've decided on upgrading away from Windows XP, should you buy a new PC, or upgrade the operating system on an old one?

Kay said it would make more sense to just buy a new PC.

"Older PCs were built for the operating system of the time," he said. "They're generally underpowered, because there's this general bloat that happens with software."

"With software development, companies never really pare things back," Kay added. "They almost always add features and build them up and make them fancier, because they're anticipating the software will be run on better hardware.

"If you're looking at a five-year-old PC and you try to put Windows 7 on it," Kay said, "it's probably not going to work very well."

The good news for consumers is that most of them probably only have one or two PCs still running XP, said Miller.

However, Miller thinks people who purchased PCs running Windows XP around the time the Vista operating system shipped in 2007 could probably upgrade those machines to Windows 7 or even Windows 8.

"Even though they shipped with XP, they actually met the low bar for Vista, which was really good for Windows 7 and, honestly, is pretty acceptable for Windows 8," Miller said.

"For people who are not computer savvy," he added, "I would recommend finding someone they trust to take a look at their PC and give them a good opinion about whether it's time to consider getting a new device to replace that PC, or whether it could handle going to Windows 7 or Windows 8.1."

Linda Rosencrance is a freelance writer with more than a dozen years' experience covering IT. Her work has appeared on many sites, including Computerworld, TechNewsDaily, Tom's Guide, and more. She has also worked as an investigative journalist, and has written and published five true-crime books. She lives and works in Boston.