Windows XP: The zombie OS ‘lives’ on

Two years. That is how long it’s been since Microsoft abandoned its record-beating operating system, Windows XP.

Despite the fact that during all this time there haven’t been any security updates or patches rolled out for its users (with some industrial solutions being the exception), the system still runs on almost every tenth computer worldwide.

On the other hand, this figure is considerably lower, compared to April 8th 2014, when Microsoft pulled off one of the most controversial conclusions of support in computing history.

At that time, about quarter (27.7%) of machines around the globe were still using Windows XP and users weren’t really keen to upgrade. Even a month after the platform’s end of life (EOL), in May 2014, only about 2.4% had moved on to Windows 7 or Windows 8.1.

“While down to a fraction of its original market share, 8-11% globally and somewhat higher in emerging markets, Windows XP stills remains in use.”

“While down to a fraction of its original market share, 8-11% globally and somewhat higher in emerging markets, Windows XP stills remains in use,” commented ESET’s distinguished researcher Aryeh Goretsky on the current statistics of the old Microsoft system.

If you too are an XP loyalist, there are some good reasons why you should finally say goodbye to your old friend:

  • Without updates, your PC may become vulnerable to all kinds of malicious code that can steal or damage data. Unfortunately, even if you are running an updated and reliable security software, it might not be able to fully protect you because of unreported and therefore unknown vulnerabilities in the system.
  • All those security loopholes don’t only put your devices at risk, but practically everyone out there. According to Mr. Goretsky, computers still running XP “can act as springboards for attacking other systems as well. While it is critical that users protect these unpatched, unsupported systems, it is even more important for them to migrate to newer versions of Windows which are more secure.”
  • Windows has also followed up on its other promise from 2014, ending support for older versions of Internet Explorer by January 2016, including version 6.0 – the web browser included as native with XP.
  • Other software vendors are also slowly abandoning the platform, one of the most prominent examples being Google Chrome. “Such older platforms are missing critical security updates and have greater potential to be infected by viruses and malware,” states the blog post announcing the end of support for XP and other older operating systems.
  • This will probably not be the last vendor to make such a decision and with new zero-day vulnerabilities lurking in the shadows, (CVE Numbering Authorities kept track just until April 2014) the number of companies abandoning XP will only gain pace.

If you are looking for an alternative to the aging Windows XP, read this blog post to help you decide whether you should stay or go to Windows 10. To make an informed decision you can also read Aryeh Goretsky’s whitepaper about Windows 10.

Author , ESET

  • Moi

    For internet, it comes down to third party browsers and their updates/upgrades. Even if security companies stopped any new anti-virus builds or updates for XP, people would still use XP, even if that meant no anti-virus. However, once the browser companies stop – that will be the kicker, because all newer websites will look like crap in the “old” browser(s).

    • McHenryGames

      Bingo. As soon as the last XP build of Firefox stops being useful, that’s it for XP. One then could argue a Linux distro would be a replacement on that case scenario, only time will tell.

      • Hello,

        Not necessarily. Some of these XP installations might be parts of industrial control systems and remain in use long afterwards. Installing Linux won’t work when there is custom hardware or software which cannot be replaced.

        Regards,

        Aryeh Goretsky

      • CrapAfee ™

        But Firefox isn’t the only browser left for XP. Opera and Palemoon for Atom-based PC’s still fully support XP.

      • Anixx

        It is possible to run newer Firefox on XP by using the version cheating software. Firefox is not integrated with Windows API too much except the file open/save dialogs. It even runs on Linux/Wine and ReactOS!

    • Tom

      Browsers are meaningless to some hardware-dependent diehards.

      Back in my lab research days I had a couple of colleagues who weren’t even running PCs. They were keeping some gear running that was controlled by DEC (remember them!) PDP-11 computers.

      There was no way it would be even possible to transition the gear to new machines, and not worth the cost, even though the PDP-11s sucked power from the mains (LOL- gov’t grants were paying the electrical bills)

      As far as I know, these things are still logging data. Since these machines predate the internet, they’re not connected. Data goes to tape drives, and the reels then make their way to other machines where the data mining happens.

      So yes, there are still fossil OSes running out there doing things for people who couldn’t care less about browsers.

  • Common_Dense

    Google Windows XP POS Hack. You can edit the registry and then still receive updates to your XP installation.

    You also shouldn’t use internet explorer.

    • Hello,

      While some people report they can modify the registry on Windows XP editions to make it look like the still-supported embedded version for POS machines in order to receive updates for that edition, this is a very bad idea. Those updates may break something since they are for another edition of Windows, and there are vulnerabilities in Windows XP which are simply not going to get patched by these updates, period.

      The goal should be to replace those systems, whether with a new version of Windows, Linux, Mac OS X, or some other supported operating system. Extending Windows XP life at this point is not a good idea from a security perspective.

      Regards,

      Aryeh Goretsky

      • Dave Phillips

        I’m running that WEPOS on one of my machines. The patches haven’t broken anything yet. Working fine.

        • Hello,

          Maybe they will break something; maybe they won’t. I’ve seen reports of both. Caveat lector.

          Regards,

          Aryeh Goretsky

          • Dave Phillips

            Tell us what you have encountered with WEPOS.

          • Anixx

            I disbelieve you. WEPOS is basically the same WinXP with the games removed. I have no troubles with WEPOS updates so far.

            On the other hand, an update broke my Win7 installation, the boot, so I had to reinstall (and guess what, I havent choose Win7 again).

  • McHenryGames

    “computers still running XP can act as springboards for attacking other systems as well” That is on Microsoft.

    • Hello,

      No, that’s on the person who hasn’t upgraded their computer. Microsoft has given computer owners ample notice and opportunity to upgrade. If people have chosen not to take advantage of that, it’s on them.

      I would not expect my computer manufacturer or my car manufacturer to replace my computer or car for free simply because it is old and no longer supported. You have to go out and get a new one. Nothing lasts forever, and that includes operating systems, too. There are a lot more alternatives to Windows if people don’t want to run that these days, such as Linux, Mac OS X, et cetera.

      Regards,

      Aryeh Goretsky

      • Comp Fxr

        Aryeh, I’m sure your a smart guy but you don’t work in the real world. It really does not matter what current OS you have if the end user opens a attachment or enters a malicious website its all over….period. I’m sure it will help a little to have the latest patches but once malware is let in by the end user it’s done. RPM tech

        • I disagree. And like Aryeh, I’ve spent a _lot_ of time working in the ‘real world’. Of course there _are_ lots of instances where up-to-date patching does nothing to prevent malware from executing, but I’ve dealt with many instances where large numbers of machines have been compromised because some units hadn’t implemented an update that would mitigate a well-publicized CVE. If updates are no longer provided because the OS is obsolete, the risk increases. I happen to think that the risk is sometimes overstated and sensationalized, but it’s quite incorrect to suggest that there is little or no risk.

        • Hello,

          No piece of software that is complex enough to do anything useful is completely secure. But in the case of Microsoft Windows, newer versions are more secure than older versions, in no small part because Microsoft gets to study the attack trends for the OS and then try and invent ways to either make those attacks no longer possible, or more difficult to succeed. Examples include shatter and GDI attacks against Windows XP, the implementation of ASLR beginning in Windows Vista and so forth. Likewise, we see protected mode and enhanced protected mode in Internet Explorer, and so forth.

          User education and anti-malware software are two ways we can combat operating system attacks, but they are not substitutes for and do not take the place of operating system patching or switching to a more secure operating system.

          Regards,

          Aryeh Goretsky

    • ExcellentNews

      …While computers running Windows 10 pass your data and activity record straight to Microsoft with no option to turn the spigot off…

      • Hello,

        The versions of Microsoft Windows 10 available to consumers does collect more data about user behavior than previous Windows, which puts it about on part with Google’s Android and Apple’s iOS. However, it does not engage in wholesale spying on users. Enterprise versions of Windows 10 collect less data, and beta builds (what Microsoft calls the Windows Insider Program) collect more, which shouldn’t be unexpected.

        For more information, I refer you to our August 2015 article, Windows 10, Privacy 0? ESET deep dives into the privacy of Microsoft’s new OS here on We Live Security.

        Regards,

        Aryeh Goretsky

  • Vernon Wear

    Just for fun I pop in a Windows 85 disk just to see how far computer have come..I know you can’t do this or that any more, but it will blow your mind just how fast a computer can be with a simple OS.. With that said I am A die hard XP fan..It was by far the best for all the things I like to do, I Hated Windows7, Hated windows 8. But I did take the time to learn 10… I’m hook. I am one of the old timers who used the old floppy disk, and where you were lucky if your PC had a hard drive, and your Ram way like 256. lol I now have 3 PC and 2 laptops running 10. Ya it’s hard to relearn a new OS. and at some point every one will get tired of it, but this time MS got it right..Not better then XP, but much better then 7 and 8, and I still have one PC running XP. just for laughs..

    • Joe

      Window 85? Back in 85 Microsoft was still running DOS. You mean Windows 95,….right?

  • Jay Smith

    People are going to come up with more excuses than anything to use XP, but that just isn’t going to work! If something happens to their precious antique Windows XP PC then they want to blame Microsoft instead of their selves! It’s so sad that these people just don’t get it! Just my opinion!!!!!!!!!!!!!!!!!!!!!

    • ExcellentNews

      An antique XP PC still runs better and safer than Windows 10 SPYWARE that cannot be turned off.

      Lots of people have had their perfectly-good running “antiques” ruined by the W@indows 10 “upgrade”, finding themselves in the situation of having to buy a NEW computer, new applications, new everything for a net loss in function and data.

      • Jay Smith

        Yes, XP was very good for when it was made! It doesn’t even come close to Windows 10 in any aspect! Let me ask you a very simple question. Did Windows 10 ruin those perfectly-good ANTIQUES or did the manufactures of the software & hardware in those ANTIQUES stop supporting those products? Why should you blame Microsoft for those problems? Microsoft doesn’t support and shouldn’t have to support those perfectly-good ANTIQUE problems! Just my opinion!!!!!

    • Dave Phillips

      I get it perfectly fine. XP works for me, does what I need it to do, is stable, and has a small footprint for less capable PCs. Now why exactly would you want me to spend $$$$ on a new PC and $120 for Win10, when I am perfectly happy using what I have? If one of my PCs ever dies, I can get another copy of it from eBay and swap over the disk — back up in a flash! Maybe you can afford the latest and greatest, but there are those of us trying to live on fixed incomes.

  • Bike Rider

    I can say that I have 2 pieces of high cost imaging/printing equipment, designed to work with XP. The equipment manufacturers have not and are not making any effort to make drivers/software to run this equipment with Windows 7, let alone 10. I have tried Linux, not 100% compatible either. The equipment manufactures want you to replace the equipment with something newer, planned obsolescence……. Problem for me is that I don’t really have enough use for it now to be able to justify the cost to replace it, as opposed to when it was originally purchased years ago.
    So until the equipment actually quits working, it will run with XP. Either a standalone PC with no internet/network connection or a sandboxed VM. I imagine there is organizations out there still using software written for Win 3.1 or even Dos 5.0 or older…..

    • gunso rt

      I had the same issues when I was running 98E. I didn’t want to buy a new top of the line Microtek scanner simply because the manufacturer didn’t want to support it for an XP upgrade.

    • Hello,

      This is one of the big problems with some of those remaining installations of Windows XP. Unfortunately, if the manufacturer isn’t willing to update their software and there are no open source alternatives to run the hardware there are no good solutions, except to continue running Windows XP in as locked-down an environment as possible.

      One thing I do suggest in the future is inserting a requirement into any equipment tenders that the manufacturer must provide support for the hardware on all versions of Microsoft Windows in mainstream support from Microsoft, and place their source code in escrow as well.

      Regards,

      Aryeh Goretsky

    • Steve

      Orly Airport in Paris, France still uses Windows 3.1. One of the busiest airports in the region. Late last year the system crashed and flights were grounded for several hours:

      http://www.zdnet.com/article/a-23-year-old-windows-3-1-system-failure-crashed-paris-airport/

    • Jayro Jones

      Time to buy some modern equipment, use your brain…

      • Jammer

        We sure we want this kind of language here on this website?

        • Hello,

          Thanks, Jammer. I’ve cleaned up response.

          Regards,

          Aryeh Goretsky

  • Howard Frump

    Windows XP was probably the best and most useful version of this OS series which explains its longevity. More recent versions lack the ease of use and broad functionality of XP and thus represent a slide backwards.

    • Hello,

      I’ve heard the same thing about Microsoft Windows 7. Unsurprisingly, though, no one says this about Windows Vista or Windows 8.

      When Microsoft Windows XP came out, I remember how much people said they hated it because it had such steep hardware requirements, didn’t offer them any appreciable benefits over Windows 2000 or Windows 98SE, was slow, crashed frequently and had no hardware support.

      Over its life, though, Microsoft Windows XP got a lot better, and by the time it went out of support, everyone seems to have forgotten how it started.

      I am not certain, but I suspect people may feel the same about Microsoft Windows 10 in a few years.

      Regards,

      Aryeh Goretsky

  • Buck Rogers

    Anyway, its 2016 and guess what? I’m still using Windows XP, Vista and 7. The only reason why. I have a bunch of old legacy software and hardware I still use. Plus, I dualboot with my computers. For example, my Dell laptop I dualboot Vista and 7.
    However, I’m still thinking about upgrading to Windows 8.1 or 10.

  • Jay Smith

    I guess my comment wasn’t posted! Truth hurts!!!!!

    • Your comment _has_ been posted. It wasn’t posted _immediately_ because ESET doesn’t have someone sitting here 24/7 with nothing to do but approve comments as soon as they’re posted.

      • Jay Smith

        Nice reply!

  • Joe

    I loved Windows XP I think it is one of the bet operating systems created. The only reason I switched to Windows 7 was because my old machine that was running Windows XP finally died, and I had to replace it. However, by the time I made the switch (2012), Microsoft had worked out all the bugs in Windows 7, so it wasn’t painful. Am I going to switch to Windows 10? Someday, but I am in no hurry. I am sure there are some bugs MircoSoft needs to work through on W-10, so I am happy to stay put. By the way, I am still using Office 2003. Works just fine, and I am an Excel power user.

  • Jay Smith

    And why should you worry? Got some super secret spy stuff that you don’t want anybody to see? RIDICULOUS!!!!!!!

  • A41202813GMAIL

    Zombie, My Posterior.

    Buy A Modern Motherboard With Lots Of PCIEXPRESS16 Slots And Even If That Motherboard Does Not Have Drivers For XP, Lots Of New And Used PCIEXPRESS16 Cards Still Do.

    XP Will Live On As Long As The Browser That You Are Still Using Continues To Be Compatible With Most Sites, And That Is Not Going To Suddenly Stop In The Next Few Years, Period.

    You Can Prey My Beloved OS From My Cold Dead Hands.

    XPOCALYPSE FOREVER !

    • Anixx

      Opera not only still officially supports XP but recently issued an article complelling XP users to migrate to Opera, seeing it as an opportunity to increase their market share.

      Also one can use FireFox using version cheating software, given that Firefox even flawlessly works on Wine and Reactos which do not have even XP APIs fully implemented.

      • A41202813GMAIL

        I Read Somewhere That OPERA15+ Is Going To Slowly Pull The Plug On XP, Too.

        By The Way, It Is My Main Browser Since CHROME Started A War Against All Extensions Not Included In Their Web Store.

        XPOCALYPSE FOREVER !

  • AnyIPWillDo

    I’m enjoying all the people on facebook who are proudly still running XP as if it’s a good thing.

    • Dave Phillips

      It is a great thing. XP works well, is free, and does everything I need from a computer!

      • vmtr

        It’s all fun and games until someone gets their credit card details stolen. Upgrade to Windows 7, Windows’s security updates are crucial for a safe system. Third party computer security software (such as antivirus) can’t always fill in security loopholes in the OS.

        Oh, and XP isn’t free, no Windows version ever was…

        • Dave Phillips

          I’ve had my CC stolen several times, but never while using XP. The bank always fixes it.

          Well, free …as in beer… it came with each OEM system, and I also have access to a volume license. Works great. I never register them with MS anyway.

          • Hello,

            The kinds of massive credit card data breaches which we hear about in the news typically happen to businesses (retail sales, hotel chains, etc.) and are not the result of individual credit card numbers being stolen from individual PCs.

            Regards,

            Aryeh Goretsky

          • Dave Phillips

            Agreed. Of course, many of those hacked systems are running a variant of XP, but that is not necessarily the culprit in the theft. I believe in most of the cases, the cause has been stolen login credentials.

        • Anixx

          I have got a virus on Win7 recently… Also if using Win7/8/10 one has to use a lot of third-party interface fixers, such as ClassicShell, ShellFolderFix, 7+ Taskbar Fixer, OldNewExplorer, W8Classic etc, which is all additional security risk.

          I use all of these on Win8.1 plus AutoHotKey, Network Indicator, DWS, hacked Outlook Express installer and hacked Classic Task Mannager installer.

          Besides this if one runs Win XP 32-bit, the updates can be enabled till 2019.

      • Hello,

        Microsoft Windows XP is not free. Unless you purchased a retail, transferable license than it can only be used on the computer it was purchased with, just like any other OEM-licensed software.

        Regards,

        Aryeh Goretsky

        • Dave Phillips

          Most of my systems were OEM, and came with XP. I also have access to a volume license, although at this point I doubt MS cares about it anymore.

  • Ivan Martinko

    i think XP with good AV is more secure and more privacy than win 10
    also lot of machines working on XP, becuse if owner want to upgrade software, he must update the machine (not computer, working machine computer controlled)
    and hardware is to expensive, also if former works good.

  • Rock Smith

    This is all hyperbole. There is nothing wrong with using XP. If you got driver for your hardware and XP runs fine on it then you should be able to run it as long as you could. The only security you need to follow is to run it offline or run it on local network. As long as you keep if offline there is nothing wrong the system. If you must need internet connection on your system then use it in Virtual box.

  • I run Malwarebytes all the time, thus far have had no problems with XP. Some of the comments amaze me.

    AnyIPWillDo
    3 months ago
    I’m enjoying all the people on facebook who are proudly still running XP as if it’s a good thing.

    Unless these are kids whose parents buy and pay for everything. Not everybody can afford a new PC and Printer. With only 512 mb on this computer I cannot upgrade to anything. Printer works with this computer as well. Some have to do with what they have. It comes down to $$$.

    Ironically I went to Microsoft updates on IE8 recently and there was at least new 15 updates. I did them all then after the computer was restarted it went into some “This computer is locked” put password. I never had no password, thankfully I was able to click OK and dashboard came on but got scared and Restored it back.

    I certainly don’t want any personal information given if hacked but I can’t afford another computer so it’s still XP for me until everything just goes. I should find out though how to add ram, if in-fact there’s places to add it. Still would have to buy windows 7 and can’t afford that either or get bootleg. I mean that’s what computer places must have to upgrade computers. Just wish Microsoft would have at least came out with XP2 since XP is so liked. Everything is about $$$. Sad they couldn’t left XP just keep updating.

Follow us

Copyright © 2018 ESET, All Rights Reserved.