Analysts Have Mixed Emotions in Bidding Farewell to Windows XP

Microsoft’s end-of-support deadline for Windows XP last week came with mixed emotions. After 13 years of XP use on desktops worldwide, saying goodbye to the most dominating operating systems of its time begs a question: Should we continue to use and turn a blind eye to our beloved XP, saving the real innovation for the tablets and smartphones we increasingly rely on?

Or should IT departments be more wary and vigilant than ever of the risks XP now presents with a lack of security updates? In this piece, two analysts from the Aberdeen Group — Derek Brink, vice president and research fellow of the IT Security practice, and Jim Rapoza, senior research analyst of the Information Technology practice — respond to the end of Windows XP.

Is Windows XP the Last Great Desktop OS?

For those who aren’t familiar with the history of desktop operating systems, back in the 1990s, two to three years was the typical effective lifespan of a version of Windows. But for the last 13 years, people have not only been using Windows XP regularly, it has remained one of the most used operating systems during much of that time. In fact, as Microsoft essentially puts Windows XP out to pasture, it still has 27 percent of the market, the No. 2 operating system in use behind Windows 7 (at 48 percent).

Even more incredibly, there is really no legitimate reason to stop using Windows XP outside of the lack of support. Almost anything a modern PC user needs to do can still be done with XP. In fact, my main personal system at home, which we use for browsing, music, image management and gaming, was running Windows XP up until two weeks ago, when I upgraded the system to Windows 7.

When Microsoft was putting Windows 98 out to pasture, I was similarly amazed at its seven-year-longevity. One key difference now as opposed to then is that the technology trends that have fueled Windows XP’s longevity are not actually positive for desktop operating systems. In the ’90s a 5-year-old PC was ancient. Today, there is nothing a computer built five years ago can’t run well.

To a large part this is because PC’s, while still useful, especially in business, are the technology devices of yesterday. There’s a whole segment of people today who use a tablet or smartphone as their main computing device and don’t own any form of PC or laptop.

When Windows XP debuted in 2001, the BlackBerry was still just a pager, most cellphones were still just phones and the iPhone was still six years away. And during the last 13 years, while desktop operating systems have barely evolved (evident in that nearly 30 percent of people still use a 13-year-old operating system), smartphones have basically gone from dumb cellphones to handheld computing platforms with more power than the personal computers of 2001.

While Windows 7 or 8 or whatever the next one is might have a long and useful lifespan, the time of the desktop being preeminent in computing has already passed. Thirteen years from now, who knows what we’ll be using. It could be glasses or contact lenses or computing devices that tap right into our head.

But one thing for sure is that it won’t be anything like a typical personal desktop computer of the last 13 years. Windows XP was the king of the last great desktop computing era. And the king is dead.

Windows XP, Thank You for Your Service, But It’s Time to Move on

I worked with Windows XP. I knew Windows XP. Windows XP was a friend of mine. But my colleague Jim Rapoza has it completely wrong when he writes that “there is really no legitimate reason to stop using Windows XP outside of the lack of support. Almost anything a modern PC user needs to do can still be done with XP.”

For over a year, Microsoft has told us about the risks of continuing to run Windows XP after the official end of support. No more free or paid support options, no more technical content updates & and no more fixes or updates for any new security vulnerabilities.

And we can’t presume that people have actually patched, fixed or protected the Windows XP systems that they do have to the most current level — quite the contrary.

As I wrote about in The Risk of “Free” Endpoint Security (February 2014) — Microsoft regularly reports a metric called computers cleaned per mille (CCM): for every 1,000 computers scanned by the Microsoft Malicious Software Removal Tool (MSRT), CCM is the number of computers that were infected by malware and needed to be cleaned. Microsoft’s Security Intelligence Report Volume 15 reports that Windows XP has the highest infection rate (CCM) of any Windows client operating system:

• Windows XP (SP3) — 9.1
• Windows Vista (SP2 / 32-bit) — 5.0
• Windows Vista (SP2 / 64-bit) — 8.8
• Windows 7 (SP1 / 32-bit) — 4.8
• Windows 7 (SP1 / 64-bit) — 4.9
• Windows 8 (32-bit) — 2.3
• Windows 8 (64-bit) — 1.4

This means that systems running Windows XP are 6.5-times more likely to become infected by malware than systems running Windows 8.

As with everything related to information security, the question comes down to risk — what is the likelihood that a vulnerability will be exploited, and how big is the business impact from a successful exploit? If you are thoughtfully and deliberately assessing the risk — in terms of both probability and magnitude — then by all means, run whatever operating system suits your organization’s appetite for risk (as well as its fiduciary, regulatory and moral obligations to its stakeholders, employees, customers and partners).

Just don’t make the decision based on happy talk about still being able to browse and do email.

If we want to eulogize Windows XP, we should remember that 9/11 was less than a month after Windows XP was launched, and just four months later Bill Gates wrote a memo to all Microsoft employees which gave priority to trustworthy computing. This, in turn, led to their commitment to the security development lifecycle — which over the last decade has helped to transform Microsoft from kind of a standing joke in security to a principled industry leader in terms of security, privacy and transparency.

And which has helped to make Windows 8 systems 6.5-times less likely to become infected by malware than Windows XP & and unlike Windows XP, Windows 8 will continue to improve over time.

Let’s thank thank Windows XP for its service, but it’s time for most of us to move on.

Follow everything from CIO.com on Twitter @CIOonline, Facebook, Google + and LinkedIn.