Windows XP-ocalypse leaves many vulnerable to hacker attacks

Napa Valley, from its rolling hills and lush plains to its cloud-scattered skies and green horizons, is supposedly the most-viewed image of all time. Entitled Bliss, the scene was photographed in 1996 by Chuck O’Rear and later put to use by Microsoft, who, at the turn of the century, selected it to be the default desktop wallpaper for Windows XP.

XP’s success, however, was not due to positive critical reception or usability, but to timing

On April 8 Microsoft said it would no longer offer support for the operating system (OS) that made the photograph so famous. ‘Microsoft provided support for Windows XP for the past 12 years. But the time came for us, along with our hardware and software partners, to invest our resources toward supporting more recent technologies so that we can continue to deliver great new experiences,’ read the system’s final send-off.

XP’s success throughout its almost 13-year history is unparalleled, and its place as the seminal system of the century so far is plain to see. It’s unsurprising therefore that many have been unwilling to move on, but such technological immobility has consequences.

The birth of XP
When the system was released in 2001, consumers were impressed by XP’s intuitive interface and subtle details, while those more in the know were quick to praise the system’s increased security, functionality and networking capabilities. The operating system was seen as a significant departure from those that came before it and well worth the hype.

XP’s success, however, was not due to positive critical reception or usability, but to timing. Between 1998 and 2000, the number of US households with access to a computer grew by almost 10 percent, and the percentage of those with a computer tipped 50 for the first time in history. That growth continued into the new millennium, and most of those buying a PC for the first time installed Windows XP as a default.

XP’s success was such that it wasn’t until August 2012 that it was finally superseded – by Windows 7 – as the most widely used operating system. Even in March of this year, XP was still being used on close to a third of all desktop computers – far and above the meagre 4.89 percent market share of Windows 8.1, Microsoft’s latest OS.

The difficult follow-up
The relative failure of later operating systems has served only to further XP’s success, as the tech giant has time and time again failed to replicate the immediate impact it had at the turn of the century. The release of XP was followed by a lengthy spell of inactivity, and by the time its immediate successor, Windows Vista, was released five years later, users had become accustomed to the old system to such an extent that the process of switching was too problematic for many to stomach.

The prospect of doing away with XP has disconcerted well-acquainted consumers, whose short computer history had been spent with XP and XP alone. This is indicative of a wider issue with tech consumers: users by-and-large aren’t yet used to the transience of technology. After all, if a product works and works well, why upgrade it?

Most users are at a loss when it comes to how technical changes affect their day-to-day lives, and this is perhaps no more the case than in computing. It’s the same reason many retirees still own a hi-fi with a tape deck, a VCR recorder and a Nokia 3310 – and why computers still running Windows XP are increasingly vulnerable to security risks.

Security concerns
Unfortunately, Windows XP is loved not only by computer users, but also by cyber-thieves and malware-writers who see the system’s newfound vulnerability as low hanging fruit. An unwillingness on the part of users to upgrade to a newer operating system brings with it an increased chance of infection.

‘If you continue to use Windows XP now that support has ended, your computer will still work but it might become more vulnerable to security risks and viruses,’ says the Microsoft memo. And while there have been multiple awareness campaigns, most have fallen on deaf ears.

The biggest threat to those still with XP is that the system’s vulnerabilities, once detected, will be exploited time and time again, and there will be no anti-security measures equal to the clout of Microsoft to rectify the situation. While a number of small security firms have promised to patch what they can, even the most committed plan to bring their XP-related businesses to an end at some point.

While there exists an option for hackers to exploit weaknesses on an individual basis, the real opportunity is for those supporting larger organisations. Already, the UK government has signed a £5.548m deal with Microsoft to secure the company’s services for a further 12 months, in order to provide critical security updates for those in the public sector still using XP, Office 2003 and Exchange 2003. The Dutch government has signed its own multi-million euro deal to protect the 34,000 to 40,000 civil servants still using the system.

The biggest security concern is that large organisations will be left with no option but to concede increased cyber security threats, given that upgrading a large part of their systems would be expensive and time-consuming.

What’s more, most of the world’s ATMs run on XP. While any threat to bank accounts is clearly a concern, this particular danger of the ‘XP-ocalypse’ has been overstated; many commentators have failed to take into consideration the extra security precautions with which ATM systems are equipped.

The scare has, however, been positive for cyber security overall, given that many users have rushed to upgrade their unsupported systems for fear of leaking personal information. And although many systems today remain safeguarded against cyber attacks for the time being, the scare should be seen as a lesson in how technological immobility can have lasting consequences for users. The XP success story was one dictated by chance, but the relative failure of later systems underlines the importance of perpetual improvement if computers are to remain protected against security threats.