Skip the navigation

Experts question Microsoft's decision to retire XP

December 4, 2012 03:07 PM ET

In any case, it might not even make a difference. "Are the remaining XP machines actually updated? We don't know," said Kandek, referring to the common problem of unpatched PCs, no matter what operating systems they run. "Do they actually install them? Extending patches might not do anything."

In at least one instance, Microsoft stuck to its guns, and refused to patch vulnerable operating systems that had fallen off the support list just weeks earlier.

In August 2010, Microsoft issued an emergency patch -- often called an "out-of-band" update -- for a critical Windows shortcut bug that attackers had exploited with the infamous Stuxnet worm, which most now believe was aimed at Iran's nuclear enrichment facilities. But even though Windows XP Service Pack 2 (SP2) and Windows 2000 had dropped off support the month before, Microsoft did not offer those PCs a patch.

The situation will be different in 2014, however: Users of Windows XP won't have a newer service pack to deploy, and XP will probably account for a still-significant portion of all Windows PCs, unlike Windows 2000 in mid-2010.

According to data from Web metrics firm Net Applications and Computerworld's projections, XP will power more than 25% of the world's Windows PCs in April 2014. That's an enormous number.

And there are other considerations, said Miller.

"One of Microsoft's No. 1 customers is the U.S. government," Miller said. "Things are much different nowadays, it's a new age, with all these worms circulating in the Middle East. Cyber security is a national security matter now, and I wouldn't be surprised if the [U.S.] government didn't have an impact on Microsoft's decision as well."

Even some of those who bet on the "line in the sand" acknowledged that there were factors that might prompt Microsoft to erase that line.

"The only scenario I can see where they would extend support isn't a security scenario," said Pescatore. "The biggest issue facing Microsoft is the declining share of Windows on devices. So they might continue to patch as a business decision, (so) that by offering patches, they at least hold onto those people still running XP."

Cherry closed the circle on the debate, pointing to one of the driving philosophies at Microsoft over the last decade as proof.

"Microsoft has invested significant resources in its Trustworthy Computing initiative and I think that investment and preserving its now-better-reputation in this area would not allow them to have an XP that was doing harm," Cherry said. "They cannot allow a security vulnerability to cause harm."

Sounds simple.

But it's not, said Miller. "It's really a no-win situation for them," he said. "I wouldn't want to be on the committee at Microsoft that decides this."

covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at Twitter @gkeizer, on Google+ or subscribe to Gregg's RSS feed Keizer RSS. His email address is gkeizer@computerworld.com.

See more by Gregg Keizer on Computerworld.com.

Read more about Windows in Computerworld's Windows Topic Center.



Our Commenting Policies