Perspective: Throw Windows XP a lifeline, Microsoft

Security pro makes case that Microsoft rethink April 2014 retirement

1 2 3 Page 2
Page 2 of 3

"Security shouldn't be optional," said Lawrence Pingree, an analyst with Gartner who tracks security topics and vendors for the researcher. "If I buy a car, I want it to be safe. If it becomes unsafe [through the manufacturer's fault], I expect the maker to make good." Even if it's an old car, and especially if that old car has been religiously maintained -- or in XP's case, patched.

That ethical stance flies in the face of business sense -- Microsoft makes little or no revenue from customers with old PCs, and desperately wants them to buy a new Windows system of some sort -- and will be incomprehensible to a large chunk of Computerworld readers, who regularly use the comments section of news stories about XP's longevity to vilify those who haven't upgraded to a more modern OS.

But most of those critics have the mindset of an owner of one PC, or at most, a handful, agreed Pingree. While many of XP's stubborn users may be in similar situations, businesses still relying on it are not. "It's very easy to say 'just upgrade,' but not all business can do so," said Pingree, citing money, resources and mission-critical software. "One of the main reasons why people cannot leave XP is compatibility with other software."

Nor is Microsoft blameless. XP has hung around because of the mistakes Microsoft made with Windows Vista, the OS flop that outgoing CEO Steve Ballmer copped to as his biggest regret. If Vista had been more like Windows 7, or had shipped at its original "Longhorn" timetable of 2004, then been followed three years later by Windows 7, XP would not have had the opportunity to lock up the ecosystem for a decade. (It wasn't until October 2011 that XP slipped under the 50% user share mark in Net Applications' tally.)

Pingree sympathized with Microsoft's dilemma -- damned if it does pull the plug, doubly damned if it doesn't -- and understood the frustration of those who have left XP behind, and are tired of hearing about the aged OS. "Certainly, Microsoft needs to move on, and customers need to address the issue," said Pingree. "At some point, everyone has to move on and it's high time customers think about upgrading."

But he was adamant that Microsoft risked much more than ticking off long-time customers by retiring Windows XP and stopping public patching.

"If Microsoft does decide to drop support and follow through with their announcements, organizations will be at significant risk and will be forced to grapple with incompatibility problems if they do upgrade at this point," Pingree said.

"XP has roughly about 30% share. What if 30% of the world's PCs were infected with a major virus or worm, something on the level of a [SQL] Slammer?" asked Pingree, referring to the 2003 malware that slowed or halted Web traffic around the globe. "It could have architectural implications on the Internet. And if it did, and somehow brought down the Internet, it could represent a national security threat."

Not to mention an economic hit that would make the Great Recession of 2008-2009 look like a bubble. "It would be an unacceptable economic threat, one with a major impact if a third of the world's PCs were hit with a Slammer kind of worm that couldn't be fixed," Pingree argued.

The problem is that Windows XP, and the PCs that still run it, are part of the wider Windows and personal computer ecosystem. Infect one PC, and in today's connected climate, that PC is a potential threat to all other PCs.

Microsoft knows this. In fact, the company has gone to great lengths not only to clean up its own security house -- starting with Windows XP Service Pack 2 (SP2) in 2004 -- and has often lent a hand to third-party developers to help them make their software more secure. And it's talked frequently about the need to make the entire Windows environment -- from hardware to its software to the blizzard of applications that run on its OSes -- safer.

From that perspective, Microsoft's decision to drop support for Windows XP, as smart as a finance department's spreadsheet may make that look, risks more than just a possible PR problem. It also risks poisoning the Windows well.

1 2 3 Page 2
Page 2 of 3
7 inconvenient truths about the hybrid work trend
Shop Tech Products at Amazon