Windows XP is Dead

By Simon Varney on 27 Mar 2014

Windows XP is Dead

Artist credit Harvey Finch.

Windows XP is dead.

Or is it? Microsoft may want to pull the plug on its now 12 year old
operating system (eons in computing terms), but it seems the world’s once
most popular desktop system still has a little fight left in it; perhaps
hanging on by a carbon fibre rod rather than just a thread.

At EveryCity we all have our own fond memories of Windows XP. Its release
was the most seminal and celebrated product launch since Windows 95. For
those accustomed to the likes of Windows ME it was a refreshing taste of
stability only previously found in the commercial Windows 2000. And not
inconsequentially, who could forget the blissful hues of orange and blue,
which provided a refreshing visual palette on which to feast our eyes.

Since 2001, three iterations of Windows have been implemented, each met
with varying success. Windows 7 is generally regarded as the most
favourable replacement to Windows XP, albeit only overtaking XP’s market
share in 2012, a whole decade after XP hit the scene. [0]

Microsoft had attempted to abort XP in November 2006; when the operating
system was officially replaced by Vista, and again in 2009 when Microsoft
attempted to cut off mainstream support. But despite these best efforts,
Microsoft pushed back the dates by which it had hoped to sever all links,
to 8 April 2014.

Quality was the No. 1 thing that we focused on here, and we feel good enough to lock that date in. It would have been nice to make the back-to-school time frame for pre-loading, but quality came first.

– Jim Allchin Microsoft [1]

And Allchin isn’t wrong; it seems there is much to be said for XP. For
one, it has now outlasted some of its younger brothers. And at the time of
writing, Windows XP still accounts for a remarkable 29.53% of desktop
users on the web. Windows Vista and Windows 8 trail way behind at 3.1% and
10.68% respectively. [2]

Considering the estimated 1.5 billion users of Windows out in the world,
we can infer that there are approximately 513 million users of XP stuck in
the past. This represents a real problem globally, not just in terms of
security, but also undoubtedly the progression of technology on the web. [3]

We have identified three reasons why Windows users have yet to move on,
and embrace the future.

The Workplace

The workplace dictates the operating system, and this unfortunately is
by far the largest group of users. Businesses may use XP for mission
critical systems, which can’t easily be transitioned to newer versions of Windows, and which may subsequently serve to decimate and disrupt. IT
budgets are often to blame here. But a cost-effective way to stay safe is
just to unplug those machines from the Internet in situations where
a connection isn’t necessary, or alternatively, to virtualise the
necessary applications on a modern operating system.

The Unaware

You are unaware or unconcerned with regards to an upgrade. People in
this situation probably aren’t moving forward with a Windows Update even
when it is put right in front of them. As such, the deadline of 8 April
2014 isn’t going to feature much in their minds. Ironically, it is these
types of people who often click malicious pop-ups which promise even
lesser rewards.

The Old

You have an old PC that won’t be able to handle an upgrade to Windows
8. Perhaps an early 2000s Pentium with half a gig of RAM. Unfortunately, this
calibre of machine is no longer going to cut it.

What can be done?

With regards to business, time and cost will often be the main factor
holding organisations back from upgrading. These systems hark back to an
era of epoxy-filled USB ports on black lifeless boxes, where no one
employee can be trusted to keep a machine secure, and are propped up on an
ancient Windows codebase chock-full of vulnerabilities.

Maybe it’s time to turn the model of business computing upsidedown? See
Windows 8, an example of Microsoft riding on a new wave of comsumerisation
[4] in IT. Everyone owns a computer, more than likely safe within its own
OSs walled-garden, protecting even the user themselves from causing harm to
their machine.

With this thoroughly modern approach to security is it not unrealistic to
allow employees to bring their own devices to work? With 500 million
workers plodding along on Windows XP at their desks, could the modern,
auto-updating and secure laptop sitting unused at home be the meteor that
finally puts paid to the dinosaur that is XP?

The Future

Security at EveryCity is paramount. An important aside; none of us run
Windows XP. But in our minds, security only touches on the problem. The
real root of the problem is that there is such a large install base for
Windows XP. What concerns us more directly is XP’s effect on Server Name
Indication (SNI); the extension to the Transport Layer Security (TLS)
protocol (its predecessor being the Secure Sockets Layer (SSL)). [5]

SNI dictates what host name the client is trying to connect to during the
handshaking process between two computers. This subsequently allows
a server to present many certificates on one IP address and port number.
For EveryCity and our clients this technology would be greatly beneficial.
For one, it would allow us to house more than one secure website (HTTPS) [6] on
a server without requiring them to all use the same certificate.

Without a doubt, this would be a great leap forward in web security. But
there is one caveat; it requires a large percentage of users to use web
browsers that support SNI. (A user who uses an unsupported browser will be
presented with warnings that the certificate is invalid.)

This is where Windows XP fits into the equation; its 500 million users
represent a significant proportion of the market. The Internet Explorer
tied to all versions of Windows XP does not support this salient feature [7],
and unfortunately this is the business browser of choice. And this brings
us to the major point; the vast majority of those 500 million users cannot
use SNI. In short, they are holding back the progression of the Internet
itself.

So there you have it; Windows XP is loved the world over, by many simply
for nostalgic reasons: EveryCity’s own Jon Slater is still happily using
XP on a machine at home, although he promised to keep it off-line (!)
But importantly, we believe that it really is time to put XP to rest,
and help define the Internet of the future.

[0] http://mashable.com/2012/09/03/windows-7-most-popular-desktop-os/

[1] http://thinkexist.com/quotes/jim_allchin/2.html

[2] http://netmarketshare.com/

[3] http://www.microsoft.com/en-us/news/bythenumbers/

[4] http://en.wikipedia.org/wiki/Consumerization

[5] https://tools.ietf.org/html/rfc3546#section-3.1

[6] http://en.wikipedia.org/wiki/HTTP_Secure

[7] http://stackoverflow.com/questions/5154596/is-ssl-sni-actually-used-and-supported-in-browsers