In Ten Days Windows XP Is Going To Betray Your Trust

Kian Ganz
Grist Media

If Windows XP were a car, it would be that Maruti 800 your dad bought in the 1990s as your first car. Actually, scratch that, in tech terms, where computing power literally doubles every 18 months, Windows XP is a 40-year-old Ambassador.

Nearly 30 percent of computer users still run Windows XP – that's over 500 million computers, by some estimates. You can be pretty sure that at least one of your less tech-savvy relatives (who hasn’t bought a computer in years because they're happy with a machine that can check their emails and help them write the occasional letter) is still clinging on to their XP box.

Trouble is, Windows XP is dying and, unlike that Ambassador, there won't be any mechanics left to fix it – the manufacturer's warranty has truly run out. It won't be quick and it won't be pretty, but likely a death by a thousand cuts.

Windows' creator, Microsoft, pulled the plug on the venerable operating system, announcing that April 8, 2014 – 10 days from today – will be the end of XP's “lifecycle” (you may have also seen the pop-ups on your XP box in the last month, nagging you to upgrade).

There's a good reason for that pop-up, other than trying to sell you a new OS: using Windows XP after April 8 will be like driving your 40-year-old Ambassador over potholed country roads. Without a seatbelt.

Why would anyone want to hack little old me?

My first personal brush with computer 'hacking' came in the late 1990s, when a friend sent me an email attachment containing Back Orifice. An appropriate but rudely-monikered little piece of software, BO was ridiculously user-friendly and enabled anyone to completely take control of their Windows 98 computer over the Internet (also known as “backdooring”, in computer security speak). My friend, gleefully, opened up my CD drive while he was sitting at home and proceeded to flash teenage-taunting messages on my screen.

Since then, the sophistication of malicious hackers has increased thousand-fold, and most similar tools are nearly fully automated. In 2003, a new breed of viruses – beginning with the now infamous Blaster worm – was unleashed on Windows XP, easily infecting millions of computers (Microsoft put up a $250,000 bounty to find their original creators, who are probably still at large).

Blaster was a paradigm shift, not just in terms of scale. Unlike most viruses to date, which required the hapless to open enticing (but dangerous) attachments in their email, usually entitled “I love you” or “Naked Anna Kournikova pic”. A critical security flaw in many Windows versions, including XP, meant that you could get infected simply by having your computer be connected to the Internet. Millions were infected, and MS spent years and millions of dollars trying to control the outbreak and the damage done to the Redmond-based company's reputation.

However, Blaster itself was actually relatively harmless – it didn't steal your money, it didn't take pictures of you on your webcam while you were changing clothes, heck, it didn't even delete all the data on your hard drive or send out a spammy email to all your friends. All it really did was use your computer to automatically attack and infect other computers, like the flu or Ebola virus, and then en masse attack a central server owned by Microsoft to try and take it offline (known as a denial of service (DoS) attack.

Imagine a horde of electronic zombies infected by a plague, walking towards Seattle, turning off towards Redmond, and knocking on the walls, doors and windows of Microsoft Corp headquarters, all at the same time.

Novel threats

Today, we're in a different world, thanks in part to Microsoft having invested heavily in security post-Blaster and its descendants, and issuing regular monthly updates to XP and other versions of Windows, hopefully before the 'bad guys' can use the weakness to create a new Blaster.

Despite the increased efforts by Microsoft (and anti-virus companies that have built a lucrative business out of stopping the 'bad guys'), they are in reality usually playing catch-up.

A few years after Blaster witnessed the rise-and-rise of the ominously-named ‘botnets’, networks of sometimes millions of computers that have been hacked with Blaster-like zombies are being used to hack or attack other computers, send out email spam to your friends or randoms, store illegal content such as child pornography, copy all your online passwords or steal your online banking information. And all these millions of zombies can be commandeered by a single bored teenager sitting in their bedroom with an internet connection.

The truth is, no bored teenager or cyber criminal wants to hack you, per se – in most cases, you just happen to be an innocent bystander who can help online criminals or bored teenagers make an easy buck. Or, in tech terms, you parked your Ambassador overnight with the windows rolled down and the key in the ignition in a field in Haryana.

Blaster and the other, smarter infections that followed were ultimately brought somewhat under control with Windows Update patches that were aggressively pushed out by Microsoft to vulnerable computers.

But if someone were to write a new, as-yet undiscovered Blaster-type software after April 8, 2014 (or if, as some suspect, it's already been written by someone who's waiting patiently for April 8 to release it into the wild), according to Microsoft's own announcement, the company won't be doing anything to stop it any longer (though if we really end up facing an IT apocalypse due to an XP flaw, maybe Microsoft won't have a choice but to issue just one more final (promise, it's the last one!) update to save us all?). Microsoft will continue sending updates for its ‘malicious software removal tool’, but that's more like an after-the-event virus scanner, which won't make much of a difference in a doomsday scenario.

Such potentially apocalyptic security weaknesses are unfortunately not academic: critical flaws in Windows are still patched every month and only earlier this month, Microsoft patched a security hole that would have allowed a jpeg file – yes, those standard picture files that your digital camera takes – to take over a Windows computer.

Thinking that XP is and will remain watertight from April 8 for years to come is wishful or, more likely, impossible.

The fact is that if you or someone you know or love is still using a Windows XP computer, you'll need to do one of the following: a) know exactly what you're doing and up your online behavior to levels of paranoid caution where a bored teenager won't bother attacking you, b) do nothing, start praying very regularly and return to a state of ignorant bliss, or c) use the computer as a typewriter, never allowing it to connect to the internet ever again.

A brief love-hate story

I really learned to love Windows XP.

Released in 2001, it was a small revolution after years of Windows being the ugly but ubiquitous status quo of desktop computing (if you're old enough, you might remember its predecessors: the blocky Windows 3.1, infamous for crashing, or Windows 95, or 98, that were also prone to freeze with a “blue screen of death”).

XP (at least after several “service pack” updates by Microsoft over the years) just worked, for the most part: it was more stable than any Windows version before it, it was customizable, almost universally used, had millions of pieces of software that ran on it, and, as a bonus, was also not unpleasant to look at for extended periods of time.

Moreover, it was surrounded in time by what are generally regarded as Microsoft's biggest failures in the operating system space, ever: Windows ME, which came before XP and was a dog's breakfast of a Windows 98 rehash, and Windows Vista in 2007, which was too late, too slow and universally despised. Even today, XP machines still outnumber Vista nearly 10 to one, in part helped by how easy it was to get illegal pirated copies for free, compared to later Microsoft operating systems that made it comparatively harder to steal your Windows.

For Microsoft, which depends on users upgrading their software every few years to create its humongous profits (TK), the enduring popularity of XP and reluctance of many users to upgrade has been a disaster.

As such, pulling the plug on XP makes commercial sense for Microsoft, rather than continuing to pay to support an OS that the company wishes had died long ago and is making no money off (XP hasn't been sold for money for years).

But unfortunately, many of the options for those who want to keep their arranged marriage with Microsoft have negatives.

What they want you to do

The Seattle company, of course, would like you to upgrade to Windows 7, or, preferably Windows 8 (7 is being currently being pulled off the shelves). That's not necessarily straightforward. It'll cost you around Rs 7,000 to buy the Windows 8 upgrade, and, depending on how ancient your current XP computer is, it might not be powerful enough to run 7 or 8 comfortably (realistically, you'll need at least 2GB of memory and 16GB of extra hard disk space for the install itself).

And, unless you're moderately tech-savvy, the upgrade process itself is a tad more complicated than downloading pictures on Flickr. You'll also have to back up all your data and software and re-install it when you're done.

However, to be fair, by most accounts Windows 7 and 8 are actually rather good operating systems: they are stable and pretty speedy, and once you get used to their slightly different way of doing things, they become bearable (though my friend's mother, and I know she's not alone, still struggles with Windows 7 – some icons are not in the same place that they used to be.)

An option that is even more preferable to Microsoft, by helping boost atrocious laptop sales that make Microsoft's manufacturer-partners happy, would be to buy a new computer.

And that is probably the easiest option if you have some cash to spare: ditch your ageing XP machine (or use it as a spare typewriter) and buy a serviceable Windows 7 or 8 laptop, which can be had for Rs 30,000 to Rs 40,000. Of course, you'll still have to back up all your files from your own computer (either on a large USB stick or an external hard drive) and copy them to your new computer.

If you're already considering the new machine route, there are also other options (though Microsoft would obviously prefer for you not to).

Apple laptops (Macbooks) are well-built and generally loved by those who own them, but they are also rather pricey (starting at Rs 67,000 for the entry-level Macbook Air) and your existing Windows software won't generally work on the Mac (though free alternatives or Mac versions can be purchased). Plus, once you go Apple, you do run the risk of getting locked in to the Apple ecosystem for life, having to get all your spare parts and repairs done from “authorised Apple stores” and feeling the need to buy the latest Macbook whenever it's released; with Windows, you can choose from among dozens of manufacturers to buy your hardware.

Perhaps the biggest problem with anything other than the Windows XP is that if you give one to your tech-illiterate granddad (who's finally got used to XP over an exciting 10-year-journey of Internet discovery), he might take several months to figure out where everything is and how to do the things he used to do on his “old one”.

Ironically, the same thing might be true if you upgrade his computer to Windows 7 or 8. Some things look and feel different enough on Windows 7, let alone 8, to confuse the hell out of many.

Microsoft, concerned about the competition it faced from tablets, completely redesigned Windows 8 on the surface to make it touch-screen friendly. If you buy a new laptop with a touch-screen, most consumers seem to learn to live with the interface (and some even love it), but a learning curve will exist. And the colourful tiles are really so damn attractive that maybe you can fall in love anew.

If you're facing a learning curve, you might as well consider some options that are further out. If all you're looking for is a device to check your email, social media, photos and to browse the web on, Android and iPad tablets have been taking the world by storm and because of their simplified touch interfaces and functionality your Luddite relatives might take to them rather quickly (if they haven't already). But most tablets do lack usable keyboards and are less useful for doing a lot of word processing or more sophisticated “content creation” tasks, such as making PowerPoint presentations or editing videos.

Likewise, if you spend a lot of time online, you could consider Google's Chromebooks. They are cheap laptops that run a simplified operating system that relies heavily on being online, the web and being tied in to pretty much every Google service (Gmail, Google Docs, etc), so, just like on a Macbook, you'll be locking yourself heavily into the Google ecosystem, which isn't everyone's cup of tea.

Finally, there's an option that is a little more adventurous but arguably (and counter-intuitively) least stressful for those dreading change: you could give Linux a go. You may have heard of Linux but aren't aware of what it does. In a nutshell, Linux is dozens of different variations of a completely free operating system that you can download online and that does nearly everything the XP could do (or more, in some areas).

As a bonus, there are versions of Linux that will run faster than XP, even on an old laptop nearly ready for the museum that can't run 7, and that actually look and behave more like Windows XP than Windows 7 or 8. Running your old Windows programmes is theoretically possible on Linux, though it's not always easy or smooth.

Zorin OS is fast and actually goes out of its way to imitate the style of Windows XP so closely Nana could be forgiven for not noticing the difference sometimes; Linux Mint is very popular and similar to Windows; Xubuntu is very lightweight and powerful for older machines, and also rather pretty, though by default it looks a bit more like Mac OS X than Windows; and the world's most popular Linux flavor, Ubuntu, is a little slower for old computers, easy to use despite being fairly different from Windows, and a tad more polished.

The installation of Linux on your old computer isn't massively more difficult than a Windows 7 upgrade from XP would be, but you will at least need some technical comfort-level: ideas such as burning things to a DVD or USB stick shouldn't scare you, nor should you be afraid of searching for answers online if you run into trouble, and to very occasionally type a command on a black screen (remember the Windows precursor MS-DOS?)

Start by reading these instructions for installing Zorin from a DVD or the Ubuntu instructions on doing so from a USB drive and where to go from there, for example: if you're put off already, installing Linux is unfortunately not for you.

However, once you've installed a system like Zorin or Mint for your Naani, she might actually barely notice that you've switched her over to something different, so you might want to persuade a more tech savvy friend to set it up for you both initially (or save yourself the installation hassle and buy a new laptop with Ubuntu pre-installed, which will be cheaper than a Windows box and increasingly available).

Whatever you do, you do really have to make a choice about XP, either for yourself or your relative – decide whether you will scrap that Ambassador or whether you really want to keep driving it till the wheels fall off. And when the next electronic zombie apocalypse hits, you really wouldn't want that to be your ride, would you?

Kian Ganz is Legally India's founder and publishing editor, an ex-magic circle lawyer, and a former journalist at The Lawyer magazine in the UK. He tweets @kianganz