Today’s lesson in why it’s time to dump Windows XP

It’s Patch Tuesday. Here’s what was waiting for me when I visited Windows Update today with my main PC, running 64-bit Windows 7. Some definition updates, a few bug fixes, and exactly one security update.


Here’s a closer look at the part I highlighted in yellow for that single update:


There were no security updates for Office 2010.

Now here’s today’s lineup of patches for Windows XP with Service Pack 3:


The yellow text in each one of those six updates says the same thing as the warning in that single Windows 7 update. And that’s not counting today’s two security updates for Office 2003, which is still running on lots of XP systems. That’s eight critical updates for a system running 2001-2003 software, and only one for a system running 2009-2010 releases.

No operating system is ever perfectly secure. But Windows XP was designed more than a decade ago, in a very different era. The difference between it and a modern operating system like Windows 7 is profound.

Note to commenters: My spam filters automatically place comments into a moderation queue if you’ve never had a comment approved at this site before. For some reason, this posts is drawing a lot of comments from newcomers, so I’ll repeat what longtime readers already know: If your comment contains a bunch of insults and you use a fake e-mail address, it will go straight to the trash. I welcome disagreement and debate, but I have no patience for incivility. if you want to be a jerk, you’re wasting your time.

Oh, and if you want to use the comments section here to tell me how awesome Linux is and how everyone you know is using it now, save the keystrokes. I’m not interested.

54 thoughts on “Today’s lesson in why it’s time to dump Windows XP

  1. I’m not running Windows 7, so I don’t know much about Windows XP Mode in Windows 7–sorry for all the questions.

    Isn’t it a full copy of Windows XP? So wouldn’t it have to receive all of the updates that Windows XP gets, too?

    And then what happens to it when XP reaches end-of-life? If further vulnerabilities are discovered after 4/8/2014, would XP Mode expose you to those risks?

  2. Installed user base has a lot to do with it I’m sure. Additionally, the longer something is around, the more people can learn about it. On that note – to thwart hackers… change you OS to something brand new as much as possible.

    Now I’m not a Windows 7 hater – actually – I KNOW it’s WAY better than Vista according to overwhelming majority from folks I speak with.

    As for XP, it’s still leaner and faster pound for pound than both Vista or Windows 7. Want faster still and leaner still? Get a thinned out Linux OS.. like Puppy is really lean is your thing.

    I’ve also seen Microsoft updates bring down entire company’s computer infrastructure (Microsoft Servers) that hackers weren’t able to do… Doesn’t happen often to be fair but gosh.

    Fact is.. anything can happen at anytime – but planning ahead and trying to stay with the herd (safety in numbers may apply? Dunno) could be prudent like this article suggests… but nothing is guaranteed.

    –Jason P Sage

  3. Just wait. The hackers will catch up with Windows 7! They’ve had lots of experience and time w/ Win XP…


  4. Isn’t it the case that hackers need more time to find the security holes in Windows 7. I have had a lot of difficulty persuading my family to go for the ribbon interface in Office 2010. I had to put Office 2003 back. Microsoft need to bear usability in mind.

  5. This is just a ploy to get us to buy Windows 7. The only reason why there are more fixes for Office 2003 is because hackers have had more time to get to know the loopholes.

  6. So Windows 7 got one security update but XP got more than one? Is this the sole purpose behind this blog post?

    How does this highlight any difference whatsoever between Windows 7 and XP? It is like comparing apples and pears to see how many apples can go into one pound vs how many pears can.

  7. Just be thankful they’re still updating it at all. Soon enough there will be no more updates and the new exploits found will go unpatched, unless a 3rd party steps up to close the holes. I am fond of my XP Pro, and while I see how Windows 7 is fine and dandy for many, I am not in any hurry to use it.

  8. Beware of this argument because if ALL cars on the road are Ford, then ALL road accidents will involve Ford cars.

    XP must still be pretty popular.
    I went from ’98(and NT4) to XP leaving you guys to mess with 2000, 2000 ME, SE, and EIEIO and I missed all the intervening bugs.

    As a cynic, just because there was just one security fix for Windows 7 doesn’t mean that is all there will ever be.

    My personal feeling is that Windows 7 SHOULD have gone back to basics with rewritten code at the assembler level NOT just a rehash of code that has been around for donkeys years that takes have a meg to clear the screen because it is easier to #INCLUDE some library with sheds of unwanted code because you cannot be arsed to write a proper clear screen routine.

    Vista was MEANT to be a new beginning and it was a mere disaster.

    The inside may look nice with gold taps and walnut floor but the outside is still wattle and daub that leaks like a sieve and a weak foundation.

    I wonder what will happen in 10 years when windows 27 is the current flavour of the month requiring 2 terra bytes or RAM just for the operating system and a quad core 100 terra FLOP processor to make the boot time less than 6 minutes?

    How long have Microsoft been writing operating systems?
    WHY do they still have security holes you can drive a bus load of BBC computers through?
    That is the question.

    Just one security fix?A
    Disgraceful, there should be NONE.

  9. You do realize that what you highlighted is, literally, the grab-back bullcrap description that is in ALL security updates, right?

    I would have gone on rant about why you’re wrong, why windows 7 sucks, and why I will be forever using windows XP until microsoft or SOMEONE stops churning out OS’s that suck, but I realize it’s pointless. This battle is already won, and it’s not won by reason.

  10. That’s why we in the XP world use Anti-virus and spyware programs. Better than a SLOW Windows 7. Tried Windows 7 on many of my customers pcs’ and it is so slow!!

  11. To all those claiming Windows 7 is bloated and rubbish, I have to tell you that I’m running Windows 7 on an old HP Tablet PC and it runs far better and far faster than XP ran on it.

    It’s not as though I’m treating it nicely either generally before I start work on it I’ll be running 3 instances of MS SQL Server EE, VS2005, 2 instances of VS2008 and possibly an instance of VS2010. It only slows when I need to open something in PhotoShop (The definition of bloatware!!)

    XP was great, but Windows 7 is a revelation!!

  12. How can you gauge Windows 7 as better because it has less patches than XP on this particular Tuesday on your particular machines? This past Tuesday, my XP machine only needed one update to the malicious software removal tool. My Windows 7 machines had 3 security patches. Windows 7 is slow and a resouce hog. It also does not support the “legacy” products that I and my customers MUST use. That is by far the silliest reason to “Dump XP” that I’ve ever heard. I fail to see the logic.

    1. @Postman,

      You better check Windows Update again. You have a whole bunch of critical patches waiting for that XP machine.

      Updates are rolled out in staged fashion. They don’t all magically appear at 12:01AM.

  13. Wow, there seem to be a lot of MS haters posting here! While I have had many issues with “anomalies” that crop up with Windows components and software, I have made a living being a MS developer so I guess I can’t complain too much about them. Windows 7 is more than a bandaid over a more serious wound. They completely revamped the Windows desktop manager and the GDI layer to be more efficient. I have 7, Vista and XP and I’m not sure what people are talking about when saying 7 is slow?? My experience has been 7 is faster than Vista by far and near equal to XP. Remember, it’s doing a whole lot more than XP also.

  14. Nice try. Welcome to the Real World. Clients who don’t have the budget to replace scads of machines that, while not that old–still not amortized–can’t run Windows 7. Who don’t have the budget to experiment with each machine–and each one is an experiment–to see if it REALLY can run Windows 7…oh, and that’s a full, destructive reload, not an upgrade.

    My clients resisted Windows 7 because of the horrible Vista experience. They’re finally starting to buy new machines with Win7, as they need to expand or replace aging machines. But it’s flat-out silly to expect people to rush out and replace their entire hardware base just to get a new pig-in-a-poke.

    1. Dave, I’ve been living in the Real World for some time now. I am well aware of the upgrade issues involved, expecially for corporations. You would know that if you actually read my blog here or especially at ZDNet.

      Yes it takes time. No, it does not require “experimentation on each machine.” That’s pure FUD and you know it.

      In my estimation, any IT pro in 2010 who does not have a well-thought-out strategy for migrating from XP should take up another profession.

  15. If your PC is slower with Windows 7 you must have a crap video card. From my experience Windows 7 runs great on all the PCs I put it on. I have an $250 Acer netbook with 1GB of RAM.

    This thing ran horrible with Windows XP. I upgraded to Windows 7 and it was like night and day. Overall much faster, it finds the WiFi network and is ready to surf the internet as soon I logged in. Also the ready boost feature in Windows 7 actually works. Plugging in a $10 thumb drive and enabling ReayBoost increased performance by around 20%.

    After a year on Win7, XP is unbearable to me.It’s time to move on.

  16. I have to agree that this is something of a relative theory of why to upgrade from XP.
    @Karsten Loepelmann, the idea of XP mode is to ease the transition away from legacy programs, not keep them running indefinitely. And, yes, you do need to patch them like any other PC, virtual or otherwise.

    The whole debate about what is “best” is null and void IMHO. If you want to reduce the chances of getting attacked then you go for Windows 7. If you think security isn’t important then stick with XP and accept the consequences

  17. dump windows xp? why? because is fast and stable? and is fast? and every software works on it? and did i mention is FAST? and windows7 is one year old and has so many security holes already? and windows xp is faster than win7. no benchmark can beat it. i have real life work experience and what you saying is absolutely untrue: win7 is slower than windXP by multiple.

  18. These threats all involve authenticated users. The take-away here should be: Watch who you allow to use your computer system.

    As with all things computer, the question should always be “what do you need to do with it?” At this point in time I am content to use XP-Pro to accomplish the task for which I own a computer.

    Dump XP? That’s just stupid! I still maintain several Windows 98SE systems (of course they stay off the internet) and they perform their assigned duties flawlessly. Again it’s: “what do you need to do with it?”

    I must admit though that thanks to Windows Vista and 7 I have been collecting cast-aside Pentium 4 systems faster than I can refurbish them. WinXPpro in a Pentium 4 is a mighty fine machine and I am dubious of the knowledge and opinions of any who would imply otherwise.

    “Today’s lesson in why it’s time to dump Windows XP”??

                      NO SALE!
    1. Masodo, those Pentium 4 systems are power hogs. My more modern systems save me $100 a year in power bills, not to mention productivity savings.

  19. Here’s a real life scenario (real life, the thing that matters, remember?, not benchmarks):

    I’m computing my workloads – the stuff that pays my bills – with 4 services and nothing but the few critical system exes (of which I can kill all but csrss.exe). It runs in 9 MB RAM so I have the rest of 2 GB for MY stuff, and 4 cores saturated, almost no cycles for the OS.

    The thing is, I can’t even run that workload properly under Windows 7. I’d have to upgrade to 64-bit and add more memory. I’m switching when the new version beats that.

    They’ve absolutely hit the sweet spot with XP. I think MS will see the light some day and get serious with the MinWin.

  20. Misconceptions:

    XP is NOT fast. Sure it can handle a single thread of CPU usage .001% faster. But for the full user experience, it’s 100 times slower.
    XP is like swiss cheese. Newer versions of Windows are far better and far less buggy than XP ever was, is or will be. And fixes for those holes XP will soon stop. It’s time to leave XP now.
    XP only holds on due to people’s normal actions to not change. XP was around for 7+ years before anything could replace it, and during the biggest growth in computing we’ve seen so far. So it has a long full history on these non-moving folks. So it will remain. That is NOT a reflection on why NOT to move to Windows 7.

    XP is dead folks. There is no reason to stay. Move up and move on.

  21. @ Mr. Bott

    Don’t talk to people like they are an idiot because you have self proclaimed “Windows Expertise”. I double checked Microsoft Update before I commented because I thought I may have missed some updates, and there were none. I’m not stupid, and no, I don’t have a whole bunch of patches waiting for me. My whole point is that everyone’s machine is setup different, and people, depending on their expertise, can have their systems set up in a many different ways. You probably have SP3 installed. I do not because a lot of the software and hardware I MUST use will not work with SP3, nor will they work with Windows 7. Don’t get me wrong, there are many good and valid reasons to dump XP. The amount of security updates waiting for a particular setup on a particular day is not one of them. Your reasoning has no teeth. Your logic is based on what? If you want to claim Windows Expertise, then instead of bashing XP, why not do the responsible thing and promote Windows 7 if you really like it that much better. I expect someone claiming expertise to exercise the scientific method…show me some data, show me some proof…not just one useless fact, on one not so special day.

    1. Ken, I’m not calling you an idiot. But you are woefully uinformed. The reason you ddn’t get those updates is because you are using an UNSUPPORTED configuration. Microsoft no longer offers patches for Windows XP SP2, as of July 13, 2010. If you don’t know that, then you really need to pay more attention. You are at substantial risk. And you could have read that here:

      But the larger point, which you have missed, is that XP, even with SP3, has fundamental insecurities in it, many of which have been addressed with architectural changes in more modern versions. That is a fact, not an opinion.

  22. I use Windows 7 mostly, but my old laptop has XP and it will remain with XP. That is the only computer that will run dos based graphic applications that I have. Don’t tell me about XP mode, it doesn’t work, it won’t even install on some newer machines.

  23. XP will stay for a long time, likely way beyond end of it’s lifecycle, as long ‘no activation needed’ copies are available on the internets (I predict someone will make final ultimate update package right after windows update servers reject XP).

    I use XP & Vista on a daily basis and have tried 7. After very scroutinous observations, there isn’t one justified reason why should I shell out ridiculous amount of money just to abandon XP, which has become de facto standard.

  24. I use windows xp and will continue to do so until I can afford to upgrade to a newer machine; another 2-3 years given the economic meltdown. I use a router, firewall, antivirus, spybot and the only problems I get are spyware from websites that I visit – even otherwise high stature sites using tracking cookies. Minor inconvenience – they’re found and removed. Would still happen on windows 7. As long as MS continue to update it I am happy and do not see a compelling reason to upgrade to 7.

  25. The money it cost to upgrade to Windows 7 is Real Money.
    To reset a workstation with a new box for the sole purpose of switching to Windows 7 would also cost an exceptional amount in terms of lost productivity. False economy is not a reason to switch.

    Of the over 60 systems I administer I have seen the need to install 1 Win 7 machine for the performance gain and software requirements. This system does not access the internet other than for updates. In fact the XPpro machine it replaced is still in service as an adjunct to this workstation. So although The Pentium 4 may be a power hog it now shares the power grid with a spanking new Core i7 box. Hardly a power savings.

    Operating systems are the life-blood of any computer. DOS-6 is still viable in the “real” world. To state that any operating system is “dead” is true only in the marketing sense.

    If you can afford to play that game, “bully for you!”

  26. Hi Ed,

    I’m a software developer and I use my Pentium/XP as:

    1. A Digital Audio Workstation.
    2. A Virtual Instrument Workstation for live gigs.
    3. A CAD Workstation.
    4. A Graphics Workstation.
    5. A Development workstation.

    Notice that I don’t need the Internet in these situations. But if I were to upgrade the total cost would be:

    1. New killer machine $3,0000
         (can't play drums with latency > 8 millisecs) 
    2. Windows 7             $250. 
    3. Software upgrades   $2,000.
    4. A whole week to get things working.

    Total cost including my time: ~$8,000.

    All this for what? Eye Candy? Sorry, when my app screen is maximized, I don’t see the sugar. Need Internet?

    Start open source hypervisor of your choice (10secs).
    Wake up a virtual Linux instance(30secs).
    Browse, shut down when finished.

    Total cost: $0.00

    Hard to beat isn’t it.


    1. Oh, please, Marius. My main workstation has an i720, 10GB of RAM, two-high-end graphics cards, Windows 7 pro, and 2TB of storeage. total cost was around $1500.

      Your math betrays your bias.

  27. I’m not woefully uninformed. I agree that XP (SP Any), just like any other operating system (including Windows 7) has fundamental insecurities. The question is what kind of insecurities, and what do you do to protect against them.
    I wish Windows 7 was the end all solution for everyone, it is not. For the average user that only cares about the internet and Facebook, sure, pick Windows 7, and upgrade your hardware or buy a new computer while your at it. I set my kids up with Windows 7 because it’s easier to for them maintain, and ultimately me. Funny thing is that even though I do more with my “high risk” XP SP2 machine, I am constantly fixing their machines because they are still kids. Why do I not have any issues on mine? Because I inform and protect myself in many ways. Trusting Microsoft to protect me accounts for about 1% of that.
    When people ask me what to do about their semi-functioning computer that’s running slow or a has virus, I recommend they buy a new computer with Windows 7, or just get an apple. Why, because they obviously don’t know enough about computers for me to waist my time. If they are close friends or family, I will usually save them some money and install my “special load” that address’ everything I’ve learned over the last 20 years. It contains all kinds of tweaks and 3rd party installs as well as some of my own software that automate protection and maintainence. (installing XP or 7 OS base depends on the machine and especially the video card) They all love it, and have never had any computer issues again. And no, I did not set my kids up with this load because I want them to learn for themselves.

    I did read your weblog about support ending for win2000/XP SP2. It was factual and timely when written.

    As far as this weblog is concerned, I think you’ve opened up a good premise for a debate, and I would hope a deeper dive into what you are trying to say here.

    Here’s a good question: How can I make Windows 7 do and support everything that XP can? Here is a few things that won’t work on 7:
    1. My sony HD camera – no driver support past XP SP2 – It is a great camera and very expensive and works perfectly for what I need. Do I (A) buy a new one…(B)Complain to Sony that they don’t support the latest and greatest operating system even though they no longer manufacture the camera and therefore have no income on that particular product to justify continuous updates…or (C) Expect that Microsoft should provide legecy support?

    RS232 communications – yes it’s older than I am, but many devices in the manufacturing industry still use it. Should I (A) Tell my customers they are SOL on millions of dollars in hardware because microsoft says it’s a “legacy” product and no longer supported. (B)Install XP because it will work, even though it is (or will be) no longer be supported soon…or (C) Expect that Microsoft should provide legecy support?
    Real DOS – again, older than I am but needed for same reasons as #2 You can make XP compatible in most cases, why not 7? Same A,B, & C as #2

    Basically I want an operating system that can do everything old and everything new. I can get XP to anything 7 can do, but not the other way around.(OK…That I need…so far)

  28. Odd, my 64-bit Windows 7 system will require 14 security updates this morning, 13 for Windows 7 itself and 1 for IE8. I have a total of 22 important and 5 optional updates waiting for me. These were all released since I patched last month.

  29. Hi Ed,

    I have no bias, Ed. Just needs. I live in Quebec. I pay 50% income taxe plus 15% GST+PST retail taxes. Still, I’ll credit you $1,000 upfront for the machine no questions asked and pro bono my precious time. My machine needs 4 hard drives minimum. OS, Audio recording, Sample streaming and a backup drive. But still, I’m open. Please give me a rationale for spending all this money. Teach me how I will benefit from all this work and my hardly earned ~$4,000. I’m not being sarcastic here. I’ve been thinking of Win7 for a while but just can’t see the value. The value….yes.


  30. Marius, it’s not my job to convince you to upgrade. I’m not going to try. I will point out two things, however. For most business users, Windows 7 will work better and faster than XP. And if security matters to you, XP is a poor choice.

  31. i was wondering why some of my really GOOD & Usable software went crazy when i did the XP SP3 upgrade! even the comments have solved some of my problems!!

  32. Ed, I’ll dig through the logs tomorrow and send you the list. One thing occurs to me, if updates named “Security Update for Windows 7…” isn’t a security update then Microsoft might consider changing their naming system.

  33. Ed has some valid points in his post. There are fewer and fewer reasons to keep XP when there is a much more secure and modern OS in Windows 7. I understand its not easy to change peoples attitudes when you have been used to using something for a long time you don’t want to change and I can understand that but people we have to move with the times.

  34. I was wondering, what are the implications for XP Mode in Windows 7 when a new vulnerability is discovered? Does it compromise the whole system–or is XP Mode running in a virtual machine? And what happens when Microsoft stops rolling out security patches for XP in 2014? Even if it’s “just” a virtual machine that’s affected, that’s pretty bad.

    Just wondering…

  35. Karsten, XP Mode is a virtual machine. It runs on its own and has to be patched on its own. If you enable Automatic Updates that will happen without your intervention, as long as the machine is turned on. Those updates will continue until April 8, 2014.

    It’s important, though, to note that XP Mode is not intended to be used as a complete operating environment. Rather, it is a compatibility aid to allow you to upgrade to a modern OS while still being able to use one or two apps that will not run under the new OS. If those are standalone apps (like a graphics program) then there’s very little security risk. If they are Internet-onnected, you should be using XP Mode as a transitional tool with a clear plan to replace those old apps.

  36. If security matters to you then you must realize that the built-in security offered by your operating system is just one small fraction in the protection equation.

    Just wait, there will be discovered holes in Windows 7 security. All in good time.

    I with Postman on the fact that XP can be hardened with a handful of freely available programs that add very little to the operational overhead.

    With EVERY computer system the biggest threat is the operator. In my spare time I clean infections from the computers of friends family and neighbors. I do as Postman suggest and install the “secret weapons” and the folks are generally set for safety (porn browsers excluded.)

    This service has brought me much in the way of referrals and – let me tell you – Windows 7 is just as vulnerable to the nasty infections that are plaguing Vista and XP.

    Granted: if you want to protect yourself from high-level espionage then Windows 7 is likely worth the investment, chiefly because it is state of the art and security software vendors are certainly writing the latest greatest software for that platform.

    In reality your computer has the best chance of being carted off in the trunk of a car – most likely – of someone you know. Of course “paranoia will distroya” so you have to draw your own lines.

    As for speed: Take your computer off the internet if you are doing serious processing. If your computer is a tool not a video game, then an 3Ghz XP machine with 1GB ram and no security related TSRs is very impressive indeed.

    Say you need the internet? Get one of those free Pentium 4s and set it up for browsing. With two computers you can do processor intensive raster processing at full speed and fiddle with your FaceBook all at the same time.

    Time to Dump XP? Past-time that folks wise-up.

    Arguments about energy savings are negated by mountains of unused computer equipment.


  37. Ed, my bad. 12 of those 14 security updates I downloaded yesterday were from the August round of patches. I must have skipped patching last month.

  38. Nice article. I’m fully agree with you. Can you tell me that, what is the 3rd image on this article all about, whose screenshot is it. Is there any way to scan the new update for XP SP3 choose and install without Windows Update ?


  39. The third screenshot is a snippet of the Windows Update screen from Windows XP with SP3. Yes, you can instal manually without Windows Update by downloading directly from the associated security bulletins.

  40. Old hardware is a great justification for having XP around. You gonna upgrade ($$$) for them? And don’t say anything for compatibility about stuff designed just for XP (Hardware/software)

  41. My favorite part of your post was the “Note to commenters:” Well said.

    We still order our PCs with XP Pro only. It’s getting harder and harder to find them and so we now have to use Dell’s outlet and have even paid extra for a “downgrade” business license. Our shop still use a security USB driver that failed Windows 7 that all user require. I’m afraid we are stuck on the XP platform for at least another year. All new development is .NET 3.5 sp1 or web based.


  42. Yet another perfect illustration of an industry still in its infancy.
    To think that something bought only four years ago costing hundreds of dollars should be thrown away and replaced.

Comments are closed.