If you’re still using Windows XP, I wish you’d stop. Seriously, for your safety and the safety of others, I wish you’d stop. The good news is you have some options, and you’ll probably be happier with one of them.
I advised a Fortune 25 company on how, when, and why to migrate off Windows XP in a professional capacity. So hopefully I can help you like I helped them. The reasons for doing it are the same. The only difference is scale.
A quick note
If you use Windows XP offline for running old software, I get that. I’ll cover that at the end. But if it’s your everyday machine that you use for web browsing and other online things, that’s a problem. Here’s why.
Still using Windows XP is dangerous
Every month, people discover new bugs in Windows. And every month, Microsoft releases fixes for those bugs–for newer versions of Windows. They stopped releasing those fixes for Windows XP in 2014. Microsoft made an exception in May 2017, releasing a single patch, but that was the exception. It was not, as some said on Twitter, a revival for XP. Microsoft releases the very occasional one-off patch but the majority of updates never appear for Windows XP, so it’s still not safe to use. No amount of wishful thinking is bringing Windows XP back.
On some level, I get it. Windows XP worked pretty well, especially compared to older versions of Windows. XP wasn’t cheap and neither was the computer you bought with it, most likely.
There are people who will tell you as long as you have a firewall and antivirus software, you’re safe. They are wrong. A firewall and antivirus provide reasonable protection when a computer still receives security updates. But once a computer stops getting security updates, it becomes fairly easy to make an end run right around those protections.
How exploits work
The easiest way to hack into a computer is to use an exploit. I’ll explain as simply as I can how an exploit works.
Think of programs and data. Your web browser is a program. This web page is data. This is theoretical and I would never do this, but bear with me. Imagine if I were to bury some program code in this web page. Then imagine if I were to find a bug in your web browser to make it run that code. Usually when that happens, your web browser crashes, runs that code in the process, and you think nothing of it. You restart your browser and carry on. But now that code is running in the background–and potentially giving someone else access to your computer. Maybe even installing remote access software to give someone else permanent access to your computer.
It’s really hard to do this stuff on an up to date computer. Sadly, on a computer that’s running Windows XP and a pile of old software, it’s not especially hard.
I know you’re asking why antivirus doesn’t block that. There are so many different ways to hide code in data that antivirus software isn’t good at finding it. It works sometimes, but not often enough to protect you in this situation.
But I’m no one special. No one would hack my computer.
I hear that argument all the time. That’s not how a hacker thinks. Today, when a hacker hacks into a large corporation, or a government agency, or launches a misinformation campaign on social media, they don’t use their own computer to do it. They find people with vulnerable computers and use those.
When a military officer in a faraway country launches a cyber-attack on another faraway country, they’d much prefer to use some random Windows XP computer in Iowa to do it. It’s the same logic as a bank robber using a stolen car as a getaway car, or at least putting stolen license plates on the getaway car. It throws off investigators’ trail.
Your computer is a weapon. Keeping it locked up so only you can use it is responsible. Leaving it leaning against the outside of your house right outside your front door is not. Unfortunately, continuing to use Windows XP is pretty much like leaving a weapon outside your front door. Eventually, someone will drive by your house and see it.
Your options for migrating off Windows XP
Fortunately, there are affordable ways to migrate away from Windows XP. And you don’t have to wait for a sale or settle for low-tier equipment to do so.
In 2017 I bought not one, but two refurbished computers with Windows 10 on them. One is an HP Elitebook 8440P laptop. You can also buy an off-lease corporate desktop. My approach for a $100 gaming PC works even if you don’t intend to play games. Used computer equipment tends to be cheaper early in the week.
An off-lease business computer, whether a desktop or a laptop, running Windows 10 will be faster and more reliable than any Windows XP computer at this point in time. I expect to get several years out of my HP 8440P. They’re like buying a used Toyota Avalon with 75,000 miles on it. Sure, it’s high mileage, but it can go 300,000 miles. The difference is there aren’t enough used Toyota Avalons to keep up with demand. But there are plenty of Dell Optiplexes and HP Elites and Lenovo Thinkcentres.
Another option is to get a Google Chromebook. If the main thing you use a computer for is to go to web sites like Facebook and check your e-mail with Gmail, Live.com, or Yahoo mail, you can probably get by with a cheap and cheerful Chromebook. The nice thing about Chromebooks is they update themselves, without you doing anything. And they store so little data on them, they aren’t even worth hacking into. So no one bothers. It’s too much effort for too little return.
It’s pretty easy to find new Chromebooks for $150-$200. You can find a used Chromebook on Ebay for under $100. Just make sure it comes with the charger and the battery works. Sometimes you can find one for under $50 with a broken mouse pad. As long as the rest of it works, you can just plug any old USB mouse into it and use it anyway. You don’t even need antivirus with them.
If you’re still using Windows XP, either of these options are much safer than sticking with Windows XP. They are also likely to be more reliable, as they run on newer hardware than whatever you’re using to run XP. Computer hardware gets less reliable with age, particularly hard drives. Something a little bit newer, running a newer operating system will give you an overall better experience.
What about software that only runs on Windows XP?
If you have software that won’t run on newer versions of Windows, you can continue to run it. Just don’t use the same computer to go onto the Internet and read e-mail. Move the data you need to that computer, do what you need to do, and if you need to send the data to someone, use a new computer to do it. It’s a little inconvenient but it keeps you and your data safe. The only way still using Windows XP is safe is if you keep the systems in isolation.
Retro computing enthusiasts do this all the time. That’s how they get away with still using Windows XP safely, or even older versions like Windows 98. They use the older computer just for the software that doesn’t run on newer machines, then use a newer machine for their everyday computing.