So, no huge vulnerability has yet come to light in Windows XP

XP logoIt’s now over a year since Microsoft stopped supporting Windows XP. This means that any newly apparent security flaws will not be patched up. Lots of people in the IT business (me included) predicted Armageddon for anyone continuing to use XP after April 2014. We were certainly very free with our computer advice to upgrade as soon as possible.

So far, nothing horrendous has happened and you might think you detect a trace of egg on face. However, it wasn’t just the security vulnerability that caused us to advise people to move on, invest in something newer. There are other complications with XP that are only going to get worse as time passes.

Earlier this week, I was with a new computer support client who needed some help and, yes, she’s running XP. We had the initial discussion about whether it might be better to get a new machine now, and the client decided to proceed with her original list of to-dos. We came across several problems that I think are going to become ever more typical for XP users.

Firstly, we tried to install a new HP Officejet printer. After about three attempts, I gave up trying to get the XP laptop to connect wirelessly with the printer. The software was telling me that it recognised that the printer was connected to the router and switched on, but that it couldn’t communicate with it. Even manually providing the unique IP address of the printer didn’t help. Eventually, we took a step back into the 20th century and connected the laptop to the printer via a good old USB cable. No problem. We were pleased to find, though, that setting up the wireless connection wasn’t in vain as it didn’t take long to get the client’s iPhone and iPad printing wirelessly. Big relief that the printer is capable of communicating by both methods without any re-setting of software or connection/dis-connection of cables.

Secondly, the client asked about a notice that Yahoo were placing at the top of her webmail page saying that she had to use the “basic” email interface as her browser didn’t support their latest webmail interface. Sure enough, she uses Internet Explorer and the latest version that can be installed on an XP machine is version 8. This is pretty old, now, and it’s not too surprising that modern websites don’t like it. Luckily, Google Chrome plays nicely with both Windows XP and the latest Yahoo webmail interface, so that solved that particular problem.

Gotcha!And finally, we had a spot of bother with Microsoft Office. Not unreasonably, the client wished to upgrade from Office 2003 (no longer supported by Microsoft) to Office 2013. So, we jumped through Microsoft’s online hoops by creating a Microsoft account and then purchasing Office 2013 Home and Student online. It was only at that point – after the order had been placed and paid for – that the Microsoft end of things decided to check her operating system (a website can discover a number of things about the hardware and software of a web visitor – including the operating system) and informed us that Office 2013 isn’t supported on XP. It didn’t actaully make it clear whether that meant that it wouldn’t work at all or that it might work but that we were on our own. We decided not to take the risk and managed to cancel the order and get her money back by using their online “chat” service. That all worked reasonably well, but I still don’t know why they didn’t warn us of the incompatibility at the time of placing the order rather than waiting until we started to download/install the software.

Bite on the bum

Don’t wait for XP to bite you on the bum

So, three significant niggles that wouldn’t have happened if the operating system had been newer than XP. This kind of problem is only going to get worse. Increasingly, drivers, other software, and peripherals, will not be compatible with XP. So, once again I would advise that if you are running an XP machine for anything important (or even “mission critical” as our friends across the Atlantic would say) then do think seriously about upgrading before something or other catches you out and bites you on the bum (so to speak).

As we all know, Microsoft ceased support for Windows XP in April of this year

XP logoThis means that any new security weaknesses discovered in XP will not be rectified. All of the publicity about the end of XP has prompted people to ask “when will Vista be pensioned off?” and even “what about Windows 7?” Well, users of those operating systems can relax – for a short while, at least.

Actually, there’s no big secret about these things. Microsoft publish the information. Each version of its products (including all the Windows versions) goes through certain stages between introduction and final demise. Taken together, these stages are known as the Support Lifecycle.

There are two main phases of support – Mainstream Support and Extended Support. You can see the types of support offered during these phases by referring to the table below(source: Microsoft).

Support is generally offered for the version of the product (eg Windows Vista) that has had the latest “service pack” applied. Service Packs are updates to the program that include all of the individual fixes, patches, and updates that have become available since the previous Service Pack was released. It is always best to have the latest available Service Pack installed. If you have your Windows set up so that updates are automatically received then the latest Service Pack should be installed automatically.

What is the difference between mainstream support and extended support?

Microsoft Support Lifecycle Phases

Items marked with a star are only available to organisations who sign up to special “Premier” support deals. (Source: Microsoft)

The cut-off date, after which the support phase finishes, is defined by the lifecycle policy laid out by Microsoft. Click on this link for more information about the Microsoft Support Lifecycle Policy .

Luckily, we normal people don’t have to concern ourselves with the details of the policy as Microsoft have published the dates of the lifecycle “landmarks” for each of their products. You can find the relevant dates for any of their products by clicking this link to Microsoft Products Lifecycles and then clicking on the link to the relevant product.

If we follow the link for Windows Vista, for instance, we find that mainstream support for Vista Business ended on 10/04/2012. We are now in the “Extended Support” period for this product. This means that no new features will be announced and updates will generally relate only to security issues.

Then, on 10/04/17 we’ll go through the same thing with Windows Vista that we went through with Windows XP in April of this year. In other words, Microsoft will stop patching any new holes that are discovered in the security of the product and people like me will be telling you that it is no longer safe to use the product on a machine connected to the internet.

Windows XP TombstoneWhether you continue to use the product after that date is for you to decide. “End of Support” does not mean that the product will stop working or will self-destruct or anything of that nature. It just means that any new bugs or (more significantly) any new security weaknesses, will not be addressed and rectified by Microsoft. This leaves the software wide open to exploitation by the bad guys out there who are trying to get into your computer to steal your information, hijack your internet connection, hold you to ransom, or place viruses on your computer.

So, there you have it. It’s quite easy to check just when your Microsoft product will be consigned to history, so you’ve got plenty of time to plan ahead and make sure you’re not left with an unsupported product. Haven’t you?

… and if reading this blog nudges just one of my computer support clients into replacing their (unsupported) XP, then it will all have been worthwhile!

This week Microsoft ceased to support Windows XP

In practical terms, this means that Microsoft have now issued the last security update that will address vulnerabilities in XP. To summarise the main problems this will cause:

  • Hackers, virus writers and so on may now concentrate their efforts on discovering vulnerabilities in Windows XP, knowing that Microsoft will not be trying to counteract their activities. This is likely to be worth their while as XP is still the second most popular operating system in the world (behind only Windows 7, and far in front of Windows 8, Vista, Mac OS, and all the Linux versions).
  • Manufacturers of both hardware and software that is currently compatible with Windows XP may not be so in the future as the manufacturers take their cue from Microsoft and stop putting effort into maintaining compatibility with an obsolete operating system (and who can blame them?).

So, do I have to stop using XP now?

There may be powerful reasons why you do not want to upgrade your computer at this time, so is it essential to deal with this at this moment?

XP with wingsThat is up to you. The consensus around the bits of the web that I’ve been dipping into seems to be that XP is not expected to become hugely dangerous immediately. Personally, I’m not going to take the risk. My experience of removing malware and viruses from clients’ computers tells me that most infestations can be tackled successfully using a combination of Malwarebytes, SpyBot, AdAware, and some careful googling. Having said that, though, I believe that it is a risk not worth taking. That risk will, of course, increase over time as more and more vulnerabilities are found – and not patched – in the ever-ageing operating system. My advice to my computer support clients is to replace an XP machine as soon as possible if it is exposed to the WWW.

Will XP stop working?

No. There’s nothing to stop you from continuing to use XP if you feel the risk is worth it.

Can it be made safe?

No, but there are things you can do to reduce the risks. These are:

  • Stop using Internet Explorer as your browser. The current versions of both Chrome and Firefox will run under Windows XP and they are both safer than Internet Explorer 9 (the latest version of IE that will run under XP).
  • Install one of the website scanners that warns you before you visit if a website is known to be dodgy (eg McAfee Site Advisor)
  • Install all of the recommended security updates that existed at 8th April. Microsoft have not announced that they are going to remove updates and patches from their website. You will still be able to install all of the currently available updates into the foreseeable future.
  • Make sure that you have antivirus software installed and that it is automatically updating its virus definition files (probably daily).
  • Check for software and driver updates of any software and hardware that is important to you on your XP machine. Manufacturers will undoubtedly stop providing drivers and updates that have been tested and confirmed to work with XP. Get the latest versions while you still can. It would also be a good idea to take backup copies of these if you can.

Can you still support me with my XP machine using Teamviewer?

TeamViewer logoI have spoken with Teamviewer and they couldn’t think of any risks in using the remote control software that might be caused by the demise of XP. Until and unless I learn different, I will continue to offer Teamviewer support to clients running XP.

Can you come and make my computer as secure as possible along the lines you have outlined?

I could (assuming you are in my normal geographical range), but it probably wouldn’t make economic sense. If it took me a couple of hours to do this work for you then that would cost you £130. Now I do realise, of course, that that is much less than it would cost you to get two hours of support from most IT support consultants (!), but it’s still money that you would probably be better off investing in a new computer. The only obvious exception that I can think of is if you have some old software that is essential to you but which hasn’t been developed to run on Vista, Windows 7, or Windows 8.

Windows XP TombstoneSo, you can reduce the risks, but they will still grow over time and one day you will probably have to bite the bullet and get a new computer. The good news is that the new one is probably going to cost you a lot less (in real terms) than the doddery old one that you are unwilling to replace at the moment.

PS: at the risk of putting a another big crimp in your day, if you are running any of the components of Microsoft Office 2003 (Outlook, Word, Excel. PowerPoint, OneNote) then you should also be aware that Microsoft ceased support for Office 2003 on April 8th as well as XP. Not as drastic as the XP problem, maybe, but still a security risk.

It’s 50 years (really!) since The Rolling Stones sang “Not Fade Away”

It could almost be an anthem for Windows XP.

Microsoft Ends Support for Windows XP - screen capture from Microsoft

Click the image to find out for yourself

Is no-one listening to the warnings about the impending end of Microsoft support for XP? I’ve just been looking at some statistics of my website visitors and was astonished to find that the percentage of Windows XP users visiting my site in the last month (16.1%) is exactly the same as the figure for the last 12 months (16.1%).

What could be the reasons that there seem to be as many XP users as ever?

No-one is taking any notice

I’ve heard people compare this situation with the “millennium bug“. They’re saying that the world didn’t end then, so why should it end now? Well, that’s a bit like saying that Krakatoa’s last eruption didn’t finish us off, so why worry about Somerset turning into Waterworld?

I would argue that not only was the millennium bug a completely different situation, but it wasn’t even the non-event that people now choose to remember. I was designing database systems at the time and I remember having to come up with some pretty nifty formula changes to compensate for the fact that software date arithmetic at that time assumed that all dates were in the 20th century. Had we not been concerned about similar problems in the chips themselves, there would have been a lot of inconvenience that was avoided.

Aside from silly comparisons with the millenium bug, do you want to risk everything on your computer – and every other computer that is connected to your local network – just to keep an XP machine running a bit longer?

Windows XP logo as a gravestone against Windows XP desktop backgroundPeople have taken notice but think they are invulnerable

Yes, I think this could well be true of a lot of people. There are still people out there who won’t take antivirus software seriously, so why would they even bother to consider the possibilities of virus and malware writers exploiting an increasingly fragile XP? To those people I say “thank you for paying me to remove your viruses”, but please, instead, just accept the reality that you are safer using antivirus protection and you’ll be safer not using a Windows XP computer after March 2014.

My figures are not typical

Actually, they are. Figures published in Jan 2014 by Net Market Share, StatCounter, and W3Counter, show Windows XP share of the market as 22.3%, 13.8% and 13.8% respectively.


Most of those XP users are in the developing world

Surprisingly, I can’t find any figures that show operating system usage by country. Looking at my own visitors, I find that UK, North America, and the Rest of Europe make up 86% of my visitors, leaving 14% from the Rest of the World. Is that 14% the same people as the 16% still using XP? I doubt it, but I’d like to find out more. There’s no doubt that the use of XP is likely to be skewed towards countries and regions less wealthy than Europe and North America. One of the big criticisms aimed at Microsoft for ceasing support for XP is that it will hurt users badly in areas where they can’t afford to upgrade their operating system and/or computers. Whether that is fair criticism is another question.

Pile of junked computers

Coming to a council tip near you?

There are loads of XP machines about to be pensioned off

I have seen evidence of this among my own computer support clients. It seems that a fair number of computer users have several machines and one or two of the oldest are running XP. These will be rapidly taken out of commission if XP becomes dangerous to use after support ends.

So, I think I’ve now done my fair share in warning my computer support clients about the end of Microsoft’s support for XP. I’ll try not to bang on about it again – until and unless we have more real news, at any rate.

If you’ve missed the whole subject and want to catch up, here are links to my previous blogs on the subject:

Replace Windows XP
Microsoft Will Stop Supporting Windows XP in 2014

and last week’s blog might help you along the road towards replacing a Windows XP computer:

Buying a New Laptop – February 2014

That’s it. I’ll shut up now.

Windows XP will not be supported, or updated, or patched by Microsoft after April 2014

Windows XP Logo - crossed outI have argued before that it will not be a good idea to run Windows XP after Microsoft cease support for it in April 2014. The main argument is quite straightforward – from the point of view of people wanting to do you harm, there will probably be so many installations of XP running after that date that it will be worth spending time and effort exploiting vulnerabilities that they know Microsoft will not be fixing.

Here’s another argument – taken directly from an official Microsoft Security Blog:

Whenever Microsoft become aware that there is a vulnerability in one of their products, they always check all other SUPPORTED Microsoft products to see if the vulnerability also exists in those other products. If it does, then it fixes the potential problem in all places at once. The reason they do this so assiduously (and not just because it is good housekeeping) is that the bad guys analyse security updates to see if they can find what it is that the update fixes, and then see if other products are affected in the same way.

Since Microsoft release the update for all products at once, the bad guys can’t use the knowledge to exploit an “unfixed” program. However, after Microsoft stop updating Windows XP then the bad guys can use knowledge gleaned from analysing updates to Windows 7 (for instance) to discover an unfixed vulnerability in Windows XP.

And this risk is by no means just hypothetical. To quote the Microsoft blog referenced above:

How often could this scenario occur? Between July 2012 and July 2013 Windows XP was an affected product in 45 Microsoft security bulletins, of which 30 also affected Windows 7 and Windows 8.

In other words, it could happen two or three times a month. And the effect will be cumulative as older vulnerabilities won’t ever be fixed.

Windows XP TombstoneI’m tempted to apologise for bringing this subject up again. After all, it probably won’t affect most of the readers of this blog as most people will be using either Mac OSX or a more recent version of Windows. But what about that old computer you’ve got in the spare bedroom on the third floor? You know, the one you boot up just occasionally when you can’t be bothered walking all the way downstairs? What about the computer you passed down the line to a family member? Are they likely to be using it next year and beyond? For all the users out there who change their computers every 2-5 years there are also plenty who don’t, as they only use their computer for the internet and don’t need the fastest and newest.

No-one knows for sure just what will happen after April 2014. Maybe nothing at all will happen (remember the Millennium Bug that turned out to be more of a damp squib?) Personally, I’m not going to risk it (unless I choose to do it on purpose on a computer completely isolated from the network of my others). However, I can just hear plenty of people saying “I’ll carry on just the same and do something about it if I have to”. But by then your data may be well and truly messed up, corrupt, missing. “OK”, you say “I’ll throw a six and start again on a new computer”. Fair enough – but be prepared to discover there are all kinds of passwords, account details, purchase histories, old correspondence, and goodness knows what else that you may have lost if your old machine has become well and truly messed up.

Viruses

Is it worth risking?

Windows Vista was released worldwide in January 2007. Lots of people still specified Windows XP on new machines after then. So let’s just estimate that any Windows XP machine is going to be no newer than, say, April 2008 (16 months after Vista was released). This means that by the time April 2014 comes around, any XP machine is likely to be six years old at the very least. Are you really going to risk all the potential problems just to prolong the life of a computer at least six years old? I don’t advise it.

PS: I do realise that many organisations were still deploying new XP installations well after the dates above, but my own IT support clients tend to be individual professionals or home users (or both). They are the readership I am addressing. Besides which, there’s an argument for saying that it’s even more important for organisations to move away from XP than individuals – even if those installations are newer.

The end of Windows XP. Should you panic? Can you ignore it? And what does “support”mean anyway?

Windows XP LogoWell, if you are not a user of XP, you can ignore the news. But if your system is in the 14% of all systems in the UK still using it (as at November 2012), then you’ll have to wake up to reality some time in the next few months.

“Mainstream Support” for Windows XP ended in 2009. Since that time, we have been in what Microsoft calls “Extended Support”. During this phase the only changes to XP are those called “security updates”. These are the changes needed to keep up with new security threats as they crop up when the villains out there find new ways to exploit weaknesses in Windows XP. At the beginning of April 2014 Microsoft will stop fighting new threats to XP. They will no longer update XP to ensure that it is safe to use. In computer jargon, Microsoft will cease to support XP. Source.

What does it mean to “support” something in computer terms?

If we just look at a manufacturer “supporting” its own product, then it means that it will continue to make necessary changes (to remove bugs, for instance) and that you should be able to get help from the manufacturer if that product has a problem. So, if MegaBrill Software announces that it is no longer supporting MegaBrill 2002 it means that you are on your own if you still use that version. It doesn’t mean that the program immediately stops working.

Windows XP FlagIf we look at how products interact, then “support” means that the software was specifically designed to work with whatever it claims to “support”. It also means that the program will be tweaked and updated to cater for the changes and updates to whatever it is supporting (Windows XP, in this case). So, if MegaBrill Software say that MegaBrill 2009 supports Windows XP then you can expect it to work on a system running Windows XP. It’s just possible that the two items would work together without official “support” but if anything goes wrong then there would be no help available from the manufacturer. It could also mean that the version of the program you have been using may work with something else now, but that a newer version won’t.

So, if you have been using Megabrill 2009 quite happily with Windows XP and you decide to upgrade it to the latest version – MegaBrill 2013 – you may find that it won’t run with your Windows XP. You might then find in Megabrill’s product information that MegaBrill 2013 only supports Vista, Windows 7 and Windows 8. This means that it probably won’t work with your XP. In the computer jargon, “MegaBrill 2013 does not support Windows XP”.

You may encounter the same problem if you buy a new piece of equipment such as a printer. It may not support Windows XP. If you think about it, it makes sense. If the printer manufacturer is bringing out a new product in 2013, why spend time and money to make it work with an operating system (Windows XP) that is not going to be supported by Microsoft beyond Spring 2014?

More and more software and hardware will cease support for Windows XP as they release new versions of their products. Again, why would they spend time and money making sure that their software works with an operating system that it will become increasingly dangerous to use. So, an existing piece of software that you have that currently works with XP may become “unupdateable”. It will also mean, of course, that XP users will not be able to use brand new software as that new software will not have been written to be used with XP right from the start of that software’s life.

Windows XP StickerApart from software compatibility problems, Windows XP will become increasingly unsafe to use after April 2014 as the bad guys find new ways to exploit XP in order to mess up your system, extort money from you, steal data, and so forth. They may even increase their efforts to exploit XP and its users. For a while there will be a lot of opportunity for them as they know that their efforts to undermine XP will not be counteracted by Microsoft. Likewise, they will know that it may be worth spending some time and effort exploiting programs that stop supporting XP as they know that XP users will continue to use the vulnerable, unupdated versions of those programs.

There are going to be a lot of people affected by the withdrawal of support for Windows XP by Microsoft. In November 2012, Windows XP was still being used by over a quarter of all computers worldwide. Even in the UK, Windows XP is still the operating system on 14% of systems – more than the figure of 12% for Mac OSX (the operating system for Mac desktop and laptop computers). Source.

So, if you are still using windows XP, there’s no need to panic but it really would be a good idea to start thinking about replacing it. If you are still using XP then it’s almost certain that the hardware you are using it on should also be replaced. My guess would be that the hardware is at least five years old (as that was when Vista was released. So, even if you are a “light” home user who doesn’t need to be at the cutting edge of dekstop/laptop technology, I reckon you’ve had your money’s worth out of that computer and it’s time to move on. For what it’s worth, I advise my own computer clients that four years is long enough to expect a “business” computer to last and five years for a home user.

If you have an older version of Microsoft Office (Office 2003, Office XP, Office 2000), or just an individual component of one of those packages (eg Word or Excel), then you may have difficulty reading documents created by newer versions (Office 2007 and Office 2010). To put the boot on the other foot, you may have emailed a document of the newer type as an attachment, only to have the recipient tell you that they can not read it.

That is because the structure of the documents changed with the 2007 version.

File Extensions

Depending on how your installation of Windows is set up, you may or may not see the “file extension” of each file when you view a list of files in Windows Explorer. The file extension is the part of the file name that comes after the full stop. The file extension tells Windows what type of file it is and Windows maintains a list of which program is used with each file type (in Windows jargon, each file type is “associated” with a specific program).

In Office 2003 and before, Word files had a file extension of .doc (eg “Letter to Father Christmas.doc”). Excel spreadsheets were .xls files (eg “Scalextric Costs.xls”) and PowerPoint files were .ppt files (eg “Pitch to Father Christmas For A Scalextric Set.ppt”).

From Office 2007, Word files have become .docx, Excel files are .xlsx, and PowerPoint files are .pptx. These file types are not compatible with earlier versions of the programs.

Compatibility

If you have one of the newer versions of Office then you have no problem in opening, viewing and editing files created in an earlier version. However, if you have an earlier version you can not open files created in a later version.

Solutions

Save As

If you have a later version, and are preparing a document for opening on an earlier version, then the simplest solution is to create a version of the document that is in the format of the earlier version. To do this, open or create the document and then use the “save as” command instead of the normal “save” command.

Normally, the different ways of saving a file are as follows:

  • Use the shortcut key combination of Ctrl s (hitting the “s” key while simultaneously holding the Control key down).
  • Click on the little blue icon of the floppy disc that is probably visible on the top line of the screen.
  • Click on the “Office” button and then click on the “save” command.
Office Button

Office Button

Each of these methods will save the file in the newer format. What you need to do instead is to click on the “Office” button, then take the “save as” option, and then take the “..97-2003 document” sub-option (as illustrated). The recipient of your file will then be able to use it as if it had been created in the earlier version of the program.

file save-as dialogue box

 

Document Viewers

You can actually view and print documents prepared in Microsoft Office even if you do not have Office installed. This is achieved by downloading and installing free viewers made available by Microsoft. Click on the following links for the appropriate viewer (see note at the bottom of this post) :

Word Viewer
Excel Viewer
Powerpoint Viewer

Compatibility Viewer

The above viewers are just that – you can view or print documents but you can’t edit them. A better solution for users who have earlier versions of Office is to download the free “compatibility pack” from Microsoft. This is available at http://support.microsoft.com/kb/923505.

You do have to carefully follow the instructions that are appropriate for your version of Windows.

The Compatibility Pack is for Office 2000, Office XP, and Office 2003. If you still have Office 97, or a component of it, then you need to either use the viewer or ask the author of the document to provide a compatible version of it using the “save as” option as described above.


Note:

I’m having to give up my previous practice of always quoting hyperlinks in full as some of them are just too long. If you are viewing this as a post on the blog then, depending on your internet browser, you can probably see the full version of the link if you hover your mouse over the link and then look towards the bottom of the browser window. If you are viewing the newsletter version, then hovering your mouse over the link should show you the full address of the link.

© 2011-2017 David Leonard
Computer Support in London
Privacy Policy Suffusion theme by Sayontan Sinha