Preparing for “YXP”: April 8th, 2014
Next year, millions of computers worldwide are going to be more vulnerable than ever to the attacks of hackers, thieves and just plain rotten software and most people have no idea. Here, I hope to explain just why the end of Windows XP could be seen as the next, and real, “Y2K”.
Way back in 1985, a user of the Internet’s predecessor known as ARPANET posted a comment referring to the “Year 2000 Problem”. This issue, a decade later dubbed simply “Y2K”, was based on the knowledge that certain computer systems in use since the 1960’s to the then-modern day had been programmed with the assumption that the only thing a computer needed to know about the year it was in, were the final two digits. Concerns were voiced about how critical systems such as financial and government institutions would be able to cope with the sudden change from “99” to “00”. In the mid 1990’s, this issue gained sufficient media coverage to give many people in the general public yet one more thing to fear about the changeover from the 1900’s to the rapidly approaching 2000’s..
In hindsight, a lot of people looked really foolish.
At the time however, a lot of work was done behind the scenes to prepare. Software engineers – what many simply think of as “Programmers” – were hired out of retirement to work on code they’d last touched as much as thirty years earlier, written in languages that were no longer even taught in a modern computer science curriculum. Millions of dollars, possibly billions, were spent on reworking ancient “legacy” code to make sure that systems too critical to shut down, or too costly to upgrade, were ready for the coming shift. The word had gotten out, and the work was done to prepare. Thanks to the efforts of companies, governments, and engineers dredging up knowledge long considered obsolete, the “Y2K Bug” was rendered largely inert.
By comparison the “Year XP” problem is having a far more difficult time getting a similar degree of attention.
On April 8th of next year, Microsoft will finally cease providing new security updates for the now twelve year old Windows XP software. Released in late August of 2001, over 400 million copies of Windows XP were in use globally as of 2006, the year before the release of the poorly received Windows Vista upgrade. Vista’s reception in the marketplace was so disastrous for Microsoft that they continued to make Windows XP available to computer builders throughout the lifespan of Windows Vista, only removing the option after the release of the far more polished Windows 7 in 2009.
Thanks to Microsoft’s policy of releasing frequent security upgrades and new versions of patched software called “Service Packs”, the lifespan of Windows XP has been significantly extended from its original scope. A fully patched, “current” version of Windows XP is still today a viable system for using the Internet and you can find them in many homes and offices across the globe. As a worker in the Information Technology industry, and lifelong hobbyist, even I have computers scattered through my home running Windows XP when I bother to power them on.
Beginning on April 8th of 2014, using a Windows XP based computer on the Internet could very well make the Y2K panic seem positively quaint.
After that date, any security vulnerabilities discovered in Windows XP – no matter how critical or dangerous – will be left unfixed and ignored by Microsoft. Computers running the system will be left to the whims of whatever hackers are able to throw at them. Yes, third party antivirus software will help, but that final and most powerful line of defense – Microsoft – will be gone.
As an IT professional, I sit here loathe to advise anyone that the smart thing to do is run out and purchase a computer running Microsoft’s current software, Windows 8. Unfortunately, the cold, hard truth of the matter is that the pains of adapting to the vast number of changes made in Windows 8 are far preferable to the potential damage caused by a world where Windows XP is no longer given the attention of Microsoft’s security watchdogs.
There are two major factors at play when it comes to the differences between the widely-hyped “Y2K Panic” and the “YXP Silence”.
First is the continued global economic downturn. Call it a recession, call it a depression, call it Martha for all it matters – but many companies and government entities are resisting the push by IT departments to spend scarce or nonexistent budget allowances on new computers when “The current ones work just fine.” During the “Y2K” panic, the economy was booming. The “dotcom bubble” was just reaching its peak on the stock market, and everyone felt like there was no end in sight. Money was thrown at the problem, and by and large, the original software issues were rendered moot.
Secondly, we have the Internet. Where “Y2K”s biggest risks were systems designed and utilized in a time where networking technologies were only for the proto-Internet systems that came before what we have today, Windows XP was Microsoft’s biggest push ever toward putting a net connection in every home. Every computer running Windows XP was ready to jump on the Internet and send data flying back and forth along the lanes of the “Information Superhighway” as fast as it could.
And this is what a virus needs.
When a virus spreads, it first finds a hole in the security of a system. Sometimes, a user clicks on the wrong link in an email pretending to come from a trusted source. Other times, computers can be innocently connected to the network in a less secure way, which allows automated virus systems to worm their way onto a computer’s drive and spread from there without the user even knowing unless the virus author wants them to.
On “YXP”, these holes will cease to be closed when they are discovered.
If you’ve ever had a computer virus, or seen one in action, you can attest to how much of a pain they are. The cost of repairing a computer infected by a virus can be quite high, the loss of saved data permanent. In many cases, even seasoned IT professionals such as myself are unable to fully and safely save a user’s valuable data and ensure the computer is “clean” even after many, many hours of research and the application of a fistful of specialized software tools without what some of us call “nuke and pave” reformatting of an entire disk with the loss of all data aboard. Now imagine a business or government where tens or hundreds of computers are infected almost simultaneously.
I don’t write this expecting to leverage my warning as a way to make money. I don’t own stock, I don’t have a position in life that means I’m going to be able to profit from these mass upgrades. The people I consult for have already made this shift, or are close enough to it that a migration fully away from Windows XP will be complete long before “YXP” takes place. That said, I have to lay out an unfortunate, painful truth.
It’s time to let your old Windows XP computer go. Don’t give it to the kids. Don’t sell it at a yard sale. Just let it go.
If it’s old enough that it shipped with Windows XP originally, it’s unlikely to run well with Windows 8, the only Microsoft replacement currently available to the general public. There may be people interested in Linux, or Apple’s line of Mac computers which run a completely separate system called “OS X”, but for the vast majority of users your choice is going to be Windows 8. It is going to cost you money, it is going to stress you out, and you might even be tempted to curse the names of Bill Gates and Steve Ballmer until your throat can’t strain any longer. But it’s a bitter pill you’re better off swallowing than running the risk of the alternatives.
The final and most worrisome aspect of Windows XP’s massive share of the operating system market to this day isn’t what will happen to any individual that happens to have a system compromised by malicious code once Microsoft ceases support. It’s the fear of what might happen when tens of millions of Windows XP machines are left on the Internet, able to run amok at the urgings of their new black-hatted hacker overlords. A mob of unruly computers, clogging up the “Information Superhighway” for everyone like a digital traffic jam.
I hope I can look back on this writing twelve years from now and feel as silly as those hundreds of panicked authors did 13 years ago. I hope this all comes to naught, and the months following “YXP” pass without incident.
But I’m not taking any chances.
Carson City, NV
Addendum: I hereby grant permission for this to be distributed and posted on any site, as long as it is done in its entirety. I will attempt to keep an eye on any comments made where I am aware of them and answer any questions to the best of my ability.