Thirteen years after its release, technical support for Microsoft's Windows XP operating system will end tomorrow, leaving hundreds of millions of computers vulnerable to hackers and other security threats.

"If you continue to use Windows XP after support ends, your computer will still work but it might become more vulnerable to security risks and viruses," Microsoft says on its website. "As more software and hardware manufacturers continue to optimize for more recent versions of Windows, you can expect to encounter greater numbers of apps and devices that do not work with Windows XP."

Windows XP was the first much-ballyhooed operating system that market-leading Microsoft launched after the Y2K crisis in 2001. Microsoft is also ending support for its Office 2003 software suite on Tuesday, which most users have already upgraded from.

Since then, the operating system has been plagued by security and networking problems, and users have endured a seemingly endless cycle of so-called "critical updates" that pledged to fix old problems.

'And as time goes on, this situation will become worse and worse' - Security expert Christopher Budd

Starting Tuesday, Microsoft will no longer offer those updates free, meaning whatever security settings are in place on computers as of then will stay that way forever, as long as XP is installed. The company recommends that users upgrade their operating systems to one that has been released after XP, or buying an entirely new computer. Desktop computer prices have never been cheaper, so paying up to $200 for a new version of Windows may not be worth the money.

"We've received many calls this week asking a lot of Windows XP [questions]," Toronto networking consultant Ahmad Zehour of A2Z PC Service said. "They got that pop-up that [said they] wouldn't be supported after April 8."

No more support

Many large companies and governments are paying Microsoft to maintain compatibility for them until their networks can be completely wiped clean of all XP-based computers. That's happening because they will pay millions to maintain complex networks spanning multiple locations. Individual consumers and small businesses are likely out of luck.

Once ubiquitous in corporate environments, XP is still installed on roughly 500 million computers worldwide — enough for about one out of every five desktop computers currently in operation. More than 95 per cent of the ATM bank machines on earth run on XP, and that's spawned fears that financial threats are especially acute.

Hackers know Microsoft will no longer fix security flaws, so evil-doers have extra incentive to look for them. In addition, if a flaw is found for Windows 7 or 8, there's a good chance a similar issue exists for XP as well. So when the fixes come out for Windows 7 or 8, hackers can go back to XP to look for an opening.

"Skyrocketing online banking malware combined with a coming slew of never-to-be-patched vulnerabilities means that online banking on Windows XP is going to become incredibly dangerous soon," said Christopher Budd, the threat communications manager at digital security firm Trend Micro. "While that is a risk to the users of those Windows XP systems, in aggregate and in the end, it’s those users’ banks and financial institutions that face the greatest risks."

Budd says once weaning themselves off XP, banks should go as far as banning anyone who uses the software from accessing their networks or logging online.

"We shouldn’t fool ourselves into thinking that warnings alone will be sufficient. And as time goes on, this situation will become worse and worse," Budd said.

Zehour says the main concern for users will be outdated virus protection. But even after support ends, there are other options. "You could alternatively use a nice a good antivirus firewall and you backup your files on a regular basis, just in case something happens," he said.


  • A previous version of this story spelled the name of Toronto networking consultant Ahmad Zehour incorrectly.
    Apr 08, 2014 10:36 AM ET