The end is nigh. The end of support for Windows XP, that is.

On April 8, Microsoft will officially end technical support for its Windows XP operating system.

To be clear, computers running XP will keep working after April 8. But they'll run an increased risk of becoming victims of viruses and malware.

You see, every month for the past 12 years Microsoft has released security patches for Windows XP. If you've ever watched Windows Update do its thing, that's what going on in the background: it's downloading a security update.

The April 8 patch will be the last. If new flaws in XP are discovered after that, they will go unfixed.

XP still popular

This is a big deal, given the sheer scale of XP's installed base. Windows XP is still the second-most-popular version of Windows. By one estimate, almost 30 per cent of the world's desktop computers run XP.

Why are so many computers using an operating system so long in the tooth?

"A lot of it comes down to, 'If it ain't broke, don't fix it,'" says Brian Bourne, a Toronto-based IT consultant and organizer of the SecTor Canadian cybersecurity conference.

For home use, he says, "a lot of people are reluctant to change something that they know and just works. And that's also true in business."

'Hackers [may have] found vulnerabilities in Windows XP that they haven't disclosed, that they're waiting until after April 8 to start using. Depending on the severity of those, they'll have large success attacking machines.'- Brian Bourne, IT security consultant

I certainly know people who still run Windows XP at home. And here at the CBC's Toronto Broadcasting Centre, I'm surrounded by XP computers in radio studios and on my colleagues' desks.

So what's the risk of running a soon-to-be-unsupported operating System? According to Bourne, it's twofold.

First, he says, "hackers [may have] found vulnerabilities in Windows XP that they haven't disclosed, that they're waiting until after April 8 to start using. Depending on the severity of those, they'll have large success attacking machines."

The second concern is related to vulnerabilities that haven't been discovered yet. Even if they are identified in the future, Microsoft won't release any more security updates to fix them.

WAITING FOR WINDOWS

Microsoft co-founder Bill Gates promoted Windows XP in places like Times Square in October 2001 after its launch, but these days the company is eager to persuade people to move on to a new operating system. For those concerned about the vulnerability of Windows XP after technical support is phased out in April, Microsoft's website bluntly suggests two options: upgrade to a newer and supported version of Windows, or buy a new computer. (Richard Drew/AP)

To paraphrase Donald Rumsfeld, there are known unknowns and unknown unknowns. After April 8, anyone still using Windows XP should worry about both.

Windows XP's 30 per cent market share comprises a wide variety of users: individuals, governments, and private businesses. Brian Bourne gave me one example of a Canadian industry that still relies heavily on Windows: banking.

He says only one of Canada's major banks has achieved 50 per cent deployment of the newer Windows 7 operating system.

"All the rest are less," he says, adding, "their ATMs are all XP."

Granted, ATMS aren't hooked up to the internet, so they don't have the same attack vectors as desktop PCs. Bourne also notes that Canadian banks are paying for custom support from Microsoft to help keep their Windows XP systems secure beyond April 8.

For individuals, it's important to remember that even if you're not running Windows XP yourself, there's a good chance you're doing business with somebody who does: anyone from your bank to your neighbourhood restaurant with a Windows XP point-of-sale system.

Options

So, what to do if you're still running Windows XP on your home PC?

On its website, Microsoft suggests two options: upgrade to a newer, supported version of Windows. Or buy a new PC.

"Those are certainly the safest options," Bourne says. 

If you simply must keep using Windows XP, Bourne says there are a few things you can do to improve your security:

  • First, he says, set up a home firewall to keep out malicious network traffic.
  • Second, use an up-to-date web browser that isn't Internet Explorer. Bourne suggests Google Chrome or Mozilla's Firefox.
  • Third, he says, "an antivirus product that is up-to-date will help."

I asked Bourne what he thinks about switching to an entirely different operating system like Ubuntu. While that may be an option for some XP users, Bourne warned that new operating systems often come with a steep learning curve.

But ultimately, he says, "if you still have XP, it’s time to move."