Our website uses cookies

Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing Infosecurity Magazine, you agree to our use of cookies.

Okay, I understand Learn more

Tens of Millions of Desktops Still Run Windows XP

Microsoft ended support for Windows XP two years ago—but millions of desktops still haven’t been upgraded.

According to Net Applications, Windows XP is still running on 10.9% of all desktops as of March 2016. That makes it still the third-most popular desktop OS, behind Windows 7 (51.9%) and Windows 10 (14.2%). And there are more PCs running XP than Windows 8.1 (9.6%), and all versions of Mac OS X combined (7.8%).

Stat Counter numbers meanwhile find that Windows XP represents 7.4% of all desktops in April 2016, down from 10.9% in April 2015.

To put that in perspective, Microsoft says that the number of Windows devices out there is more than 1 billion—making for tens of millions of unprotected PCs—that’s quite an attack surface.

Since as of April 2014, XP customers no longer receive new security updates, non-security hotfixes, free or paid assisted support options or online technical content updates, it means that any new vulnerabilities discovered in XP will not be addressed by security updates from Microsoft. And that, Microsoft has warned in the past, opens the door for “zero-days forever.”

The reasons for not upgrading vary. Smaller businesses often don’t see themselves as targets and see a Windows migration as a cost effort that can wait. Many business also still have applications running on XP, many of which can't be upgraded. The original vendor may not have issued an updated version or has gone out of business; the specialist software's coders may no longer be available and no one else understands the code; the cost of updating is wildly disproportionate; or the source code is lost. And in some cases, trying to update the underlying operating system may break the proprietary software that runs it.

A survey last year found that businesses in EMEA are underinvesting in security, according to the IT professionals who work for them. According to Spiceworks’ 2016 State of IT report, one big indicator of this is a prevalence of outdated systems. A disconcerting 68% of EMEA companies surveyed are still running Windows XP. But, 53% plan to invest in Windows 10 sometime this year.

Photo © Mr. High Sky/Shutterstock.com

What’s Hot on Infosecurity Magazine?