Affiliate Disclosure: By buying the products we recommend, you help keep the site alive. Read more.
Despite the endless warnings from Microsoft, the security-related horror stories from users on Internet forums, and countless technology articles that advise people about the folly of continuing to use Windows XP, some individuals (and companies) simply will not listen.
Believe it or not, there is an odd breed of computer owners out there who maintain that a 15-year-old operating system is both better and more user-friendly that the recently-released and much-praised Windows 10.
Bottom line – it’s not. You can check out our Windows section for a collection of articles that will walk you through all the cool new features that XP users are missing out on – but in this piece we will focus on some of the security aspects.
XP diehards, take note…
Internet Explorer vs Microsoft Edge
Understandably, Microsoft Edge has its critics (just look at the hundreds of comments in our article which espoused its virtues). One area where it absolutely blows its predecessor out of the water, however, is security.
The chequered security history of Internet Explorer will need no introduction to most users. It’s single-handedly responsible for making most of the spyware, adware, and computer viruses possible, it was seemingly stuck in an endless cycle of updates, patches, and fixes, and Microsoft was notoriously slow to respond to new threats.
Edge is supposedly a clean slate, designed to make a complete break with its tarnished ancestor. Toolbars, ActiveX, VBScript, and Java are out, HTTP Strict Transport Security (HSTS), sandboxes, and SmartScreen are in. All-in-all, it adds up to a much more robust product.
All software relies heavily on being updated frequently, and the Windows operating system is no different.
It’s an endless game of cat and mouse between the developers and the hackers; as soon as Microsoft finds and plugs a security vulnerability, the would-be cyber-criminals move on to a different, theoretically weaker piece of code and start chipping away there instead.
Unfortunately, Windows XP is now open season for hackers. Microsoft officially ended support on April 8th 2014, and since then the operating system has become increasingly vulnerable to security risks and viruses with every day that passes. Remember – XP is the most attacked OS in history.
Microsoft has taken a lot of flak for their enforced updates in Windows 10, but the upside means that users will be permanently running the latest security fixes and hackers will likely look elsewhere.
Windows Hello has been touted as a password-killer by Microsoft. Whether or not that fanciful notion comes to fruition remains to be seen, but what is certain is that the new biometric authentication service is significantly more secure than mere password-based protection.
Obviously, given the age of the XP system, it offers no such feature.
Hello works by scanning your face, iris, or fingerprint to unlock devices. Sadly, your machine will need special hardware for it to work – but supported laptops and PCs are now starting to ship. If you’re replacing an old XP machine, you should consider investing in a device that can make use of it.
Device Guard is Microsoft’s answer to zero-day attacks. It works by vetting all applications that attempt to access a Windows 10 machines, and if it recognizes an app as being unsigned, the operating system will make a decision about whether to trust the app. If it doesn’t trust it, the user will receive a notification, thus allowing them to decide for themselves.
It works in conjunction with an antivirus program; Microsoft claim “AV will continue to cover areas that Device Guard doesn’t such as JIT based apps (e.g. Java) and macros within documents”, while Device Guard will “help block executable and script based malware”.
XP was poor at preventing zero-day attacks. Service Pack 2 included limited protection against generic memory corruption vulnerabilities, but that was the extent of its coverage.
The End of Patch Tuesday
“Patch Tuesday” was a colloquial name for the policy introduced by Microsoft in 2003 which saw systems accumulate security patches before dispatching them on the second Tuesday of each month. The idea behind the approach was that it would allow businesses to plan for the updates in advance of their release.
The policy had two widely-criticized problems; firstly, updates could be held back for up to a month, which naturally had security implications. Secondly, it led to the creation of “Exploit Wednesday” – the new patches were instantly analyzed by hackers, previously unknown vulnerabilities were discovered, and these would then (often) remain unfixed until the next Patch Tuesday. It was a vicious circle.
Thankfully, as of the release of Windows 10, Microsoft have abandoned the approach. Updates are now delivered continuously, and they even go so far as to offer companies a ring-based model for distribution so they can decide which specific machines get updated first.
Secure Boot was present in Windows 8 but was frequently not used – most device manufacturers shipped the operating system with the feature disabled. In Windows 10 it is enabled by default (though worried Linux users can still disable manually if they want to run a dual-boot machine).
The feature is designed to prevent hackers from using a USB flash drive or a microSD port on a computer to boot to a malicious program image. It practice, it means only apps that are signed and trusted by admins can run.
XP had no such protection, and as the prevalence of plug-in storage became more widespread, it became increasingly vulnerable.
Improvements to Windows Defender
Admittedly, Windows Defender still lags a little behind some of the most well-known anti-virus suites when tested independently – but its lack of nag screens, ease-of-use (no set-up required!), and baked-in nature make it an quick and easy choice.
Make no mistake, Mircosoft’s security offering used to be awful. In fact, when Windows XP first hit our shelves they offered nothing at all; it took until 2005 for the company to develop “Windows Live OneCare” – a subscription-based commercial anti-virus service. The software was widely criticised upon its release.
In 2009 Microsoft Security Essentials was released (Windows Defender was a sub-section of the product which only offered protection against adware and spyware). It was cumbersome to use and incompatible with Windows XP beyond version 4.5.
Windows 8 saw Windows Defender become a standalone anti-virus, and finally Windows 10 has seen it start to fulfil its potential.
It’s lightweight and unobtrusive – two of the most important features for any security suite. If malware is found you’ll get a pop-up in your notifications box, but you won’t need to decide what to do with it – it will automatically be quarantined. Virus definition updates are delivered automatically through Windows Update, and it supports real-time protection and cloud-based protection.
Best of all, if you decide you want to run an alternative anti-virus, Windows will automatically disable Windows Defender – there’s no need for you to do anything!
What Did We Miss?
What Windows 10 vs Windows XP security features did we miss? We’re sure there are lots more differences that you can think of.
You can let us know about your favorite differences in the comments section below.