Security Windows

Windows XP Security Risks: They’re Real And Heading Your Way In 2014

Christian Cawley 21-04-2014

With plenty of press coverage about the impending end of support for Windows XP, you could be forgiven for thinking it’s all just hype. But without security updates, the aging operating system becomes a Trojan horse in your home or business.


How Unsafe Is XP, Really?

Let’s be honest – Windows XP isn’t going to cut you, set fire to your house or kidnap you. However, it could be indirectly responsible for deleting your important data, hacking your bank account or holding your computer to ransom Don't Fall Foul of the Scammers: A Guide To Ransomware & Other Threats Read More .

There has been a lot of talk over the past few months about Microsoft withdrawing support for Windows XP. The operating system was launched in 2001, so it should come as no surprise that the end is almost upon us.


In that time, Microsoft has provided three service packs and regular security updates to keep the operating system – and by extension, your data – secure and robust, free from vulnerabilities and providing fixes for them as soon as they’re uncovered.

With this support no longer available, your computer is a time-bomb. It doesn’t have to be this way.


Understanding The Risks

So what are the risks? Why does Windows XP suddenly become a danger 5 Reasons Why You Love Windows XP & What You Sacrifice Nearly 30% of computers are still running Windows XP. It was a stable and reliable system for years, but all good things come to an end. Almost no good reasons to keep using Windows XP... Read More ?

While it is unlikely that the Internet will become awash with XP-targeted malware the day after Microsoft withdraws support, it is only a matter of time before new vulnerabilities are discovered and exploited.


It is an easy mistake to assume that the security software you have installed will protect you – it won’t. Uncovered security vulnerabilities in the operating system cannot be protected by security suites. This is why Microsoft provides security support for its operating systems.


When we consider that 13 years after release, Microsoft is still uncovering vulnerabilities, then it should be clear that the risks are a danger to your data security.

Throw in the fact that Windows 7 and Windows 8 use some of the same code as Windows XP (identifying vulnerabilities in the later OSs can alert hackers to hitherto undiscovered issues also present in XP) and you can see how the lack of security support for consumers (businesses will be covered until 2015) is very likely to spoil your Windows XP experience.

Result: you need to upgrade.

Reinstalling Your PC

If you’re not using a re-imaging process to restore Windows XP to a previous “good” state – a great way to save time when re-installing the operating system – then you might find yourself at risk when you reinstall from the original disc.



When Windows 98 was retired in 2006, its Windows Update functionality remained active for a few more years. Meanwhile, those updates are only available from third parties and must be installed manually. Currently, Microsoft reports that “all existing Windows XP updates and fixes will still be available via Windows Update.” However, at some point, Windows Update for Windows XP will be disabled.

This means no more automatic download of service packs or security updates upon re-installation. Online sources for manual downloads might be few and insecure. You should keep this in mind over the coming years, if you’re planning to run Windows XP long-term. When Windows Update for XP is disabled, reinstalling XP on your computer will set the operating system back even further, potentially making things worse.

Can’t/Won’t Upgrade? This Is What You Should Do

If you insist on running Windows XP beyond its safe lifespan, you can do some things to tighten up security somewhat.


Note: the following suggestions come with an inherent risk. Operating systems need regular security updates. Please do not use them if you do not understand and appreciate these risks. Also, please do not use Windows XP for online banking beyond April 2014.

A good place to start is by creating a limited user account. Click Start > Control Panel > User Accounts to set up a new account, creating an account without installation privileges. This account will be unable to install any new hardware or software – you’ll have to switch back to the master or administrator account to do this – but this tactic will prevent the majority of malware from running.


You should also replace some of the software. For instance, you shouldn’t use Internet Explorer 6 or 7 Which Browser Is Most Secure on Your Old Windows XP System? What is the most secure browser for Windows XP? We look at Firefox, Chrome, Opera and more to see if they are the best browsr for Windows XP. Read More ; no should you access emails through Outlook Express. Instead, install recent versions of Mozilla Firefox and Thunderbird as a replacement browser and email client to offer more secure alternatives.

For other Internet connected apps or anything you feel might be compromised you can use a ring-fencing app such as Sandboxie 2 Cool Programs to Stay Safe from Hackers Read More . This should prevent any vulnerabilities in the app you’re using from being exploited.

We’ll take it as read that you’re already running an up-to-date anti-virus solution on your Windows XP computer. If you’re not, do so today.

Finally, you could continue using Windows XP without any risk from online threats by disconnecting your computer, unplugging the Ethernet cable and uninstalling your wireless card. This tactic has been used in Japan where local government officials in Aichi have decided to retain as many of their XP PCs as possible for cost reasons. Before doing this, make sure you get all available updates first.

For more detail on the techniques you can employ to keep Windows XP as safe as possible beyond the support cut-off date, see Ryan’s guide to bulletproofing the operating system 4 Ways To Bulletproof Windows XP Forever Windows XP is slated to be exterminated for good by Microsoft in April of 2014. It is the last stage of a multi-year effort to kill off the operating system. Windows XP is one of... Read More .

Stay Secure: Upgrade, Switch To Linux Or Buy A Mac

As security risks go, staying with Windows XP is one that is easily avoided. You simply shouldn’t expose your data and hardware when the alternative – upgrading to a later Windows operating system, installing a Linux distro or even buying a Mac – is an option.

But please, do not ignore the warnings. The danger is genuine: continuing with Windows XP could well prove to be the worst mistake you could make.

Image Credits: Computer Lock by Klaus NascimentoVirtual XP by Leonel ReyesSenior man at laptop via Shutterstock

Related topics: Online Security, Software Updater, Windows XP.

Affiliate Disclosure: By buying the products we recommend, you help keep the site alive. Read more.

Whatsapp Pinterest

Leave a Reply

Your email address will not be published. Required fields are marked *

  1. KT
    April 24, 2014 at 1:19 am

    We have one pc with xp still on it at work. It's the controller for the cnc laser I program/run. We just got a virus today for the first time and you guessed it, it's on the laser pc. It's not even hooked up to the web, but it is on our server network and it still caught a bug. I strongly advise the xp die-hards to swallow their pride and upgrade or go Linux. It's not if, it's when.

  2. Zoran N
    April 23, 2014 at 8:10 am

    WOW! Microsoft's PR fight against XP is still going on here ;)

    It is borring to hear all those rants about security problems of XP. I am just interested to see what will M$ do if many XP computers become "zombies", that will attack also "super secured" Win8 ;)

    Anyway, I have installed XP on one PC last week and everything is OK. All PC's in our office are XP-based and it will remain so until they are "alive" :)

  3. John W
    April 22, 2014 at 11:03 pm

    I quite like that the idea that anyone still running XP is too poor to have anything worth stealing. That's why Linux isn't hacked (much).
    No-one can be bothered!
    There are two levels of criminals attacking computers. One lot who pour out avalanches of spam, fishing emails etc, in the hope that a small minority of folk will click on the link and hand over their passwords and PIN numbers.
    The other bunch are hacking directly into the bank or Government to steal big bucks or big data directly.
    In the first case the gullible types who click on spam links have already been sold a Windows 8.1 system by a wily salesman.
    In the second case - they shouldn't be using XP anyway.

    I think the average Joe, Facebooking, Twittering and Youtubing his day away is as safe on XP as he's ever been. In the next year or so his clapped out old XP box will drop dead of old age. Then he'll go out and buy another laptop with some OS on it.

    Every family member, neighbour, or student I have ever had any conversation with has never changed an OS in their life. When their XP box is attacked they'll buy a new computer.

    It's easy to forget here in the technical press that Joe Public just doesn't care. When you start to talk about it in the pub they say,
    "What's an Operating System? Is that like, Google or what?"

    • Phil
      April 23, 2014 at 11:44 am

      by far the most sensible reply on this thread to date. A close friend of mine who swopped from W2k to XP long before I did has been scared by all the hype and shelled out for win 7. He opted for 7 rather than 8 because of all the ongoing issues with that version.

      Like everything its a matter of getting the perspective right. I'm staying on XP for as long as i can on my desktop. I also do a fair amount of family / friend IT support and generally all but 2 are on XP - they are comfortable with it. The other one whose NOT XP is W8.1 now and absolutely hates it. He has actually dragged his old 1.2GHz XP PC I built him 5 years ago back out as its faster than his new all singing all dancing 3.something GHz ! I am just waiting for his call to come and W7 it. My lappy runs W7, but just because MS has stopped doing the security upgrades for XP doesnt automatically mean that every hacker and malware script kiddie in the world is now going to aim at my PC.

      My router firewall is in place, AV is updated daily, AV & malware scans run automatically on a set basis, I am pretty savvy with regards scams and clicking on links - I do not regard myself as invulnerable, but I take care. As far as i'm concerned i'm as safe as I can be. Yes I may well upgrade my OS when I finally decide to upgrade this home built 10 year old desktop, but in the meantime I also have an old PC under the desk which i am in the process of Linuxing, more out of curiosity than anything else, but if i decide its viable i and I can do everything i want to on it I may switch. who knows, time will tell, but as I said earlier keeping the risks in perspective is probably the best advice i can offer.

  4. GregR
    April 22, 2014 at 7:08 pm

    Two questions/points I'd like to raise:

    1) What about running a virtual machine on XP? Does the VM session sandbox the underlying vulnerable OS so that any infections of the VM result in simply restarting the VM and continuing on as before?

    Could this be seen as a temporary workaround until a person can purchase a new computer running the most recent Windows OS?

    2) Wouldn't the declining number of computers running XP makes them less attractive to criminals as a target?

    As of March 2014, XP represents 27.69% of Windows' 90.94% domination of the worldwide OS market share* and with MS support of XP ending in April, XP's share will likely drop significantly faster.


  5. Sal
    April 22, 2014 at 6:40 pm

    MAC is the answer. ????Windows ????is the Ford Pinto of OS's.

  6. Christian C
    April 22, 2014 at 2:30 pm

    There are some worrying responses among these comments.

    I would urge those who have developed a reality distortion field on this matter to consider why they no longer use Windows 98. After this, please see the other articles on the end of support for Windows XP.

    Perhaps consider Windows XP and updates as taking a 12 year old car to a mechanics to get checked for rust and holes once a year. Holes slowly appear and get filled or the parts replaced. Eventually, the mechanic closes, and you've got no one to fill the holes.

    It's a loose comparison, but let's be realistic: if a large proportion of people are still using XP and Microsoft don't plan to roll out any further updates, then those people and their computers ARE targets for malware developers.

    • squirreldancer
      April 22, 2014 at 6:06 pm

      The reason I no longer use Win98SE is that software I use regularly no longer runs on that platform -- not for any concerns over security. In fact, I used 98 well after XP was introduced, and it was only the purchase of a new computer that came with XP that really caused me to switch.
      Your analogy is a poor one. My beater car will eventually fail because of mechanical deterioration, but I could also have a lovingly restored 57 Chevvy running perfectly well. Neither applies to software.
      And, when XP falls to less than Linux levels of popularity, no doubt run by folks too poor to afford a new Win8 computer, the malware developers will have little to gain by targetting them.

    • Christian C
      April 22, 2014 at 6:44 pm

      Ultimately, you're missing the point.

      Does anyone really think that MUO would waste time extolling the virtues of upgrading (including recommending W8) if the XP situation wasn't an issue that actually needs addressing?

      Do some homework, read back through the site and you'll find plenty of occasions in which we've debunked things that were overhyped, and with good reason.

      XP is unlikely to fall to "less than Linux levels of popularity" within the next 5 years, mainly due to its popularity in the "developing markets". That's a massive opportunity (over 43000 hours) for every single networked XP machine to be targeted.

    • dragonmouth
      April 22, 2014 at 11:58 pm

      "Does anyone really think that MUO would waste time extolling the virtues of upgrading (including recommending W8)"
      In a word, YES.
      The danger to XP systems is no greater that the danger to Vista, Win7 & 8 systems. Windows is, and has been right from the start, a poorly designed, poorly written and poorly maintained O/S. To use your analogy, Win 8.1 may be straight off the showroom floor but it has rust holes, just as XP has. There is one hole that has been there since 1985 and Microsoft either has been unable or unwilling to fix it - a program running in user space can crash the system.

  7. Jefferey Burnside
    April 22, 2014 at 1:41 pm

    It's all a hype they just want you to buy a new operating system. XP will never die.

  8. A41202813GMAIL
    April 22, 2014 at 11:24 am

    In The Last 20+ Years Crappy M$ Update(s) Have Given Me Way More Headaches Than All The Malware Put Together.

    My APRIL 9, 2014 Has Started Way Back In The SUMMER Of 2009 - 4 Years And Counting.

    ...STILL HERE...

    ...STILL ALIVE...



  9. Clown-uk
    April 21, 2014 at 8:54 pm

    So one of your suggestions ... Is to buy a Mac? .. LOL

  10. David
    April 21, 2014 at 5:19 pm

    As long as my dad has a good antivirus, he should be ok, right?

    • dragonmouth
      April 22, 2014 at 2:10 pm

      Viruses are only one type of malware that can compromise a PC. Your father's PC needs a good third-party anti-malware suite which includes a firewall. Check out the MUO recommended software in the first three categories under Top List/Best Window Software

    • dragonmouth
      April 22, 2014 at 2:14 pm

      I forgot the most important point: Your father must practice safe computing.

    • Zoran N
      April 23, 2014 at 8:15 am

      Good antivirus (many good FREE antiviruses), plus XP built-in firewall and firewall from ruter :)

      Of course, he shouldn't use IE anymore - I suggest Firefox. By the way, NO ONE should use IE :)

  11. Matthew
    April 21, 2014 at 5:17 pm

    Safety, and vulnerabilities is/are relative.

    A user practicing safe habits with XP, is probably less likely to come to grief, than someone being careless with 7 or 8.

    Not sure if any current / likely future vulnerabilities are as scary as the early days - pre-SP1, Windows could be attacked remotely if not behind a NAT firewall.

    As for browsers, anyone continuing to use XP online should get off Internet Explorer altogether, as even IE8 is obsolete (no HTML5) and is likely to be the first thing hit by a realistically exploitable vulnerability.

    Chrome and Firefox will both be getting updated for some time, not sure if Opera have declared either way yet.

    It's possible that a "defence breaking" vulnerability may turn up at some point, but the average user is not going to be bothered by many of the more theoretical ones - if you run as Admin for convenience, then a privilege escalation vulnerability is pretty much a non-event.

    Contrast those turning up these days with the old "Infected while downloading updates" case of pre-SP1.

    And of course, prepping a fully slipstreamed (plus updates) CD would be a good idea, so that in case of re-install, you do get right up to date

    • Jay
      April 22, 2014 at 1:09 pm

      Don't underestimate what 13 years of hardening has done for XP. I really doubt a huge vulnerability will be found after all this time.

    • dragonmouth
      April 22, 2014 at 1:58 pm

      "Don’t underestimate what 13 years of hardening has done for XP."
      Don't overestimate Microsoft's role in that. It is only because of third-party software that Windows is as secure as it is. Which isn't saying much.

      Microsoft has been "hardening" Windows for 30 years and it still is as vulnerable as ever. M$ has always been slow to fix any bugs, vulnerabilities and exploits. Their attitude has been "when we get around to it." There have been cases in the past of Microsoft prosecuting people who discovered exploits.

      "I really doubt a huge vulnerability will be found after all this time."
      From the first commercial release of Windows in 1985, a vulnerability has existed where a program running in user space can crash the entire system. Today, in Win 8.1, a program running in user space can still crash the system.

    • Zero
      April 23, 2014 at 12:37 am

      "a program running in user space can still crash the system."

      Run in user space is different with run under user privilege.