As a vicious new strain of ransomware swept the UK’s National Health Service yesterday, shutting off services at hospitals and clinics throughout the region, experts cautioned that the best protection was to download a patch Microsoft had issued in March. The only problem? A reported 90 percent of NHS trusts run at least one Windows XP device, an operating system Microsoft first introduced in 2001 and hasn’t supported since 2014.
NHS has disputed the 90 percent figure—though not that a significant portion of its systems run Windows XP—and was only one example of the tens of thousands of impacted computers across nearly 100 countries yesterday. But its meltdown illustrates the deeper problems inherent in Windows XP’s prevalence three years after its official demise.
Experts rightly said that the best protection against the so-called WannaCry ransomware was to patch everything, as soon as possible. But for Windows XP and other expired operating systems, the patches weren’t there in the first place. With very few exceptions—including an emergency patch after the first wave of WannaCry infections and expensive, specialized service contracts—Microsoft no longer provides any security support for the OS. A computer running XP today is a castle with no moat, portcullis raised, doors flung open, greeting the ravaging hoards with wine spritzers and jam.
And it’s only going to get worse.
Hackers have targeted XP for years. Its lack of defenses and persistent popularity make it a popular target. And it really does have a foothold; according to analytics company StatCounter, 5.26 percent of Windows PCs run XP still, while a similar analysis from Net Applications puts the total at just over 7 percent of all personal computers. No matter whose numbers you use, that amounts to tens of millions of devices, and that’s before you count the absurd percentage of ATMs and other non-traditional systems stuck in the past.
The natural question,…