Windows XP death - What gives?

Updated: April 20, 2013

Oh, here's a juicy topic. Well, as it turns out, after thirteen years of loyal service, Windows XP will be finally retired from service sometime in 2014, and will not receive any new updates from that moment on. It will be the official death of this awesome operating system, probably the best Microsoft ever made, outdoing themselves in the process.

Now, recently, Microsoft has started a death campaign, telling people of the inevitable end of support for Windows XP, and urging users to upgrade to newer releases. Unfortunately, they are doing it wrong. Instead of focusing on important reasons for why you should consider migrating to a new operating system, Microsoft is trying to scare you with the security nonsense, as in, if you do not upgrade, the security of your stuff will be at peril. Let me clarify things for you.


Note: Image taken from Wikimedia, licensed under CC BY-SA 3.0.

Microsoft claims

If you head yonder, to this official site, they will tell you that Windows XP is less secure than its newer brethren, and therefore, you ought to upgrade. And I say, nay! So let's go through the report claims and then shed some light on the matter using my special truth photons.

Malware infection rate

Microsoft claims that Windows XP is more easily infected. They use a not so stylish Excel graph to show you that Windows 7 has a lower infection rate than XP, using the cleanup rate per 1,000 scanned computers (CCM). While you cannot argue with what the graph shows, you can definitely argue with HOW the data was compiled. I do not dispute the truth in what Microsoft is telling us, but I definitely dispute the way they chose to present a very narrow facet of truth. Let me show you how all academic and industry researches can be molested to a statistical heaven with enough effort, and how such things do not impress me one iota. Do not bullshit the bullshitter.


Without data, the graphs are meaningless

As someone crunching numbers for a living, the statistics do not tell me much without elaborate explanations into tiny details. For example, business vs. home sector. Is Windows XP more used at home or with companies? Where is it more likely to get infected?

What about the prevalence per country/region - is there a difference based on these? Do we see a global picture here? What about the overall total uptime - after all, infections can be cumulative. For example, a Windows XP machine with a lifetime of 5 years vs. a Windows 7 machine with a lifetime of 2.5 years. If Windows 7 has half the infection rate of Windows XP, then effectively, it has an identical temporal infection rate. Meaning that users are as likely to get infected given sufficient time. This is the big one.

XP uptime, 41 days

How did the infections come about? What if 93.7% infections were caused by deliberate downloads and/or phishing, then any operating system architecture improvements play no part in the scheme. Who scanned the machines and how? Who compiled the results? What about the usage patterns? What about millions of machines that do not perform Windows updates and are not scanned using the Microsoft disinfection tools? Without ALL of these, analyzing the graphs is meaningless.

Install crap

Let me give you a real-life example: male vs. female drivers. On paper, men make more accidents, right? Then again, they also drive more, longer distances, at greater speeds, so the accidents must be NORMALIZED. You cannot compare an urban commuter with a highway one. You cannot compare bumper scratches with total losses. What kind of car accidents get reported to insurance companies and the police, versus those that do not? How many of these accidents resulted in fatalities or casualties? What about the factors that led to accidents, like someone causing one but not being involved, bad weather, road conditions, demographics, etc. Finally, what is the standard error in these results?

Upturned car

Security companies tell us otherwise

Now, the other side of the coin. For some reason, the people making money in selling security products for Windows users disagree with this latest Microsoft assessment. In fact, Microsoft disagrees with itself. But let's take a look at some details.

Microsoft claims that Windows 7 is more secure - with approximately 2x less infections per host. Now, Windows 7 has approximately 40% of the market, while Windows XP is down from about 90% to 45%. Let's call these facts. OK. Now, security companies claim that there is an exponential growth in malware - pick any recent report and you will find this doomsday message in there. It does not compute.

The law of large numbers tells us:

Based on Microsoft claims, we should be seeing an overall worldwide reduction in malware, both prevalence, incidence and infection rate, by about ~20%. Whence this number, Dedoimedo, you may ask? This is based on the weight of Windows XP (45%) versus Windows 7 (40%) market share, with an average infection rate of Windows 7 being approximately half that of Windows XP. Therefore, if we reduce the Windows XP global install base by about 50%, which is the natural attrition that happened in the past 3-4 years, following the release of the successor Microsoft operating systems, then we should be seeing an average reduction in malware by about 25%.

But the security companies seem to disagree with this. They claim that malware is ON THE RISE. Yes, ladies and gentlemen, I repeat that. They say that malware is on the rise. For your pleasure and convenience, here are some links to external reports. Do note I chose the resources fairly randomly, after searching online, so do browse and use the data at your own discretion. Here's one: Exponential growth in malware.

And here's another one, more detailed article. Computerworld says: Windows 7's malware infection rate climbs - XP's falls. Oh, drama. The first paragraph of that article reads:

"Computerworld - Data released today by Microsoft showed that Windows 7's malware infection rate climbed by more than 30% during the second half of 2010, even as the infection rate of the 10-year-old Windows XP fell by more than 20%."

And then we have this:

"For the second half of 2010, 32-bit Windows 7 machines were infected at an average rate of over 4 PCs per 1,000, a 33% increase over the approximately 3-per-1,000 infection rate during the first half of the year."

Oh, really? InformationWeek Security tells us that Windows 7 malware infections soar. Like a majestic bird. They also base their findings on Microsoft reports, supposedly. WUT?

On one hand, we have Microsoft claiming one thing, on another, security companies and external resources claiming something else. So someone is not telling the truth. Or not presenting the whole of it. Or something. But this is definitely not a black & white scenario. QED.

The focus should be on functionality, not security

Yes, there you go. If you ask me, should one switch to Windows 7? My answer is, if we disregard hardware and financial considerations, then yes. And not because of security. It is meaningless. It depends almost entirely on the user.

The REAL reasons for switching to Windows 7 lie in other features and capabilities. For example, improved support for new hardware, including CPU, SSD and others. The ability to use DirectX 10/11. Much, much improved 64-bit support, allowing you to make better use of large memory banks. Of course, if you have older machines with 32-bit processors, it probably makes no sense to spend money now, purchasing an operating system that costs about as much as an aging computer. Or if you were planning on a hardware refresh anyhow, which could be a good reason to make the software switch, too.

But do you really see people using 6-7-year-old boxes doing a fresh installation on their machines now? Would you really do that? What for? If Windows XP does what it can, then apart from novelty, there's nothing, no incentive to making a forced upgrade, especially not under the pretext of security. Oh how the fear plays such a critical role in people's lives. Common folks are just being fed shit. Gallons of it. Just to make them afraid, compliant, and to force them to spend money buying security assurances to their fears. How sad and yet how simple it is.


Windows XP was an awesome operating system. SP2/3 really did it. Microsoft actually ruined their own adoptions rates for their later versions by keeping Windows XP so awesome. Truth to be told, Windows 7 is great, too. It really is. I am using it on several desktops and laptops, and I have no complaints. But Windows 7 licenses were purchased and used with new hardware, not as a replacement on existing machines already running Windows XP. That would be pointless. Oh, Windows 8 is shit.

Microsoft should retire XP. That's fine. But they should do it gracefully, with honor. And that means stopping this silly fear propaganda campaign and focus on emphasizing the real benefits in Windows 7, the technologies that meet human needs. Security is a byword for lazy marketing. It is the cheapest common denominator that one can use to further their business objectives. It's like using puppies to sponsor or ban nuclear testing.

So there you go. You should stop using Windows XP and move to newer versions if they provide answers to your NEEDS. If they do not, then there is no reason to abandon your workhorse and use something else, just because it is newer and shinier. All that said, I honestly believe you will benefit from Windows 7, should you choose to purchase it with your next hardware. And that would be all. Now, you can forget all that security nonsense and enjoy life. You are welcome.