Opera is now the only major web browser that still supports Windows XP and Vista. If you’re still using either of those operating systems and browse the web, you should definitely stop using Internet Explorer, Firefox, and Chrome, and switch to Opera. Browsing the web is dangerous enough without the added risk of using a browser that has known security vulnerabilities that will never be fixed.
Note that the most recent Opera version that supports Windows XP and Vista is 36. It wasn’t easy to find older versions on the Opera web site, but I eventually found a page that allows you to download any version by platform.
A recent update to Opera 36 addresses security issues that are specific to XP and Vista. The announcement doesn’t mention the actual new version number, but based on my research, it seems to be 36.0.2130.65.
If you’re using Opera on XP or Vista, make sure you install the new version. It should update itself automatically, but you can also download Opera 36.0.2130.65 directly.
I’ve tried to locate release notes for the new version, with no luck. According to the announcement, several security fixes previously applied to later versions were back-ported to Opera 36.
Google recently announced that they will no longer support Chrome running on Windows XP after April, 2016. Chrome will still run on Windows XP, but Google won’t address any new security issues in Chrome that don’t affect newer versions of Windows.
Standard advice to anyone still running Windows XP has included avoiding Internet Explorer in favour of a browser that’s still being updated, like Chrome. After next April, Chrome will be potentially as risky to use on XP as Internet Explorer.
Recognizing that millions of people are still using Windows XP, Google has extended support for that O/S in their web browser. That means they will continue to develop fixes for security issues in Chrome running on Windows XP. Anyone still using Windows XP is strongly encouraged to stop using Internet Explorer, which is no longer supported by Microsoft, and use Google Chrome instead.
VLC is one of the most popular media players; it’s cross-platform, and has a reputation for being able to play almost any kind of media. Given its popularity, unpatched vulnerabilities in VLC are likely to make attractive targets to malicious hackers.
Two vulnerabilities in VLC, CVE-2014-9597 and CVE-2014-9598, have yet to be acknowledged by VLC’s developers. Both are memory corruption bugs that can allow attackers to execute arbitrary commands on target systems.
Note that these vulnerabilities only affect VLC running on Windows XP, and only FLV and M2V files.
If you use VLC, you should exercise extreme caution when playing media from sources not known to be safe.
As of April 8, 2014, Oracle is no longer supporting the use of Java on Windows XP. Java 7 can still be installed on Windows XP, and Java 7 updates installed on Windows XP will probably work as expected, but Oracle says you’re on your own if bad things happen. Java 8 will refuse to install on Windows XP.
Recommendation: if you still have computers running Windows XP, stop using Java on those computers.
Update 2014Jul18: Oracle recently posted a clarification, saying that Java issues affecting only Windows XP will not be addressed with updates. Java issues affecting Windows XP as well as other versions of Windows will get updates, and those updates will work as expected on Windows XP.
Edit 2014Jul18: fixed two typos in the first paragraph.
Despite its initial growth spurt, it looks like people are staying away from Windows 8.x in droves. The latest stats show little to no change in the number of Windows 8.x installs in the last month. Windows XP’s recent slide, no doubt due to the end of its support, has also leveled out. As things stand, Windows XP use is roughly double that of Windows 8.x.
Microsoft may have have thrown in the towel on Windows 8.x. They recently announced that the Start menu won’t reappear in Windows 8.x, but will be included in Windows 9, which is giving those of us who advised against switching to Windows 8 an excuse to say ‘I told you so.’
Someone recently discovered that it’s possible to trick Windows Update into providing updates for Windows XP.
Recall that even though Microsoft has stopped issuing updates for Windows XP to the general public, they are actually still developing updates – for paying customers.
The trick for obtaining updates for Windows XP involves changing a setting in Windows that makes Windows Update think that it’s actually running a variant of Windows XP that’s still supported, namely ‘POSReady 2009’.
There are all kinds of problems with this, starting with the likelihood that Microsoft will find a way to stop it. In short, if you’re desperate to keep running Windows XP and you want to install the available updates, and you’re willing to take the risk of totally messing up your system, it might be worth a try. But I seriously cannot recommend it.
Update 2014Jun04: For those of you who can’t resist the temptation to try this, the procedure is outlined in this betanews.com blog post.
Ars Technica’s monthly look at browser and O/S usage concludes by predicting that at the current rate of change, Windows XP use will remain significant for another two years.
We recently reported on a serious vulnerability affecting all versions of Internet Explorer that is being exploited on the web.
Well, it appears that Microsoft sees this vulnerability as very serious, because they are planning to release an update – later today – that addresses the problem. This is an ‘out-of-band’ update, meaning that it’s considered too important to wait for the next Patch Tuesday.
Just in case you were wondering, this vulnerability affects all versions of Internet Explorer on all versions of Windows, including Windows XP.
But the patch will not be made available for Windows XP computers.
Update 2014May02: Surprisingly, Microsoft has decided to make this update available for Windows XP. I confirmed this by running Microsoft Update on my WinXP test system: security update 2964358 was offered, and I installed it without any difficulties. Reading through the associated bulletin (MS14-021) there is no explanation for this decision, but there is confirmation, in the section titled “Security Update Deployment
– Windows XP (all editions)”, and in a related post on the MSRC blog. The Verge has additional details, as does Ars Technica. The Ars Technica post includes the official explanation from Microsoft:
Even though Windows XP is no longer supported by Microsoft and is past the time we normally provide security updates, we’ve decided to provide an update for all versions of Windows XP (including embedded) today. We made this exception based on the proximity to the end of support for Windows XP. The reality is there have been a very small number of attacks based on this particular vulnerability and concerns were, frankly, overblown. Unfortunately this is a sign of the times and this is not to say we don’t take these reports seriously. We absolutely do.
Update 2014May02: Another Ars Technica post makes the argument that releasing a patch for Windows XP was a mistake. The moment of truth will be Patch Tuesday for May 2014: will Microsoft stick to its guns and leave Windows XP out of the next set of patches?
RIP Windows XP. At least from Microsoft’s point of view. In fact, use of the O/S continues, and will probably do so for years.
First, let’s get one thing out of the way: it’s not a good idea to keep running Windows XP. If your XP computer is never connected to the Internet, then you have much less to worry about, but continuing to use XP on a computer that is connected to the Internet is risky. Especially if you’re also still using Internet Explorer, in which case you will almost certainly end up with malware of some kind in the very near future.
Anyone who can’t or won’t upgrade from Windows XP should take certain precautions. Check out the Windows XP page on this site for some useful tips.
If you want to do the responsible thing and move away from Windows XP, what are your choices? The best option at this point is Windows 7. You can still buy Windows 7, but Microsoft says that they will stop selling it in February 2015. I’ll be updating the Windows 7 resources on this site to provide XP -> 7 migration tips in the near future.
Other possibilities – for the more adventurous – include Linux and Chrome OS. Linux comes in many flavours, but one in particular is designed to make Windows user feel at home: Zorin OS (free). Chromium OS from Google was designed to be used with its inexpensive and simple ChromeBook computers, but it can be installed on regular PC hardware. It’s free, but probably only useful for users with basic requirements. It runs on top of Linux.
There are loads of articles on the web about the ‘XPocalypse’ – as it’s come to be known. Ars Technica has this: ‘The XPocalypse is upon us: Windows XP support has ended‘.