Too Many Australians Are Still Using Windows XP

The classic Windows XP desktop.

And in a week where the world is grappling with the consequences of just how vulnerable computers are is this joyous nugget of news: more Australians are using Windows XP than Windows 8.1, even though support for the former was officially canned years ago.

The results come courtesy of the Netmarket Share analytics service, which releases monthly data on the market share of browsers and operating systems across desktops, laptops and mobiles.

Their latest figures this week for the month of April couldn't come at a better time, when airports, hospitals and computers around the world have been hammered by the latest shit frisbee to circulate online: a massive ransomware attack built off a cyber-weapon stolen from the National Security Agency.

The worm spreads through networks, attaching itself to computers whether users click on bad links or not. The only way to protect yourself was to ensure that your network was updated beforehand, by way of installing patch MS17-010.

Microsoft recommends upgrading to Windows 10 as well, although the patch is available on Vista, Windows 7, 8, 8.1 and other Windows versions. One version not listed, however, is Windows XP - which Netmarket Share data shows is still more popular than Windows 8.1.

Image: Netmarket Share

StatCounter's trackers have some slightly different figures globally, but the overall theme is the same in Australia. Over the last month, Windows XP is still a hair more popular than Windows 8, with almost 10% of users in the region on Windows 8.1 and more than half of users having merged over to Windows 10.

Image: StatCounter

It's worth going over the figures, if only to remind people that computers can be vulnerable whether you click on a dodgy link or not. And if you happen to be using an operating system that isn't supposed to be getting security updates anymore, you should really consider using something else. Like, right now. And if you are one of those people still on Windows XP, grab these emergency updates from the Microsoft catalogue immediately.


Comments

    Windows 8.1 was a free upgrade from 8 so no wonder there aren't many on 8. Then there was a free upgrade from 7+ to 10 which no got a lot of people onto 10, and probably a bunch that didn't intend to.

    There are no excuses for running XP anymore, we've had 4 new OS's since then. It came out when the twin towers were still standing for goodness sake.

      sure there are, our factory's CNC milling machine driver hasnt been updated for above XP, and we sure as hell aren't paying a thousands of dollars just to update the OS. We also arent stupid enough to leave it open to the internet and it uses good old USB for file transfering :P

        Same goes for MYOB (business accounting management software). The amount of times I've seen people marooned with old XPs in small businesses who wouldn't risk losing years of records to the minefield of trying to successfully transfer the profile to a new system is staggering, not to mention that they often only have one front computer which would devastate them if they lost functionality anytime close to opening hours.

          It's going to go one day and they will be boned. How old is the actual computer running it? Probably not anywhere near new. If it was from the earlier days of XP you'd probably have a lot of trouble finding hardware to replace in it but the most likely thing to go is the drive, which means you are screwed.

            That's the gist of what I tell them. Some have a small enough profile that they can usually catalogue everything they have in it in about a week, but most have been running for 10+ years with 30+ suppliers and it would take them months of error free cataloguing to do anything concrete. I can only really offer to help them do full backups in those cases and wish em' the best. Kinda scary that so many people are trapped with XP with very few lifelines for their primary business software.

      God, I hate the empty "no excuses" argument. I feel like people who say broad, prejudiced things like this must be so far and away removed from the average person, their computer literacy and their necessity for a computer.

    XP is the bane of my existence when trying to move businesses IT functions into the 21st century. Unfortunately too many businesses haven't been bitten properly yet, so quite often continue to see IT investment as a capital expenditure to wring out as much as possible rather than an operating expenditure that is the cost of doing business.

      Part of the problem is that it is difficult to put value proactive security work. If your network gets infected by WannaCry and you've got a BitCoin ransom note on each individual machine, then it is quite easy to see the value that proactive security would have provided. But the company gets passed over by the worm, then they might only see the costs.

      I haven't done any Windows sys admin work for almost 15 years now, but my experience was that a lot of business software was more fragile than apps aimed at general consumers. Whereas consumer focused apps want to work on as wide a variety of systems as possible, many business apps might only support a limited set of configurations and leave you high and dry if you can't use one of those configurations.

      And if a business critical application is incompatible with a security fix, in many cases it is preferable to keep the app working than close a security hole that may not get exploited. I'm not sure of the best way to solve this kind of problem. If we get to a point where every app is running confined with minimum privilege like phone apps do it won't be such a big deal.

        We are thankfully mostly past the custom made ActiveX bullshit, and most businesses have had to face facts when moving to 7 or 10 that plenty of their applications that no business can support\has gone out of business need to be migrated to something new (this is mostly my job , migrating businesses and government and telling them what they need to do).

        For those who really can't, we've had decent success with AppV some of the time. Unfortunately some stuff just won't budge, so the best you can get to is users remoting into a session with that application and going from there (had to do that a few times sadly).

        I've had the fun of tracking down 16bit ISA IDE cards for 386 computers running DOS because nothing new was supported or easily implemented.
        As you said, upgrading is not always easy or possible, without writing off entire systems.

    IIRC Woolworths, coles, maccas, kfc and lots of other retail shops are all still on win XP platform, are these counted in the stats?
    WinXP is still a very commonly used OS, most of the billboards around my part of Sydney all run Win XP

      Many of those are XP Embedded, which is still supported until 2019.

        XP Embedded is the reason we can't have nice things. :(

        EDIT: These are often the most vulnerable machines to worms like this one too.

        Last edited 16/05/17 6:21 pm

      Given that it is based on the stats from web browser usage, probably not. They were probably collecting the operating system name as reported by the browser's user-agent string from requests embedded in advertising served to many web sites.

      A Windows box that spends 100% of the time running a point of sale or electronic sign application would be invisible to that kind of survey.

      When my wife was pregnant and had an ultrasound, the ultrasound machine ran on XP.

      The sonographer said that most equipment in hospitals, including MRIs and CT scanners run on XP because it's too expensive to upgrade.

      Apparently they could upgrade to the, I assume Windows 7 version of the software, but would cost a lot of money.

      can confirm that woolworths still uses XP

    yeah i remember when i left the ADF in may 06, they were still using windows 98 server edition for everything, hell they hadnt even though about upgrading to to XP when everyone was using it on their personal PCs on base

      Defence is still stuck on XP for most functions, and the migration to 7 (yes, 7, not 10) is a clusterfuck.

        oh good so they finally upgraded to XP and are only now just moving to 7 then. i was honestly worried that they would still be 98 server or god forbid, millenium

          There still is a few functions on 98 :P.

    Microsoft should just put out a "security patch" update for all systems that still run 7, XP and lower that forces them to upgrade by stealth to either 8.1 or 10... You know, like they did for 7 for a while

      If they did that, businesses would work even harder to make sure all forms of automatic updates are disabled, even on current supported platforms. That'd likely be an even worse outcome.

      People are already shitty about automatic updates in Windows 10. This would be worse and send them off the deep end.

        If anyone has a whinge about automatic updates on Windows 10, this malware is the perfect response. Windows 10 is on the affected OS list (despite some reports to the contrary) and If it weren't for automatic updates the problem might be considerably worse.

        Don't get me wrong, better customisation of update hours and conditions would be nice, but your average joe shouldn't be able to just outright disable updates because some dumb shit IT person who has no idea what they're talking about told them it was better that way.

          My complaint about the forced Windows 10 updates is that they have stealth turned back on telemetry shit I've previously turned off.

            None of them have turned telemetry back on on my system so far. In fact, the creators update specifically gives you the opportunity to change telemetry settings again on first boot because they changed.

    Sooo... according to your stats somewhere between 2% and 7% of PCs are still running XP.

    One presumes, since either budget or technical capacity (such as very old hardware) will be the main issue for many of these, on average XP users are going to be pretty low value hacking targets.

    Seriously, the biggest thing protecting XP owners today is that there are so few that the incentive to hack them is miniscule and further declining every day. (I'm sure the C=64 is pretty damn vulnerable today too, amirite?)

      The percentages in the surveys above are measured by user agent strings on web server visits. Any system that doesn't do web browsing (eg. most any embedded XP system) isn't counted for those percentages, and they do account for quite a large percentage of total deployments still.

      That said, XP isn't standalone either, and vulnerabilities developed for later systems often still affect earlier ones. This malware is a good example, the vulnerability exists in everything from XP through to 10 and even a single compromised system can encrypt files on a secured system if it has files shared over SMB.

      Obscurity only goes so far when you're dealing with a lineage. It's more important than ever that people move off Windows XP to something made more recently than 16 years ago. I would be strongly advising companies who still use it with legacy software that they should be looking at replacing that legacy software with something more modern. Yes, it costs money, but that expense also mitigates a giant risk to the company's IT infrastructure. It's a necessary expense.

    win 8 sux, why would you log on with your email address thats just stupid and the setup you have to use to. and thats why they use win xp more than 8 or 8.1

      You can create a local account.

      Win XP is old and shit and it's time for it to die. Christ at least upgrade to 7 or something.

Join the discussion!