My long goodbye to Windows XP

I have an admission to make. I am writing this article on a Windows XP computer. This is not some offline writing computer but my main computer, fully connected to the local network and the internet.

Depending on your tolerance level you might find this a bit weird or completely mad. No one uses Windows XP anymore. It is outdated and insecure; to still be using it is almost a bit obscene.

I could use poverty as an excuse. My computer is from 2009 and would probably not run any other operating system as smoothly as Windows XP. But it is a weak defense. Even a 13 year old computer can run newer operating systems than that. In fact, Windows XP was already superseded by newer operating systems in 2009.

My computer is also not some old rubbish. It has an Intel Core2Duo CPU with 4 Gb RAM. It was top of the line in 2009. And I have not owned it for 13 years. I bought it used in 2014, specifically to be able to run Windows XP for as long as possible.

My dirty little secret is that I like Windows XP. I know it inside out and it maximizes my productivity while sitting at the computer. And in the end that is what counts. A computer is a tool to get work done. If I get the most work done on a Windows XP computer, then that is what I should use.

But is it safe?

Security is a high priority in the information technology sector these days. At least that is what we are being told. To be using a deprecated operating system is a risk factor. For me, it is even worse. I am not using any anti-virus software whatsoever. If there is any justice in the world I should have been blasted many times over.

The truth is I have never been hacked once in the eight years I have had this computer. And not since 2008 or 2009 with the one I had before. Security-wise I have had a very smooth ride.

Maybe I have been extremely lucky. That is a possibility. But I do use my computer a lot and I do visit shady websites on a regular basis. If it is only down to luck I must be one of the luckiest persons in the world.

Maybe I have been hacked but simply have not noticed. That is also a possibility. But I store some crypto currency on my computer and I make crypto transactions from time to time. If my computer had been compromised by an invisible attacker I figure that attacker would have had an interest in crypto assets. None of my crypto currency has disappeared and I have never had an issue with a crypto transaction. It is no watertight proof but it is a quite good indication that my computer remains uncompromised.

The new security landscape

My belief is that computer security is highly overrated. With a decent firewall, which every router has these days, only your own activity can expose you to attack from hostile actors. All internet browsers also help you by warning when you are about to do something stupid like executing code from a remote source.

There are of course the dreaded 0-day exploits, undiscovered bugs in the code of your browser or operating system that allows an attacker to gain access to your system even without your cooperation. These are real threats to any computer connected to the internet or otherwise interacting with the wider world. But the threat has actually lessened significantly over the years. Partly this is due to software manufacturers getting better at not creating bugs in the first place and quicker at patching bugs when they are discovered.

But it is also due to a major shift in politics and military strategy. Over the last decade or so most of the world’s advanced nations have established some sort of cyber warfare capabilities. This is a capability to break into other nation’s computer systems. The weapon of choice on this battlefield is the 0-day exploit. This has made 0-days a valuable possession which government agencies pay good money to get exclusive privilege to.

In the bad old days, when a hacker discovered an exploitable bug in computer software, he (or she) could either report it to the relevant software company and get a small bounty. Or use it themselves to produce some sort of malware. Neither alternative was very profitable and the latter was also illegal. These days all 0-days are sold as cyberweapons on shady but legal marketplaces. A few 0-days get leaked and can be used by hackers. But the large majority are sold for hefty sums and tucked away in government vaults to be used in some hypothetical cyber conflict. The result for the average computer user is that the risk of getting hacked has decreased significantly.

An old computer can also be a sort of protection these days. The reasons are twofold: In an old system like Windows XP, which has been around for more than 20 years, most of the exploitable bugs have already been found and patched. Also, there is simply less interest from cyber warriors (or rather cyber mercenaries) to spend time and effort finding new exploits in old software.

This can actually be quantifiable. Google’s Project Zero aims to register all 0-day exploits found in the wild in order to patch them. In 2021 Project Zero registered 10 0-days that concerned Windows. Newer Windows versions were disproportionately affected. Only 3 of the 0-days affected Windows 7 (and of those 2 were rather minor data leakage bugs). None affected Windows XP.

The real problem

It is not security concerns that worry me with Windows XP. The problem is rather the dwindling software support. This is not really a problem with my local software. Many new Windows applications actually work great with Windows XP, something that surprises even me. But even had they not, that would not have been a major problem. Old software usually does the job as well as new software. I am writing this text on Microsoft Word 2003, software that is 19 years old but includes all the features I need. To upgrade would have been a waste of time.

It is only when I bump into the modern world that problems arise. Unfortunately one bumps into the modern world all the time when browsing the internet. My preferred web browser is Google Chrome. But Google stopped updating Chrome for Windows XP in 2016. This is a minor security risk, something that does not bother me very much. What bothers me significantly more is the fact that more and more web sites simply do not work with my version of Google Chrome.

The reason that new websites do not work in old browsers is that the HTML protocol is constantly upgraded and web browsers need to upgrade along with the protocol to not get outdated. This was not a major problem at first. When different websites stopped working properly in Google Chrome I started using Mozilla Firefox for them instead. When Firefox stopped receiving upgrades I switched to Mypal browser, an open source browser specially made for Windows XP. It is cruder than Google Chrome but does the job most of the time.

These days, most of the time is getting less “most”. I am not entirely sure why some websites do not work properly in Mypal browser. But a growing number is not. The problem is always content loading, or rather a failure to load all or parts of a website’s content. My best guess is that the JavaScript code in these malfunctioning homepages are too modern and that the JavaScript engine in Mypal browser is somehow limited in how it interprets the code.

This was a fringe problem as recently as six months ago. Even though many homepages had stopped working correctly in my old version of Google Chrome they still worked flawlessly in Mypal browser. Last winter I noticed some pages that I seldom used stopped loading content correctly. This was an irritant but not more than that. The real blow did not come until this summer when Substack stopped working properly. I am still able to read posts on Substack, including my own, but I can not publish new articles. Even worse, I can neither read nor reply to comments, this section of the Substack page has stopped loading (this is the main reason I have been lousy at replying to comments the last couple of months).

Seven months ago I did not use Substack at all. The possibility of returning to that state did occur to me, after all I did manage quite well even before Tove persuaded me to become a blog writer. To dissuade me from such thoughts, only a few weeks later Google Docs stopped loading its start page (I can still read and edit documents from the direct links that Tove sends me). Google Docs is an important piece of software in this house and even more, it was a sign of trouble ahead. The time of Windows XP was nigh.

End of an era

To be fair, the decision to phase out Windows XP was not entirely new. I have been expecting this chain of events for quite some time. I also need a new computer hardware-wise. The one I have is competent enough for most of the tasks I use it for, but it is old, and it shows. Most notably it has developed a tendency to overheat. Presumably I could fix this with some new cooling paste on the CPU, but given that this is a laptop and I am not really the hardware type, I prefer not to tinker with it.

It is not possible to find a new computer these days that can run Windows XP. At least not any computer I could be productive with, and it is for productivity reasons I have stuck to Windows XP all these years. Finally, the time for change has come.

But change to what? For ideological reasons a Linux computer would be a good choice. I have tried out different flavors of Linux in the past and always turned back to Windows. Linux is a decent operating system, I always use it for server applications (mostly Debian) and it works great. But I have never found a desktop environment in which I feel at home and feel productive. This might be a learning threshold I could get over, but for me the threshold has always been too high.

Another problem I have found with Linux is that it is slow. I am very sensitive to speed in my computers, which might sound odd from someone with a 13 year old computer, but I quickly get impatient if it takes more than milliseconds to start up new applications or switch working windows. Exactly why even very light-weight Linux versions like Lubuntu feels slow on my computers I do not know. Maybe they lack the drivers for hardware optimization compared to Windows.

If speed is of the essence, why not go for an Apple computer? After all, Apple is “Linux that works” (technically speaking it should probably be “Unix that works”) and Apple computers are famed for their speed and ease of use. That is probably true. But with a Mac computer with macOS I would still have quite the learning period (I could probably count the times in my life that I have sat in front of a Mac on the fingers of one of my hands).

Most of all, I cannot afford it. As far as I know Apple makes great computers. But that greatness comes at a price. I would probably have to pay twice as much for an Apple computer as for a PC with comparable performance. Since I belong to the income handicapped part of the population this is simply not an alternative.

And the winner is…

Since my next computer will neither run Linux nor be from Apple most readers have probably already guessed that it will be another Windows computer. It will. More specifically it will be Windows 7. In fact I have already bought it and it is standing in the next room doing necessary software installations.

Windows 7 is not really new, in fact it is also deprecated and considered unsafe to use. But at least it has 6 more years of upgrades than Windows XP meaning, for example, that I can use the latest versions of Google Chrome. It is also possible to piggyback on Microsoft’s extended enterprise support to receive security patches at least until next year. This might not satisfy most computer users, but for me it is a significant step forward.

I started using Windows XP in 2004. I was late to that party as well, continuing to use Windows 2000 for several years after Windows XP was released. But for the last 18 years I have never been far away from a Windows XP computer. That is almost half of my life and more than two thirds of my computer owning life. Getting a new computer with a new operating system might be trivial to most people. For me it is a big deal indeed.