Windows XP is an operating system doggedly hanging onto life. Nearly 16 years after its launch, at least tens of thousands of XP machines remain in use.
One percent of the 4.6 million devices—smartphone and computers—examined by Duo Security were found to be running XP, with a large number of business PCs still using the OS.
Windows XP persists despite being released back in 2001, and, in most instances, Microsoft not having patched the OS to fix flaws that could be exploited by hackers since 2014.
"While support for the ancient OS ended in 2014, thousands of endpoints used in the enterprise still run on the legacy system," says Thu T. Pham in the 2017 Duo Trusted Access Report.
The statistics echo findings from a separate poll earlier this year, which found 52% of firms were still running Windows XP on at least one machine. Duo found XP remained more popular in Europe than in the US and Canada, with the OS on 2% of devices in EMEA, compared to 1% in North America. Meanwhile, other statistics estimate that XP remains especially widespread in China relative to the rest of the world.
The aged OS remains particularly strongly entrenched in hospitals. This year's report identified a counterintuitive rise in the number of devices running XP, with 3% of devices used by healthcare bodies running Windows XP, up from 2% last year.
"There are a few possible causes of this," said Kyle Lady, senior R&D software engineer at Duo Security.
"First, as Duo takes on more healthcare customers, we gain a broader picture of the state of the healthcare ecosystem. Also, we can only see systems that are on the Internet, so more existing XP systems may be being connected to the Internet for convenience. Lastly, Windows XP could still be actively deployed under a standard site license, in which case, the lack of commercial availability is irrelevant."
Last year, three hospitals discovered malware infections being spread by medical devices running XP. According to Duo, one of the hospitals had "new enterprise-class firewalls, intrusion detection software and endpoint protection that failed to detect the old malware and established backdoors in the devices".
In the past year, the healthcare industry has been hit hard by ransomware attacks, with 88% of attacks targeting hospitals. It had initially been thought that the recent Wannacry ransomware had been primarily spread by Windows XP machines, although later analysis found the malware was more likely to cause XP machines to crash to the infamous Blue Screen of Death.
Windows 7 still more popular than 10
Users are slowly migrating to Windows 10, although Duo found Windows 7 remains the most common Microsoft desktop OS, on 59 percent of devices.
However, the proportion of machines running Windows 10 has more than doubled, with 31% in 2017 compared to 15% in 2016.
"We're seeing the start of the enterprise shift to the OS. Some analysts recommend 12-18 months to prepare - which may factor into the slow upgrade from Windows 7 or 8.1," says the report.
Duo also speculates that migration to Windows 10 could have been accelerated by recent major feature updates and Microsoft's decision to no longer support Windows 7 and 8.1 on PCs running on new processors.
Computer users in Europe were more likely than those in the US and Canada to be running Windows 10, with Microsoft latest OS installed on 40% of devices in EMEA, compared to 31% in North America and 47% in EMEA are running Windows 7, compared to 60% in North America.
More on Windows 7 upgrades
- Windows 7 update block: Is it Microsoft forcing Windows 10 upgrades or just protecting users?
- Microsoft begins blocking updates for older Windows versions on newer hardware (ZDNet)
- Microsoft to end support for Windows 7 and 8 on new PC hardware
- Microsoft's Windows 7 support U-turn: Now new Skylake PCs get security patches until 2020
- Next generation processors will require Microsoft Windows 10
- If Windows 7's security is so outdated, why doesn't Microsoft make it as good as Windows 10's?
Nick Heath is chief reporter for TechRepublic. He writes about the technology that IT decision makers need to know about, and the latest happenings in the European tech scene.