Monday November 2, 2015
The better question is, why are your customers still using Windows XP?
If your “https” site displays a security warning for XP users, that means that your site is compliant with the latest TLS computer network security protocols. That’s a good thing. In fact, if your site works fine for XP users, that means that your site is not enforcing the latest security protocols.
"If your site works fine for XP users, your site may not be properly secured." [Tweet this]
Why is XP Getting Shut Out?
Microsoft hasn’t offered support for the Windows XP OS (operating system) since April 8, 2014, when they stopped providing security updates or technical support. That means that every computer currently running Windows XP has been at risk since that time.
Over the summer of 2015, Microsoft withdrew even more support, stopping updates to Microsoft Security Essentials on XP. That means, no more guards against spyware, viruses, and other malware.
To be fair, XP first launched in 2001 and was fully supported for 12 years, and Microsoft has been begging customers to upgrade for years. XP is incredibly outdated, and although the transition can be frustrating for long-time XP users, it’s time to upgrade and see what’s new from Microsoft.
What Does the Operating System Have to Do with Websites?
Most PC browsers (except Firefox) use the operating system’s built-in security protocols to protect the computer's communications while on the Internet. If your operating system is out-of-date, your browsing experience on the Internet may be using less-than-optimal security protocols.
Websites are made “secure” by implementing protocols called TLS (Transport Layer Security) — formerly known as SSL. Anytime you interact with a “https” site, you’re having a kind of conversation with the server hosting the website you’re visiting, protected through the encryption of those TLS protocols. This is communication begins as a “handshake”, where the computer and website agree on which security protocol to use.
TLS protocol helps protect privacy and security for those “conversations” on the Internet, so no external forces can eavesdrop and steal information.
Current, more up-to-date websites won’t recognize XP’s outdated TLS encryption protocol as secure.
So What Happens When an XP User Visits a Secure Site?
A site with current TLS protocols in place will see that XP’s TLS is incompatible with the newer standards, and won’t be able to make that secure “handshake.” The site will put up a security warning, to let you know that your browsing experience isn’t secured. An XP user won’t be able to make a purchase through the site. It’s not the website’s security issue, but the Windows XP user’s.
Why Do Some Sites Work Fine with XP?
Server administrators currently have a choice to either support old computers running XP, or to support new computers. If a website’s server administrator hasn’t chosen to require those higher security standards, the site might work fine for XP users.
At AllProWebTools, we strive to keep pace with current security standards, including the most current TLS protocols. We care deeply about you and your customers’ online security, so we choose to support connections with computers with the most secure protocols. Oftentimes, this is also a requirement for maintaining PCI Compliance, see these articles:
What Should I Tell My XP-Using Customers
- We highly recommend asking your customers to upgrade their OS to a modern, fully supported version. Our recommendation is at least Windows 7, although a more recent OS will stay secure longer. The inconvenience of switching operating is a small price to pay for the increased security you will enjoy.
- If they’re dead-set on keeping XP, advise them to switch to Firefox, which has its own cipher suite (rather than using Windows, like most other browsers) that is compatible with the latest standards and will work for browsing your website.