The work has paid off. Most security professionals consider Microsoft the bar every other vendor should strive to meet. They have applauded the company's SDL processes, the fact it issues advisories of new threats accompanied by quick-and-dirty workarounds, its once-monthly patching schedule, and the informative — nay, sometimes exhaustive — descriptions of the those fixed flaws and how customers can defend against them.
Microsoft has good business reasons for retiring Windows XP from support: Most of its Windows revenue comes from licensing new copies of the operating system to OEMs (original equipment manufacturers), like Lenovo, Hewlett-Packard, Dell and dozens of others, for the approximately 300 million new PCs that factories will ship this year.
If it continued to support XP, Microsoft must think, its partners would sell fewer new computers — in the main, that's how old operating systems are replaced, not by in-place upgrades — and it would sell fewer copies of Windows. Microsoft doesn't make money off existing computers; it makes money off new computers. (Although there are signs that that is changing as the company strives for more services revenue.)
And Microsoft not only can call those business shots, it has the right to do so. Few argue otherwise.
But it could also be argued that by quitting XP, Microsoft risks an intangible: the company's reputation, and that of Windows, in the face of large-scale malware outbreaks that infect those unprotected machines. In turn, those PCs could — as has happened in the past — infect others, including any running newer editions that for one reason or another have not been patched in time.
If that happens, few —even those running Windows 7 or Windows 8.1 who have argued that users are responsible for running the most up-to-date software— will blame those still running XP. They'll blame Microsoft, as customers always do when stuff goes south.
Microsoft must have calculated that the risk to its reputation is warranted, that the damage would be less than the reduction of revenue if it continued to support XP, and the reduction of future revenue that would mean by setting a precedent.
Yet it has already set that precedent. When it extended XP's lifespan from the normal 10 years to almost 13, it established a policy that may need to be repeated years from now, as Windows 7, the standard edition for businesses, approaches its end of support in 2020. If Windows 8.1 and its successors don't change corporate opinion, Microsoft may be forced into acknowledging Windows 7's importance with a similar extension. It has already hinted as much by postponing the deadline by which OEMs must stop selling new business PCs with Windows 7 Professional pre-installed.
Sign up for CIO Asia eNewsletters.