washingtonpost.com
If Only We Knew Then What We Know Now About Windows XP

By Rob Pegoraro
Sunday, September 24, 2006

Windows XP is turning five years old, but will anybody want to celebrate the occasion?

Microsoft's long-anticipated replacement for "Win 9x" -- the series of releases that began with Windows 95 and ended with Windows Millennium Edition --was never supposed to stick around this long. But half a decade after it began shipping on new computers (followed a month later by its retail debut), XP lingers.

In that time, this software has been Microsoft's most successful release ever in terms of sales. The research firm IDC estimates that about 485 million copies of XP, excluding pirated versions, had been installed by the middle of this year.

But XP has also become an apt demonstration of the difference between "popular" and "widely used." People use XP but don't love it. Why should they?

This operating system has needed a steady diet of patches to stay close to healthy. On a machine with a September 2001-vintage copy of Windows XP Home Edition, installing every bug-fix released as of August ballooned its Windows directory from 987 megabytes to 2.43 gigabytes.

You can think of Windows XP as a house with a second floor built of spackle, wood filler and duct tape.

And even with all those updates, the operating system has met only a few of its goals while falling short of others in a catastrophic manner. And it's done so for reasons that can't all be blamed on XP's design or Microsoft's own actions. That, in turn, means that its long-delayed replacement, Windows Vista -- now due to ship in January -- may run into the same problems.

Consider stability, the single biggest selling point of XP. The operating system was meant to stop individual programs from crashing the system, and it succeeded. It takes an especially malignant program to send my copy of XP to a "blue screen of death."

But that's not the only way XP can crash. Drivers, the software that lets XP communicate with hardware components, can still lock up the system. If you've seen an XP laptop fail to wake up from standby, you can probably blame it on buggy drivers.

Microsoft doesn't write most of that software, so it asked the companies that do to submit their work for its own testing. And if users tried to install an untested driver, Windows XP would flash an unmistakable don't-install-this warning.

You're probably familiar with that alert from seeing it all the time; many developers have ignored Microsoft's testing requirements. Users, in turn, have learned to treat XP's warning as an irrelevant nag.

Basically the same thing happened to Microsoft's attempts to clean up the look of Windows. Recall how simple a fresh installation of XP can appear, with only the recycle-bin icon on the desktop and a single column of programs in the Start Menu. (Yet even in that pristine state, XP makes you flip open three sub-menus to run such important tools as the System Restore fix-it utility.)

The initial simplicity almost never survives contact with software installers. Most of them ignore Microsoft's programming guidelines by dumping shortcuts and icons across the Start Menu, the desktop and the "tray," that parking lot of tiny icons at the bottom-right corner. Good luck finding anything on the screen after you've let the likes of AOL Instant Messenger or RealPlayer have their way with XP.

With all that extra software, Microsoft needs to persuade other companies to play by its rules, but it's had trouble getting even its own programmers to do that. The mere presence of Windows Vista can't change this failure to communicate.

Software that looks ugly can work ugly, and XP has been too forgiving of that as well. The operating system has done little to ensure that programs move in and move out in an orderly manner; they can throw supporting files and data all over the hard drive, then leave the junk behind when software is uninstalled. As a result, something that should have been fixed in Win 95 -- the way Windows slowly chokes on the leftovers of old programs -- remains a problem.

Microsoft also did nothing to make the system registry -- the collection of settings that constitutes a single, system-wide point of failure -- less of a nightmare. It should have slain that dragon five years ago, instead of waiting to move away from it in Vista.

Microsoft did get one aspect of system maintenance right in XP -- software updates -- although it needed to ship a major system patch first. With the changes that Service Pack 2 brought in August 2004, you don't have to touch a single setting to have Windows get the latest fixes for you.

But Microsoft has had trouble getting users to trust its automatic updates. Some of the suspicion can be understood (remember how Microsoft installed its "Windows Genuine Advantage Notifications" anti-piracy software through this mechanism), but it becomes self-defeating when people keep copies of XP in a less-secure state because they think somebody in Redmond is out to get them.

Microsoft's updates have largely neglected the programs bundled with XP-- Internet Explorer, Outlook Express, MSN Explorer, Windows Media Player, Windows Messenger and Windows Movie Maker. Only Windows Media Player and Windows Messenger have had meaningful updates over the past two years, although the far-improved Internet Explorer 7 is nearing its release.

(Note, also, what Microsoft never thought to include in XP: anti-virus software and a capable backup utility.)

Windows XP has failed its users worst at keeping them safe from viruses, worms and spyware. Service Pack 2 shut some of the worst holes, but XP still demands far more oversight than its competitors.

You can't just blame that on the cockroach-like persistence of the crooks responsible for releasing all the garbage. Microsoft didn't do its job, and that failing goes far beyond individual vulnerabilities in Internet Explorer and Outlook Express.

The root problem is XP's inability to police the conduct of any program. Its default "administrator" setup grants the user and every application the run of the entire system.

That's why each new Windows-transmitted disease -- such as invasive spyware like Aurora or MoviePass.tv -- is so hard to eradicate. The only guaranteed cure for such infections is to reformat the hard drive and reinstall everything from scratch.

Windows Vista will no longer allow such liberty to users and programs. But making that change while maintaining compatibility with old Windows programs -- developed, of course, in violation of programming guidelines mandating that they work without "admin" access-- is a monstrously difficult job.

XP represents a missed opportunity. If Microsoft had known it would be living with XP for so long, it should have pushed back its release to fix some of those problems.

But could it have known how bad things would get? Could anyone? The review of XP that ran under this byline five years ago never even used the word "security."

That raises a scary thought: What's the ugly flaw in Windows Vista that people will be screaming about in 2010, but is escaping people's attention right now?

Living with technology, or trying to? E-mail Rob Pegoraro atrobp@washpost.com.

View all comments that have been posted about this article.

© 2006 The Washington Post Company