Will Windows XP still be properly supported by Microsoft and, as a primary development target, by third parties? Is there something XP die-hards have missed, some hidden gotcha that's going to trip them up 12, 18, or 24 months from now?

Of course, there's no universal answer to the Vista upgrade question. Yes, in all likelihood you'll be just fine sticking with Windows XP – at least until Windows 7 ships in 2009 or 2010. But let's not rush to universal judgement. Let's take a close, measured look at the key considerations, and compare Vista's merits against the state of XP on the essential points that IT organisations and end-users care about. And if we can't solve this calmly and objectively, like fair-minded professionals, then let's at least have a good fight.

Are you ready to rumble? Okay, then. Operating systems, return to your corners, and come out swinging.

Round 1: Security

Security is one of the first areas to come to mind when considering a Vista migration. Features such as UAC (User Account Control) and Internet Explorer Protected Mode have been making headlines for more than a year – but not always in the context Microsoft would have wanted. UAC, in particular, has been savaged by critics who balk at its many annoying confirmation dialogs. Just try enabling or disabling multiple network connections quickly or moving a file into a protected folder.

However, even with UAC – which is really just a more visible, 'in your face' implementation of the user account controls that have been built into Windows NT since day one – Vista still isn't fully secure. There are documented ways around UAC involving Internet Explorer, security token privilege escalation, and the exploitation of the 'deprecated administrator' status of the default Vista account model.

More importantly, however, is the fact that most IT shops have already implemented a form of UAC under Windows XP by not allowing domain users to run as local administrators and, in some cases, writing their own 'elevation' utilities to make it all work seamlessly. In practice, these 'locked down' XP systems are in some ways more secure than a UAC-protected Vista system, because they're immune to the aforementioned privilege elevation exploit. To bring Vista systems on par with XP, you need to force users to work with a true non-admin account, as opposed to Vista's 'deprecated admin' account, which puts you right back at square one (that is, where XP is today).

Other security features, such as the updated firewall and more esoteric, internal fixes such as Address Space Layout Randomisation, are interesting but by no means compelling. Most IT shops have implemented a proper hardware firewall solution or third-party software for mobile/remote users, and address-based code exploits usually require some degree of social engineering to get them to work – a phenomenon even Vista can't thwart.

Decision: From a security standpoint, there's just not a lot to compel XP shops to upgrade. Many of the issues addressed by Vista have already been resolved under Windows XP using in-house applications or third-party tools.

NEXT PAGE: How do XP and Vista compare when it comes to Manageability?

Round 2: Manageability

One of the key drivers for Windows 2000 adoption, and later Windows XP adoption, was the debut of Active Directory and its Group Policy framework. For the first time, IT shops could address the myriad configuration management issues that plagued traditional, fat client installations, using a standardised, centralised repository of rules and restrictions. Vista adds a few extensions to this mechanism. However, as with the aforementioned security improvements, many of these issues have already been resolved.

For example, Vista adds support for locking down block devices at the client level. This is a useful feature – you can restrict users from accessing certain external media devices, such as CD driver or USB keys – but it's another XP loophole that was closed long ago by third-party management agents. Likewise, the inability to install printer drivers using a non-administrator account – something Vista now allows via a Group Policy extension – was resolved directly by many large IT shops, in some cases through the creation of their own elevation utilities.

On the management tools front, there is a dearth of new Vista-specific features, either from Microsoft or from major third-party framework vendors. In fact, outside of support for Vista's new image-based installation and deployment mechanism, which is one of the product's few noteworthy manageability improvements, there's little incentive to move to Vista from a purely systems management perspective. The image-based installation model makes it easier for IT to capture a 'golden' working image of their runtime configuration, and then spin this out to multiple systems regardless of the underlying hardware. This was a real challenge under XP, so definitely a point to Vista, but given the myriad third-party installation and provisioning tools (one or more of which are probably in use at any given IT shop) it's no TKO.

Decision: Moving to Vista provides little or no ROI from a systems management perspective. Yes, the new image-based installation model is a welcome addition. However, the lack of significant innovation in other areas makes Vista's management story less than compelling.

NEXT PAGE: Which OS is more reliable – XP or Vista?

Round 3: Reliability

With so much attention being paid to the more visible changes in Vista – UAC, Aero, the revised Explorer GUI – the tweaks Microsoft made under the hood have received little press. To be sure, Microsoft did some retrofitting with Vista. Heap management has improved. The power management subsystems have been completely rewritten. I/O tasks can be configured to run at a low priority, and they can even be cancelled in certain situations, improving the user experience during background service processing, network timeouts, and so on.

There's no question this is all good stuff. However, from a practical standpoint, the changes are far from earthshaking. In fact, you'd be hard-pressed to point out examples of their impact during day-to-day operation. The lone exception: low-priority I/O, which is helpful during initial OS startup because Vista loads so many more background services than Windows XP. In other words, Microsoft needed something to offset all of that additional startup processing. If Vista boots before you return with your cup of coffee, you have I/O prioritisation to thank.

As for overall stability, most customers will agree that – barring a buggy driver or virus infection – Windows XP has been rock stable since Service Pack 2 was released nearly four years ago. And with Service Pack 3 arriving any day now (sporting even more robustness and improved performance), the Vista reliability message becomes an even harder sell.

Decision: There is little or no clamor in the Windows XP community for better stability or reliability. Windows XP is a mature, stable OS with a well-known list of weaknesses and corresponding workarounds. On paper, Vista brings a better foundation, but in practice, it addresses problems that most customers weren't aware even existed, let alone needed fixing.

NEXT PAGE: Which OS is more usable?

Round 4: Usability

Vista Aero: You either love it or you hate it. If you're an Aero hater, you can disable much of the slickness via the Control Panel, but you can't get rid of it entirely. That's because the changes Aero brings are more than superficial. Microsoft, in its infinite wisdom, decided to move things around. Gone is the familiar 'up a level' button in Explorer. In its place is a foreign-looking – and infinitely more powerful – breadcrumbs feature in the Address Bar. Other options have been uprooted and scattered across myriad task-specific, pseudo-control panels (System Properties, Security Center, Mobility Center, and more).

Veteran XP users will need some time to adjust. Some will require retraining, especially with regard to UAC and its never-ending parade of confirmation dialogs. Likewise with the Search mechanism, which, though pervasive (almost every Explorer window or dialog has a Search field), can quickly lead the user down the rabbit hole of nested results with no clear route back to the beginning.

Plus, some new features, such as the Windows Backup Utility, so thoroughly insulate users from the underlying process that they don't know until it's too late that their data wasn't really backed up at all - something I found out the hard way early on.

Add to this the fact that many of Vista's enhancements can be replicated on XP (such as Windows Desktop Search), and you can't help but wonder: did the Windows UI really need such a radical overhaul? After all, an entire generation of our newest workers was raised on the Windows 9x Explorer motif which, with a few exceptions, has remained stable for more than a decade.

Vista's UI is definitely different. However, the jury's still out on whether it's better.

Decision: Change, for change's sake, is never a good idea. And while you can understand Microsoft's desire to refresh the Windows UI (all those Mac OS X screen shots look so much prettier than XP), Vista's designers seem to have cut off their nose to spite their face. Regardless, the usability 'improvements' in Vista are unlikely to make IT's list of compelling reasons to move away from XP anytime soon.

NEXT PAGE: What about performance?

Round 5: Performance

Windows Vista is a bloated pig of an operating system. In fact, compared to Windows XP with Service Pack 2 or 3, Vista requires roughly twice the hardware resources to deliver comparable performance. Even stripped to the bone, with every new UI enhancement turned off and every new background service disabled, Vista is a good 40 percent slower than XP at a variety of business productivity tasks.

The above is no generalisation. I've run the tests (repeatedly). I have the hard numbers. (You can see the full range of my results at

Upgrading a user from Windows XP to Vista, without upgrading their hardware, is tantamount to crippling their PC. Think of users with torches lining up outside your datacenter. It's not a pretty picture.

So just wait for the next hardware upgrade cycle and hit them with Vista then, right? Maybe. But consider this: for every CPU cycle wasted bringing Vista's bloated image on par with XP's, you could be providing your users with an actual performance increase across their core applications.

If there were some compelling reason to run Vista over XP – a quantum leap in usability or manageability – I could see why the investment might be worth it. But upgrading hardware just to maintain the status quo seems silly.

Decision: Would you rather throw new hardware cycles at offsetting Microsoft's code bloat and voracious appetite for CPU bandwidth, or at a tangible, measurable improvement in application throughput and user productivity? Enough said.

Round 6: Hardware compatibility

There's no question that hardware compatibility was initially a sore spot with Vista. This was particularly true for mobile users who had to suffer through a variety of functional and operational problems as they waited for updated device drivers. And some of us are still waiting: I, for one, have yet to find a feature-complete video driver for my Dell XPS M1710, and I consider myself to be a fairly resourceful fellow.

But beyond scarcity, there is the issue of revalidation. Most sane IT shops have implemented strict rules regarding what is and is not an accepted hardware configuration. Departments with names like 'PC Engineering' spend copious time testing and certifying specific component combinations, isolating problem configurations, and feeding the necessary troubleshooting guidelines to their help desks. A migration to Vista means repeating these steps, and then some, while the immaturity of the Vista driver base will have IT racing against a moving target.

Windows XP, by contrast, has a mature and well-vetted compatibility base, with broad support from virtually every manufacturer. And while Vista will almost certainly catch up in time, as things stand right now, every new device insertion is a bit of a gamble. Just the other day I was puzzled when my Vista-equipped laptop wouldn't recognise a generic HP LaserJet 1200 printer.

Decision: When's the last time you worried about driver support under Windows XP? With an installed base into the hundreds of millions, chances are you'll still be finding XP drivers long after Vista's grandchildren are being put out to pasture.

NEXT PAGE: And the winner is...

Round 7: Microsoft software compatibility

It's a truism in Windows circles: the Microsoft Office team charts its own course. As the drivers behind the company's longest-lived cash cow, the Office folks have the luxury of being able to ignore the hemming and hawing of the Windows team and to choose to support whatever platforms make business sense. In the case of Office 2007, this meant eschewing any exclusive tie-ins to the perennially delayed Vista. As a result, the latest version of this bovine ATM works equally well under both Windows XP and Vista, much to the chagrin of the guys on the other side of the OS Chinese wall.

It's a similar story with Microsoft's BackOffice product line. There are few, if any, advantages to deploying Vista as a client to Microsoft Exchange, Microsoft SQL server or Microsoft SharePoint. As the gatekeeper to many of these resources, Microsoft Office often serves to level the playing field. And as I just noted, the current version of Office – Microsoft Office System 2007 – runs great on Windows XP.

What about future versions? There's no doubt that, eventually, Microsoft may try to target Vista exclusively. However, finding features and functions that Vista supports and XP doesn't is not as easy as it sounds. Remember, much of Vista's 'newness' is only skin deep. In fact, outside of DirectX 10 – which is exclusively a Vista technology – there's no valid reason for excluding XP from the supported platforms list of any new application.

Of course, this may change come Windows 7, the feature set of which is still very much in flux. However, nobody's arguing that you should stick with XP forever – just that you can stick with it for now and potentially skip a Windows generation without incurring any real pain.

Decision: Windows XP is still, and likely will remain for some time, the compatibility bar for new Microsoft applications. If and when Microsoft attempts to create an exclusive Vista tie-in, the company will need to articulate some valid technical reason – one that stands up to scrutiny from the IT community – for not supporting Windows XP.

Round 8: Third-party software compatibility

When Microsoft first started marketing its next-generation desktop OS project (Vista), it trumpeted a number of foundational technologies that were destined to usher in the next wave of killer applications. Some, including WinFS, fell by the wayside. Others, including Windows Presentation Foundation (WPF) – which was quickly back-ported to Windows XP when developers balked at the idea of Vista exclusivity – have proven to be nothing more than the extensions to the .Net Framework.

In fact, when Microsoft made these pronouncements, those of us 'in the know' (software developers and programmers familiar with the intricacies of .Net coding) had a good laugh. Nobody in their right minds would produce any complex piece of traditional, fat client software using the sluggish, bug-ridden .Net Framework, let alone a set of even buggier and less proven extensions.

A year later and you'd be hard-pressed to name a single commercial WPF application. In fact, I can't think of any third-party applications, outside of a few DirectX 10-specific games, that run better on Vista, never mind requiring it. Whenever Vista-specific development work has been done, it's usually been to fix problems created by the introduction of UAC. I personally spent several hours in Microsoft's compatibility lab at last year's TechEd conference working out UAC kinks that were affecting my own applications. In such a climate, where Vista is the outsider and represents a tiny fraction of the installed base, targeting it exclusively is tantamount to committing commercial suicide.

New applications that do ship are still typically native Win32 applications, written in C++ using tried and true technologies such as Microsoft Foundation Classes (MFC) or Application Template Library (ATL). This, for better or worse, is the state of third-party development for the foreseeable future. And, of course, these applications all run great on Windows XP, and will continue to do so for a long time to come.

Randall C Kennedy is a director Competitive Systems Analysis, an Information Technology consulting company