Only Microsoft knows the true Windows XP numbers -- but isn't telling

There's a lot of angst about the 30 percent of Windows users who haven't switched, but how many PCs does that actually mean?

The simple fact is that we don't know -- don't even have a clue -- about the number of Windows XP machines still out in the wild. Back-of-the-envelope estimates put the figure at about half a billion machines, but that calculation ignores a host of crucial factors. Foremost among them: How many "real" copies of Windows XP will be thrown to the dogs next month when Microsoft cuts off support? There's only one company that has an inkling of the "real" number, and that company isn't talking.

A couple of days ago, Gregg Keizer at Computerworld put the numbers through the wringer as part of his impassioned call for Microsoft to extend XP support. The calculation looks like this: Net Applications says that 29.5 percent of the world's PCs ran XP in February. If there are about 1.65 billion PCs running around (including, presumably, 1.4 billion Windows PCs, using Microsoft's latest figure), that comes to about 488 million XP PCs now in operation.

StatCounter, on the other hand, says about 19 percent of the Web hits it tracks come from XP machines. You can do the math.

I don't trust either source, for reasons I described a couple of years ago, but for better or worse, they're the two main sources of "XP usage" numbers. In both cases, the reporting organization tracks hits on Web pages that they monitor. StatCounter reports the hits raw; Net Applications massages them significantly. Neither has good reporting in China or Asia -- which now account for about half of all installed PCs. But they're all we have.

The 300 or 400 or 500 million XP PC numbers sound impressive, but they miss the point.

Here's what I want to know: When Microsoft rolls out its final set of XP patches next month, how many "real" bought-and-paid-for copies of Windows XP will be updated?

If we're looking at 500 million PCs headed to the rubbish heap of patching history, then there's no question Microsoft has a huge problem on its hands. Keizer's options for Microsoft redeeming its security reputation should be mandatory.

But what if we're only looking at 10 million? Or even 5?

Yes, it's possible that the estimates of exposed, upgradeable "genuine" PCs is off by an order of magnitude -- or two.

First, the volume of pirated XP machines boggles even my imagination. Estimates put the number of XP machines in China alone at 300 million. I hate to sound cynical, but in my experience, maybe 1 percent of those machines have "genuine" bought-and-paid-for versions of XP.

People in the West tend to think that if an XP PC is downloading updates -- Keizer quotes Microsoft as saying roughly 70 percent of the XP machines are regularly updated -- that the machine must be "genuine." I can assure you that there are dozens of popular pirate versions of XP that install patches with no problems at all. Just because an XP machine gets automatic updates doesn't mean it's genuine. In some parts of Asia, real copies of XP are as rare as panda bears wearing sunglasses and dancing the macarena.

Microsoft's under no obligation to patch pirate copies, of course, and it's a two-edged sword. I've encountered dozens of XP machines that were bricked when a Black Tuesday patch conflicted with a pirated copy of Windows. If Microsoft extends XP support for another year or two or 10, what happens when a pirate copy of Windows goes kablooey?

Pirate copies of XP account for, what, maybe 300 million of Net Marketshare's total? 200? 400? There's no way for Net Marketshare or StatCounter to know when it's been pinged by a pirate. But the numbers are undoubtedly huge.

Second, plenty of XP machines that hit the Web regularly rarely get updated. Those are machines that might be counted by the Net Marketshare or StatCounter algorithms, but that would never benefit from Microsoft extending patches beyond April 8. In many cases, they're probably pwned already.

So we're seeing a lot of moral outrage -- well-placed outrage, in my opinion -- about a problem that may be one or two orders of magnitude smaller than I, for one, originally thought. In the end, the undeniable fact is that we don't know how many PCs are going to get slammed when Microsoft shuts down its XP patches. Not even close.

How about it, Microsoft? Can you tell us how many XP machines got patched with the March Black Tuesday round? Of that number, can you say how many were, uh, genuine?

This story, "Only Microsoft knows the true Windows XP numbers -- but isn't telling," was originally published at Get the first word on what the important tech news really means with the InfoWorld Tech Watch blog. For the latest developments in business technology news, follow on Twitter.

From CIO: 8 Free Online Courses to Grow Your Tech Skills