Microsoft (MSFT) has had quite enough of ransomware attacks like WannaCry and Petya. But if the company is going to get a handle on the problem, it needs the help of customers, businesses and governments around the globe.

When it comes to individuals and business, Microsoft has a simple request: Stop using Windows XP. As for the world’s governments, Microsoft’s ask is even easier, but may be a tougher sell: If you see something vulnerable in our software, tell us instead of using it to hack our customers.

Neither task will be easy, but the alternative will result in continued waves of malware attacks that steal or destroy data and leave millions of computers immobilized.

Don’t expect smarter users

You might not know this from coverage that treats each new malware attack as something that magically happens out of nowhere, but when a computer gets infected you can usually pin the problem on two preexisting conditions.

One is the person using the computer, who may be uninformed, gullible or distracted enough to open the wrong file or click on the wrong link. The other is the software running on the computer, which too often is obsolete and missing the latest security patches.

Microsoft and other companies can’t do much about the first problem beyond enhancing their systems to scan links and attachments in emails for signs of malicious content, something Microsoft recently did with its Office 365 software. But that sort of reactive defense can fall short when a previously unknown threat — usually called “zero-day” exploits, for the lack of warning experts have about them — starts to spread.

“Every company has at least one employee who will click on anything,” Microsoft president and chief legal officer Brad Smith said in a keynote Wednesday at the company’s Inspire conference in Washington. “That is pretty hard to protect against.”

Windows XP must die

But companies can and should switch to more secure software that can better resist malware that sneaks in through email. And from Microsoft’s perspective, that starts with retiring the ancient Windows XP. Despite Microsoft ending support for the operating system in 2014, the 2001-vintage OS still powered 4.86% of Windows PCs in June, according to StatCounter; another research firm, NetMarketShare, found it on 6.94% of PCs.

XP is an easy mark for malware because it allows even strange programs complete access to the system once installed.

“Windows XP is enormously vulnerable in ways that are impossible to change,” Smith said Wednesday. He noted that XP debuted two months before the Apple (AAPL) iPod, then asked “Is there anybody in this arena who is carrying around an iPod?”