Securing XP PCs after Microsoft drops support

Topic

New Reply

	TOP STORY Securing XP PCs after Microsoft drops support
	By Susan Bradley All good things must come to an end; in less than four months, Microsoft will officially end support for Windows XP. Here are the steps I’ll take to ensure that my remaining XP machines are as secure as they can be.

---

The full text of this column is posted at http://windowssecrets.com/top-story/securing-xp-pcs-after-microsoft-drops-support/ (opens in a new window/tab).

Columnists typically cannot reply to comments here, but do incorporate the best tips into future columns.[/td]

[/tr][/tbl]

Reply | Quote

Replies

Susan,

It saddens me to see that someone of your caliber could wind up in a place where you actually believe telling people to use Microsoft Security Essentials is good advice.

For the love of GOD please stop telling people to use Microsoft Security Essentials. It failed basic certification for antivirus software, and is widely known to be a DANGEROUS choice.. Did you know that? Look it up.

Bad bad bad advice Susan. Please stop spreading it.

There is nothing more annoying than uninformed people being presented to the unaware masses as “experts”.

EDIT:

Then there’s THIS!

“Truth be told, I’m skeptical of reports claiming that one antivirus product is better than another. All AV apps must react to rapid changes in malware delivery. And I often find suspicious files on systems that have top-rated antivirus products installed. Combining compatible AV scanners is the best way to keep malicious software off a system.”

Really? You clearly are NOT a technician of ANY SORT, and have NO idea of what you are talking about. There is a HUGE HUGE difference in actual Malware detection and removal success rates of the various big names. For example, Kaspersky Anti-Virus is a far superior product than AVG, McAfee, or Norton. It simply finds and actually stops/removes what it finds, unlike the programs uninformed and inexperienced people choose to use.

Honestly Susan, this article is so full of bad information it makes me wonder how you can even sleep at night knowing that you are a farce. Why don’t you go back to managing servers as an “MVP” or whatever it is you are actually good at. You suck at the bench level.

Reply | Quote

Susan,

It saddens me to see that someone of your caliber could wind up in a place where you actually believe telling people to use Microsoft Security Essentials is good advice.

For the love of GOD please stop telling people to use Microsoft Security Essentials. It failed basic certification for antivirus software, and is widely known to be a DANGEROUS choice.. Did you know that? Look it up.

Bad bad bad advice Susan. Please stop spreading it.

There is nothing more annoying than uninformed people being presented to the unaware masses as “experts”.

EDIT:

Then there’s THIS!

“Truth be told, I’m skeptical of reports claiming that one antivirus product is better than another. All AV apps must react to rapid changes in malware delivery. And I often find suspicious files on systems that have top-rated antivirus products installed. Combining compatible AV scanners is the best way to keep malicious software off a system.”

Really? You clearly are NOT a technician of ANY SORT, and have NO idea of what you are talking about. There is a HUGE HUGE difference in actual Malware detection and removal success rates of the various big names. For example, Kaspersky Anti-Virus is a far superior product than AVG, McAfee, or Norton. It simply finds and actually stops/removes what it finds, unlike the programs uninformed and inexperienced people choose to use.

Honestly Susan, this article is so full of bad information it makes me wonder how you can even sleep at night knowing that you are a farce. Why don’t you go back to managing servers as an “MVP” or whatever it is you are actually good at. You suck at the bench level.

Wow. Who didn’t get their mommy to tell them that they are ‘special’ today? If it helps any, ‘You’re special’.

Reply | Quote

Susan, you failed to mention the most powerful way to secure XP, replace it with one of the many cool disro’s of Linux such as Mint or Ubuntu. Although this solution is not for many users, those who have basic computing needs like web surfing, office productivity, and yes, gaming, would be amazed at what is available to them in the open-source world. I have converted many friends from XP to Mint and the learning curve is minimal, their old hardware still performs well, and they have a very modern operating system without the security challenges of XP and Windows in general. Most small businesses could convert (granted, with some effort) to Linux even if they have apps that require XP. Virtual Box runs great under Linux and XP works great in Virtual Box.

Personally I have 2 Mint 15 machines and 2 Windows 7 machines on my home network. We share files and an HP printer seamlessly. Oh, by the way, my Dish DVR runs on Linux, my Roku box (which I love) runs Linux, my Chromecast adapter for my TV is Linux based, our Android phones are Linux…do you see a pattern here? Huge numbers of people interact with Linux every day and don’t even realize it.

I do appreciate Windows Secrets, I’ve been a subscriber for years, and you guys are excellent. You’ve given us great information over the years, many times baling me out of a problem situation when I was a network admin for a good sized organization. Now that I’m retired I find myself supporting many friends when their Windows computers have a problem, and while Win 7 is a great OS, more and more of our daily activities are web based and not dependant on a particular OS.

Reply | Quote

A very nice article. Well done for pointing out how to block these machines from Internet access while able to access local networks.
I would suggest that anyone who ‘needs’ to keep XP to do this and avoid all browsers and all Internet access. That leaves infection from
physical access and LAN traffic, the first being the worse.

As for the Anti-virus you are correct. AV software is reactive to discoveries. There is NO AV software that can prevent infection, and there never will be. Short of booting from a CD with new equipment each day ( to avoid the NSA’s ‘alleged’ BIOS hack, and other firmware attacks) Once compromised any number of undetected trojans, rootkits, and malware that is not detected now, or possibly ever can be planted. At that point only a complete re-install of the OS is the only 100% safe method to assure a clean and safe computer.

At work, I would NEVER NEVER NEVER take an infected PC and put my faith in a AV removal process and then put that PC back on my backbone. That PC goes to be totally wiped and reinstalled. Timely, yes. Costly? Not as costly as having 100 more computers, or my servers infected.

Reply | Quote

You can Google for AV reviews and on the tests done, some are better than others at detection and I wouldn’t recommend MSE either, but I also agree that no AV program is 100% effective because of what is out in the wild.

AV programs look for known heuristics and hope that future Trojans etc. are using similar methods, but safe browsing and not using P2P will go a long way to keeping you safe – otherwise I thought the info on blocking Internet for when the time comes was useful as once support for XP ceases, then it will seem like Christmas for the Hackers.

Reply | Quote

“By and large, there’s no compelling reason to stick with XP — and, as noted above, there are important reasons not to.”

It took me a few minutes to compose myself after I saw your comment in paragraph 5. It sounds like you’ve been drinking the Kool-aid that Microsoft dispenses to people like the editors of Windows Secrets.

In the real world, we eventually retire, then try to avoid the “Microsoft tax” by keeping old hardware (or an old PC or two) in our attics, and holding on to Windows XP.

I’ve spent a lot of money over the years buying licensed software for a dozen applications that are no long compatible with Win XP. Thankfully, God gave me the ability to buy / build / maintain computers.

With that in mind, I don’t have the financial resources like you many of you do. I’m hanging on to XP for personal reasons.

Other than your short-sighted opinion about retirees, it was a pretty good piece.

Reply | Quote

I’m curious if the major computer vendors such as Dell, HP, etc will continue to provide drivers on their support websites for those machines still running XP.
I own a small computer repair business & sell refurbished computers in an area dominated by seniors. They want nothing to do with Windows 8 or even Windows 7. They like their XP.

Reply | Quote

I’m curious if the major computer vendors such as Dell, HP, etc will continue to provide drivers on their support websites for those machines still running XP.
I own a small computer repair business & sell refurbished computers in an area dominated by seniors. They want nothing to do with Windows 8 or even Windows 7. They like their XP.

If an XP driver just happens to work then so be it but it is unlikely that the OEMs will continue to supply XP drivers for new machines since they can no longer sell XP. As the chips change for motherboards, integrated devices, and add-on devices it just does not make financial sense for the OEMs to devote the time & effort in development and support of XP.

Joe

--Joe

Reply | Quote

”By and large, there’s no compelling reason to stick with XP — and, as noted above, there are important reasons not to.”

It took me a few minutes to compose myself after I saw your comment in paragraph 5. It sounds like you’ve been drinking the Kool-aid that Microsoft dispenses to people like the editors of Windows Secrets.

In the real world, we eventually retire, then try to avoid the “Microsoft tax” by keeping old hardware (or an old PC or two) in our attics, and holding on to Windows XP.

I’ve spent a lot of money over the years buying licensed software for a dozen applications that are no long compatible with Win XP. Thankfully, God gave me the ability to buy / build / maintain computers.

With that in mind, I don’t have the financial resources like you many of you do. I’m hanging on to XP for personal reasons.

Other than your short-sighted opinion about retirees, it was a pretty good piece.

This is why I’m recommending to not surf with it and get a kindle. You can get a very inexpensive kindle device that will allow you to still get email on a fully supported device.

Reply | Quote

Because I use XP for sandboxing protection (via VM), I protect mine thusly:

http://windowssecrets.com/forums/showthread//157326-Changing-my-protection-strategy-a-little

Reply | Quote

It is unbelievable that Microsoft would not create an easy migration path – think service-pack installation “easy” – that would keep existing customers connected to the Microsoft product and services infrastructure.

My parents do an amazingly good job of keeping their XP system updated with fixes and other software updates; however, they skipped the only real migration path – Vista – when their technology-savy grand-children cautioned them against it. Their computer was purchased at a time when there were really only two options (Apple or PC) and they don’t feel that a new computer purchase can be justified based on what they use it for. After months of discussing the alternatives, the grand-kids have talked them into using Linux Mint.

I imagine there are millions of people who find themselves in the same situation that will make a similar decision.

Reply | Quote

the grand-kids have talked them into using Linux Mint.
I imagine there are millions of people who find themselves in the same situation that will make a similar decision.

Maybe, but I highly doubt it.
The grand kids would be better off moving them over to Windows 7 as opposed to learning an alien OS like Linux.

Reply | Quote

It’s astonishing that Xp has lasted 12 years, but if something’s good, it will indeed show staying power. It’s managed to outlive the mess called “Longhorn” (You know, like Pinocchio, except substitute nose for horn, and Vista for Longhorn!), and took us to Windows 7. It’s a real shame that M$ has tried to emulate Apple , with their new major OS now every 4 months.. formerly it was every year, now it’s not even a half year. And they have been fixing all these things that weren’t broken. For MS to even consider emulating this bunch is worrisome. Microsoft, however, are expert at Windows. I hope they just stick with that, and allow Windows 7 to run it’s full course.
XP is hardly out of date either, as far as running programs is concerned. I wouldn’t ever consider going online with it (!), but who says you ever need to? Win 7 or 8.1, or all your little “devices”, are fine for that. I use it for Visual Pinball, and it works like a charm, in large part precisely *because* it is so old. There’s no “new improvements” that get in the way of running all my older pinballs, either. Multibooting is so easily facilitated nowadays that one only need set that up, and if it is confined to a home network, you are perfectly safe. Any exploit would be discovered by your fully updated AV on Win 7 or 8.1 anyways.
Mainly, though, when it comes to securing Windows XP in the future,. how’s this? *unplug the network cable*!

Reply | Quote

How about an article and/or “easy” instructions for installing an OS like Linux Mint to dual boot with Win XP as second option, keeping all of Win XP as it is. I have many legacy XP items I want to retain, and use Mint for Internet access – email, research, etc.

Thanks

Reply | Quote

Honestly, keep the XP as it is. Don’t try to dual boot which adds oddities. Go to amazon and buy a cheap ubuntu netbook.

Reply | Quote

Good lord what a strange comment.*Which is more inconvenient, having to use a completely different device altogether, or just clicking “XP” or”Ubuntu” at boot… What kind of “oddities” does that add? Once booted into the chosen OS there’s absolutely NO difference. Except it’s MUCH easier to check your mail or go online.. just reboot! Fact is that there really IS a “compelling reason” to stick with XP.. and that is SPEED, and hardware requirements… The system req’s for Vista and on up are vastly higher, and franlkly, any system running XP for more than a few years can NOT run those OSs. Period.

Reply | Quote

Actually, I keep my 11 year old Gateway XP desktop around because HP did not see fit to update their device drivers for my Scanjet 2200c or my LaserJet 1000 printer. My Windows 7 and Linux Mint boxes share the scanner and the printer over my home network. Only if these devices die before I do shall I’ll consider ditching the XP box…

Reply | Quote

Good lord what a strange comment.*Which is more inconvenient, having to use a completely different device altogether, or just clicking “XP” or”Ubuntu” at boot… What kind of “oddities” does that add? Once booted into the chosen OS there’s absolutely NO difference. Except it’s MUCH easier to check your mail or go online.. just reboot! Fact is that there really IS a “compelling reason” to stick with XP.. and that is SPEED, and hardware requirements… The system req’s for Vista and on up are vastly higher, and franlkly, any system running XP for more than a few years can NOT run those OSs. Period.

I’ve seen issues when two different systems are on the same piece of hardware. If the two operating systems try to run utilities on the drive locations they shouldn’t things like removing shadow copies and other oddities may occur. It’s not without issues and should not be tried if you don’t want to deal with such oddities.

Reply | Quote

I’ve seen issues when two different systems are on the same piece of hardware. If the two operating systems try to run utilities on the drive locations they shouldn’t things like removing shadow copies and other oddities may occur. It’s not without issues and should not be tried if you don’t want to deal with such oddities.

Interesting and of course logical.
I never liked the hassle of dual booting. I have found virtual machines more convenient and that should avoid those issues.

The main OS on my desktop is Win7 and I run Win2k virtually for several apps that won’t run on Win7…..Delorme’s Topo 3 being one of them. But I don’t allow Win2k any network connectivity.

I liked XP, but time marches on, equipment gets old and software less and less secure needing more and more support. And MS will soon end their support of XP.
Good luck to those that march on with XP.

To those staying on XP, imo, a sandbox like Sandboxie would help improve browser security by whitelisting what is allowed to run in that sandbox and ought to be a consideration.

Happy New Year everyone

Reply | Quote

Good news for XP users (for XP VM users like me). lol

http://thenextweb.com/microsoft/2014/01/15/microsoft-extends-updates-windows-xp-security-products-july-14-2015/#!skrVG

edit:

Misread the article; only applies for malware programs (Microsoft Essentials). Oh well. Still, I hardened XP and hope it will still be useable for another 2 years.

Reply | Quote

Susan and Forum folks: My computer savvy doesn’t extend to “virtual machines”. Is it correct to assume that, after Microsoft terminates support, the risks would apply to “running XP on a virtual machine running under Windows 7”? Although Windows 7 would be supported on the computer, would the XP activity jeapardize the W7 “side” of the computer & any associated network?

Reply | Quote

Susan and Forum folks: My computer savvy doesn’t extend to “virtual machines”. Is it correct to assume that, after Microsoft terminates support, the risks would apply to “running XP on a virtual machine running under Windows 7”? Although Windows 7 would be supported on the computer, would the XP activity jeapardize the W7 “side” of the computer & any associated network?

Yes, the risks apply to any Windows XP version that can access the internet, so it applies to a virtual machine.

The XP activity does not need to jeopardize the W7 host, but depends on whether you allow the virtual machine to access W7 resources, like shared drives, which it does by default, I think. This sharing can be stopped, though.

Reply | Quote

Drive Sharing can be stopped, please explain how ?

Reply | Quote

All you need is to uncheck the drives in the Tools->Settings dialog:

35868-CaptureInF

Reply | Quote

I really like the part where Susan Bradley mentioned about giving aging XP machines some new life when upgrading hardware like RAM and hard drives. However, she did not mention about doing CPU upgrades, which is what I do after performing RAM and hard drive upgrades if performance in those old XP machines are still not satisfactory.

Installing a faster processor chip (although it may sometimes be expensive) helps out when viewing videos online or doing intensive graphics stuff. Videos are smoother and less jerky with a faster CPU. My friend’s Gateway/eMachine T5048 computer with pre-installed Windows XP Media Center Edition 2005 (updated to SP3 level) used to have 512Mb of RAM (now it’s maxed out at 2Gb) but still doesn’t seem fast enough after a RAM upgrade since it came with an Intel Pentium 4 (524) 3.06Ghz processor chip. I’m planning to install a faster CPU [either an Intel Pentium 4 3.60Ghz 661 CPU chip or an Intel Pentium D (dual-core) 2.8Ghz 820 processor chip].

So first do a memory/RAM and a hard drive upgrade, then upgrade the processor chip to the fastest one that is supported by the motherboard of your computer.

Reply | Quote

….Installing a faster processor chip (although it may sometimes be expensive) helps out when viewing videos online or doing intensive graphics stuff. Videos are smoother and less jerky with a faster CPU. My friend’s Gateway/eMachine T5048 computer with pre-installed Windows XP Media Center Edition 2005 (updated to SP3 level) used to have 512Mb of RAM (now it’s maxed out at 2Gb) but still doesn’t seem fast enough after a RAM upgrade since it came with an Intel Pentium 4 (524) 3.06Ghz processor chip. I’m planning to install a faster CPU [either an Intel Pentium 4 3.60Ghz 661 CPU chip or an Intel Pentium D (dual-core) 2.8Ghz 820 processor chip].

If maxing the RAM and setting the BIOS to Dynamic control over system video memory allotment didn’t speed up the video sufficiently–and as old as that thing is I doubt it–that MB has a PCIe x16 slot. Adding a $40 6450 would help with video immensely. At 18W (1.5A) maximum graphics power draw on the +12V rail no worries on the current PSU either. That Diamond card is pretty sweet with 5 yr warranty and solid caps.

The T5048 came with a Intel® Pentium® 4 524 @ 3.06GHz on an Intel D101GGC motherboard. [Caution: The MBs used by eMachines were usually identical to the Intel consumer MB (except the BIOS string .15A. versus .86A.), but sometimes there were physical differences that needed to be carefully compared.] I do not think your friend will be impressed with a CPU running slower than 3GHz. Those PenDs didn’t compensate for speed.

You can do some great hacking, but you can also irreparably brick the MB too.

You should realize that unless eMachines added support for the processors then their BIOS won’t support the CPU. Intel’s BIOS will support the CPU except where a MB rev. is needed (AA # found on MB). I can say that unless the CPU is on this list it most definitely is unsupported. The good news is most P4 and PenD CPUs go for around $10-15 on eBay these days.

Download Center

Looks like an unofficial eMachines support forum has ceased.

eMachines Support (Gateway)

Let us know what was decided and how it turned out.

Reply | Quote

Finally after reviewing all of the comments to make sure nobody already asked I get to ask Susan my question.

In your article you state ‘do not uninstall IE.’ Why?

I realize doing so broke XP having painfully found that out myself a very long time ago. But the only thing it seemed to break was Windows Updater. Since I want this disabled anyway, why not pull an irritating browser while I’m at it? What is the down side?

Reply | Quote

Finally after reviewing all of the comments to make sure nobody already asked I get to ask Susan my question.

In your article you state ‘do not uninstall IE.’ Why?

I realize doing so broke XP having painfully found that out myself a very long time ago. But the only thing it seemed to break was Windows Updater. Since I want this disabled anyway, why not pull an irritating browser while I’m at it? What is the down side?

I hope you are not saying that most folks could successfully rip all traces of Internet Explorer out of Windows OS versions sold in the United States. The close integration of IE into the Windows OS makes this impractical or nearly impossible. Some serious reverse engineering would be necessary. Most folks do not have access to the tools necessary to do the job, and it is a complete waste of time.

The security issues with Windows XP are many and widespread, and this will only get much worse by mid-2014 as security exploits are no longer to be patched. The increase in successful hacker attacks will probably show up only a little bit at first, but then escalate and finally overwhelm any efforts to maintain this OS version for online use, no matter what browser is or is not present. Third-party security and browser support will probably fade away quickly rather than slowly.

I don’t know if this is to be believed, but InfoWorld TechBrief cites a source that Windows XP has slipped below one-third of Windows installations, and is fading fast. Windows 7 seems to be where most folks are landing now, with Windows 8 sales apparently flat or growing very slowly. With four major versions of Windows now in widespread use (XP, Vista, 7 and 8) many developers are looking for ways to reduce development and maintenance costs, and dropping XP support seems to be one option many are considering. Again, it won’t happen all at once, but it will happen.

My Dad still runs Windows ME. He never updates anything. Good thing, too, as none of his software can even be reinstalled when his computers eventually suffer irreversible hardware failures. My guess is that Dad (at age 96) will suffer a “hardware failure” before his computers willl, but this is a special case.

Nothing in tech can last forever. Folks should stop pouring efforts into systems and software which are no longer supported.

-- rc primak

Reply | Quote

Finally after reviewing all of the comments to make sure nobody already asked I get to ask Susan my question.

In your article you state ‘do not uninstall IE.’ Why?

I realize doing so broke XP having painfully found that out myself a very long time ago. But the only thing it seemed to break was Windows Updater. Since I want this disabled anyway, why not pull an irritating browser while I’m at it? What is the down side?

You can’t uninstall IE. It’s part of the operating system.

Reply | Quote

Don’t forget good old discrete graphics. I would put that ahead of processor side by side with RAM. It has a double benefit, bearing some of the workload for the processor for certain applications/games and leaves all the RAM available for allocation, no sharing.
As an example, an old Athlon 3000+ Sempron (so not so good on the processing side) that wasn’t quite cutting it on an FX5200 video card. Put in an old ATI 2600HD card, badda bing, badda boom. Now it didn’t turn into a dual core 3.1 GHz system but it sure smoothed it out, plays 720P just fine (1080P is still trouble) and plays all the old games quite nicely like Medal of Honor and Pain Killer and Battlefield 1942 and Tomb Raider 5. I even picked up a couple 9800GT cards for the AthlonXP 4000+ systems for $30 on closeout. Excellent upgrade for those systems and in many cases these cards seem to still be quite readily available, even AGP.

Reply | Quote

Indeed there are many options for virtualization and sand-boxing XP if need be. In fact XP is better supported in that department than Win 7 or 8. If Microsoft had continued the virtualization march that they started in XP it may have been perfected by now and there would be a REAL advantage over XP. Unfortunately virtualization also have a nasty habit of fooling Windows Genuine Advantage and other verification methods as well, so methinks virtualization got the kibosh in later versions for that reason, not because it didn’t have a ton of potential.

Reply | Quote

Whether we agree or disagree with the statement that dual-booting can introduce “oddities”, one thing needs to be mentioned about converting from windows XP to Linux. Drivers may or may not be there, depending on your particular hardware configurations.

It wasn’t a Windows XP machine, but my Toshiba Satellite laptop has Intel-NVidia hybrid graphics. Ubuntu’s implementation of this technology is still not useful. Bumblebee helps a bit, but I still have no X-Server driver, and no NVidia Control Panel. Maybe the switch to Mir in Ubuntu 14.04 will help with all of this, but I remain skeptical. Similar issues have turned up with AMD-ATI hybrid graphics on some vendors’ laptops (especially Dell).

Point is, no matter how you slice and dice it, Linux does not provide an easy conversion path for computers originally configured to run Windows. I personally haven’t run into any specific dual-boot “oddities” but they do exist for some configurations. Susan is right about this point.

All things considered about tablets, if all you need is a Kindle, yes go ahead and get a Kindle Fire HDX this year. But if you are thinking about Android tablets, hold off. 2014 will bring 64-bit Android tablets running Intel Bay Trail processors, which can run full-fledged 64-bit operating systems in dual-boot mode (given enough local storage). (Linux can run off USB devices with Persistence, so internal storage capacity is not an issue if using Linux with Android.)

Given the flux in Android tablets, I recommend holding off until mid-year 2014 if there’s no pressing need to buy before then. Until that time, a Linux conversion, a Win XP Virtual Machine inside of Linux, or a Linux-Windows dual-boot seem to me to be perfecrtly acceptable options. Just keep that Windows XP part of the system off-line!

Anything is better in my mind than buying into the current crop of Windows 8 tablets.

Compared with the Surface Pro 2, the Dell Venue 8 Pro is cheaper and just as functional.

-- rc primak

Reply | Quote

Someone wanted a how to guide:

How to dual boot Linux and Windows XP (Linux installed first) — the step-by-step guide with screenshots

How to dual boot Windows XP and Linux (XP installed first) — the step-by-step guide with screenshots

I would strongly encourage anyone doing this to first make a drive image (Macrium Reflect or Acronis trial) of their HDD and store it somewhere so they can put the drive back the way it was in case they are unhappy with the dual boot.

And for those considering the switch (Linux Mint is really nice…) you might try Zorin_OS with the XP interface. Runs Windows apps using installed Wine and PlayOnLinux. Like any new OS you will still have to learn it is not XP.

Reply | Quote