Windows XP Service Pack 3

Topic

New Reply

Just got this from DE: I have Windows XP Professional, 64 bit installed on my computer.  It has service pack 3.  I’ve looked and looked for SP-3, with
[See the full post at: Windows XP Service Pack 3]

Reply | Quote

Replies

SP2 is the last release for x64 XP.

https://en.wikipedia.org/wiki/Windows_XP_Professional_x64_Edition#Service_Packs

There is no SP3 for x64 XP – just sketchy torrents with all of the final patched slipstreamed in.

If it’s a new PC, most likely the driver support for XP isn’t going to be there anyways, so I’d suggest getting a new cheap license for Win10 and calling it a day.

Reply | Quote

@Sorry, but friends don’t let friends use XP.

And in particular Windows XP 64 bit which unlike the 32 bit version, was never too good and fully supported to start with.
OP, how can this be a NEW computer for which you don’t have an installation disk?
We are in 2016 and 5 versions of the Operating system later and struggling to keep Windows 7 alive, but not Windows XP.

Reply | Quote

It’s funny that this question is brought up, because I was thinking about it a couple days ago…

I still have a Windows XP (patched with SP3) system that I use rarely, almost only for gaming, and haven’t moved on to any new OS basically because it works well for the purpose it was made for and because of the nostalgic feelings it brings to me… Haha

I was wondering how unsafe that system is (even though I don’t use it for browsing, instead using my W7 notebook for it)… And how long more will I be able to keep using it…

I mainly use it for old games and Steam, and avoid browsing and downloading as mach as possible… It’s quite snappy due to the combination of XP low demanding resources and the fact that it has what in the past was high end hardware.

On your opinion Woody, how unsafe is a XP based system these days (browsing aside of course)?

Reply | Quote

Spot on Woody, as usual, and very well put.

While I can understand people wanting to stick with WinXP a few years ago (myself included), these days there really is no need as Win7 gives a fully supported and up-to-date reliable Windows OS even if you are (perfectly reasonably) suspicious or critical of Win8.1 and Win10 etc. If you have a system that won’t support Win7 then you do seriously need to consider upgrading it.

Reply | Quote

If you aren’t connected to the internet, and don’t install anything, you’re fine. The minute you put a USB drive in the system, though, you’re begging for problems (witness: Stuxnet) and if you’re connected to a network of any kind, the crawlies can creep in.

Reply | Quote

That’s not a bad suggestion, if there are Win10 drivers for all of the hardware.

Reply | Quote

I jumped through the roof just reading this title on my RSS client, and just had to click on it. Maybe you should consider a career in journalism, Woody ?

Reply | Quote

Gosh. I need to rethink what I’m doin’, eh?

Reply | Quote

I too said wow! it is back, too good to be true!
I have 2 xp machines that I use in the lab (never connected to internet) to operate my test equipment and do paperwork. Still run flawless. My (now old) Win 7 machine does not have all the needed ancient ports. Oh well.
BTW- Manjaro is working well as a replacement/substitute for win 7.

Reply | Quote

About the USB drive, what kind of problems do you mean?

I use it connected to the web, but as a very known and exploitable OS I avoid surfing or downloading stuff on that PC, using the network mostly for Steam or standalone MP games (like the old Call of Duty 4). I know that probably isn’t much that could be done, except for crossing fingers and keeping security software up to date, but, in this scenario of usage, is it possible to make my system a little safer?

PS: I really like that PC… Haha

Reply | Quote

I still have a 2010 netbook running with Windows XP Pro Sp3 32bit with my own integrated ACHI for the ICH9 chipset which doesn’t connect online. I recently installed the ‘Unofficial SP4’ (ryanVM.net) via usb flash drive.
No malware, telemetry or viruses, these guys know what they are doing. Also has a huge forum following for feedback/issues. You’d be surprised at the amount of people who still use XP offline.

This runs as fast as..with an SSD and the Battery life is fantastic. Great for older programs and nostalgic trips on games etc..

Reply | Quote

Re: Windows XP Service Pack 3

I seem to recall quite a few posts on askwoody about getting updates for XP till 2019.

Searched but couldn’t find them.

Found this:

http://betanews.com/2014/05/26/how-to-continue-getting-free-security-updates-for-windows-xp-until-2019/

Bad idea?

JF

Reply | Quote

Yep, bad idea. It doesn’t work very well.

Reply | Quote

Interesting!

Reply | Quote

I don’t know of any way to make XP safe — much less, safer. Plugging a USB drive into an XP machine is an invitation to disaster – that’s how Stuxnet was originally propagated, and I’m sure there are many, many more examples.

If you keep it offline, no gremlin is going to jump out of the electrical outlet and swallow your PC. I think.

Reply | Quote

Despite what “mainstream” users of office/accounting/game software might think, there is unfortunately other software for which compatibility with the latest MSWin OS was never a given.

Most important in that category:

1. Microsoft software. For many years now, Microsoft has insisted on prematurely dropping support for older MSWin versions and refusing to backport support for newer MSWin versions in its own products. Thus many Microsoft products essentially need to run on whatever Windows versions were “current” at their time of release. To retain cross-computer compatibility and avoid paying for expensive upgrades, one often has to standardize a task to a specific software version and then stick with that version and its associated range of Windows versions on an almost permanent basis. I thus have machines that run XP in order to run other old MS software in order to reliably maintain and process files initially created in before 2008.

2. Software testing. As a software developer I need to test and debug software that I sell on every Windows version that I have promised customers to support. So that means keeping old Windows versions alive and kicking way after their official use-by date. Occasionally, it even entails keeping some test machines running on a prior SP level of an old or current OS.

Microsoft deleting download options for past updates is absolutely counterproductive. I guess a lot of us will now have to start creating private copies of the entire update catalogs and download sites, just in case we later need something deleted by Microsoft in the meantime. Anyone up to creating automated tools to do this (with the key caveat that such tools should never delete or update previously downloaded content, just add indicators of the changes and copies of the updated versions)?

Reply | Quote

There seems to be an unsupported procedure to patch XP using the Embedded version patches. The Embedded version will be supported for a bit longer, not too long though. I don’t know the details, but it has been brought even here by few readers.

@Doc If you really, really need or love that computer, you should consider searching the web and applying the procedure that I mentioned if there is such thing. The best option is still to follow what Woody says.

Reply | Quote

I agree. Certainly, putting XP on the net is a disaster waiting to happen, but if you keep it off the air, it’s alright, especially if you need to work with programs/hardware that doesn’t work on newer OS’s. And yes, those ARE still out there. For Microsoft to just have deleted the links to working copies of SP3 is just asking for trouble, as OP has noted.
Thankfully I’m a hoarder, so I still have burned to DVD copies of Windows 98/2000/XP and their service packs. Mark my words, when the revolution comes, I’ll be the one laughing (maniacally) with my working computers.

Reply | Quote

There are still a lot of people who use Windows XP, at least occasionally. I do.

I still run old programs like Dreamweaver MX, WordPerfect 2000/2002, which were released more than 10 years ago and designed to run under XP. They are not compatible with newer Windows versions. They still work fine and I don’t see any need to “upgrade” to newer versions. I keep several Windows XP virtual machines just to run them when needed.

If you have to use Windows XP, I recommend completely disabling autorun. It will make the system safer.

I am not saying your advice is wrong, Woody. But you must understand there are a lot of people who have specific software and hardware requirements and these requirements may force them to continue using Windows XP (or other old versions) for a long time.

Hope for the best. Prepare for the worst.

Reply | Quote

I understand and sympathize. But the risks are so high if you try to use it in “regular” ways….

Reply | Quote

Thanks a lot Woody and ch100 for the awnsers…

Embedded updates is really a thing, but I do not know how well it works, from what I have seen I have feeling that not very well…

I like to keep it connected for keeping my ESET Nod32 AV updated and playing a couple online games, as I mentioned before CoD4 and Steam based games… I mean, if not browsing the web it is really that unsafe with an updated AV and Windows Firewall set?

I was also thinking about creating a full system image to keep in hand in case of failure, so I could always restore it just in case… Or feel like I could get my system back anytime when I finally move on… Do you guys recommend a tool that could do it in a XP system?

Reply | Quote

Or if you want to achieve a more serious, stable 64 bit OS, I suggest Windows 8.1 Pro x64.

I personally run a highly tuned, tweaked Win 8.1 system myself on a big Dell workstation. I believe it delivers the best value where the OS is expected to deliver a non-frivolous computing experience.

Some attributes of my setup:

-No UAC, I’m in charge
-Classic Shell
-Tweaks to make Explorer no-nonsense
-Private, no telemetry
-Fully firewalled, outgoing deny-by-default
-Secure, malware-free, ad-free browsing
-Aero Glass/Theme on the desktop for usability
-Lean, under 40 processes with an idle desktop
-Runs glitch-free for months between reboots

Sites like msfn.org carry a wealth of tweaking/tuning information. Example:

http://www.msfn.org/board/topic/173976-craving-an-updated-ui-experience-re-skin-windows-81/

-Noel

Reply | Quote

I don’t think there is anything deleted. You can even update Windows 2000 up to the date on which such updates were released.

Reply | Quote

OP is asking about Windows XP SP3 for 64-bit. There was never such a thing, only for 32-bit.

Reply | Quote

Point well taken. I missed that.

Reply | Quote

If you limit your online contact to CoD4 and Steam, you’re considerably less vulnerable than people who go to a variety of sites. But folks should realize that high traffic sites have unwittingly hosted XP-enabled malware.

Reply | Quote

I think it is a bad idea, but if there is no other way…
People who keep on using Windows XP have had enough warning before and they had it enough I would say in the comments under this post. Sometimes people are forced to take risks for reason beyond their control, but at least they should know what to expect.

Reply | Quote

Noel, it is interesting that you have a very good opinion about Windows 8.1, expressed in few posts before. Most people would consider Windows 8.1 as a desktop-phone hybrid and not a pure desktop OS.
I am wondering what makes you so pleased with Windows 8.1 and at the same time not quite pleased with Windows 10 which is the natural evolution of 8.1? It may be the perception that Windows 10 is not ready yet?
I think the amount of snooping in Windows 10 is not significantly larger than the amount of snooping in Windows 8.1.

Reply | Quote

Most people tend to overrate the importance of an antivirus or firewall product. An antivirus product is good for warning the user for potential problems, but not so good in protecting the user who is left to choose the most suitable protection method, once it was warned. A firewall may or may not be useful and in most cases is not, unless actively managed and its activity assessed permanently. Unused inbound port blocking does not offer any additional protection.
This is why patching is essential.

Reply | Quote

@Woody

So, if I got it right: No browsing, only using network to connect to games is SAFER that browsing around the web, but as long the PC is connected to the web (and unopatched) it is by itself in a UNSAFE enviroment… Right?

@ch100

I see it the same way… AV is based on reaction, and for that to happen, there must be an action causing it, and that’s where patching goes, avoiding those actions being made in first place.

And in a system’s security it is much more desirable to keep a low surface exposed that trying to cover up all open doors, holes and Windows (pun intended).

An good AV software is capable of covering some breaches as it actively monitors both memory and network, and could this way block some threats, and in case of infection, provide a removal solution, but by it’s reactive nature of work, there is always chance of something happening.

Reply | Quote

It’s all gray – no completely safe, no completely unsafe. But as long as you’re only connecting to a couple of well-known (and well-policed) web sites, you’re much better off than those who go to multiple sites.

Reply | Quote

“Windows XP Professional x64 Edition” is really an edition of Windows Server 2003, and the latest Service Pack would be Windows Server 2003 SP2. The fun thing is that it still officially follows the Windows XP support lifecycle anyway!

Reply | Quote

I didn’t know that….

Reply | Quote

Mostly it’s because Win 8.1 is the most modern Windows that can still be:

a) Deconfigured to be a quite powerful pure desktop system.

b) Not expected to be changed out from under the user at Microsoft’s whim, resulting in failures. Microsoft’s current policy of “change Windows continuously” does NOT support tweaking the OS into something worth having.

I don’t run Apps at all. No interest in Metro/Modern/Universal/Apps. Everything to support Apps is deconfigured/removed. Win 8.1 makes a dandy desktop-only system on good hardware.

I have tried applying the same treatment to Windows 10, and while I have achieved a quite good result, there are things degraded and missing as compared to my Win 8.1 setup, and without any – and I mean ANY – “must have” reasons for upgrading to it.

Quite simply, Microsoft’s utter and complete ignorance of advancing Windows as a serious computing platform is what’s hurting them.

So here I sit, waiting for something that – tweaked by me – will deliver more value than what I already have. Windows 10 does not do that.

-Noel

Reply | Quote

P.S., probably because Microsoft has been beaten up about privacy, it’s actually quite a bit easier to quiet down Windows 10 than 8.1. There is no “O&O ShutUp8.1”, for example.

But it is quite possible, with sufficient application of knowledge, in both Win 8.1 and 10 to create a private local-account-based setup.

-Noel

Reply | Quote

Yes, it is true, but the 64-bit versions of XP and Windows 2003 were not really a success and never intended to be anything else than a pilot for things to come.
With the later operating systems, the 32-bit versions should be those to avoid.

Reply | Quote

It all depends on the network to which you connect and its level of security. If you cannot control it, then you can treat it as Public and would be safer to assume it is not so secure.

Reply | Quote

I have to agree with you Noel, a Windows 8.1 purchase will be my last contribution to MS’ pockets if and when I decide I still need the windows platform for computing. Have it on a VM at the moment and it is tweakable and can be silenced, unlike win10 which is either always pulling the out rug from under your feet or pulling the wool over your eyes -:)

Reply | Quote

Not a success? We only just retired our last 2003 server a couple of months ago. It ran very successfully without rebooting for the last 2 years. THAT is success! (I don’t think Microsoft has come close to that sort of reliability since.)

Reply | Quote

“I have tried applying the same treatment to Windows 10, and while I have achieved a quite good result, there are things degraded and missing as compared to my Win 8.1 setup, and without any – and I mean ANY – “must have” reasons for upgrading to it.”

Thanks Noel, this is what I was interested to find out.

Reply | Quote

I am looking to start a Citrix VDI project and I still resist the temptation to base it on Windows 10. But I will have to move on eventually, after skipping the whole Windows 8* series.
This is why I am collecting as much information as possible.
There is a tool from VMWare which is a very good start, useful for anyone interested in tweaking any desktop OS.
Nothing to do with VMWAre and everything to do with Windows.
Citrix has good information too, but the VMWare tool sets the standards.
https://labs.vmware.com/flings/vmware-os-optimization-tool

Reply | Quote

@Woody

Seems like that in this Schrodinger’s cat alike scenario the upcoming events are all but predictable… That annoys me… A lot…

But, mitigation seems to be the word of order here… Still aiming at making a system image for preservation purposes… Any suggestions on good Windows XP supported software for this task?

@ch100

That’s an awesome point you brought up here… The network itself…

I’m connected to the web in that PC through the Ethernet port of an wireless router connected to a ADSL modem… It is all pretty much simple and typical of a “domestic” network setup…

What should be the best way to set Firewall (the Windows one) and network preferences for best safety and isolation in that scenario?

Reply | Quote

Well, if you are to follow Noel’s approach, you should ideally have a Firewall which controls the OUTGOING traffic. This is the most important component, but not to confuse end-users, while Microsoft has the functionality available in Windows 7, it has never been enforced.
Windows XP does not have this functionality built-in as the firewall there is more basic.
I used Comodo in the past with good results but only for few days as monitoring while Noel uses something else which seems to be very good at this task but I don’t remember the product’s name.
Saying that, I generally don’t use a Firewall while having a network router like you, but I tend to be more relaxed on security (within reason) and more interested in functionality.
Try to contact Noel and find out about his experience. It is worth it, in particular if you are decided in continuing to use Windows XP.

Reply | Quote

Huge success for the 32-bit version. I specified 64-bit. I have seen Windows 2008 R2 servers running that long, but it is certainly not a good thing as this involves running in a non-secure mode by not applying patches which require rebooting the server.

Reply | Quote

The OP might also consider the following method to isolate an old PC using wireless isolation. It would just require adding Wifi to the XP system, rather than using an Ethernet cable.

If the OP did this, I think he would only be risking his gaming PC at the worst. Then if he also took an image before going online, he could always set XP back to the way it was before, if he gets hit.

Macrium Reflect Free still supports XP:
http://www.macrium.com/reflectfree.aspx

My solution is to keep my private network safe from any “untrusted” devices by using them on a separate “Guest” Wifi SSID (integrated within my main access point), with wireless isolation enabled.

Wireless isolation means the connected devices are blind to the other devices on the local “Guest” subnet, and cannot share data locally, but can only access the internet.

Netgear routers offer this guest network feature, probably others do as well.

By this I mean that my mobile stuff that leaves the house is “untrusted” by me at home, such as laptop, Android phone, tablet, etc. They all connect only to the “Guest” SSID subnet at home.

By using my mobile devices at home this way, I reduce the risk of allowing something I may have picked up on a public access point to worm it’s way into my other devices on my main home network.

Only my fully patched and locked down stay at home Windows PC’s are allowed on my main home network

Reply | Quote

Another thing you could do is install the free Sphinx-Soft Windows Firewall Control for XP, which by default will block everything outgoing except Windows processes.

http://www.sphinx-soft.com/Vista/order.html

Then you can decide what to allow to connect to the net on a per app basis.

Reply | Quote

Microsoft offers these free Windows Virtual Machines for developers (and anybody at all) that need to support multiple version of the OS (7/8/10). They are available here in most of the popular VM formats.

https://developer.microsoft.com/en-us/microsoft-edge/tools/vms/

If you still need XP, you can create your own VM from an original XP install disk.

I use an XP VM to run old graphics software that is expensive to upgrade, but no longer runs on Win 10.

Reply | Quote

Plus it’s really simple to keep a VM off the net. Just unplug the virtual Ethernet cable

Reply | Quote

So, as you say you wouldn’t apply a third party firewall solution to this kind of network setup, is it, by any means, somehow more secure to be behind a router?

I intend in keeping that system working, not as my primary or everyday PC, but I want to be able to use it when I want, without browsing or more exposing activity of course, so any help is much appreciated, even more because I feel this is one of the few subjects that I’ve found basically nothing to search from… Noel’s experience seems really interesting, how can I reach him?

Also, aside from making a full system image, which I still did not found software to make, I thought about something like Deep Freeze to keep it safe… That way, every damage done would be reverted on reboot.

Reply | Quote

Many businesses used Windows XP since it works better with the programs they have. All of them are still connected to internet. Why are businesses still using them? MS is still supporting them thru a high price support program.

Reply | Quote

There were actually TWO versions of 64bit Windows XP:

1. Windows XP 64-Bit Edition for Itanium systems, version 2002 (based on 32bit XP kernel core – NT 5.1.2600)
2. Windows XP 64-Bit Edition, Version 2003 (based on Windows Server 2003 kernel core – NT 5.2.3790)

Although “Windows XP Professional x64 Edition” was actually based on Windows Server 2003 SP1 core – NT 5.2.3790.1830.

Info on XP 64bit taken from:
https://en.wikipedia.org/wiki/Windows_XP_editions

BUT Windows XP Service Pack 3 was only available on 32bit (x86) versions of XP.

Reply | Quote

Seriously, there was an XP version for Itanium? I though they released only server products for Itanium. That technology is dead anyway although it still maintained for those systems running Windows 2008 R2 on Itanium.

Reply | Quote

On my current set, the XP PC is the only thing connected to the router through an Ethernet cable, though it uses it just for internet access, as in my network setup none of the devices communicate with the other or share files, they only pick up web access via the router, all wireless, except for that PC… Also there is a wireless printer, but still… Is this any different that it could be isolated by a wireless connection?

I’m thinking about an imaging tool for backup, not really sure on the size of that image and how would it be generated, since I have 2 HDDs here it would be a really big file… It would be interesting to find a tool able to image only the MBR disk, which has about 160GB on data, the other one is about 500GB but that is mostly Steam files, which could be downloaded back…

Reply | Quote

I’ve heard good things about Comodo solution from lots of people, including ch100…

A third party firewall would require some adaptation I guess… I’ve never used any… But it still seems a nice idea, not really sure if it could represent some sort of issue paired with my ESET NOD32 AV in terms of compatibility.

Reply | Quote

I’m assuming that your private network, behind the router – if NAT enabled, is in the IP range 192.168.1.x-xxx (or something like that). Most likely any devices with software firewalls are probably setup with local network as “trusted”. If you were to use a sniffer such as Wireshark, you might be surprised at the amount of network packets bouncing around within the local zone.

In that scenario, all it takes is one device (such as an unpatched PC) to become rogue, or “evil”. If it downloads an exploit kit, it could start port scanning all IP addresses within the local network IP range, looking for a vulnerable port on another device. I suppose you could set up all local software firewalls to “shields up” mode by treating all local connections as “untrusted” public ones, but then why have a network?

The wireless isolation I referred to puts each device on it’s own isolated connection. Otherwise all packets are flowing over a common subnet, both wired and wireless. With isolation, the router blocks any packets not heading to/from the internet. All other devices are invisible at the TCP/IP level.

Reply | Quote

With XP, I used to use Comodo for the firewall only, due to XP’s native lack of outbound filtering.

It was always a crapshoot as to which AV worked best with it.

I never trusted Comodo’s AV. I also brought a couple of PC’s to their knees trying to run the full Comodo Internet Security with the HIPS defenses enabled.

Eventually the whole thing got too bloated for me, and difficult to install just firewall mode only, so I dropped it.

The Windows Firewall Control by Sphinx-Soft is the only 3rd party firewall I am aware of that only uses the native Windows Filtering Platform (WFP) for all Vista/7/8/10 releases. For XP they had to write some custom code to provide the outbound filtering, but I have it running well on my XP virtual machine.

I would expect it to be compatible with most AVs. Nice GUI, and very light footprint as well.

Reply | Quote

Now I get what you meant… The wireless isolation setup is to ideally keep the flow of data only device-web, and not sideways, device-device, rendering all network participants invisible to each other…

My router (TPLink) is connected to another AP for WDS bridging so I guess enabling AP isolation could damage that function…

So I came up with a simple idea, keep the XP PC off while using other devices and vice versa… This way I guess they woundn’t be able to communicate… File sharing is already off on all devices, but as you state, for maximum isolation there must not be any kind of network contact between those devices, and the best and easiest way for it to happen I guess is alternating what is on and what is off…

Reply | Quote

I’m going to check the Firewall options and see what is more aplicable… I guess it needs researching since it’s an old unsupported OS and by this means, incompatiblity seems pretty likely…

Also I’d like to thank you a lot for the Macrium Reflect idea, it worked like a charm…

The system imaging only left me with a couple doubts:

-The image was made from my system, which had some quarantined files (by ESET Nod32), is it somehow possible that those files bring any harm in an eventual system restoration or even to the disk that is holding it (external HDD) or other systems accecssing it though the exploring of the image created?
-Also I have two HDDs in that PC, they are not in a RAID setup, one has MBR and system files and the other only has games installed and data in it, I only had room to image the first… Do you think it might bring any issues in an eventual restore?

Reply | Quote

Are you serious about all that “malware-laced fakes” talk, Woody? There’s no problem with downloading install disks for XP (or any other Windows version) from pretty much anywhere on the web, as long as you check them against the official hashes at MSDN Subscriber Downloads.

I’m also wondering about the basis for your statement that POSReady updates “don’t work very well”. I’ve been using them all along, and to the best of my recollection there’s been 1 (yes, one) problem with a graphics component update making the fonts look a bit ugly – easily reverted, soon fixed. Now, how many system-borking updates for 7/8/10 have you reported on during the same period? I wouldn’t recommend this method to a novice (nor continuing to use XP in general), but it sure isn’t a problem for any reasonably computer-savvy person to use, especially if they run their updates manually, wait for a few days after the release, and check the web for potential problem reports.

Reply | Quote

I’ve seen many, many hundreds of copies of malware laced fake XP ISOs and CDs. That said, if the SHA1/MD5 matches up, the ISO is likely to be good.

I don’t have any experience with the POSReady updates. My impression is that they don’t cover many of the security bases that need to be covered – but I may be all wet. I certainly wouldn’t want my grandmother to rely on them, but I see your point.

Reply | Quote

I don’t doubt that there are fakes out there, I just thought you were laying it on a bit thick. I can see the point in scaring a layman away from such things, but I don’t think your particular audience needs quite this level of rhetoric.

No doubt you’re right about there not being 100% coverage compared to newer versions, but judging by the security bulletins (i.e. comparing POSReady KB numbers with the KBs listed in the bulletins, even if XP itself isn’t mentioned) I can say that all important issues still get patches. It couldn’t be called “support” otherwise, and plenty of POSReady machines are still connected to the Internet.

I actually do have my (grandmother age) mom relying on these updates, but of course that’s with me administering things for her.

Reply | Quote

Fascinating! I’ll keep that in mind. Thanks.

Reply | Quote

Sphinx-soft has a free Windows Firewall Control version specifically for XP, so no compatibility issues there! Plug n play! Light and easy to configure. FREE! http://www.sphinx-soft.com/Vista/order.html

Macrium looks like a good choice for a system image backup. Don’t forget to create the WinPE rescue media, so you will be able restore the image if needed. It contains a bootable, lightweight version of Windows and a full version of Macrium Reflect. Also, once booted into the WinPE, make sure you can attach the backup image by stepping through the restore procedure. Cancel before actually running the restore. It’s just an extra warm fuzzy knowing that your tools will work if ever needed.

The Macrium user guide is excellent. But if you also want the basic 101 on backups, there is a free eBook “Backup for Dummies” here (sponsored by Acronis, but it is generic info) http://promo.acronis.com/Backup-for-Dummies-NAM-2014-Email.html?sfdc_campaignID=70150000000wa9M

Your ESET quarantine shouldn’t be an issue, but Windows system restore points can be. If a restore point got taken with malware aboard, that malware could be unleashed if you rolled back. You can delete your restore points, as well as any temp files, recycle bin etc. prior to taking the image.

And I only image my Windows boot drive. This works OK for me because I install Windows and ALL programs on C:, therefore I only need ONE image to restore my system. For my secondary HDD, I just keep data files and folders, which I can easily send to Dropbox, or drag and drop to an external USB drive for safekeeping. If you installed programs on 2nd HDD, you will need a backup strategy for that one.

Reply | Quote

Just wondering, why are there files in the ESET quarantine? If they are not false positives, I would be concerned that my system had already been compromised, if there were already malware traces onboard.

A couple of excellent “second opinion” malware scanners that come with trial versions here …

https://www.malwarebytes.com/antimalware/

http://www.surfright.nl/en/hitmanpro

Reply | Quote

I already did the WindowsPE disk and tested it… Worked fine, the USB external HDD was perfectly indentified and I was able to choose the file image and it’s destination disk, so the tools are ready for an eventual use.

By the restore points being able to reinfect my machine you mean the files inside of it could infect the image file (and the HDD it is stored it) or they could affect my system restore using Macrium? Or did you mean reinfect due the regular Windows system rollback?

I only imaged the boot disk, but it is not partitioned so it’s pretty big (around 160GB)… It features the most important files and programs installed… The other disk is full of mostly data only, but it has Steam and Battle.net installed… They had to be in it because they download games into their folders, and both occupy a lot of space due to that (over 150GB of data each)… Would it be a problem of I eventually only restored the boot HDD and not the second HDD? I mean, would the PC still be usable, besides losing those programs installed of course?

Reply | Quote

They are really malware, at least PUPs, but not false positives… The reason I kept them there is because I feel Windows XP as a much mure unstable system than newer OS in a lot of different scenarios, one of those being crashing prone… Windows XP is pretty more prone to giving you a BSOD due to errors than let’s say Windows 7… So if I found my self in a situation like this I could always restore a quarantine file if it was needed for keeping the system in a more stable condition suited for backup at least…

It’s not the ideal solution, but since NOD32 quarantine encrypts and divide each file by two different files with different extensions, it feels safer to keep them there… There are items in my quarantine from 2011, and the most recent that I recall is from late 2015, and maybe a false positive, since was caugh multiple times in a website (Autogeek) that wasn’t flagged by any of my other devices… So by the time of the latest detection I think there probably isn’t even a restore point behind that date…

It probably has been compromised a couple times… Haha… That system dates back from early 2008… From there to present day I’ve dealt with some nasties for sure… Maybe this is why I have such strong feeling for that little warrior… Haha

Did Malwarebytes threat scan and a full NOD32 disk scan which took a whooping time of almost 3 hours to complete due the massive amount of data on the 2nd disk, both came out clean… So the system probably has been compromise, beaten up and damaged several times through these years, but it still working as intended… And now is time to try to save that piece of the past for the longer possible…

Reply | Quote

As far as the restore points are concerned, they are only an issue if you ever recover to them, and if they were to contain malware affected system files from the time the restore point was created.

If you are in any doubt, you can always delete all but the most recent restore point, prior to imaging. No sense in carrying that baggage along with any potential risks. You have an image you can restore from now. But like your AV quarantine, it is “contained” unless you release it.

My reaction to any real AV alert, would be to wipe the HDD and restore the last clean Windows image, or lacking that, wipe the drive and clean install Windows.

You have an interesting situation with two distinct recovery scenarios, so that only you can decide how to protect against data loss.
1. HDD failure. You will likely only lose one drive at a time. As it stands now, if C: fails, you are covered.
2. Malware attack. You have executables on both drives. In this case. you may need to wipe and restore both drives to recover. So if imaging the secondary HDD is a problem, you should consider the effort to rebuild it.

Reply | Quote

I will be probably doing that… Windows system restore isn’t always reliable, even more if we are talking about really old restore points… There is really no point in keeping them…

Nowadays my reaction to AV alerts is completely different from what it was 9 years ago, when that system was built… We get more careful as we learn…

On the recovery scenarios you spoke of , which are probably the more likely, I see I’m being able to keep the system bootable…

C:, the main, MBR, drive is the most important, as for the other HDD I have all of it’s data backed up, excluding the program folders, which I guess would need to be reinstalled and redownloaded… But the question here is: it is rebuildable, right? I mean, only restoring the main drive would bring any problems besides invalid installation referenfes for some programs?

Reply | Quote

Sorry, but friends don’t let friends use XP….. what a load of crap !
Still using XP SP2 , no updates since 2011. Look at all the KB’s in SP 3 >>> none of them are needed ! Daily 16 hours working & connected to the internet , browsing for porn & torrents and all the other “normal ” stuff with a very old firefox . No problems !!
What’s the worst that can happen ? A re-install ? I have multiple backups of data that I don’t want to lose. Yes I will still be using XP as long as my hardware lets me . I am one of the 10 % that is still using XP .
I am safer than with win7, 8 or 10.

Reply | Quote