Securing Windows XP after Microsoft ends support in April 2014 is not going to be an easy job. In fact, it’s going to be nearly impossible! StatCounter says Windows XP market share is around 19% whereas NetApplication says it is around 29%. Both have their own methodology of calculating this. Given the ground realities where a bulk still uses Windows XP and considering the fact that there are many still many home users from various parts of the world, who just would not be able to afford to upgrade to a newer version of the Windows operating system, securing their computers is going to a big challenge!
Windows XP holds around 20% of the operating system market share. And this is the global figure. In Africa, Windows XP still commands a market share of around 33%. In Asia its 27%! In India it is around 30%, whereas in China it is 51%! That’s like literally hundreds of millions of computers still running Windows XP!
Microsoft wants this figure to come down to around 10% globally by the time it ends its support in April 2014. But, although the figure may (or may not) come down, the figures in developing countries will continue to be high. There will still be those users, in some countries, who will predominantly still be using this outdated operating system.
When Microsoft ends support for Windows XP, it will stop releasing security and other updates for it. It will even stop supporting Microsoft Security Essentials on Windows XP. And once Microsoft stops providing security patches and updates to Windows XP SP3 and Microsoft Security Essentials, it will become an open playground for hackers and malware pushers. It will effectively have a zero-day vulnerability in perpetuity! You can read more about the risks of staying with Windows XP after End Of Support.
Although Microsoft will stop supporting Windows XP, there will be many software companies who will continue to support it. Several security companies like have already announced their intentions to continue supporting their antivirus and security software for Windows XP. But it is indeed a question – how long would other software companies want to support a platform that is practical for all purposes, dead in the water. Of course one cannot discount the fact that in case of an outbreak, Microsoft might just be compelled to release some security updates under public pressure – but that’s another question.
Secure Windows XP after End Of Support
This post is meant to try and help those from such countries, where the usage of Windows XP would still be high and for those users who would be constrained to use it simply because they may not be able to afford to upgrade, by suggesting some steps they can take! It will attempt to list some steps which a Windows XP home user could take to minimize risks and mitigate their potential security problems.
1] Use third-party Internet Security Suite
Given the fact that Microsoft will stop supporting Microsoft Security Essentials its best, you switch to free security software. Recent news suggests that they will stop updating MSE & MRT after June 2015. A Firewall can block threats that your antivirus may miss. Not only that, but it can also prevent hackers from breaking into your computer! Since Microsoft will stop updating Windows XP components, its firewall too will remain unpatched. So it will be imperative that you install a good firewall too, apart from antivirus software. While you can always go in for some free AntiVirus software and free Firewall software, I’d recommend that you install a free, but fully integrated Internet Security Suite, which could offer multi-layered protection. There are many security companies that have committed themselves to support their security software on Windows XP beyond the end of life.
2] Take backups regularly religiously
Take backups regularly religiously! You have no option! Should something go wrong, you will have the option of going back. Use any of these free Imaging, Backup and Recovery Software which will work on Windows XP. What would happen if you needed to reinstall Windows XP on your computer? Would you be able to activate it? Would Microsoft’s activation servers for Windows XP activation still work? There are several such questions, which cannot be answered at the moment. So create an image of your Windows XP and maybe even back up the Activation Token files.
3] Keep your installed software up-to-date
A Software Update Checker will scan your computer for installed software. You will thus be protected from vulnerabilities in these software. Run their scans regularly.
4] Use an alternative web browser
Since Internet Explorer too will not get updates, it might be time to drop IE and move to an alternative browser like Firefox or Chrome.
5] Use alternative software instead of built-in software
Like for browsers, start using alternative media players, compression tools, Windows Explorer alternatives, email clients and such, since these components too will not be receiving updates. You can see a bunch of free Windows software here.
6] Never click on unknown links or download attachments from unknown sources
This is important! Email is a common vector used by malware to get on your computer. So never ever click on any link which you may think looks suspicious. Even if you have a 1% doubt – DON’T! The same holds true for attachments too. You can surely download attachments you are expecting from friends, relatives & associates, but be very careful of the mail forwards which you may receive even from your friends. A small rule to remember in such scenarios: If in doubt – DONT!
7] Make Windows XP show file-extension
It is also a good idea from a security point of view, to show file extensions. When you do this, the file names will always appear with their extensions like .doc, .pdf, .txt, etc. This will help you in seeing the real extensions of the files and thus make it a bit more difficult for malware to disguise itself and get on your computer.
8] Use an additional On-demand antivirus scanner
There may be times of doubt, where you might want a second opinion. At such times you may use these on-demand antivirus scanners. In fact, make it a practice to use it once a week at least.
9] Clear you Internet Cache frequently
Temporary Internet Files folder in Windows XP is a sure-shot breeding ground for malware downloaded from the Internet. Set your browser to clear the cache on every exit.
10] Take Windows XP offline
This could probably the best thing to do, ie if you can do it. Use Windows XP for all your offline work and don’t connect to the Internet. But yes, you will still have to take care when you plug in a friend’s USB or external drive!
11] Lockdown your Windows XP machine
Use a software like TimeFreeze, RollBack XP or Returnil System Safe, which returns your OS to a prior state every time you reboot.
12] Take care while connecting a USB
USB’s are a common vector for passing on malware. So avoid or be extra careful when connecting someone else’s USB drives. Disable AutoPlay for removable devices. Restrict access to USB drives if you can. Manage & secure your USB and USB Drives.
13] Use a Standard User Account
Don’t use the Administrator Account when using your Windows XP computer for working or browsing the Internet. Use a non-admin Standard User Account to do so. (Thanks for this one Ron).
14] Use DropMyRights
Windows XP users must now install the free DropMyRights program. This tool will lower a user’s privilege level and make surfing more secure. It will make browsing a little more secure, since it runs selected programs, like browsers, in a restricted environment, with lower rights, even when logged on to Windows XP as an Administrator. This tool is not needed on Windows Vista and later, but it can be very useful for Windows XP users – especially now.
15] Harden Windows XP security by tweaking it
XP-AntiSpy is a little utility that lets you disable some built-in features and harden Windows XP security. XPY is another such tool Do check them out and use one of them to disable features like Remote Desktop, etc, easily.
16] Block bad websites
If you plan to continue using Internet Explorer, add bad sites to the Internet Explorer Restricted Site Zone. You can use ZonedOut to manage it and add a list of ‘bad’ sites from SpywareWarrior. You can also use SpywareBlaster’s innoculate feature to achieve the same. You can also add a list of bad websites to your Hosts File and block them. The list of bad websites from mvps.org is worth considering, and you can use HostsMan to manage your Hosts File. If you block bad websites, the chances of your Windows XP getting infected with malware are further reduced.
17] Change DNS Server
Change your DNS Settings. Use OpenDNS or something similar to prevent your computer from visiting bad malicious websites.
Enterprise users of Windows XP would do well to consider a migration to a recent Windows version, if possible. If you have an option, and can, then use Windows Server 2003 R2 instead of Windows XP. Windows Server 2003 R2 is basically Windows XP Server since they are both based on the same kernel. So whatever works on Windows XP only, will also work on Windows Server 2003 R2. While Windows XP end of support happens in April 2014, for Windows Server 2003 R2, the date is July 2015. So that still gives you some more breathing space. Running Windows XP in a Virtual Machine is also an option that may work and make sense, while support is still available for Windows Server 2003. Windows XP Enterprise customers, through the Microsoft Premium Support Services will also be eligible to get security hotfixes and direct technical support throughout the life of their contract.
Taking all these steps will not secure your Windows XP – no way! Don’t get a false sense of security! But its the best one can do under the situation. I would strongly urge you to upgrade to Windows 10 – and if that is not possible, move over to some free open-source operating system. Do also read our post on Windows XP End of Life recommendations – What next!?
Let me know if you have any more ideas about how to secure Windows in general.
Microsoft clearly wants us to move to its newest OS, Windows 8, which I personally hate
This will have a major effect on the Southeast-Asian country where I live. Most government offices run XP and show no sign of any change. Speak to government officers about upgrading and they dumbly ask, “Why?”
@sergyu: Categorically, yes, Microsoft always wants everyone on its latest version of whatever; however, Microsoft is clearly going to support Win7 for a good, long time. So I don’t know if it’s fair to say that it wants everyone to move to Win8… at least exclusively. I mean, yes, on one hand it does; but it’s clearly going to be happy with all the Win7 users out there for many years to come. It’s the Vista users who, like Win2K users, are kinda’ almost orphaned (not really; Vista’s very supportable for a long time to come, but I’m just sayin’)..
__________________________________
Gregg L. DesElms
Napa, California USA
gregg at greggdeselms dot com
Veritas nihil veretur nisi abscondi.
Veritas nimium altercando amittitur.
@apex2000: The first time someone breaks-in and steals a buncha’ data, and the local IT experts get interviewed by the local press and get quoted saying that the problem is that the government’s still using XP after April 8th…
…and they’ll change their tune in a big hurry. The problem with stuff like this is that whomever convinces the government to get ahead of it and upgrade to at least Vista (preferably Win7) will be literally saving the government’s ass; but because his/her having so done will prevent the sort of break-in about which I herein write, no one will ever know. It’s the person who warns the government about it, now, and makes sure it’s documented, now, who will be able to say “I told you so” months or years from now; and will look downright prophetic. [grin]
__________________________________
Gregg L. DesElms
Napa, California USA
gregg at greggdeselms dot com
Veritas nihil veretur nisi abscondi.
Veritas nimium altercando amittitur.
Excellent article, Anand. Excellent! I just struggled with this problem — early, obviously — just the other day. I have a client — a chain, quick-serve restaurant — with an XP machine in its back office; and the other day when the manager went to the website of the company through which she orders food and supplies, it stopped her and said that the version 8 of IE she was using was just too old; and so it wouldn’t let her in. She panicked and called me.
I logged-in with remote desktop and basically moved her entirely over to Chrome… making it the new default browser. I moved into Chrome as bookmarks the three IE favorites to the online systems which she routinely accesses, and made them auto-open in three tabs whenever she opens Chrome. Then I completely reset Internet Explorer back to factory, and used “Everything” to hunt-down like a dog every shortcut to it and deleted them.
“Chrome’s your browser, now,” I told her, adding, “never use Internet Explorer again.” And then I explained how insecure XP would soon become; and how using Chrome, which is constantly updated, would be a good hedge against the April 8th eventuality.
Then she tried logging-in to her three systems, the second of which was the ordering one that earlier told her her copy of IE was too old…
…and it then stopped her, saying that only IE would work; that neither Chrome nor Firefox nor any other browser would work. So I explained to her the conundrum, and how she needed to be at least on Vista in order to have a version of IE that’s at a high enough level. She said that her head office simply wouldn’t allow that; that there just wasn’t any money in the budget for such an upgrade; and so she panicked, again, asking how she was gonna’ get into the ordering system, which she had to do by 2:00 PM, without fail.
I told her to stand by while I tried something; and I then went to the Google Chrome webstore and installed the free IE Tab extension… the original, most popular one (I, personally, use the “multi” one, but she only needed the original one for what I was going to do). I then went into its settings and told it to use the highest possible IE level that it could, and then configured the ordering system website to always auto-launch in an IE tab within Chome, rather than a native Chrome tab. Then I closed Chrome and rebooted.
When she re-launched Chrome, sure enough, two of the three tabs opened in native Chrome tabs, and the ordering system one opened in an IE tab and, lo and behold, it fooled the ordering system website and let her right in do do what she needed to do… with over an hour to spare.
This was interesting to me because IE Tab uses the core engine of whatever version of IE is installed onto the machine. and so the ordering site should have still seen it as a too-low-version of IE. However, I suspect that convoluting it through Chrome somehow fooled it. And that was fine; and could also be a hopeful sign for using Chrome as the default browser on XP as a means of both having a more current (than the IE that’s on XP) browser for security purposes, as well as ensuring that XP will not get in the way of more modern websites and web apps. Though my client’s ordering system website jumped the gun by making itself incompatible with XP versions of IE early, the truth is that virtually any website would, after April 8th, be justified in making itself incompatible with any IE version lower than Vista’s version 9.
The truth is that I usually counsel clients to turn off as many things in Windows as possible, and use 3rd party apps instead… precisely so that whatever are Windows security holes will play less of a role in overall both performance and security. Many of the things you prescribe in this article, Anand, I’ve been setting-up my clients’ machines to do for years! Even the newer Vista and Win7 (and now Win8) ones.
I’ve written, around here, several times, about my little pseudo-suite of tools which, if taken together, create an effective fortress around the Windows machine. You and/or others may be sick of reading about them, but I hold that they could be the combination of apps which could very well help XP users stay reasonably secure beyond April 8th.
The core of it is the free COMODO INTERNET SECURITY (CIS), which boasts a world-class software firewall that’s on-par with the commercial leader in that category: Kaspersky. For a long time, the anti-virus part of CIS was weak, but now that its database of viruses is finally huge and as good as anyone else’s, CIS’s anti-virus is easily on par with pretty much any of the other players out there. CIS’s “Hosts Intrusion Protection System” (HIPS) is close to best-of-breed, and will effectively stop pretty much anything bad from even launching without a big red warning notice rising-up from the far right end of the Notification Area (formerly the “System Tray”). And though CIS’s anti-spyware capabilities are not on-par with a tool dedicated to that function, they’re not half bad, either; and much the same thing may be said for CIS’s anti-rootkit capability which is serviceable, but still not as good as… oh… say… TrendMicro’s, or ESET’s, or Kaspersky’s (not necessarily in that order). CIS’s Achilles Heel remains how difficult it is for the non-technical to respond to its various warning pop-ups during the early days of any CIS installation, when it’s getting “trained’ to know what’s safe and what’s not. CIS’s “configuration settings,” allowing either just firewall protection, or either “Internet Security” or “Proactive Security” can affect that. In “Internet Security” mode, most of CIS’s pop-ups are muted, and so the non-technical user isn’t quite so hounded by them; but in “Proactive Security” mode, CIS is somewhat more aggressive; and so that mode is best for the technical.
Atop CIS, I recommend both SuperAntiSpyware and Malware Bytes. The free editions will do, but the paid editions will provide realtime monitoring. The truth is, though, that just the free editions are enough, as long as the user remembers to use them to do manual weekly whole-system scans. CIS will auto-scan weekly, all by itself; but unless one pays for the commercial versions of SuperAntiSpyware and Malware Bytes, one may not schedule scans, and must just remember to do it manually, once a week. SuperAntiSpyware has a larger and more broad anti-spyware/anti-malware database, but Malware Bytes contains a superior zero-day detection algorithm; so they’re both needed.
I do not recommend using IE as the browser, not even on Win7/Win8. And I despise the behemoth Firefox. Anyone who uses an Android phone or tablet should be using Chrome on his/her Windows desktop or laptop machine, anyway, (along withh on his/her Android device) simply because of that. And Chrome, honestly, is fast becoming best-of-breed among browsers, on all levels, just generally. Its only Achilles Heel is that it’s a bit of a privacy violator by Google’s design, and so I usually recommend using the Chromium-based (Chrome’s also Chromium-based) IRON BROWSER, or the Chromium-based COMODO DRAGON browser, both of which are pretty much identical to Chrome, but without Google’s privacy violations. In the case of COMODO DRAGON, not only are the Google privacy violations removed, as with IRON, but a few COMODO-style anti-malware features are added. COMODO DRAGON’s only Achilles Heel is that COMODO doesn’t keep it as up-to-date as it should, and will sometimes allow it to get several full version numbers behind whatever is the latest Chromium or Chrome. IRON, on the other hand, tends to be only a few (typically no more than four) weeks, at most, behind whatever is the full version number of the latest Chrome or Chromium. Any incompatibilities between actual Chrome and its Chromium-based lookalikes may usually be remedied by using a “user agent switcher” extension of some kind, so that the Chromium-based lookalike will appear to websites as if it were real Chrome.
It’s also important to remember that starting this very month (January 2014), Chrome will stop allowing apps/extensions to be installed into it unless they come from the Google Chrome web store; in other words, the old trick of downloading the .CRX file to the Windows hard drive, and then using Windows Explorer to drag said .CRX file up and over to the opened Chrome extensions page, and then just drop it there, as a means of installing an app or extension manually and not through the Chrome web store, will no longer work in Chrome starting this month. And so for those who need to be able to have a few extensions/apps that don’t come through the Chrome web store, getting away from actual Chrome and over to a Chromium-based lookalike will become necessary.
Finally, it’s difficult to find (other than in the “Portable Apps” format) copies of real Chrome that are truly portable. You can find them, but they’re always old. IRON, on the other hand, always has both an installable and portable current version; and COMODO DRAGON may be optionally installed as a portable app by just checking a box during normal installation. So that’s another thing to consider.
Atop using CIS as your anti-virus/firewall suite, and manually weekly whole-system scanning using both SuperAntiSpyware and Malware Bytes, and also a Chromium-based Chrome lookalike (like IRON or COMODO DRAGON) as your default browser, I also recommend using…
…the Adblock-Plus (using the two EasyLists), and the Ghostery extensions in said browser. They will, once finally tweaked properly, provide nearly all the anti-tracking and anti-adware protection you’ll need; and it is usually through such things that many security-breaching bad things ends-up on one’s machine.
Additionally, I recommend using a free HOSTS file, which is a file built-in to Windows which, once it contains a list of website that you never want your machine to be able to access (adserver sites, and malware sites, etc.), then tons of bad stuff will be blocked. However, it’s hard to know what to block, so it’s best to use a HOSTS file that’s crowd-preconfigured and -maintained, by such as “MVPS Hosts,” and/or “hpHosts;” plus Peter Lowe’s AdServers HOSTS list. To manage and keep up-to-date your HOSTs file, use the freeware HostsMan, including its built-in HostsServer. There is, trust me, no better HOSTS file management system. Just remember to configure HostsMan to always merge updates into your existing HOSTS file, and to never overwrite it; then have it auto-eliminate duplicates; and never allow multiple host names to be on a single line, else it starts to become difficult to find things in it, and remove them or make them exceptions. Also, configure the HostsServer to use the little one-pixel-sized transparent .GIF file as what should be returned to the browser (instead of a browser error message) whenever a site in the HOSTS file is hit. By so doing, places on web pages where ads normally appear just literally disappear, using DIVs and CSS to close-down around said .GIF file. It’s really slick. I, personally, only use the adservers HOSTS files; but you’re free to use the big ones if you want.
With AdBlock-Plus, Ghostery and HostsMan, you’ll need to do some initial tweaking so that things you actually want — like Disqus, for example; or the Facebook commenting system — will appear on web pages. By default, they’re blocked. And sometimes you have to do trial-and-error to make sites work… like the CBS News website, for example, which won’t properly run videos until and unless two things are unblocked in Ghostery. Once you get everything right, though, it’s be maintenance free.
I also recommend the use of “Spyware Blaster” to sort of “innoculate” the registry against bad stuff. The free version won’t auto-update, and so you should add updating Spyware Blaster to your weekly SuperAntiSpyware and Malware Bytes weekly whole-system scans. Or you can just pay for those three tools, and let them both maintain themselves, and perform scheduled scans/updates. If you use a Chromium-based Chrome lookalike as your browser, using Spyware Blaster becomes less important; however, it’s still good to get those things in the registry protected just in case you use IE or Chrome, or something really sophsticated gets onto the machine by other means.
Additionally, I recommend using “OpenDNS” instead of the DNS that your Internet Service Provider (ISP) provides. Your DSL or cable modem ISP provides DNS, but it’s just wide-open and completely unprotected. OpenDNS, on the other hand, allows you to filter-out bad stuff right at the DNS server, before the browser even gets to anything bad, and without even using/relying-on the HOSTS file or AdBlock-Plus or Ghostery. It’s really slick, and is the only DNS I use for everyone and everything, now. I could not more strongly recommend it. Yes, there are others including one from Google and even COMODO, but OpenDNS is best-of-breed. Just use it and look no further.
Many people like “Web of Trust” (WOT) to help them determine what websites might not be safe, but I rather despise it. Your security should not be crowd-sourced; and WOT is just a big (and ugly, and increasingly political) popularlity contest. McAfee’s “Site Advisor,” on the other hand, is based on sound science: McAfee’s servers scanning websites for malware and other bad things. Use the free version of Site Advisor and you will get, for example, Google search results with little green, yellow and red dots next to them: with green meaning the site’s safe to visit, yellow meaning caution, and red meaning stay away. Links in Facebook will also have them; and if you try to visit a site that’s yellow or red, McAfee will interrupt you with a full web page sized warning (which you can override, if you wish… though possibly to your peril).
That’s pretty much my pseudo-suite… my impenetrable fortress… been usin’ it for years, and pretty much nothing — no, really… *NOTHING* — bad gets through. It’s every bit as effective as an expensive security suite, but it’s free.
Add to that the natural pseudo firewall that NAT, in your router (even if it has no actual firewall), provides — or the actual firewall that’s in it if there, in fact, is — and even XP could be fairly safe, even after April 8th; and pretty much ANY version of Windows is made safer by it.
Of course, you still need to be smart about the sites you visit… stay away from porn sites, for example; or warez sites; or torrent sites, etc.: places like those are where most of the malware is. And you need to be careful about what you click on in emails, and about not opening email attachments unless you’re absolutely certain what they are, and where they came from and/or who sent them. Remember that bot nets infecting the machines of others can cause you to receive emails only SEEMINGLY from someone you know, but which contain either links to malware-infected things, or which actually contain, as attachments, malware-infected things… seemingly photos of a friend’s vacation, or some other thing to trick you into clicking on it or opening it.
Be smart, and use my pseudo-suite, and even XP, after April 8th, can be reasonably safe.
__________________________________
Gregg L. DesElms
Napa, California USA
gregg at greggdeselms dot com
Veritas nihil veretur nisi abscondi.
Veritas nimium altercando amittitur.
Thanks for the great comment Gregg! I guess I forgot to mention about the Host file and managing IE security zones – which effectively can block bad sites by adding them to the Registry. Updating the post.
I bought a HP laptop in April 2013 with preinstalled win8;
without really trying it I deleted win8 and put on my legal win7
=not smart=
drivers for win7 didn’t work well or not at all on my laptop.
after getting a new copy of win8 from the vendor I started with a different attitude.
I went to the AVG site and checked out all the issues on win8 (like the missing startmenu, startup to startmenu, etc,etc.
In less then an hour in downloaded everything I needed.
With these and onboard options of win8. Within another hour my win8 looked and felt like win7.
I made faster, better and stronger than before (old win7); no blue screens or whatsever since then.
Upgrading to win8.1 gave me no problems beside the secure-boot issue, wich was solved in 1 minute.
Why do people hate win8 ?.
Why do people still use XP ?
BTW I visit AVG for a very long time now, I admit I was a little stupid to not go the AVG in the first place.
Yours truly
I like Windows 7 and run a 32 and 64 bit on two of my three towers in my internet radio station. I bought a nice tower off of EBay that has Windows XP installed. My server provider who’s also my computer tech says XP will be great for using to stream to the server as my main online computer. So, if I am streaming to my server,other then a good anti virus and a good firewall,do you recommend using XP on the tower to stream to my server?
What a doom-and-gloom article. Sounds like the person who wrote it also wrote “the computer world will crash in y2K”. I have been using XP SP2 for YEARS now. I shut off ALL microsoft updates. I NEVER use IE, have AVG antivirus, Zone Alarm firewall, and have NEVER had any type of virus/malware/trojan/spyware problem. I have ignored all microsoft “security patches”, and have never had one single problem, but then, maybe it’s just because I know how to use a computer PROPERLY.
You are so right. XP is great. You just have to know how to use it. Scare tactics are wrong.
Not everyone can run out tomorrow and buy a new computer just because WinXP will no longer be updated. Microsoft should stop this planned obsolecence and design their OS to work with existing machines. Using more precise programming language and omit the bloat that exists in many of its products would save hard drive space and RAM.
I have three computers, one being a laptop, and two of them are running XP which I have no intention of replacing. The other is running W7. When I need to find something on the W7 machine I wind up having to open windows explorer to manually search for the item. I cannot rely on the search feature built into W7 as it is very poorly designed. I prefer the classic search that came with XP and its predecessors. It was more reliable.
Windows 7 is actually an upgrade to Vista, or Vista 1.1 if you like, while Windows 8 is Vista 2. As long as you have good Anti virus software and maybe a firewall program, don’t worry about upgrading to W7 or W8.
I am deeply obliged, Mr.Kanse,and you are too kind. The article is very excellent,and I approve on this basis: I have used all of the applications you mention to experiment with XP over the years. I wish to respexctfully suggest that you have left out a coupleof second-opnion scannerns which are very valuable: Hitman Pro,and Emsisoft Emergency Kit.
HP: <>;
EEK: <>. Both are freeware.
I use Comodo Internet Security as you recommend. It is VERY quiet, and if you use some second opinion scanners as I mention above, you catch all your viruses very effectively. Ian “Gizmo” Richards has explained how to install CIS
(which he calls a firewall,but which includes the entire package of CIS) to be very aggressive against malware and, as well, be very silent.
<>
This is fine if you desire a firewall,and it goes ahead and configures the CIS also.If CIS is chosen, there are some further refinements, above and beyond what Gizmo Richards presents, on the Internet, in Youtube.
<>. I use this latter refined configuration, and IMHO, it works well.
Again,thanks for assembling these resources for such of us as shall retain XP.
Robb Thurston
I would say the fact that they quietly quit selling Windows 7 in mid December shows that since they are unable to SELL Windows 8 they will try to force us to use it anyway. Not going to work. Windows 8 is the new Windows ME and Vista rolled into one. Actually it makes Vista look like a great operating system. My computer will never become a cell phone. It is much more capable than that and I mean to keep it that way.
I didn’t see any mention of user accounts. Wouldn’t using a non-admin account help?
Thank you for the wonderful suggestions you have made, Robb. Here are some more general tips on securing Windows:
Tips To Secure Windows – Beginners Guide
https://www.thewindowsclub.com/secure-windows
The tools you have mentioned have already been covered here, should anyone want to read further about them:
Emsisoft Emergency Kit
https://www.thewindowsclub.com/emsisoft-emergency-kit-freeware-download
Hitman.Pro
https://www.thewindowsclub.com/hitman-pro-alert-review-free
Nice point Ron. I missed that one. Every bit will help. Will update the post. Thank you.
Sorry Anand, I did not know that arrows would eat up my links, so here you go:
http://krebsonsecurity.com/2013/06/windows-security-101-emet-4-0/#more-20368;
https://www.trustedsec.com/may-2013/emet-4-0-tutorial-and-overview/;
http://www.rationallyparanoid.com/articles/microsoft-emet-3.html;
https://startpage.com/
@Steve: Not sure how I missed the email telling me of your reply back when you made it, but having now stumbled onto it…
…my reply is: AGREED!
__________________________________
Gregg L. DesElms
Napa, California USA
gregg at greggdeselms dot com
Veritas nihil veretur nisi abscondi.
Veritas nimium altercando amittitur.
Thanks for the links. :)
After reading the post here, http://www.techyv.com/questions/queries-windows-xp-support-and-updates last march 20, I decided to migrate to Windows 8. And problems started since I am more at ease on using Windows XP for a long time. And now, I am thinking of shifting again to Windows 7.
After reading the post here, http://www.techyv.com/question… last march 20, I decided to migrate to Windows 8. And problems started since I am more at ease on using Windows XP for a long time. And now, I am thinking of shifting again to Windows 7.
After reading the post here:
http://www.techyv.com/questions/queries-windows-xp-support-and-updates
I decided to migrate to Windows 8. And problems started since I am more at ease on using Windows XP for a long time. And now, I am thinking of shifting again to Windows 7.
Fantastic share, thanks Gregg
Folks:
I thought you might be interested in our new project called “xpxtend”, an additional tool that Windows XP users can add to their arsenal. Here’s some links:
http://www.kickstarter.com/projects/1837340794/xpxtend?ref=discovery
http://www.xpxtend.com
Thanks in advance for taking a peek…
Cheers,
Steve
Go to this page and say that again:
https://www.microsoft.com/en-us/windows/enterprise/end-of-support.aspx
I made the mistake of rebooting my pc . Now the xp is no longer supported warning comes on and freezes up the screen. Anyone else had this happen or know what to do. Someone is bringing me a Windows 7 cd in a couple days.
my windows xp brook this morning and only i ca go to safe mode and no internet connection
anyone can help please?
Could this have been the reason? http://news.thewindowsclub.com/microsoft-fixes-issue-un-bootable-windows-xp-machines-68046/
XP was running very very slowly eg taking over two minutes to boot so decided to do a fresh install, oh dear. No probs installs ok activates online no probs, so login but it won’t says I need to activate so click activate then it says this product is already activated so try and login and then it says this product needs to be activated. Hmmm the infinite loop. Clean cd reinstall, same prob. Reinstall without internet, won’t give me code needed to activate via phone so plug in internet get code phone activate – infinite loop. Am I suspicious that this is a Microsoft ploy to actively stop me reinstalling my genuine XP disc and forcing me into a os and hardware upgrade? Not suspicious no, I’m pretty certain and bloody annoyed. Of course Microsoft can no longer be asked to help because they no longer support XP. :-(
This article is prime example of incompetent paranoia and fear mongering.
1. as the user base decreases, the product becomes not more but less attractive target for hackers. In fact, the safest systems today are windows 3.1 and windows 95.
2. “its firewall too will remain unpatched”. The firewall was never patched to begin with, and “patching” firewall as security measure is unheard of. Besides, today it would be very challenging to find a user not using a router, and router has its own firewall, but more importantly, it won’t forward external requests to your computer unless specially configured to do so.
3. “Take back ups regularly religiously! You have no option! Should something go wrong, you will have the option of going back.”
How come? you can reinstall windows xp or repair it in the same way as before. Nothing has changed, and Windows activation also works and will work indefinitely. Backups are surely important, but they don’t become 1% more important because of the end of support.
4. “Since Internet Explorer too will not get updates, it might be time to drop IE”
True, but not because of not getting updates but because on more and more websites are using new html technologies IE8 is not compatible with.
5. “Temporary Internet Files folder in Windows XP is a sure-shot breeding ground for malware downloaded from the Internet.
breeding ground? like, viruses in the cache grow by themselves? dude!
6. “Use Windows XP for all your offline work and don’t connect to the Internet.”
oh my. Well, even more safe option then is to simply turn off your computer.
================
In fact, it’s little known effect that windowsupdates for long time were bringing much more problems then protected from them. Whenever there was another “threat”, Microsoft was pushing critical update to all users. Since these updates were not tested, great many of them had very serious bugs. Those bugs later were identified and fixed, however the fixes were not pushed to the users in the same way as the fix, even though it was known 100% that whoever got the fix with the bug, got the problem as well. The users were supposed to notice the problems and then to find the fix and download it from Microsoft. If you go on support.microsoft.com and search for the phrase “after you install critical update, you experience”, you will see many of them. For that reason, it was prudent step to disable automatic windowsupdate to begin with – which I personally did 10 years ago, after I discovered this practice. So you can say, I was out of microsoft “support” for this decade… and guess what, my XP is alive, well, and very “connected”.
So don’t panic.
My point exactly. It’s relief to see that in the ocean of paranoia and incompetence.
For many of us with other high price specialty software (like $3200 AutoCad) plus other specialty engineering software NO LONGER AVAILABLE, upgrading to Bill Gate’s latest “improvement” is not an economic option. It is time that Gates is met with severe “Pushback” from an aggressive company that chooses to serve us over 20% who must stick with our operating systems and office software. This is not only individuals like myself, but countless companies across the nation who may be fighting to remain as an economic enterprise.
Speaking of Gates again, at one point I quit accepting his “updates” because of a real expectation that they would be laced with problems (blue screens, lockups etc) that were there to force us to buy his latest crap. And I use the word crap because his 2007 and 2010 systems were nothing but problematic, more difficult to use, unrecognizable icons, dropdowns no longer there, and never addressing the old problems with such as Excel and Word. I mean that this newer software like 2007 and 2010 is horribly counterproductive at a time when we must increase our production and lower the costs.
So if there is a recommendable company out there that will support my older operating system and MS office product, I would certainly appreciate knowing of those options.
Great write up Anand. Covered everything on the steps that I took to support one of my Windows XP machine that is running some legacy software. Although- I am new to this XP-AntiSpy utility. Thank you.
I have just layered my Windows XP with AVG and Malwarebytes along with this freeware called RollBack XP which I use it to restore my Windows XP system if it gets buggy due to some new software installs or such.
I rather not use Windows 8 with it still being a little unstable. Using Windows 7 on my other machine.
I would suggest for trying out RollBack XP from here as well: http://www.horizondatasys.com/en/RollBack_XP.ihtml
Wow!. Thank you Gregg. Great insight.
Sick of the windows 8 bashing. It is not even close to ME, and the only thing really wrong with vista was that it was a resource hog. Windows 8 can run on a cell phone. That should tell you how resource intensive it isn’t. While I’m not a fan of the metro tiles, the fact is that overall it is a better operating system than even 7. Are there going to be changes to a new system? Duh. If you want your desktop to look the same as it did 10 years ago, and never have to learn anything new again, switch to mac. It should make you happy with its simplicity.
Hey ,had to get a new laptop due to corrupting my older ones bios during updating it! its running the newer 8.1…it seems Windows has caved to the criticisms of those who hated “8” and combined the 2 systems? overall I still prefer Win7 due to it not requiring you to have your laptop tied to your email account to sign in. I also miss the old start menu with your programs & such as you have to depend on the phone type page to get to many of them but after you login it takes you to a windows 7 looking desktop! It also somewhat feels like “7”…just a quick review for those who might not know about it! All in all I like 7 better but Im glad the 8.1 at least acts like 7! I could’ve gotten some of the left over machines running Win7 but this one came at a good price! can’t beat $177 for a new laptop! Runs good but there are things I dislike about 8.1? like your email being your sign on? More NWO Orwellian big brother bullcrap we have to endure post 911! Its all bull none the less! Keep the internet free & open!the book 1984 was suppose to be a warning! NOT a user manual!
Microsoft has ended activation of windows xp, Now Windows 7 is the most recommended OS, Which through user can do almost all work without any problem, Where I recommend you to activate your OS being purchased its license code from ODosta Store
Which is distributing license for almost all types of Microsoft Products. I personally use it and have a good experience.