Slashdot Mirror

← Back to Stories (view on slashdot.org)

Ask Slashdot: Preparing For Windows XP EOL?

Posted by timothy on from the stock-up-like-y2k dept.

An anonymous reader writes "As most of us working in IT may know, Microsoft will stop supporting Windows XP on April 8th, 2014. Although this fact has been known for quite some time, XP is still relatively popular in companies and also enjoys noticeable marketshare for home users. Even ATMs are running XP and will continue to do so for some time. A lot of companies/users don't want to change because they see no additional benefit to do a costly upgrade, no reason to change a running system, and they may in some cases be right with their assumptions. So what is the best way to secure this remaining Windows XP systems? Installing the latest security patches, checking firewall status and user permissions etc. should be fairly obvious, as Microsoft Security Essentials may also not receive updates anymore, changing antivirus programs seems a sensible thing to do."

5 of 423 comments (clear)

  1. MSE by theheff · · Score: 4, Informative

    MSE will have definitions for a year after the EOL: http://blogs.technet.com/b/mmp...

  2. Install "common sense antivirus" by nctritech · · Score: 5, Informative

    Use Firefox. Keep the biggest attack vectors up to date (Adobe stuff in particular). Get rid of Java entirely unless you desperately need it; in that case, keep it up to date religiously. Use Adblock Plus (or equivalent) to block ads which sometimes carry malicious code. Don't do stupid things online. Don't run executables unless you absolutely know they're safe. Don't install pirated software since pirated software sometimes comes with lovely surprise infections. Use a limited user account for your daily activities and an administrator account only for maintenance tasks or to run software that won't work under the limited account. Always use a NAT router between the computer and the Internet, and don't run any open wireless network with that PC attached.

    It's largely just a matter of (A) don't do obviously dumb things and (B) don't run everything as an administrator in the first place. Remember that antivirus and security software is a final line of defense; everything else is basically a problem with the user's behavior or knowledge, and if you are careful and follow good security practices in the first place, you aren't at any significantly greater risk than you are now.

    One more thing: if someone really wants to break in, they will. XP or 7 or 8 or 8.1 and all the updates in the world won't matter in such a case, so my final piece of advice: don't piss anyone off that might want to come after you.

  3. Relatively safe by JBMcB · · Score: 4, Informative

    There hasn't been a root exploit in XP for a couple of years now, which means if you are running as a user and not root, and you know what you are doing, XP should be fairly safe.

    1. Run as a regular user and only elevate permissions when you need to
    2. Make sure your directory permissions are locked down properly (there are guides to help you do this)
    3. Turn off all unnecessary services
    4. Run a 3rd party antivirus app - BitDefender Free is excellent
    5. Regularly run rootkit detectors and a second on-demand scanner (I use Trend Micro)
    6. Don't use IE, use Firefox with NoScript turned on
    7. Don't use Flash, Adobe Reader or Java. Use Sumatra PDF for PDF viewing.

    I keep a VM of XP around for running some old apps and reading my junk email account. I've been sent virii and all sorts of junkware, and running the above config is pretty impervious to anything thrown at me. I can revert the image to it's original state if something bad happens, and I've yet to have to do that.

    --
    My Other Computer Is A Data General Nova III.
  4. Windows SteadyState by benjymouse · · Score: 4, Informative

    Windows SteadyState from Microsoft is available for Windows XP.

    SteadyState virtualizes the OS directories transparently on the disk. File writes/updates are directed to a secluded area. You can set it to simply delete those journaled updates upon restart/signoff. Any malware will be effectively gone. Windows Update would still be possible when signing in as the SteadyState administrator (creating an updated image), but that's kind of moot at this point.

    --
    Reading slashdot one-liner: (irm http://rss.slashdot.org/Slashdot/slashdot).rdf.item | fl title,desc*
  5. Re:No problem by boristdog · · Score: 5, Informative

    At my company we have dozens of $500K+ machines that are controlled by NT 4.0 boxes, and dozens of somewhat newere $2M machines contolled by XP boxes.

    The vendor has no incentive to upgrade their software to work with a new OS, they'd rather we spend several hundred million on new equipment. And the software that controls the machines is closed and proprietary to the vendor.

    We'll still be using NT and XP in 2020.