About XP System

[SoleAnne]

My computer is XP System.It is not protected?What should I do

 

[Steltek]

First, make sure you have good, updated antivirus and antimalware software installed. Then, consider whether you can upgrade to Vista or Win7.

What is the make and model of your computer? Or, if it is a home built system, what are the components (motherboard, processor, hard drive, memory, ext)?

 

[corkyg]

Also, . . .your question relates to the Operating System Forum. Go there and read all the threads involving what to do about XP. I am requesting your thread be moved there.

 

[SoleAnne]

First, make sure you have good, updated antivirus and antimalware software installed. Then, consider whether you can upgrade to Vista or Win7.

What is the make and model of your computer? Or, if it is a home built system, what are the components (motherboard, processor, hard drive, memory, ext)?

Thanks.It can't upgrade to Vista or Win7. And i will updated antivirus and antimalware software installed. Thanks for your suggestion.

 

[SoleAnne]

Also, . . .your question relates to the Operating System Forum. Go there and read all the threads involving what to do about XP. I am requesting your thread be moved there.

Thanks.I will read the threads involving what to do about XP.

 

[John Connor]

Dude111 still uses Windows 98se and says it doesn't spy on you like the government can do with other OS's. LMAO!

 

[nemesismk2]

Dude111 still uses Windows 98se and says it doesn't spy on you like the government can do with other OS's. LMAO!

if he is happy with windows 98 se then that is fine. the reasoni left windows 98 se is because some of my games needed windows xp and my anti virus ended so i had to upgrade to windows xp.

 

[gmaster456]

if he is happy with windows 98 se then that is fine. the reasoni left windows 98 se is because some of my games needed windows xp and my anti virus ended so i had to upgrade to windows xp.

So you're saying you'd still be using 98SE right now, online, if it werent for your games and AV?

 

[Morbus]

Better buy a new computer if you can't update to a supported operating system. If you don't, you risk having your computer highjacked and your information stolen.

To put it in another way: you're currently easy pickings for every single malicious hacker out there, and they're actively looking for people using XP.

 

[JackMDS]

If for whatever objective reason you can not upgrade.

Educate yourself on the correct secure habits using the Internet and hence Win XP security with this.

The computer should behind a Router using Kerio 2.1.5 firewall (last freeware version of Kerio) and Avira Antivirus. (I consider Norton Junk source as is so I do not use it).

Using it for surfing mainstream sites and email I never had a security problem.

Kerio here in the middle of the page - http://www.321download.com/LastFreeware/page7.html

Avira free version - http://www.avira.com/en/avira-free-antivirus

 

[Steltek]

Thanks.It can't upgrade to Vista or Win7. And i will updated antivirus and antimalware software installed. Thanks for your suggestion.

If the system can accept 2GB of memory or more, it very likely could run Win7. You would obviously have to do without Aero, but Win7 will otherwise work OK in 2GB as long as you don't do a lot of multitasking.

 

[VirtualLarry]

My computer is XP System.It is not protected?What should I do

Seriously? If you don't want to get exploited, re-format and install a flavor of Linux on that PC.

 

[Red Squirrel]

The whole end of life thing is blown out of proportion. Windows is insecure period. Some magical date is not going to change that. In fact ANY OS is insecure if it's not setup right and is not behind a firewall/NAT device.

If your system is too old to upgrade then don't worry about it, do the same thing you normally would such as ensuring it is behind a NAT firewall (pretty much any home grade router will do) and that you update the AV definitions.

 

[escrow4]

The whole end of life thing is blown out of proportion. Windows is insecure period. Some magical date is not going to change that. In fact ANY OS is insecure if it's not setup right and is not behind a firewall/NAT device.

If your system is too old to upgrade then don't worry about it, do the same thing you normally would such as ensuring it is behind a NAT firewall (pretty much any home grade router will do) and that you update the AV definitions.

XP is decrepit. Its certainly more insecure than 7 or 8.1. It isn't built for 2014.

 

[Red Squirrel]

XP is decrepit. Its certainly more insecure than 7 or 8.1. It isn't built for 2014.

True, but I find people get a false sense of security if they're on the latest and greatest OS. I'm sure even a 7 or 8 system left wide open to the internet will get hacked eventually. XP might just take a little less time.

Of course there's internal security such as stuff that can happen because of things you do inside such as open a virus, but any OS can be hit with issues that way if the entry software is insecure such as the browser.

 

[Fred B]

I use xp for gaming only , not using explorer but Opera and do nothing with xp online besides gaming . For email home banking I use w7 , but yesterday there where on the news in my country /Holland/ that Explorer is not safe to use anyway

 

[code65536]

XP is decrepit. Its certainly more insecure than 7 or 8.1. It isn't built for 2014.

Sigh. The security improvements in newer versions of Windows are mitigations to limit the damage in the event something bad happens. They don't prevent that something bad from happening in the first place.

What should I do

If you want to keep using XP, these are the steps you should take:

1) Limit your exposed surface. Being behind the NAT of a home router is usually good enough for this. Otherwise, shut down things that have open ports (TCPView can help here), like SMB or remote desktop.

2) Use Firefox. Avoid IE. Just looking at the past few months of Patch Tuesday RCE fixes, many of them are exploitable only if the user uses IE. Keep your Firefox updated. (Chrome could work too.)

3) Don't do anything stupid. If there's an EXE file you don't recognize, don't run it. If there's an attachment that looks fishy, don't open it. Remember, malware is harmless and inert until it's executed. But executing code without a user's help is hard. So in the vast, vast majority of cases, malware works by tricking the user into executing. A well-informed security-savvy user is the best defense against malware.

3a) Go dig around in the Windows Explorer options and set Windows to show all file extensions. The automatic hiding of file extensions (to make things "pretty") is one of the worst hindrances to #3.

4) Of course, malware can also execute without a user's help (I said "hard", not "impossible"), and that's via unpatched security flaws. So always keep your Internet-facing software patched. That means your browser, your IM client, etc. Since the OS is no longer getting patched, it's a really good idea to use programs that don't rely on many OS components. Hence Firefox instead of IE. If you do this, then, in conjunction to #1, the exposure of the OS should be very, very small.

4a) Since you won't be getting OS updates, you should be alert for security flaws in XP. Pay attention to security news about new XP flaws that are discovered. Read about how they're exploited, consider whether that exploit is applicable to how you use the computer (most aren't, actually), and if so, then you need to change the way you use your computer to avoid exposing that exploit. Also, subscribe to the MSRC blog and see what's getting fixed each month. They probably won't post any new info about XP flaws, but it's still worth paying attention because some flaws in newer versions of Windows exist in XP, too. Again, same as above: see how it's exploited, whether it's relevant to your usage patterns, and adjust usage patterns in the (unlikely) event that it is.


Note that I made no mention of anti-virus. Anti-virus is good mostly for protecting a computer against a user's mistakes, but it's really ineffective against attacks that exploit unpatched security flaws. The end of support for XP increases your exposure to the latter, and that's something that AV does a pretty shitty job with. At best, it adds an extra (very weak) layer of last-ditch protection. At worst, it lulls a user into a false sense of security. It's optional. Install it if you want, but under no circumstances delude yourself into thinking that it'll actually protect you, because it probably won't, and it's a very poor substitute for following the 4 points above.

 

[VirtualLarry]

code65536, good post. Should sticky!

Edit: I would add, use a limited-user account, and if on XP Pro, use SRP (Software Restrictions Policies). With those added, XP becomes (relatively) bulletproof to most ordinary malware.

 

[nemesismk2]

So you're saying you'd still be using 98SE right now, online, if it werent for your games and AV?

in all honesty yes i would still be using windows 98 se if i could. in most of my jobs i had to use windows 2000 and then windows xp. i have never used anything for my job which had windows 7, windows 8 and windows vista was always hardly used.

 

[Fanatical Meat]

Guy just save up a few dollars and get a new PC they're pretty affordable if you just need email/web stuff.

 

[VirtualLarry]

Guy just save up a few dollars and get a new PC they're pretty affordable if you just need email/web stuff.

I just picked up a 20" Gateway AIO for $162 + tax today at Staples. It's not really much good for gaming, but for web and e-mail it's fine. Skype is a bit taxing though.

 

[sweenish]

Sigh. The security improvements in newer versions of Windows are mitigations to limit the damage in the event something bad happens. They don't prevent that something bad from happening in the first place.

That seems over generalized. Randomizing service/process locations in RAM is a straight up prevention, not mitigation. Unless you view all security code to be mitigation.

XP is super easy to attack because its services are always at the same address.

 

[mikeymikec]

Thanks.It can't upgrade to Vista or Win7. And i will updated antivirus and antimalware software installed. Thanks for your suggestion.

I'm not sure I've ever seen an XP PC that actually couldn't run Win7. Sometimes it isn't cost effective, but "can't" is a whole different kettle of fish, it means that even if say the disk, graphics, memory were upgraded, it still couldn't do it. Back up the user data, wipe the disk and install Windows. Of course one should check hardware compatibility first though

I've upgraded several computers in recent months, some of which were about 9-10 years old (because that's what the customer wanted despite my advice to go new), high end P4s, low end single-core Athlon 64s, etc, and they've been happy with the results. There's no reason that say an Athlon XP with a second-hand low end DX9 graphics card couldn't run Win7 if you stick in enough RAM, for example.

 

[code65536]

That seems over generalized. Randomizing service/process locations in RAM is a straight up prevention, not mitigation. Unless you view all security code to be mitigation.

ASLR is mitigation because it doesn't help until after the address has been hijacked. I.e., it doesn't kick in until 1) a security flaw exists and is exposed and 2) an attempt was made to exploit that security flaw.

And it's not straight-up prevention because it results in the process or service crashing. Of course, crashing is much preferred over being exploited, but 1) it can still be used for DoS and 2) true prevention would be preventing the exposure of flaw or otherwise preventing the exploit from being attempted (vs. failing part-way into the attempt).

So yes, ASLR is definitely mitigation and not prevention.


Edit: Think of ASLR as the self-destruct device on a starship. Yes, it ultimately prevents the starship from falling into enemy hands, and yes, it's a very good thing to have. But it's not the primary line of defense. If you can keep your shields from dropping and the enemy boarding parties from beaming in, then you won't need to activate that self-destruct sequence. That's why it's a mitigation.

Edit 2: Continuing with that analogy, XP, 7, and 8.1 all have the same shields. Where they differ is in what happens when those shields are dropped. Newer Windows have extra layers of defenses and mitigations that XP lacks. But until those shields drop, XP is as secure as 7/8.1. Of course, the other difference is that the end of support means that when new weak points in those shields are detected, they're fixed in newer Windows but not in XP, but if it weren't for that, the primary line of defense in XP is as strong as in newer Windows.

Edit 3: And yes, I consider UAC to be a mitigation as well. Ask yourself, when does UAC kick in? It kicks in after an attempt is made to run the code. That is, it kicks in after the user has already pressed the big red button that the user wasn't supposed to press. Again, yes, it's a very good thing to have, and I do very much like UAC. But if your user has gotten to the point where the user has downloaded malware and made an attempt to run it, then a number of security failures have already occurred. Plus, most modern malware no longer require UAC, since there's no need to hose the OS in order to do tons of damage (e.g., CryptoLocker).