October 10, 2013

4 Ways To Bulletproof Windows XP Forever



Windows XP is slated to be exterminated for good by Microsoft in April of 2014. It is the last stage of a multi-year effort to kill off the operating system. Microsoft previously cut support for any system running SP2, driving a massive effort across corporations to ensure their systems were all up to SP3. As of April of 2014, even that will no longer be supported with patch updates by Microsoft.
We certainly fell in love with XP here at MakeUseOf, just like everyone else. Even on my recent article on the Windows XP virtual machine, readers were commenting about how Windows XP is not down and out yet. Over the years we’ve brought you topics like finding Windows XP themes, resetting the Windows XP password, and so many other articles too numerous to list here. It’s one of those Windows Operating Systems, like Windows 3.1, Windows 95, and I suspect now also Windows 7, that generated a very loyal user base of people who are not going to be very willing to let go of it at the end of its life.


Windows XP has been no exception. The Gartner research group estimates that by April 8, 2014, even large and midsize companies are going to have at least 10 percent of their computer infrastructure made up of computers running Windows XP. I’ve personally seen it in manufacturing, where Windows XP computers are used to run everything from standalone test or measurement systems, to entire production machines. The operating system can’t be easily upgraded, because the production software running on it is ancient, and won’t run on any newer operating system. Usually, the vendor who wrote the software is long gone. So what’s a person to do?

In this article, I’ll help you make the best of a bad situation, by setting up that Windows XP system in such a way to reduce the likelihood of it getting hit by hacker lightning or a viral epidemic from the larger Internet.

 

 

Isolate and Contain

Just be aware that no solution, other than upgrading to a supported operating system, is going to be perfect. If you’re sick of having to pay for OS upgrades, then you might want to consider switching over to Ubuntu or another Linux distro. Short of this, you’re stuck dealing with Microsoft’s never-ending efforts to make more money.
On those old Windows XP systems, the idea is to block as much network traffic as possible, without disabling the PC entirely. You really need to do a full analysis of the system and decide whether or not you even need network access. Can you get away with disconnecting the network and running it as a standalone system, physically isolated from other computers? If you need to transfer data, can you use a USB stick instead?
If none of these options are viable, then start isolating by going into the control panel and clicking on the Windows Firewall.


WinXP1


Turn it on, and if you really want to get strict, you can also select “Don’t allow exceptions”, which won’t even allow traffic listed in the Exceptions tab. This is sort of like disconnecting the network cable anyway, but it’s more of a way to block all incoming traffic than blocking all traffic. It’s likely to disable your software, if it communicates with systems over the network, but it’s worth a try. If it works, then you’re pretty well protected from incoming threats.


WinXP2

 

 

Making Internet Browsing Safer

Another method – if you’ve read any of our past articles about killing IE – is to disable the Internet Explorer browser on your XP system. This browser is notorious for inviting hacks, viruses and malware. Hackers have targeted IE for so long that it’s essentially guaranteed that if you’re running an old version of IE on a Windows XP system, your odds of getting infected increase exponentially. So, right now, download an alternative Internet browser for that XP system (if you even need a browser at all).


WinXP3


Once you’ve installed an alternative browser, go into the Control Panel and go to “Add or Remove Programs”. Select the icon to “Set Program Access and Defaults”.


WinXP4


Under “Custom”, you’ll see a checkbox next to “Internet Explorer” to “Enable access to this program”. Deselect this checkbox. This will effectively disable IE on that XP box.


WinXP5


It’ll completely disappear from view under the Start Menu and under Accessories. To the typical user, it’ll appear like IE was completely uninstalled from the system.


WinXP7


Just removing IE alone will make the system significantly safer. Actually, not using any browser at all would help even more, but that really depends on how you need to use that old, vintage XP machine.
If it’s just to run a production system and you occasionally just need to access network drives, then disable IE and don’t install any new browser at all. If you do need to browse the Internet, then at the very least, make it a regular habit to go into the browser settings and get the latest updates. With Chrome, for example, you can check for browser updates by going into the settings and clicking on “About Google Chrome”.


WinXP8


Just because Microsoft won’t be sending your XP any new security patches or updates doesn’t mean that you’ll be unprotected. Lots of vulnerabilities come from the software, not the operating system. So making sure your browser is still updated frequently will go a long way toward protecting you from any problems.


Install Anti-Malware & Antivirus Software

You’ve heard this advice from MakeUseOf for a long time now, but it bears repeating once you stop getting Microsoft patches. Keep that system running with anti-malware and antivirus software, and make sure to keep it fully updated! Remember that running more than one dedicated antivirus program is a bad idea.


WinXP9


Microsoft Security Essentials is a free antivirus and anti-malware tool, which will likely continue working on XP for the foreseeable future. Set up MSE to update definitions automatically, and you won’t even have to think about it.


WinXP10


Know that it is safe to run MSE next to a dedicated antivirus program. If that software stops working on XP, other free antivirus apps out there are sure to keep working for a long time. Open source projects are notorious for offering free software that works on older systems that are no longer supported.


Create a Secure “Gateway”

Another approach to keeping an XP system inside of a corporate environment or on your home network is to isolate that vulnerable system behind a safe “gateway” PC. Here’s my attempt to draw what such a network layout would look like.
gatewaysystem
The red box on the left is your vulnerable XP system. This system would connect to a hub, where another system would be connected to it on the same subnet. This second system should be a fully patched, non-vulnerable Windows 7 or Windows 8 system.
This safe system would then pass through another hub via a second network card, and this would provide an indirect connection to the larger network. If you make the internal hub a router with DHCP disabled, you can enable a strict firewall as well, so that very little can actually pass through even from the “safe” gateway PC over to the Windows XP machine.


WinXP11
On a Linksys router, you can disable DHCP, which essentially transforms it into a basic hub.
WinXP12


This isn’t the perfect setup, because to actually transfer data off the XP machine and onto the larger network, you’d need to set up a system using something like FreeFileSync to transfer files off the XP onto the Gateway. Then, any system on the larger network could grab those copied files off the gateway PC.
This wouldn’t work so well if you need Internet access from the XP machine, but it’s an idea setup for those production systems where you need an easy way to get data onto and off of the local PC that’s running the process, but you still want to keep it fairly isolated from the larger network.

 

 

Conclusion

There are plenty of options right now for people that want to continue using XP for a while longer, even after Windows stops sending out patches for it. However, you have to keep in mind that XP will become a significant target for hackers who will not try to target people that are still using these older systems. Any vulnerability will remain after a hacker has found an exploit. Isolating your system using an approach above will help, but in the end you really have no choice but to try and upgrade your system so that you can finally move on from the beloved Windows XP system.
Are you facing a difficult transition off of XP? What challenges are you expecting? Share your own experiences and ideas in the comments section below.

Source: http://www.makeuseof.com/tag/4-ways-to-bulletproof-windows-xp-forever/