April 8 XP Deadline Discussion

Deadline is here, so I am looking for constructive input for users who will be looking for security solutions for Windows XP moving forward. This is for those who will be sticking with Windows XP on at least one machine primarily, but anyone else please add anything you can think of that checks the box as a positive contribution.

If someone wants to start a thread on how to upgrade or the reasons why, that's great, but I want this to be all about those who will be for any reason sticking with Windows XP. Please hold off on discussions about changing operating systems...

Security I am using:
Avast-Avast sent a notice through the program interface that stated the avast team will be issuing patches (they were called this) in place of Microsoft via its cloud connection for at least the next three years. I like this commit to the users approach that doesn't rule out XP even for long term support. Given the fact that XP has all of the modern services for an OS, I think it can be an inexpensive alternative to the others for general use...provided security is good enough.

Private Firewall-Installs at only 8 MB compared to 200 MB for Comodo. Simple interface, but all the switches are in the program to block key logging and unauthorized clipboard copying and screen capture. XP users on the border of changing OSes might give this a try first. PF scored 88% on the Matousec rating system here:

http://www.matousec.com/projects/proactive-security-challenge-64/results.php

Malwarebytes Free-Free is a one time scanner that adds some peace of mind. Good tool to have.

I think the best defense is imaging. If someone doesn't know how to image, start a thread about where to begin. I use Paragon and have a clean OS image along with one for each day of the week and a monthly one. This is really the best defense against OS corruption that can occur through normal use, but it can be a big help with malware problems too.

Just want to say that I haven't ever been a big believer in MS' security patches. I'm sure they have improved XP security somewhat, but then again, I wasn't expecting MS to provide security for a PC. In this light, I have viewed the patches as operating system improvements only...not really security answers.

By the way, I think the Microsoft Malicious Software Removal Tool will still be available for XP users for direct download from the MS site. Not sure about this, but maybe someone can confirm. I haven't ever used the tool, so I won't miss it personally...

 

I'm running Comodo Internet Security (full suite) using Comodo's secure DNS Server, MBAM AND MBAE (AntiExploit), SuperAntiSpyware, Spyware Blaster, CryptoPrevent and WinPatrol Plus. Should something arise, I've also got MalwareBytes Chameleon.

 

I have no choice in sticking with XP, because I can't afford to upgrade to a new computer, or even a used one. That being said, it is now, Wednesday, April 9th and I just got an automatic update from Microsoft. If what they say is true, then either they are continuing with updates, or haven't disabled it, or someone is is wanting to download something on my comuter. One of the items is the April Malicious Tool Removal.

Now, should I be worried about it being from a third party, or is it a legitimate Microsoft update.

Here are my computer stats:

Operating System:
Windows XP Professional 32-bit SP3
CPU:
Intel Pentium 4, Nothwood 0.13um Technology
RAM:
`1.00GB DDR @ 132MHz (2-2-2-6)
Motherboard:
Dell Computer Corp. 0G154B (Microprocessor)
Graphics:
HP f1905 (1024x768@70Hz)
Intel 82845G/GL/GE/PE/GV Graphics Controller (Dell)
Storage:
74GB Western Digital WDC WD800BB-75CAA0 (ATA)
7GB PNY USB 2.0 FD USB Device (USB)
Optical Drive:
HL-DT-ST CD-ROM GCR-8481B
HL-DT-ST CD-RW GCE-8481B
Audio:
SoundMAX Integrated Digital Audio

 

It's the final XP updates, 2nd Tuesday of each month, though many don't get them until Wednesday. You won't get any more.

 

Heartbleed should be a wakeup call for how 0-days can make it past defenses. Just saying

As requested, I will not discuss upgrading or changing though.

 

Everyone please leave this thread to those who already know they will be keeping Windows XP on at least one machine. As I said:

This:

is one person's reason to change. As I said, I'm not against anyone saying anyone should change. I'm not partial to any operating system, but I can't stand alot of clutter in this thread that is meant for a constructive debate security methods and tactics for Windows XP. Please start another thread for this type of comment...

Anyone who knows they will be keeping Windows XP on at least one machine you are free to say anything. Anyone else, please take your discussion to another thread, unless you have something constructive to add about how best to secure Windows XP...

:major

 

Sir,

Please do not tell moderators what to do. I am respecting your requests for the most part but that does not mean I will not bring attention to something when it is appropriate. Ignorance is not bliss.

 

Running Avast on my PC, plan on updating one of these days, but not anytime soon. So, is additional firewall needed? Been out of the computer stuff for a while.

 

I would go with a software and hardware firewall. Lock down every port you do not use. For most, that will be port 80 that can stay open for select apps and outgoing only.

Stay off IE. Consider running a VM for high risk browsing.

 

I'm still on XP, but only until I can afford an upgrade. Personal injuries have made funding tight at the moment, but I too am open for suggestions to get me by until the time is right.

 

I think AtlBo's strategy for continuing to use Win XP is about as good as anyone can do, but I would add Adrynalyne's suggestion to "Consider running a VM for high risk browsing." A Linux OS could be installed as a VM to use for web browsing. Of course, to do this, you will need sufficient free space on your hard drive to install the VM software and the OS you're going to run in VM mode.

 

IMO MS will have to do more than it says, one big reason is nearly all ATM's use XP as their platform. Also many stock and banking issues are also being talked about, even though it has reached its life span the end trails are nearly insurmountable!

 

Question for you gurus...

Is there a program that makes use of the accounts structure that could install browsers on a separate account? Could this be a positive step?

Would be great if temp files were all stored in the separate partition...something that would trick browser programs (and malware) into believing the partition is the main partition. Then all changes to the system could be more easily monitored. The whole thing could be sandboxed. A browser that sandboxed everything it places on a machine seems like it would be a good idea. Require users to approve any activity from a file place in the sandbox from the internet. Then disallow any changes to the system from internet activity.

Trying to put things in perspective here. It seems to me that files from the internet are the main concern. Yes, there are the USB potentials for trouble, but wouldn't solving the internet problem (e-mail too) be a huge first step to ironclad security?

Grasping, but with all respect to those who have upgraded beyond Windows XP, I don't think a good hacker would break a sweat over cracking any of the versions of Windows if he really wanted to or believed it was worth the risk...even with the best A-V/firewall installed...

 

You should be going online with a nonadministrator account anyways.
http://www.majorgeeks.com/files/details/sandboxie.html

Technically yes, but a thief will choose the car with an open window and keys in the ignition over the locked car that needs hotwired.

 

All the company types you mentioned are going to use Microsoft's insanely expensive private support.

 

Governments as well. http://www.theguardian.com/technology/2014/apr/07/uk-government-microsoft-windows-xp-public-sector and http://www.zdnet.com/dutch-government-pays-millions-to-extend-microsoft-xp-support-7000028116/ These must be the tip of the iceberg only.