The Inquirer-Home

As Windows XP support ends, experts lend advice on staying safe

Your essential guide to not getting pwned
Tue Apr 08 2014, 12:55
Windows XP feature image

IF YOU ARE ONE of the 27 percent of Windows XP users who are still using it, and especially if you are one of the 17 percent of INQUIRER readers who intend to carry on with Windows XP regardless, make no mistake - your computer is in danger from today with talk of zero-day exploits already surfacing.

The INQUIRER has received emails from readers asking if, off the record, we really think there's a problem, so we asked some security specialists for their opinions.

David Emm, a senior researcher at Kaspersky Lab explained, "Effectively, every vulnerability discovered after today will become a zero-day vulnerability - that is, one for which there is (and never will be) a patch.

"This problem will be compounded as application vendors stop developing updates for Windows XP: this will create an even greater attack surface, since every unpatched application will become a further potential point of compromise.

"Malware writers will undoubtedly target Windows XP more, since an un-patched operating system will offer them a much bigger window of opportunity in which to exploit any vulnerabilities they find."

But what precautions should you take if you have no choice but to continue using Windows XP? Malwarebytes has already announced that it is offering an alternative security patch service by subscription as part of its anti-malware package.

Alternatively, Gartner VP and Fellow Neil Macdonald has offered this ten point plan for minimising the risks.

"1. Restrict Network Connectivity to the Minimum Possible: The most likely point of attack for [Windows] XP machines is your network. Make your [Windows] XP machines as stand alone as possible.

2. Implement an Application Control Solution and Memory Protection: Microsoft's Group Policy Object restriction or host-based intrusion prevention systems can be used to prevent arbitrary code being run from elsewhere on the network.

3. Remove Administrative Rights: Even for home users, removing Admin rights is a no-brainer. If you are the main user, set yourself up a non-admin profile and use it wherever possible.

4. Address the Most Common Attack Vectors - Web Browsing and Email: Take out local browsing capabilities and run them virtually from a server running an up to date system.

5. Keep the Rest of the Software Stack Updated Where Possible, Including Office: Remember, Office 2003 also ends today. And although [Windows] XP support may have ended, your individual software vendors may still continue support.

6. Use a Network or Host-based IPS to Shield XP Systems from Attack: Is your security vendor continuing support for [Windows] XP? Make sure you know and if not, switch to one that does.

7. Monitor Microsoft: Keep your eye out for anything affecting Windows Server 2003, as this will probably affect [Windows] XP too.

8. Monitor Community Chat Boards and Threat Intelligence Feeds: Be a part of the community. Macdonald suggests that there are likely to be specific communities for continuing unofficial [Windows] XP support.

9. Have a Predefined Process Ready If [a Windows] XP Breach Occurs: Forewarned is forearmed. Have an action plan ready to keep your XP machines quarantined.

10. Perform a Cost/Benefit Analysis: Which is going to be cheaper? Upgrading, taking the risk, or paying Microsoft for extended support?"

This information is part of the Gartner report entitled "Best Practices for Secure Use of [Windows] XP After Support Ends".

Of course, the safest alternative is to upgrade. Richard Edwards, principal analyst at Ovum Software said, "Compared to smartphones and tablet devices, PC operating system upgrades are an ugly affair, and thus PC replacement is the preferred option. But the traditional PC replacement project is not what it once was, as there are now many more options and alternatives to be considered: Windows 7 vs Windows 8; tablet vs PC; Android vs iPad; [and so on].

"But whichever option is chosen, moving on from Windows XP could prove transformational for employees and for businesses, as any change of tool brings with it a change in thinking and capability."

At its Build conference in San Francisco last week, Microsoft previewed a compatibility mode for Windows 8.1 that will allow more legacy intranet sites to work in Internet Explorer 11, which might persuade a few more laggards, but until that time, be careful - it's a cyber jungle out there. µ


Share this:

blog comments powered by Disqus
Subscribe to INQ newsletters

Sign up for INQbot – a weekly roundup of the best from the INQ

INQ Poll

Happy new year!

What tech are you most looking forward to in 2015