Microsoft will end the support for Windows XP, but the world won’t end because of this.
In this article we will analyze what can happen, what you should do to avoid any damages and what you can do to continue to use Windows XP even after the support ends.
No more technical updates
After April 8, 2014, technical updates for Windows XP will no longer be available, including automatic updates that help protect your PC. Microsoft will also stop providing Microsoft Security Essentials for download on Windows XP on this date. If you already have Microsoft Security Essentials installed, you will continue to receive antimalware signature updates for a limited time, but this does not mean that your PC will be secure because Microsoft will no longer be providing security updates to help protect your PC.
Microsoft released XP about 12 years ago and published also a lot of patches in this time. Does this mean that all vulnerabilities were found and fixed? Most definitely not. As a matter of fact, Microsoft Trustworthy Computing director, Tim Rains, said that the cybercriminals can go so far and even reverse-engineer patches for more modern and supported versions of Windows in order to see what remained unpatched in Windows XP. Even if Windows 7 and 8 are quite different than Windows XP, there is still a lot of code shared between these operating systems.
If you continue to use Windows XP after support ends, your computer will still work but it might become more vulnerable to security risks and viruses. You can even install a fresh copy of Windows XP even after April 8th.
I hope it is clear by now that Microsoft is not going to go back and review their decision to kill the operating system. The only question now is: What to do ?
The best solution is clearly to move away from Windows XP. There are plenty of resources and tutorials in the Internet that explain how to migrate to Windows 7 or 8. But be aware that this might come with additional costs, since these operating systems require better hardware than Windows XP.
Hardening is the process applied to a computer to reduce its attack surface. Reducing the attack surface means identifying and reducing the available ways to attack the computer. Typically this includes the removal of unnecessary software, unnecessary logins and the disabling or removal of unnecessary services (file and print sharing, media center). On a lower level, it means also closing all non-critical ports, removing any not needed driver, ideally, removing the computer from the Internet completely.
Also the software that is used must be made as secure as possible. This means run it in a sandbox, run with minimum or completely without extensions, addons or plugins and in general, reduce the functionality which is not strictly needed.
Also the risk created by the one who stays in front of the monitor, the user, must be reduced. Create better passwords, change the default passwords, make them expire after a month. Use an account without administrative rights in order to reduce the damage of an attack happening under your account.
The software that users install must be checked thoroughly from now on, as there is no guarantee that they are backward compatible with an now obsolete operating system. Ideally, use only software created for Windows XP.
Speaking of software, make sure you keep your software (which is the bare minimum needed to do your job) up to date. Don’t use default installed programs like Outlook Express, Internet Explorer, Media Player as they might contain vulnerabilities that can get exploited. The best in this case are Mozilla Thunderbird as replacement for Outlook Express and Chrome or Firefox for replacing Internet Explorer. For Media Player there are thousands of replacements online.
Last, but definitely not least, install and keep updated a security product like Avira Free Antivirus.
If your Windows XP holds business critical information on it (but why would you trust an obsolete operating system with such a task?) then isolate the computer in the network. This means that you should filter the traffic coming from the exterior to your vulnerable computer using some gateway filtering product.
Another method to continue to run a Windows XP without having to expose it completely is to run it in a virtual machine on an up to date host operating system. This way you have a secure underlying operating system which you can easier protect than the XP.
If you have a PC with XP installed and there are your good old programs that run since many years, there is a solution to virtualize that as well.
Use Disk2VHD from Microsoft to create a virtual hard machine and play it with the free Microsoft Virtual PC under a safer operating system like Windows 7 or Windows 8. This program will create a snapshot of your installed Windows XP, including all programs, registries, files and will clone them in the virtual machine. The result is an identical environment with the real one, only that it is virtual.
In any circumstance, make sure though that even you harden the XP machine, no matter if it is real or virtual.
We strongly recommend to migrate from Windows XP. There is no way to fully protect the operating system anymore. There is nothing (or at least nothing that is economic feasible) that you or security experts can do to protect it.
And don’t think that you necessary have to stick with Windows. If you don’t have to use some legacy software that runs only on XP, think about alternatives. Linux distributions like Ubuntu (and flavours) have become really good as a desktop operating system.
IT Security Expert