Windows XP: Survival tips to stay safe

If you're late to upgrade or have decided not to change your operating system, check out these tips to keep the system as secure as possible. Do not use Internet Explorer It is not advisable to keep running Microsoft's Windows XP operating system now that support has ended, ZDnet reported. Today, Microsoft will release its last batch of security updates, patches, and fixes for Windows XP, and after this date, core vulnerabilities or security issues that could leave you open to cyberattack will not be investigated or fixed. You won't have a permenant blue wheel of death the moment support ends, but vulnerabilities stored up by cybercriminals for use after this date will not be fixed. Tip? Stop using Internet Explorer. The most common version of IE used on XP systems is version 8, and considering that Internet Explorer is now up to version 11, you can see how old and obsolete the browser is. Not only this, but Internet Explorer 7 and 8 will also not be updated further, leaving your system vulnerable to malware that exploits this old program. Both Mozilla's Firefox and Google's Chrome browsers will continue support for Windows XP after expiration, and so use one of these browsers instead of Internet Explorer if you are still running XP. This will at least give you a little more time, but be aware that Chrome on XP will only be supported for one more year, and it is not known how long Firefox will offer support. In addition, don't forget to change your browser from the IE default. Finally for those still using the venerable OS after the end of routine Microsoft updates and security patches, there are 10 best practices to minimise the risks. Step 1: Restrict connectivity Because the network is a prime route for attacks on vulnerable systems, minimising connectivity with other systems makes it easier to protect XP machines. Consequently, disconnecting XP devices entirely from the network is the best option. But if access to specific applications is what's delaying a migration away from XP, MacDonald suggests a kiosk model, with users going to a centrally located departmental machine. If you can't disconnect XP systems completely, the next step would be to block internet connections and limit communications to specific internal systems through a network- or host-based firewall. Even with restricted internal access, isolate XP devices from other endpoint systems using virtual LANs or firewalls. Step 2: Restrict apps Lock down XP machines so they can't execute arbitrary code. This measure can be achieved through dedicated software, a host-based intrusion-prevention system, or Microsoft's Group Policy object (GPO)-based software restriction policies. MacDonald says with the end of XP support, it's essential to allow only known-good apps to run. Memory also needs to be protected, by activating XP's Data Execution Protection, with additional protection coming from Microsoft's Enhanced Mitigation Experience Toolkit, or EMET. Step 3: Remove admin rights A mandatory measure for all users remaining on XP machines to cut risk because 90 percent of malware runs in the context of the logged-in user. Step 4: Bar browsing and email Since most attacks come via email and the web, it makes sense to eliminate these vectors on XP devices. An up-to-date server-based system can instead provide these capabilities — for example, a remote desktop service or hosted virtual desktop server. Step 5: Update software XP may be out of support but other software running on the machines may not be and should be kept updated to minimise weaknesses. It's important that antivirus, firewalls, software distribution clients, and browsers should be up to date, along with Java, Adobe, Office and other common infrastructure apps. Step 6: Disable ports and drives By disabling USB ports and CD and DVD drives, you are removing another route for the introduction of arbitrary executable code. It's also possible to employ third-party tools to configure ports for write access only. Step 7: Shield XP A network or host-based intrusion-protection system can help protect XP machines. It's worth confirming with your network or host-based supplier that it will continue to research XP vulnerabilities and attacks, and provide filters and rules to block such attacks. Step 8: Monitor XP, Microsoft and threats As well as monitoring XP systems for signs of compromise, organisations still running the OS should keep a close eye on Microsoft. Although the company won't disclose new vulnerabilities against XP to those who haven't paid for Custom Support, it may release information about critical vulnerabilities to, say, Windows Server 2003, which could affect XP. It's also worth checking community chat boards and threat intelligence feeds, as independent sources of information. Step 9: Plan for an XP breach Those still running XP systems need to have a plan for isolating the machines in question in the event of an attack, as well as ways to restore them to a known-good state. It's also important to understand the cause of the problem to prevent a recurrence, and to have a backup plan to move users to supported systems rapidly in a catastrophe. Step 10: Study costs A cost-benefit analysis could show whether the measures involved in staying with XP temporarily might actually end up outstripping a more rapid migration.