Tomorrow: Goodbye Windows XP

[Warph]

All good things must come to an end; tomorrow, 04/08, Microsoft will officially end support for Windows XP.

Is XP Mode — or any virtual XP PC — safe to use?

By Fred Langa on April 3, 2014 in LangaList Plus

When running XP in a virtual PC, the host system is safe — but the XP VPC isn't. Here's why.

Plus: How secure is "secure enough"?, Android Gmail app truncates long emails, and a new cloud-storage price war that's great news for consumers.


Safely running Windows XP in a virtual PC
With Microsoft about to drop support for XP next week, Allan Divor wonders about the ongoing security of XP virtual PCs.

■"Fred Langa has discussed using XP Mode on Windows 7 or running XP in some other VPC software. In another article, he described how to set up a VPC but made no mention of XP Mode.

"Microsoft states: 'If you continue to use Windows XP or use Windows XP Mode on a Windows 7 PC after support ends, your PC might become more vulnerable to security risks and viruses.'

"So, is XP in a VPC or XP Mode safe? Or is it as vulnerable as a standalone XP system?"

When Microsoft drops support for XP, all XP PCs — real or virtual — will become equally vulnerable to newly exploited security flaws.

I'll say that again. XP running in any virtual PC software — XP Mode, VirtualBox, VMware, Hyper-V, or whatnot — will be just as vulnerable as a real, standalone XP machine.

There is, however, a significant upside to running XP in a virtual machine. The software that creates and manages virtual systems typically protects the host PC from any corruption or infection of the XP VPC (or any other guest OS). The host system is effectively isolated from whatever software is running inside a VPC. That rule, of course, is not absolute; the level of protection depends on how the VPC is set up. But security problems that might affect a virtual PC usually can't migrate to or otherwise affect the host PC.

In fact, a virtual PC can be a good way to run any potentially hazardous software. System crashes, bugs, hacks, or other problems that might affect the guest operating system won't, in most cases, affect the host (physical) system.

The best virtualizing software fully isolates a guest operating system by default. That's one of the main reasons why I recommend and use VirtualBox (site) — it uses safe default settings.

Other brands of virtualization software, such as Microsoft's Hyper-V and the related Windows Virtual PC app that runs XP Mode, take a different tack; optimized for performance, they're more closely coupled with the host PC's OS. Hyper-V's tight integration with the host Windows or Windows Server, for example, makes it work well in enterprise-level applications. But on the desktop, you need to take extra steps to maximize its security, as detailed in a TechNet article and an MS Download Center guide. With care, Hyper-V and XP Mode setups can be quite safe, too.

So there are two things to remember. First, all XP setups — real and virtual — will become more vulnerable to malicious attacks after official Microsoft support ends. There are no exceptions to this rule.

Second, PCs hosting XP virtual PCs should incur little or no additional risk — especially if the virtualizing software is set up to maximize guest-system isolation. With a properly configured VPC, any ills that befall the virtual XP setup should be limited to XP.

(And because an XP VPC setup is completely contained within one or two files, backups and restores are especially easy.)

Which virtual PC should you use? Again, I prefer VirtualBox (site) — it's free, easy to use, has safe defaults, and works on all current versions of Windows.

Obviously, you still want to keep your XP VPC as secure as possible. Apply all the usual security techniques: install good anti-malware software, keep your browsers and other applications fully up to date, and be careful of what you download and install. I recommend following Susan Bradley's advice in the Dec. 19, 2013, Top Story, "Securing XP PCs after Microsoft drops support."

[...]

http://windowssecrets.com/top-story/securing-xp-pcs-after-microsoft-drops-support/

Securing XP PCs After Microsoft Drops Support

By Susan Bradley on December 19, 2013

Here are the steps I'll take to ensure that my remaining XP machines are as secure as they can be.
(Note: Many of the following tips can be applied to newer versions of Windows, too.)

What does "end of support" mean? After April 8, 2014, Microsoft will — among other things — no longer release security updates for its 12-year-old operating system. Third-party hardware and software vendors might also take a cue from Redmond and drop development of XP-compatible drivers, add-ons, and utilities on their new products.

With that in mind, all XP users should start by asking themselves: "Do I really need to stick with an OS that will become increasingly unsecure?" It's akin to driving an older car that's not equipped with airbags. Sure, it'll get the job done, but at what potential risk?

For business computing, moving off XP might not be an option. Some line-of-business apps will run only on Windows XP. The same can be true of some consumer products. For example, I have software that lets me customize my Pronto TV remote. But the app will run only on XP. So I keep XP on a virtual machine that's running under Windows 7.

But those are rare exceptions. By and large, there's no compelling reason to stick with XP — and, as noted above, there are important reasons not to.

All that said, if you must keep an XP system up and running after April 8, a few changes can help keep the system relatively secure. And those changes start with Internet Explorer.


Reduce threats from XP/browser vulnerabilities
Browsers have historically been a leading gateway for PC infections, and Microsoft's Internet Explorer had one of the worst reputations. The latest versions of IE — 10 and 11 — are much more secure than their predecessors, but neither runs on XP. IE 8 was the last version of an MS browser to run on XP. So one of the first steps for hardening an XP system? Don't use IE as your default browser. (You will, however, need to keep it installed and updated.)

Switch to Google Chrome or Mozilla Firefox as your primary connection to the Internet. And if you use Firefox, add in NoScript to block malicious scripts. Another reason to switch: Google Apps doesn't support IE 8, but the online service will run in XP-compatible Chrome and Firefox.

Keeping your antivirus software up to date is always important, but even more so with Windows XP. My preferred AV setup is a combination of Microsoft Security Essentials (site) and Malwarebytes' Anti-Malware (site), which plays nicely with other full-time virus scanners. (As a rule, you don't want to run two full-time scanners at the same time.)

Truth be told, I'm skeptical of reports claiming that one antivirus product is better than another. All AV apps must react to rapid changes in malware delivery. And I often find suspicious files on systems that have top-rated antivirus products installed. Combining compatible AV scanners is the best way to keep malicious software off a system.

To complete your anti-malware routine on your XP system, regularly scan XP with a bootable AV product such as the Kaspersky Rescue Disk (site). That'll ensure your PC is free of hard-to-find rootkits.

At some point, antivirus vendors will stop supporting Windows XP. When that happens, browsing the Internet will no longer be safe, no matter what browser you use. Here's how to move to a secure browser and email client outside XP.


For email and Internet, go with a modern device
You might have a key application that must run on Windows XP (I can relate), but it certainly isn't email or Web browsing. If you're unwilling or unable to migrate to a newer version of Windows, I suggest you treat yourself this holiday season to a new device that's ideal for email and browsing — and relatively safe from malware. (Most of these digital devices don't run on Windows.) Consider, for example, purchasing a Kindle Fire, Apple iPad, Android-based tablet (more info), Google Chromebook, or even a laptop running Ubuntu Linux (Amazon info).

You might also consider a Windows RT device. But keep in mind that Windows RT is not Windows. (See the Oct. 25, 2012, Top Story, "Win8 vs. Windows RT: What to know before you buy.") Windows RT will look familiar, but it doesn't run legacy Windows apps. If you want full Windows on a highly mobile device, see the Nov. 14 Best Hardware story, "MS Surface Pro 2 — the only PC you need?"

The non-Microsoft devices have their own limitations. For example, a Chromebook works nicely for heavy Google Apps and/or Gmail use, but it can't directly access your shared Windows files; it can access only Web-based content (such as Google Apps).

The Kindle Fire is an inexpensive device from Amazon. The less-expensive models are subsidized by advertising, but I don't find it all that annoying. With the right applications, you can access shared files on your network and complete most computing needs. (The same is true for iPads and Android tablets.)

Going Ubuntu could be the most mind-boggling option. Although its graphics-based interface is relatively intuitive, it doesn't completely hide its Linux foundations. So your learning curve will be a bit more intimidating than with the other devices from Google, Amazon, Apple, and Microsoft.

Bottom line: Keep XP only for those tasks than won't run on a more modern platform.

More ways to secure Windows XP systems
Disable Web browsing: After support ends next April, consider reconfiguring Windows XP to block its access to the Internet. (Remember: You'll no longer need IE or Windows Update for system updates from Microsoft.) To do so, open IE, go to Tools/Internet Options, and then click on Connections. Click the LAN settings button (see Figure 1) and then check the "Use a proxy server ..." box (see Figure 2). Next, enter 127.0.0.1 into the Address box. Finally, check the "Bypass proxy server for local addresses" box.

Figure 1. Click LAN Settings to go to the proxy server option.

Figure 2. Enter these proxy-server settings to disable Web browsing in IE.

These changes will keep Windows XP off the Web but still able to talk to other local computers — and the system will still function normally for local computing. But after the April deadline, the system will be fair game to any new vulnerability that hackers might exploit.

Watch where you click and what you do on the Web: We're all familiar with the adage, "You get what you pay for." Online, you might get more than you wanted (mostly unwanted) for free. Be especially careful with Web searches from your XP system. As noted in a DataProtectionCenter.com story, clicking search links for "free software" or recent news topics is likely to take you to a site containing malware or unwanted services.

Be especially judicious about clicking links in ads that are included with Bing and Google search results. For example, the search results for "microsoft support" will likely include paid ads from companies suggesting they provide Microsoft support but that are actually not Microsoft.


Review your backup strategy: As the recent CryptoLocker attacks showcase, keeping current backups is an invaluable tool for recovering from malware attacks. (CryptoLocker is especially pernicious because it encrypts your data and holds it for ransom.) When there are no new security updates for XP, maintaining full system backs will be particularly important. Remember: If your XP system fails, you can't just buy a new system with XP installed. But with a full image backup, you can install it on a virtual machine running on a new Win7 or (more likely) Win8 system.

There's insufficient space in this story to go into the legalities of moving XP onto another physical or virtual PC. In short, retail copies of Windows XP give you the most flexibility. You're allowed to move them to another machine and reactivate the operating system. OEM versions, on the other hand, are tied to the specific hardware they came on.

For a backup system, I'm still a fan of Windows Home Server, though — sadly — it, too, has been put out to pasture. My second choice is Acronis True Image (site). The 2014 edition still supports XP, and it makes full images that you can reinstall on a new hard drive. It also gives you cloud backups, synched-file copies, and other powerful backup options.

Firewalls and Web filtering: The primary task of home and small-business routers is to route traffic over a network. They also typically include wireless networking and hardware-based firewall protection. If you're running an old router, upgrading to a new model will provide better protection for your XP system — and all other devices on your network. In any case, check that the router's firewall is on and properly configured. For more on software firewalls, hardware firewalls, and XP, see the April 3 LangaList Plus story, "Are both PC and router firewalls necessary?"

(Many new routers offer additional features such as remote access to your local data and media streaming, which lets devices on the net share music, video, and such. A recent CNET story compares some of these new, enhanced models. Just don't be embarrassed if you need to ask some 10-year-old kid to help you set it up.)

Web filtering can also add another level of protection from malware. For example, OpenDNS (more info), a service that's been around for years, can block browsing to suspect sites. It's free and works well for home networks.

Adding the OpenDNS settings to your router extends Web filtering to all devices on the local net. The process is relatively simple: open the router's admin menu system and enter 208.67.222.222 and 208.67.220.220 (these are OpenDNS's IP addresses) into the router's DNS section. Save the changes, and you're done. The next time you go to a site on the Web, your request will go through the OpenDNS servers, not your ISP's DNS servers. Some ISPs such as Comcast already provide OpenDNS as an option. If you pay a small subscription fee, OpenDNS lets you customize what's filtered and blocked.

Check your media: Optical disks don't last forever, and it seems as if they're always getting misplaced. Take some time now to ensure you have your original XP installation disc and make an ISO image of it. You can burn a copy using products such as MagicISO, Passcape ISO Burner, and ISO Recorder. Store the ISO on a flash drive or other removable media.

Next, download a copy of XP SP3 from the Microsoft site and save it for a rainy day. And finally, check that you have your Windows XP product key written down in a safe place. (On OEM systems, look on the side or back of the case for a tiny sticker that's by now almost unreadable. (Again, Windows XP machines can still be reactivated after April 2014.) If you've lost your product key, you'll have to rely on a full image backup.

Keep third-party apps up to date: After Microsoft ends support for XP, some third-party software vendors will continue XP support for their products. If you haven't done so already, install Secunia's Personal Software Inspector (site). It still supports XP SP3 and will help ensure you have the most currently available version of installed software.

Also, check for any hardware-related updates such as system firmware, video drivers, and so forth. If you have an OEM system, start with the vendor's website. The better PC manufacturers offer automated scanning tools that will find your system's serial number and use it to ensure you have up-to-date drivers.


Give your aging Windows XP system some new life
Hardware upgrades can extend the life of older systems. For example, install a solid-state drive (SSD). On older machines, the trick is finding the right type of drive connector. Most SSD drives use SATA, not the older IDE. But with a bit of searching, I found an IDE SSD for an aging laptop.

Make a backup image of your existing drive and install the image on the new SSD — that could give a sluggish XP system renewed vigor. (This also works nicely on older Windows 7 machines.) If the system is running out of space and a new SSD drive won't fly, consider upgrading to a larger traditional drive, one last time. (I find upgrading to a larger hard drive easier and safer than attempting to clean out old system files.)

Over the years, applications haven't gotten any smaller or more efficient. Upgrading RAM is another relatively inexpensive and painless improvement for XP systems. Crucial's website has a tool that scans a PC's memory and hard drive, then suggests upgrades.

(While you're at it, check whether your XP system has an svchost overrun, as reported in the Dec. 12 Patch Watch column [paid content]. Some XP users have solved the problem by manually installing the latest IE security updates.)

At this stage in XP's life, I don't recommend video upgrades because it's hard to find cards compatible with older bus slots. On the other hand, feel free to buy a larger monitor — it'll be one less item to purchase when you eventually move to a newer PC.


It all comes down to embracing change
As I said at the top, all good things must come to an end. Those of us who grew comfortable with Windows 98 were reluctant to move to Windows XP. Many XP users were — or still are — reluctant to upgrade to Windows 7 (Vista users: not so much). Windows 7 has quickly become the workhorse operating system for many PC users, who see no compelling reason to move over to Windows 8. (You can still purchase a new Win7 system, but probably for not much longer.) The simple rule: When Microsoft ends support for a product, it's probably past time to give it up. And that's where we stand today with XP.

Finally, the holiday season is a time for giving. If you're the family geek, pass along these tips to those who have older Windows systems. Better yet, grab an eggnog and review their XP options with them. It might be the best gift they get this year!

[PrehistoricRez]

Why does windows get crappier with every new version, my new one has 8, I will never buy another windows based computer

[upoladeb]

They do the same things with cars,have you tried to work on one.I gave up back when I couldn't find the carberator &coil wire.I still have my first desk top I play c.d.'s on and got use to this new lap top but when you don't know much you don't have much to readjust!

[W. Gray]

I actually started with Windows 1, way back in the 80s. Then it was just a glorified menu system.

I recall when I converted to Windows 98, it took something like fifteen 3.5 inch disks to get it up and running.

I was unfortunate to have run Windows Me and Vista, two of the worst systems with Windows Me being the most atrocious. It looks like Windows 8 follows the late "tradition" of every other Windows system being a dud. Windows 9 will probably be a good system if it follows that tradition.

[W. Gray]