Microsoft’s Windows XP operating system reaches its end of extended support period on April 8th of this year. And after that? No more public system updates. No more public security updates. Users will be on their own. But XP is still a very popular OS – or at least it is prevalent (see other sections of this report for details).
Elsewhere in this report are detection statistics which highlight two very serious threats to Windows users: web-based attacks and Java-based attacks. And Windows XP is particularly an issue because once compromised – it is much more difficult to repair than its siblings. An ounce of prevention is really worth more than a cure in the case of XP.
Prediction: the April 8th “deadline” will be picked up by the mainstream press as a type of “Y2K” apocalypse waiting to happen. And when nothing happens on April 9th? The press will again publicly question what all the fuss was about. Meanwhile, in the tech press… reporters will be patiently waiting for the first critical post-XP vulnerability. When (not if ) a powerful zero-day exploit makes its way to market – that’s when the real concerns begin and important questions will be asked. Can XP be trusted?
But all is not lost. Patching XP is not the first line of defense. Or it really shouldn’t be.
Some businesses will continue to use Windows XP throughout 2014, either due to contractual obligation, or because their customers do so and they need XP to provide support. In those situations, IT managers have their work cut out for them. Air gapping systems or isolation to separate networks from critical intellectual property is recommended.
Businesses should already be making moves such as this for “Bring Your Own Device” (BYOD) users. XP is just another resource to manage.
Folks that continue to use XP at home can do so with some reasonable amount of safety, for a while still, but they absolutely need to review their Internet (particularly web browsing) and computing
habits:
- Install Windows XP’s final update.
- Install an alternative browser or browsers (they’re free!) — don’t rely solely on Internet Explorer. And don’t use Internet Explorer as the default.
- If installed, make sure Microsoft Office is fully patched. Note that older versions of Office will run things such as Flash by default if embedded in documents. If using an older version of Office, tighten up the security options. Don’t open documents from sources you don’t trust.
- Review the third-party software you’ve installed and uninstall anything that isn’t needed.
If you’re going to keep XP, do a “spring cleaning” and get rid of old software.
Because old software very often equals vulnerable software. - For the third-party software that you keep – consider disabling or uninstalling the browser plugins. Set the browser to “always ask” what to do about things such as PDF files.
- Do you need Java installed on your home laptop? Probably not.
- Advanced browser features include “click to play” options. They’re worth the extra effort.
- Have an up-to-date security product with antivirus and firewall installed.
- Keep your XP computer connected to a NAT router, at home, which will act as a hardware firewall.
Practically speaking, this means you shouldn’t be roaming connecting your laptop to free Wi-Fi hotspots – keep your computer at home on a trusted network. - And finally… consider upgrading your OS. If you don’t want Windows 8 – there’s always Windows 7. The OEM installation is still available from many fine online retailers.