SoylentNews is people
SoylentNews
posted by
LaminatorX
on Wednesday March 05 2014, @07:30AM
from the unplugging-the-network-cable dept.
from the unplugging-the-network-cable dept.
Appalbarry writes:
"Microsoft is about to abandon Windows XP to the wolves. Fair enough it's ancient. However, there are still going to be a lot of XP boxes out there, and a fair number of them are unlikely to ever get upgraded until the hardware dies.
My question is: what's available to help make this old OS stay reasonably secure and safe for the people who can't or won't abandon it?
Over the years I've been through Central Point Antivirus, Norton, McAfee, AVG, stuff like Zone Alarm, and of course the various Microsoft anti-malware offerings. But since moving over to Linux I really haven't kept up on the wild and wonderful world of Windows security tools.
Suggestions?"
This discussion has been archived.
No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
sillema sillema nika su
(Score: 5, Informative) by Marand on Wednesday March 05 2014, @07:33AM
Probably the safest way to deal with it is to run an OS that still receives updates, such as a Linux distro or newer Windows version, and put XP on a virtual machine using something like VirtualBox. Take away its access to the network completely and just use the software you need.
Alternately, get a new computer and take the XP one off the network. Use it offline-only.
(Score: 5, Funny) by Anonymous Coward on Wednesday March 05 2014, @07:48AM
But nothing else runs IE5 quite as well as XP. You can't do this to me!
(Score: 5, Informative) by Bokononist on Wednesday March 05 2014, @08:33AM
No amount of antivirus is going to stop an unpatched windows box being successfully attacked, I think it's been mentioned a few times that the vulnerabilities that are going to be used by attackers are the ones that are reverse engineered from the patches handed out to supported windows machines. These vulnerabilities will remain there forever, and as such the best advice is use it for an offline machine. The problem is that most people that are still on xp use it for web surfing and itunes(and whatever dodgy filesharing site they can find Bearshare usually.). Now I know some are using it for legacy software etc. but these people are generally geeks and will heed the advice doled out here. Most users will not even be aware of what's happening, and this is a large majority imo, especially developing nations and the poorer parts of 1st world countries (facts pulled from my arse), these are the targets and they will be rinsed until their machine breaks and they have to buy a new one.
The best advice, that is the advice that I think is the most likely to be listened to and therefore effective is to use an pirate copy of windows 7 and save up for a genuine one in their own time, not that they'll follow the second bit. The only way you could get these people to use a VM is if you put a script on there to boot into it automatically, but we're talking about people who eill likely not be aware this is happening so why would they come to you in the first place?
Beware of the man who works hard to learn something, learns it, and finds himself no wiser than before.
(Score: 5, Interesting) by VLM on Wednesday March 05 2014, @12:26PM
You could remove the word "unpatched" from the first line and still be correct.
Most people stuck on XP in my experience are not surfing the web, they're running a $500K FTIR spectrometer, personally I run an old eprom programmer, or they running a CNC machine tool, or a video generator / automation system in the broadcast industry, or something similar.
If my eprom programmer lives behind a stateful firewall, never runs a web browser, never runs anything but the eprom programmer software which autostarts on boot, well, all that really matters is Samba continuing to support XP to make it easy to burn images. And if that goes away I'd use the web browser to download from an intranet site.
I have two XP installs, one runs steam and nothing else for the games that don't run on linux steam, and one runs an eprom burner and nothing else. Fairly safe.
(Score: 1) by Runaway1956 on Wednesday March 05 2014, @03:17PM
We have an NT4 install at work that runs a sonic welder. It has NEVER been connected to any net, and you have to physically open the electrical cabinet, then access the little mini-tower in order to plug anything into it. It's perfectly secure - or so it seems. It's welded many millions of parts now, and it seems to still be doing the same job it has always done.
I don't know how we got that Windows machine - we have several other welders produced by the same company, all of which run Linux.
(Score: 1) by ElderGeek on Wednesday March 05 2014, @03:59PM
I wish our CNC machine ran on XP, it only speaks NETBEUI and not the version packaged in Windows XP. I have run it in a Windows 98 VM. It seemed like a good idea back in '06, and it seems even a better idea now.
(Score: 0) by Anonymous Coward on Thursday March 06 2014, @02:59PM
If people were concerned about security, they wouldn't use Windows. Windows 7 and 8 are vulnerable so why change?
(Score: 3, Interesting) by TheloniousToady on Wednesday March 05 2014, @01:46PM
In my case, the ongoing need I have for a couple of XP machines revolve around hardware and drivers, so the virtual machine idea doesn't apply. (I use some old specialized hardware whose drivers were never ported to the Vista+ driver model.) So, it looks to me like the only defense I have is to leave the machines off or disconnected from the network as much as possible. Along with the usual precautions of having a firewall, anti-virus software, and being selective in where I surf (probably not at all on those machines) and what I install (little, if anything), I don't think I'll run into any problems. Then again, maybe I'm being over-optimistic. We'll see.
(Score: 2, Informative) by TK on Thursday March 06 2014, @04:44PM
I have a similar situation with computers running Windows 2000 (and soon the XP ones too), I've taken the first step by taking them off the network, but just in case they catch something from a filthy flash drive (or floppy, in some cases), I've backed the drives up in a raw format with DriveImage XML.
http://www.runtime.org/driveimage-xml.htm [runtime.org]
The fleas have smaller fleas, upon their backs to bite them, and those fleas have lesser fleas, and so ad infinitum
(Score: 1) by fotonix on Wednesday March 05 2014, @09:39PM
This is the setup that has worked 80% for me. I dodged the Vista fiasco, didn't like 7 too much, and Win 8 confirmed a new path, away from windows. I moved to Linux and have XP in a VirtualBox VM. It has no internet / network and is certainly never used for any browsing. I run a few legacy apps for photo work.
But I said 80%.... in the 20% is some paid-for panoramic software that others claim to have working perfectly in a VM. But not mine. Not my VM. I've had one other application do the same - it starts and vanishes. No log, no error, nothing.
Over-thought solutions get over-engineered and miss the user's requirements.
(Score: 5, Funny) by Anonymous Coward on Wednesday March 05 2014, @07:36AM
turn them into honeypots
(Score: 1) by nightsky30 on Wednesday March 05 2014, @12:40PM
The lentils have marked this as funny, and perhaps it is. But I think this is also a very good idea. The possibility that a box might be a honeypot might cause a would be attacker to think twice before attempting an XP intrusion. Of course this won't stop every attacker. I'm sure some love the challenge and risk. Overall, it might catch a few and deter a few.
(Score: 3, Funny) by muthauzem on Wednesday March 05 2014, @04:58PM
Perfect opportunity for a aquarium XKCD Style: http://www.xkcd.com/350/ [xkcd.com]
(Score: 0) by crutchy on Wednesday March 05 2014, @07:44AM
hosts file*
(c) apk
(Score: 0) by Anonymous Coward on Wednesday March 05 2014, @07:59AM
Spybot Destroyer Pro Platinum Gold PLUS AVG Silver Platinum Virus Buster Gold, PLUS Norton's Extra Security Privacy Plus Iron Lock Trojan Killer. I could go on...
(Score: 0) by Anonymous Coward on Wednesday March 05 2014, @01:34PM
Care to explain the joke? I know what the host file is and how to use it. But the joke is not there for me.
(Score: 3, Informative) by Bokononist on Wednesday March 05 2014, @02:48PM
apk was a troll on Slashdot for a few months, he used to write ridiculously long posts extolling the great virtues of hosts files and the endless good that they could do. He would copy and paste each post he made and add a few sentences at a time until his posts were insanely long. The apk jokes are based around relief that he finally went away I think.
Beware of the man who works hard to learn something, learns it, and finds himself no wiser than before.
(Score: 2) by ticho on Wednesday March 05 2014, @03:23PM
Months? Try years. Or was it really just months that seemed like years, thanks to all the scrolling past APK's posts?
(Score: 2, Informative) by cwix on Wednesday March 05 2014, @04:41PM
Be careful using his name. He is like beatleguise. If you say his name three times in one post he shows up.
(Score: 1) by basecase on Thursday March 06 2014, @06:48PM
Jeremiah Cornielius
(Score: 1) by gottabeme on Thursday March 06 2014, @06:49PM
Nooo!! Don't summon him!!! This is our chance to start over!! With a new tr--I mean, without him!!!
(Score: 5, Informative) by Popeidol on Wednesday March 05 2014, @08:02AM
The best options are, of course: Disconnect from all networks, or run XP as a VM and always boot to a clean image.
If you do need physical network-connected boxes, there's still a few steps you can take to mitigate the risk.
You could also try a product like Deep Freeze [faronics.com] which resets the OS partition to a known clean state after each reboot (careful where you save your data!).
Given the time and money it'd take, it's probably easiest just to keep a strong backup system and prepare to replace it when the inevitable happens.
(Score: 1) by BradleyAndersen on Wednesday March 05 2014, @02:00PM
that's exactly why there will always be XP machines around
(Score: 2, Informative) by tibman on Wednesday March 05 2014, @03:44PM
Sandboxie is a good option as well. You can run any application that does outside communication or consumes media inside a sandboxie container.
When an application writes to disk it is virtual. To the application (and any other application in the container) the data is there. You can explore this data or just wipe it. Makes it easy to export configs, downloads, or anything that your applications generate back to the real file-system.
The only gotcha is applications that require admin access to run. Pretty sure they can punch through the container or do things that sandboxie can't control.
SN won't survive on lurkers alone. Write comments.
(Score: 2, Informative) by _NSAKEY on Wednesday March 05 2014, @05:25PM
In regards to reducing the attack surface, I always felt that the part about disabling services in this guide was fun: https://web.nvd.nist.gov/view/ncp/repository/check list/download?id=125 [nist.gov] I spent a weekend in 2007 or so making my own custom XP image that was stripped down and hardened to the "SSLF Laptop" guidelines.
(Score: 1) by Common Joe on Thursday March 06 2014, @06:35AM
Is there any good way to authorize an XP box without an Internet connection or do we still have to call up Microsoft? (Haven't done it in a while.)
(Score: 5, Informative) by Luke on Wednesday March 05 2014, @08:59AM
I manage upwards of 1000 machines across a variety of businesses. I also run XP on my own machine (these days inside a VM on a Linux host, but that's another story).
In the case of my client's machines they are almost always behind a proxy server, do not have any DNS entries, run a lightweight antivirus, do not use IE (and if they use Lookout the IE engine is prevented from accessing the 'net via a proxy rule).
What's so interesting about that?
Well, *none* of them have any updates installed from a bare SP3 install (if using XP). This is by design, following a particularly bad M$ update a few years ago...
In general they do not have any issues, very rarely get a virus and almost never require re-imaging.
My point of course is that, carefully managed, the world isn't going to end once M$ halts their update program, and there's no reason why XP-based machines couldn't continue to serve a useful life for some years to come.
In my view there are two main reasons why this works. The first of course is the network design and protection used. The second, and most important I think, is user education. Almost all of the machines are used by people with a modicum of intelligence, who are regularly exhorted *not* to click on random email links, not to believe it when some website tells them they have a virus and all the rest of the sensible things that interweb-aware people should know. Every now and then someone messes up and a problem occurs, but there's nothing to say that wouldn't have happened if the machines were 'up to date' in any event, and usually the perp gets his or her misdemeanour publically aired so they all learn from it.
In my own case I've used XP since it came out (and all the M$ OS's before that). I *don't* have anti-virus, my machine is direct on the 'net and other than the usual FF plugins I don't have anything else installed that protects the machine. I've not had a virus in at least ten years, probably much more than that in fact. Again I would put this down to education - and that, along with my clients, the machine is used as a business tool; there are no games or any entertainment applications or websites used.
I realise the latter may be an anathema to some of you (horses for courses of course) but I should think the main premise would still apply - operate carefully, use recognised sites/games, avoid Nigerian money and you should be ok.
Oh, the other story? Well it's the year of the Linux desktop don't ya know - and I *refuse* to have anything to do with W8 so good ol' XP serves to run anything I need on a M$ platform (and the case has a genuine XP sticker!)...
(Score: 2, Insightful) by Gremlin on Wednesday March 05 2014, @10:09AM
The user is definitely the weak point.
Up until very recently my dad was running XP, since around 2005. I had him use Opera for browsing and gave him a pep talk on not clicking on suspicious links, responding to dodgy emails etc. He has had exactly ZERO problems in that time.
Of course if he was browsing porn sites or installing software on a whim then this could be a totally different story. But for your average user, educated on not downloading toolbars, installing software to find mp3's etc I see no problem with using XP.
(Score: 1) by GeminiDomino on Wednesday March 05 2014, @02:23PM
Of course if he was browsing porn sites or installing software on a whim then this could be a totally different story. But for your average user, educated on not downloading toolbars, installing software to find mp3's etc I see no problem with using XP.
Your "average user" is more likely going to be the one "browsing porn sites or installing software on a whim" than the one for whom "educated on not downloading toolbars, installing software to find mp3's etc" takes hold.
"We've been attacked by the intelligent, educated segment of our culture"
(Score: 2) by VLM on Wednesday March 05 2014, @06:55PM
It depends on personal perception. Is your average user my mother in law, or a teenage boy?
(Score: 1) by GeminiDomino on Wednesday March 05 2014, @08:41PM
Personal anecdotal evidence says: your mother-in-law. The teenage boys probably aren't on XP anymore unless they're on their grandmother's computers now. :)
Still, when it comes to solutions, you have to develop for the X factor. "Education" didn't cut it for the past 13 years, why would it work now?
"We've been attacked by the intelligent, educated segment of our culture"
(Score: 1) by MozeeToby on Wednesday March 05 2014, @04:53PM
My point of course is that, carefully managed, the world isn't going to end once M$ halts their update program, and there's no reason why XP-based machines couldn't continue to serve a useful life for some years to come.Part of the concern being raised is that the black hats know the drop dead date is coming and have been sitting on zero days waiting for the opportunity to attack with no one on the other side actively defending. Your precautions all make sense, and you might even be okay but there are lots and lots of people who haven't taken those kinds of precautions and wouldn't know how to even if they wanted.
(Score: 4, Interesting) by gallondr00nk on Wednesday March 05 2014, @09:06AM
I've decided to keep an XP box simply because of hardware issues. It's only really used for older games, and barely gets online.
If you want to install x64 Windows 7, it mandates having signed drivers. There doesn't seem to be a way of getting around it. So this means my Adaptec SCSI card, despite having Windows 7 and Vista drivers, won't install because Adaptec understandably didn't want to fork out $$$ for driver signing on legacy hardware.
If it becomes a problem , I'll probably just install 32 bit Windows 7 (which doesn't require driver signing), but that means giving up extra RAM. 7 in any form also means giving up a loyal but ancient colour laser printer.
You've got to love an OS that arbitrarily dictates terms to you..
The most obvious advice I'd give is *don't log in as admin*. You can escalate permissions just fine in most scenarios, though it isn't as seamless as 7/Vista UAC.
(Score: 5, Informative) by damnbunni on Wednesday March 05 2014, @10:38AM
I have unsigned drivers installed in Win7/64 bit. There's a bit of command line hackery involved, but nothing too terrible.
Open a command line as admin, and:
bcdedit -set loadoptions DISABLE_INTEGRITY_CHECKS
bcdedit -set TESTSIGNING ON
If you don't want to be bothered with the CLI, there's also a program called EasyBCD that has a tickbox in its 'Advanced' section to disable the driver signature check.
(Score: 2) by gallondr00nk on Wednesday March 05 2014, @11:02AM
Indeed, I've used the method on other machines. The trouble is I believe it needs a reboot, which is out of the question on the installation DVD.
(Score: 2) by VLM on Wednesday March 05 2014, @06:59PM
I remember when windows admins used to make fun of how unintuitive and complicated linux admin work was, especially the command line access. The times certainly change.
(Score: 3, Funny) by Anonymous Coward on Wednesday March 05 2014, @09:14AM
That's the only way to be sure.
(Score: 1) by desgua on Wednesday March 05 2014, @08:56PM
Will it blend?
(Score: -1) by Anonymous Coward on Thursday March 06 2014, @11:29AM
There's nothing wrong with hardware if it is currently running XP.
All it needs is some modern, SUPPORTED software.
Hell, I still have a Pentium 2 perking (running Linux, of course).
To the OP: Solutions will depend on the use case.
1) For 99.9 percent of boxes running XP, simply install Linux beside the existing OS (aka dual boot). The typical Linux distro ships with more useful apps than M$ ever considered bundling without extra cost. Many folks find that all of their needs are met by the default install of a Linux distro; if not there is the package manager that is included.
After you have verified that all needs have been have been met, use GPartEd (on your bootable install media) to reclaim the drive space occupied by the obsolete OS.
Note that residents of Munich should have already picked up one of the thousands of Ubuntu disks handed out gratis by their city fathers.
Other Windoze users around the world would do well to get Zorin OS. If the box is truly ancient and anemic, there is Zorin OS Lite which runs LXDE (Lightweight X11 Desktop Environment).
Like Linux Mint, Zorin ships with proprietary drivers, Flash, Java, yada, yada, yada.
Unlike Mint, Zorin ships with WINE. WINE is a compatibility layer that allows tens of thousands of apps that were written for Windoze to run under Linux.
2) If a client (contractor) or employer (traditional employee) requires you to run a "Windoze-only" app where there is no non-Windoze app as a substitute/option, see WINE (above).
If WineHQ doesn't have at least a bronze rating for that app and/or it doesn't Just Work(tm) under WINE, install VirtualBox (a FOSS virtual machine) and install Windoze in that.
Be sure to make a snapshot of your virtual Windoze install immediately after getting it how you want it so that it is easy to replace when it gets pwned or self-destructs.
3) Some part of your hardware is "Windoze-only".
Have you actually tried Linux this decade? Linux has the BEST hardware support of ANY operating system. (Linux supports new gear better than old proprietary OSes and supports old gear better than new proprietary OSes.)
Some people are simply shocked when they connect their devices to a box running Linux and those obscure gizmos Just Work(tm).
This is sometimes after having put in effort to get those working under a proprietary OS and failing.
--------
Now, as far as Windoze and the anti-virus nonsense, don't forget that there's user-supplied data that M$ has decided to allow into Ring0: macro viruses, font viruses, image viruses.
Stupid, stupid, stupid.
If it wasn't for M$'s poor designs and their 4th-rate support, there would be no need for an anti-virus app on any computer.
As for those saying "Train the user", that's another way of saying "Blame the user".
Just get Linux.
-- gewg_
(Score: 0) by Anonymous Coward on Tuesday March 11 2014, @11:39PM
It's 2014 and Microsoft Windows PCs can still be owned by a JPEG [theregister.co.uk]
Best Linux distros to replace Windows XP? [itworld.com]
-- gewg_
(Score: 0) by Anonymous Coward on Saturday March 15 2014, @06:14AM
Let Zorin OS pick up where Windows XP left off [techrepublic.com]
-- gewg_
(Score: 0) by Anonymous Coward on Tuesday March 25 2014, @07:50AM
It's 2014 and you can pwn a PC by opening a .RTF in Word, Outlook [theregister.co.uk]
-- gewg_
(Score: 1) by WizardFusion on Wednesday March 05 2014, @09:27AM
I use XP at home for a few VMs that I have running, mostly because it used far less resources than 7.
An XP VM is quite happy with 256mb RAM for a simple network monitor (PRTG), or other small apps.
There will still be patches for Windows 2003, and since it's the same codebase, I am sure they will work for XP too.
(Score: -1, Troll) by Anonymous Coward on Wednesday March 05 2014, @09:28AM
is put it back in its original cardboard box and leave that at the bottom of a dumpster.
(Score: 3, Insightful) by Anonymous Coward on Wednesday March 05 2014, @10:09AM
Limit the attack vectors:
- Disable any network-related service you don't use. Bind any you do use to localhost.
- Put it behind a hardware firewall or NAT router.
- Keep your browser (including plugins like Flash) up to date. The browser should be the only attack vector left, so that's what you need to worry about. That probably rules out IE (No updates for XP is likely to include no IE updates). So use Chrome or Firefox.
- Anti virus programs are false sense of security. They only catch the old bad stuff, and it's the new bad stuff you need to worry about. Think "do I really want to open this file", rather than "my anti virus says this file is ok". Plus anti virus software have holes too. Most people don't realise this. Without an anti virus program, your browser (assuming not IE4) will ask you what to do with the file. That gives your brain a chance to stop any attack. With an anti virus program with a security hole, browser downloads file, but before you get asked what to do with it, the anti virus program will "scan" the file. Now imagine a buffer overrun exploit in the anti virus program. Your computer will be "pwned" before you even get asked "do you want to open HotNakedWomen.EXE".
(Score: 1) by WizardFusion on Wednesday March 05 2014, @11:20AM
This. It's all about common sense (which isn't that common anymore)
It's the same for any device you connect to the Big Bad World (tm), make sure the attack vectors are as small as possible.
This principal was known about in Roman times.! https://en.wikipedia.org/wiki/Arrowslit/ [wikipedia.org]
(Score: 0) by Anonymous Coward on Wednesday March 05 2014, @02:02PM
Does anyone care to recommend a good consumer-grade hardware firewall?
(Score: 2, Funny) by TheGrim on Wednesday March 05 2014, @10:30AM
Move to China.
Depending on your definition of 'easy'.
(Score: 2, Insightful) by Anonymous Coward on Wednesday March 05 2014, @11:42AM
There is only one choice you can make that will keep XP secure.
Erase it from your disks and install Linux instead.
(Score: 2) by VLM on Wednesday March 05 2014, @07:08PM
In this modern era of mobile devices, just use the gmail app on your phone and the facebook app on your phone. How to protect my sons old computer for email was a puzzle to me as a linux/unix guy, but it was explained to me that no one uses email on their desktops anymore. Its all tablet and email is only for corporate receipts and the like. Non corporate conversations between people no longer use email, all text or IM or facetime or google hangouts or whatever.
Its like being concerned about my son's teletype machine or telegraph key. I mean, I have stuff like that for ham radio fooling around, but normal people don't.
Why use email (aka gmail) or web (aka facebook) on an old computer at all, ever?
(Score: 4, Interesting) by nightsky30 on Wednesday March 05 2014, @12:29PM
1) Install Linux. This is easily and cheaply done. It's secure, and it works.
2) Unplug the XP box, disable wifi, disable any network adapter, and never ever connect it to any network again. You have something secure, but even more stone age than XP ever was by itself.
3) You can try and load up XP with all sorts of Anti-malware/Antivirus software. You can attempt to load a good third party firewall. Ultimately some exploit will be found that affected the newer versions of Windows as well as XP. It will be traced back and reverse engineered. You will stumble on a page or click a link which will open the door to anyone who wants in your box. Hell, someone might just come looking for you, and walk right in without your help. Keep connected to the interwebs with your old, unsupported OS, and you will eventually be compromised.
(Score: 2) by hatta on Wednesday March 05 2014, @04:12PM
You will stumble on a page or click a link which will open the door to anyone who wants in your box. Hell, someone might just come looking for you, and walk right in without your help. Keep connected to the interwebs with your old, unsupported OS, and you will eventually be compromised.
I keep my XP SP2 box online with few problems. No, I don't use it for general purpose browsing, that would be suicide. But if you block incoming ports at the router, disable scripting on your browser, and run only known safe software, there's not many attack vectors left.
(Score: 0) by Anonymous Coward on Thursday March 06 2014, @03:42AM
I keep *my* XP SP2 box online with no problems, and I *do* use it for general purpose browsing. Am not dead as yet!
I use Firefox with Adblock, of course, and also have Avast running. Have copies of Malwarebytes Anti-Malware, Superantispyware and Rootkit Revealer to hand for an occasional check, but they've never found anything yet. I use VLC rather than WMP. I *don't* bother to run NoScript, and I *do* still use Flash to play games etc.
I haven't downloaded a single update since MS dropped support for SP2. If my box is rooted, then they've done a VERY good job of doing it very silently and invisibly. However, just in case, and because I'm not *completely* stupid, I do all my banking using an Ubuntu Live CD on an old hard-drive-less laptop rather than my XP box.
I am mystified by the rate some people get malware. I've had Avast pop up twice in the last three years, in both cases an attempted drive-by iframe hijack that it blocked. Maybe it's because I don't surf traditional porn sites (I prefer to get my kicks by perving with real-life women I know online) - on the rare occasions I feel the need, it's back to the Ubuntu laptop for that.
So far I think the danger has been greatly exaggerated. Of course, as has been pointed out, once all the zero-day exploits come out after April, that may well be a different matter... so Linux Mint here I come, I guess (my XP machine isn't up to Windows 7).
Posted anonymously as I don't want to give anyone a challenge... :-)
(Score: 3, Interesting) by martyb on Wednesday March 05 2014, @01:52PM
To the editor: excellent story for discussion... timely AND nerd-y!
Background: I have a little 1GHz / 1GB 32-bit netbook and a 1-2GHz / 1.25 GB 64-bit athlon. Both are running XP-Home/SP3.
Problem: As much as I would *like* to move to linux or BSD or the like, I have literally *hundreds* of batch programs (foo.bat or foo.cmd) that I've written over the past 20 years. I use these regularly.
I sense my short-term best option is to get a new machine with Win 7 on it, and port my tools to that. Later, I can look to porting it all to a linux-like environment.
Question:Have any of you found yourself in the same position? What did you do?
Wit is intellect, dancing.
(Score: 3, Insightful) by lentilla on Wednesday March 05 2014, @03:32PM
This will be your experience whilst ever you stay with Windows. Let's say you port to Windows 7. In ten years time you will have THIRTY years worth of batch files, will be worrying about porting to Windows 13 and will be considering "moving to Linux".
The only way to circumvent this "Groundhog Day" of computing is to make the break - waiting will only make the switch more complex and will make the cost higher (as you write more scripts).
If I were you and I really wanted to ditch Windows? I'd do it as soon as possible. Put your existing installation into a virtual machine and run any "mission critical" scripts from there. Force yourself to do day-to-day tasks in the new OS.
The only way to break the addiction is to stop feeding it. I guarantee that if this is what you actually want you will not regret making the leap.
One last piece: when you buy a new computer, resist the urge to "try out" the new version of Windows. Nuke it immediately. Install it as a virtual machine if you must but don't make the mistake of thinking "I'll just try it out...".
(Score: 1) by WizardFusion on Wednesday March 05 2014, @04:42PM
Every single time I buy a new machine I nuke it anyway and install Windows from my TechNet licence. I don't want all the crap that comes with a new machine
(Score: 1) by denmarkw00t on Wednesday March 05 2014, @06:25PM
The only way to break the addiction is to stop feeding it.
Precisely. The original question in the summary of "What should I do to keep XP going" is the wrong question all together. No one should be doing anything to keep XP going if MS is dropping it - honestly. The fact of it is, if you don't move on you'll get bit at some point - I'm almost willing to put up money that someone out there is sitting on an exploit and waiting to release it a few months after XP is "dead" and then they'll have a nice little set of pwnd boxes spanning 50% of desktops in the world.
buck feta
(Score: 2) by jt on Wednesday March 05 2014, @11:38PM
Agreed - the longer you leave it, the bigger the job. Might as well get on with it.
Three paths to consider.
1. Stick with Windows but move to Win7 and port your scripts to Powershell. It's a world away from command.com and surprisingly powerful.
2. Move over to the free world and port your scripts to ksh/bash/whatever. I don't know what your scripts do, but the old Windows batch language is not exactly awash with advanced features unavailable in *nix shells.
3. Start transitioning to a shell or scripting language like Python, one script at a time, in your current working environment. Do one at a time to keep confidence that the ecosystem still works. Before long you'll find you've ported the whole lot, and are now platform independent.
(Score: 2) by martyb on Thursday March 06 2014, @02:07PM
jt (2890) wrote:
I'm in agreement with that.
Have considered this but when last I looked, the powershell I found available for what I have (XP-home/SP3) is limited, and I'd rather not add further entanglements to the windows environment... would make it even harder to transition away in the future.
That would be ideal. I'm familiar with the Unix command environment and have experience with bash, so I like that idea. Several years ago I found a bash implementation that ran under windows: win-bash [sourceforge.net] but it looks like it has not been maintained???
Does anyone here have experience with this? I'm curious as to how stable, solid, and compatible it is with what I'd find under the various distros out there.
I agree that would be the idea solution. I just re-downloaded win-bash and will play around with it a bit.
If anyone here has experience with other compatible shells they could recommend, I'd love to hear about it!
Thanks for the suggestions!
Wit is intellect, dancing.
(Score: 2) by martyb on Thursday March 06 2014, @02:22PM
lentilla (1770) wrote:
Excellent point. That's exactly where I'm at.
At the moment, running in a VM is not an option on my current system. Don't have the compute power or memory to handle it. I'm in the market for a new box and will definitely keep this in mind.
Makes sense to me.... thanks for summing it up so succinctly.
Duly noted! Thanks for the feedback. I guess my hangup is finding a distro that has some staying power (e.g. no gratuitous UI changes), and that is supported on whatever new box I get.
I'm leaning towards a laptop and am open to hearing people's experiences with running Linux on their system. I've heard various things about driver support, especially with respect to video AMD vs NVidia.
Wit is intellect, dancing.
(Score: 1) by etherscythe on Wednesday March 05 2014, @07:55PM
Might be helpful to see exactly what you're doing with them. Much of the command structure is the same from XP to 7 (if anything there are more options now). You can even port to Bash by taking the commands that Linux does not have and simply making an alias to the rough equivalent (DIR>LS for example) in many cases, depending how complex it is.
I wrote a script, for example, that allows me to use OEM activation certificates and SLP keys to activate Windows XP, Vista and 7 on client computers with a fresh reload. It works pretty universally across all of them except where the back-end activation (SLMGR) does not exist on certain platforms (XP). I converted it to an EXE file, but that was mainly for ease of including all the certificate files into an easy, uncluttered format (single .exe file rather than dozens of xrm-ms files and a few bat files).
If nothing else, there is DOSBox, which I even have running on my N900.
"Fake News: anything reported outside of my own personally chosen echo chamber"
(Score: 2) by martyb on Thursday March 06 2014, @01:33PM
etherscythe (937) wrote:
Fantastic point! And probably no simple answer. To complicate matters, over the years I've installed several Unix command utilities and have integrated these into my batch programs, too. I tried cygwin but the install broke and messed up my system. Then I found GNU coreutils, fsutils, and updates to them. Then discovered GnuWin32. Still later found ezwinports. So I've got quite the frankenstein environment there. Have not yet found a stable command-line shell (like bash) that I could run things with, so just kept plugging along with CMD.EXE, such as it is.
I'm open to suggestions for a stable port of, say, bash that I could migrate over to on windows, and then run them *unchanged* on a linux host. It's been a while since I looked and am hoping the community here my be able to offer recommendations.
Never tried DOSBox; sounds interesting! OTOH, I've turned on command extensions and take advantage of them in many places. I've used PC/MS DOS since version 3.0, so I'm sure I could adapt, eventually, but would like to know how far its support goes to emulating what I've got now.
I'm interested in people's experiences and pointers.
Thanks so much for the feedback!
Wit is intellect, dancing.
(Score: 3, Insightful) by r00t on Wednesday March 05 2014, @02:52PM
You could do something like put Linux in front of it as a hardware firewall, that would negate any software firewall compromise on the XP box but you still have the problem of internet access. One bad web browser exploit or Email malware/phishing and the thing is pwned. Firewall or not. Any OS is caught up in an arms race of patches vs. threats but Windows especially has a miserable track record. Running a Windows install that isn't getting any patches is just a question of "when" it will get smoked.
(Score: 2, Interesting) by hendrikboom on Wednesday March 05 2014, @02:56PM
Using a VM under Linux seems to be the way to go if the legacy software needs to be net-connected. You can keep backups of the entire VM within Linux, so it will be possible to back out of trouble if it should occur.
Which brings up some follow-up questions.
(1) Which VM is appropriate? safe? efficient?
(2) Is there a VM that can take an existing Windows system and virtualise it, or is it necessary to start with a fresh XP install on the virtual machine?
-- hendrik
(Score: 2, Informative) by dilbert on Wednesday March 05 2014, @04:31PM
(Score: 1) by hendrikboom on Monday March 10 2014, @06:18PM
Are both Virtualbox and VMware proprietary? If so, I may just end up meeting the same fate with them as with Windows XP now. And do they run under Linux?
(Score: 1) by dilbert on Monday March 10 2014, @06:37PM
Excerpted from https://www.virtualbox.org/ [virtualbox.org]:
VMware offers VMware Player at no charge, but it's not open source. VMware Workstation is not available at no charge, but had additional features above VMware Player.
(Score: 1) by dilbert on Monday March 10 2014, @06:42PM
Both VirtualBox and Workstation are both supported on Linux.
At home I use VirtualBox on Linux every day without any issues.
I've used Workstation at work on a Win7 machine, but I've never used Workstation on a Linux box.
(Score: 3, Interesting) by RobotLove on Wednesday March 05 2014, @04:16PM
I do a lot of project work for other customers, and we frequently log in through their VPN (usually Cisco or Juniper). Getting these VPN clients to work in anything other than XP and IE8 is almost impossible. I've spent days on the phone with tech support trying to get their VPNs to work, eating up valuable project time. Almost always we end up just going to my XP image and getting it set up in an instant there.
So while my company-provided laptop is Win7-64, I do 100% of my project work through a WinXP image. I have no idea what I'm going to do once it's no longer supported.
(Score: 1, Interesting) by Anonymous Coward on Wednesday March 05 2014, @06:07PM
- Remove/uninstall/disable the 'accessories' like windows media player, IE, windows picture and fax viewer. Replace them with stuff like VLC, Firefox, and IrFanView.
- everything else you should be doing to stay secure RIGHT NOW.
- as long as Adobe, java, etc. products keep updating on XP, stick with them. when they stop updating, find alternatives or live without them.
After 13+ years of service and patches, the core OS should be fairly secure if normal security measures are taken. I think XP has reached a maturity level where it no longer really needs any updates from MS. It's fate is now in the hands of the likes of Google, Mozilla, Adobe, Oracle, and hardware vendors. As long as those parties keep releasing and updating for XP, long-live XP!
With that said, I predict there will be pressure/incentives issuing from Redmond for those companies to abandon XP.
(Score: 0) by Anonymous Coward on Thursday March 06 2014, @03:55AM
well just try blowing in its ear (speakers) and see if it follows you everywhere.
(Score: 1) by ngarrang on Thursday March 06 2014, @05:55PM
As the computer expert at work, I get asked a lot of questions by the users regarding their home machines. I have learned that the OP's question needs more questions in response.
The first thing I ask the user is for WHAT they use their home PC. I help them to answer my question with prompts:
1. e-mail?
2. web browsing places like facebook?
3. the occasional text document or spreadsheet?
4. what kind of games?
If the answer to #4 is "no" or "games through my web browser like..." then my answer to them is to consider Linux. I have a Linux box in my office where I demonstrate using Firefox and Chrome, LibreOffice. I bring up sites like YouTube and game sites that use Flash or Java. I show them how Zorin Linux has a very Windows-like interface and is relatively easy to install. I am not a Linux expert. I point them this way because:
1. I don't believe in tossing out functional computers just because they are old.
2. I explain that Linux is actively supported and updated.
3. Once you sit down with it for a week doing just the normal things, you forget you are running Linux.
If the answer to #4 is "yes" and the games are locally installed with no Linux version, then they are kinda stuck. I recommend never using IE ever again, make sure they have our SOPHOS installed (corp license allows employees to run it at home) because it is AV and firewall that being kept up to date. It is start.
(Score: 1) by AnythingGoes on Saturday March 08 2014, @02:34PM
Since there will no longer be any updates to the Windows XP OS, something like Deep Freeze or a tool that blocks all changes to the system files would be best - it won't help the OS from getting pwned, but a reboot will clear out everything :)
And yes, running a newer OS is the best solution and running XP in a VM with blocked network access is probably the second best solution.
And for those who say that they cannot afford to upgrade, please count the cost of rectifying from a successful attack, and see if it makes sense then!