Stories
Slash Boxes
Comments

SoylentNews is people

posted by LaminatorX on Wednesday March 05 2014, @07:30AM   Printer-friendly
from the unplugging-the-network-cable dept.

Appalbarry writes:

"Microsoft is about to abandon Windows XP to the wolves. Fair enough it's ancient. However, there are still going to be a lot of XP boxes out there, and a fair number of them are unlikely to ever get upgraded until the hardware dies.

My question is: what's available to help make this old OS stay reasonably secure and safe for the people who can't or won't abandon it?

Over the years I've been through Central Point Antivirus, Norton, McAfee, AVG, stuff like Zone Alarm, and of course the various Microsoft anti-malware offerings. But since moving over to Linux I really haven't kept up on the wild and wonderful world of Windows security tools.

Suggestions?"

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 5, Informative) by Marand on Wednesday March 05 2014, @07:33AM

    by Marand (1081) on Wednesday March 05 2014, @07:33AM (#11204) Journal

    Probably the safest way to deal with it is to run an OS that still receives updates, such as a Linux distro or newer Windows version, and put XP on a virtual machine using something like VirtualBox. Take away its access to the network completely and just use the software you need.

    Alternately, get a new computer and take the XP one off the network. Use it offline-only.

    Starting Score:    1  point
    Moderation   +4  
       Insightful=2, Informative=2, Total=4
    Extra 'Informative' Modifier   0  

    Total Score:   5  
  • (Score: 5, Funny) by Anonymous Coward on Wednesday March 05 2014, @07:48AM

    by Anonymous Coward on Wednesday March 05 2014, @07:48AM (#11210)

    But nothing else runs IE5 quite as well as XP. You can't do this to me!

  • (Score: 5, Informative) by Bokononist on Wednesday March 05 2014, @08:33AM

    by Bokononist (3013) on Wednesday March 05 2014, @08:33AM (#11218)

    No amount of antivirus is going to stop an unpatched windows box being successfully attacked, I think it's been mentioned a few times that the vulnerabilities that are going to be used by attackers are the ones that are reverse engineered from the patches handed out to supported windows machines. These vulnerabilities will remain there forever, and as such the best advice is use it for an offline machine. The problem is that most people that are still on xp use it for web surfing and itunes(and whatever dodgy filesharing site they can find Bearshare usually.). Now I know some are using it for legacy software etc. but these people are generally geeks and will heed the advice doled out here. Most users will not even be aware of what's happening, and this is a large majority imo, especially developing nations and the poorer parts of 1st world countries (facts pulled from my arse), these are the targets and they will be rinsed until their machine breaks and they have to buy a new one.
      The best advice, that is the advice that I think is the most likely to be listened to and therefore effective is to use an pirate copy of windows 7 and save up for a genuine one in their own time, not that they'll follow the second bit. The only way you could get these people to use a VM is if you put a script on there to boot into it automatically, but we're talking about people who eill likely not be aware this is happening so why would they come to you in the first place?

    --
    Beware of the man who works hard to learn something, learns it, and finds himself no wiser than before.
    • (Score: 5, Interesting) by VLM on Wednesday March 05 2014, @12:26PM

      by VLM (445) Subscriber Badge on Wednesday March 05 2014, @12:26PM (#11290)

      You could remove the word "unpatched" from the first line and still be correct.

      Most people stuck on XP in my experience are not surfing the web, they're running a $500K FTIR spectrometer, personally I run an old eprom programmer, or they running a CNC machine tool, or a video generator / automation system in the broadcast industry, or something similar.

      If my eprom programmer lives behind a stateful firewall, never runs a web browser, never runs anything but the eprom programmer software which autostarts on boot, well, all that really matters is Samba continuing to support XP to make it easy to burn images. And if that goes away I'd use the web browser to download from an intranet site.

      I have two XP installs, one runs steam and nothing else for the games that don't run on linux steam, and one runs an eprom burner and nothing else. Fairly safe.

      • (Score: 1) by Runaway1956 on Wednesday March 05 2014, @03:17PM

        by Runaway1956 (2926) Subscriber Badge on Wednesday March 05 2014, @03:17PM (#11356) Journal

        We have an NT4 install at work that runs a sonic welder. It has NEVER been connected to any net, and you have to physically open the electrical cabinet, then access the little mini-tower in order to plug anything into it. It's perfectly secure - or so it seems. It's welded many millions of parts now, and it seems to still be doing the same job it has always done.

        I don't know how we got that Windows machine - we have several other welders produced by the same company, all of which run Linux.

      • (Score: 1) by ElderGeek on Wednesday March 05 2014, @03:59PM

        by ElderGeek (1387) on Wednesday March 05 2014, @03:59PM (#11372)

        I wish our CNC machine ran on XP, it only speaks NETBEUI and not the version packaged in Windows XP. I have run it in a Windows 98 VM. It seemed like a good idea back in '06, and it seems even a better idea now.

    • (Score: 0) by Anonymous Coward on Thursday March 06 2014, @02:59PM

      by Anonymous Coward on Thursday March 06 2014, @02:59PM (#11966)

      If people were concerned about security, they wouldn't use Windows. Windows 7 and 8 are vulnerable so why change?

  • (Score: 3, Interesting) by TheloniousToady on Wednesday March 05 2014, @01:46PM

    by TheloniousToady (820) on Wednesday March 05 2014, @01:46PM (#11316)

    In my case, the ongoing need I have for a couple of XP machines revolve around hardware and drivers, so the virtual machine idea doesn't apply. (I use some old specialized hardware whose drivers were never ported to the Vista+ driver model.) So, it looks to me like the only defense I have is to leave the machines off or disconnected from the network as much as possible. Along with the usual precautions of having a firewall, anti-virus software, and being selective in where I surf (probably not at all on those machines) and what I install (little, if anything), I don't think I'll run into any problems. Then again, maybe I'm being over-optimistic. We'll see.

    • (Score: 2, Informative) by TK on Thursday March 06 2014, @04:44PM

      by TK (2760) on Thursday March 06 2014, @04:44PM (#12041)

      I have a similar situation with computers running Windows 2000 (and soon the XP ones too), I've taken the first step by taking them off the network, but just in case they catch something from a filthy flash drive (or floppy, in some cases), I've backed the drives up in a raw format with DriveImage XML.
      http://www.runtime.org/driveimage-xml.htm [runtime.org]

      --
      The fleas have smaller fleas, upon their backs to bite them, and those fleas have lesser fleas, and so ad infinitum
  • (Score: 1) by fotonix on Wednesday March 05 2014, @09:39PM

    by fotonix (2922) on Wednesday March 05 2014, @09:39PM (#11533) Homepage

    This is the setup that has worked 80% for me. I dodged the Vista fiasco, didn't like 7 too much, and Win 8 confirmed a new path, away from windows. I moved to Linux and have XP in a VirtualBox VM. It has no internet / network and is certainly never used for any browsing. I run a few legacy apps for photo work.

    But I said 80%.... in the 20% is some paid-for panoramic software that others claim to have working perfectly in a VM. But not mine. Not my VM. I've had one other application do the same - it starts and vanishes. No log, no error, nothing.

    --
    Over-thought solutions get over-engineered and miss the user's requirements.