Some best practice rules for XP computers, after final Windows Updates.
April 8, 2014
As I write this it is April 8, 2014. Today marks the final Patch Tuesday Windows Updates for the XP operating system and also for MS Office 2003. Please run Windows Update from all XP computers, sometime around 2PM your time.
Once you have applied these updates and rebooted, you are totally on your own to protect XP computers from malware, viruses and information stealers. Most anti-virus programs will continue to run on XP and will receive updates for at least one more year. But, none that I have looked into have any real long term commitments planned, with the possible exception of customers who can pay for ongoing support.
If you must continue operating XP computers for some programs that will not run on Windows 7 or newer, follow best security practices, as outlined below.
- Keep XP PCs off the Internet if at all possible.
- Keep networked XP computers behind hardware firewalls, with public facing ports closed and remote services turned off.
- Make sure that the XP Firewall stays active and enabled at all times. It may block a dangerous packet coming from other infected computers on the same network. This is how computer worms spread internally.
- if possible, operate your XP with reduced user privileges (e.g. Limited User, or Power User if you know what you are doing). A less privileged user account is almost 92% less likely to become unknowingly infected than one with Administrator privileges.
- Less privileged users can still be tricked by clever wording to run a malicious installer with Administrator credentials. So beware requests to run unexpected executables in what you thought was just a document, form, or invoice. E-mail attachment scams use this tactic to install Ransomeware and banking Trojans.
- Delete temporary files often. I use CCleaner every night before shutting down my computers. You never know when your brower has silently downloaded a malware installer to a Temp directory, where it lies in wait.
- If the PC must go online, install anti-malware protection, like MalwareBytes Anti-Malware.
- Also install an anti-virus that supports XP and receives regular updates
- Disable the View option that hides known file extensions! A lot of malicious executables are disguised as images, or PDFs (by substituting icons). Double clicking to open them actually launches the malware installers.
- An unprotected offline XP computer can still become infected if you plug an external USB or networked drive into your computer and that drive contains a malicious Autorun installer.
If you are not tied to these old computers by programs that you really need, consider moving up to Windows 7 or newer. Data files can be copied over from your old hard drives, via thumb drives. There are even programs that will transfer settings for you.