HomeLatest ThreadsGreatest ThreadsForums & GroupsMy SubscriptionsMy Posts
DU Home » Latest Threads » Forums & Groups » Main » General Discussion (Forum) » Five Steps to Mitigate Ri...

Sun Mar 30, 2014, 12:57 AM

Five Steps to Mitigate Risks After Windows XP Security Updates End

http://www.itbusinessedge.com/slideshows/five-steps-to-mitigate-risks-after-windows-xp-security-updates-end.html

*very heavily edited*

Limit access by other machines in your environment.

Reduce the privileges of your existing user accounts

Use an up-to-date browser (duh)

Read email in an updated browser (another duh)

Always monitor your systems

IT people, feel free to chime in, as always.

44 replies, 2192 views

Reply to this thread

Back to top Alert abuse

Always highlight: 10 newest replies | Replies posted after I mark a forum
Replies to this discussion thread
Arrow 44 replies Author Time Post
Reply Five Steps to Mitigate Risks After Windows XP Security Updates End (Original post)
steve2470 Mar 2014 OP
BlueStreak Mar 2014 #1
steve2470 Mar 2014 #2
phylny Mar 2014 #39
ucrdem Mar 2014 #3
PowerToThePeople Mar 2014 #4
mindwalker_i Mar 2014 #5
silverweb Mar 2014 #6
defacto7 Mar 2014 #9
eggplant Mar 2014 #11
silverweb Mar 2014 #24
eggplant Mar 2014 #38
silverweb Mar 2014 #40
Aerows Mar 2014 #7
defacto7 Mar 2014 #8
truedelphi Mar 2014 #10
defacto7 Mar 2014 #12
cprise Mar 2014 #16
defacto7 Mar 2014 #22
Spider Jerusalem Mar 2014 #15
defacto7 Mar 2014 #20
truedelphi Mar 2014 #41
Spider Jerusalem Mar 2014 #43
truedelphi Mar 2014 #44
ffr Mar 2014 #13
truedelphi Mar 2014 #42
ladyVet Mar 2014 #14
davidpdx Mar 2014 #17
steve2470 Mar 2014 #18
davidpdx Mar 2014 #21
Cha Mar 2014 #27
davidpdx Mar 2014 #28
Cha Mar 2014 #29
steve2470 Mar 2014 #19
Spitfire of ATJ Mar 2014 #23
lupine25 Mar 2014 #25
Rex Mar 2014 #26
hobbit709 Mar 2014 #31
Rex Mar 2014 #36
Bosonic Mar 2014 #30
eppur_se_muova Mar 2014 #32
Bosonic Mar 2014 #37
mythology Mar 2014 #33
lpbk2713 Mar 2014 #34
L0oniX Mar 2014 #35

Response to steve2470 (Original post)

Sun Mar 30, 2014, 01:22 AM

1. Well, there is one other thing you can do

Upgrade to software that was produced in the past 12 years.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to BlueStreak (Reply #1)

Sun Mar 30, 2014, 01:24 AM

2. nailed it nt

Reply to this post

Back to top Alert abuse Link here Permalink


Response to BlueStreak (Reply #1)

Sun Mar 30, 2014, 01:59 PM

39. I wish.

Work computers run a program that only runs on XP. Owners do not want to convert to another program. So, at work, it is what it is.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to steve2470 (Original post)

Sun Mar 30, 2014, 01:31 AM

3. DU rec

Reply to this post

Back to top Alert abuse Link here Permalink


Response to steve2470 (Original post)

Sun Mar 30, 2014, 01:34 AM

4. One step to mitigate risks after updates end.

Switch to a supported OS.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to steve2470 (Original post)

Sun Mar 30, 2014, 01:34 AM

5. Switch to Linux

Reply to this post

Back to top Alert abuse Link here Permalink


Response to steve2470 (Original post)

Sun Mar 30, 2014, 01:38 AM

6. I can't switch.

The company I work for owns the PC I use at home and runs XP, so I don't have the option of changing. Therefore, the suggestions in this article are very useful to me.

Thanks for posting.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to silverweb (Reply #6)

Sun Mar 30, 2014, 01:42 AM

9. I guess you have a point.

That is unfortunate though. Everything that XP has is compatible with Linux but if your work owns it, well that's that.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to silverweb (Reply #6)

Sun Mar 30, 2014, 03:04 AM

11. Inform your employer...

...of their risk and potential liability of having unsupported business systems out in the wild. As soon as the first exploit is found for XP that ISN'T patched (after next month), all XP machines will be at risk forever, and that includes all of their private business matters.

On the other hand, using a business machine for personal things is asking for trouble. Your employer owns the machine, and thus they own everything on the machine, including all of your personal history. I understand the temptation, but in the long run you are just asking for trouble, especially if they suddenly want it back. Try to migrate away from it for your personal stuff, if possible.

You should be able to find your own personal machine running Windows 7 (used, even) for a few hundred bucks at the most. The really nice new all-in-one Lenovo I got my kid was $300, and it's one the best in our house aside from my development boxes.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to eggplant (Reply #11)

Sun Mar 30, 2014, 04:25 AM

24. Our tech people are aware.

They even sent out notices before XP support stopped to say that they're "working on" the situation, whatever that means.

I don't normally use the PC for personal stuff, but have had to since my old laptop died. There's nothing so earth shattering that I'd be suicidal if the boss snooped, though. Since I've been through a number of PCs over the years I've been with this company, all my personal stuff is saved in a cloud storage account.

Meanwhile, a new laptop is getting very near the top of my priority list.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to silverweb (Reply #24)

Sun Mar 30, 2014, 01:05 PM

38. Cool!

Glad you seem to be on top of it. If you are patient, you can find really good random deals (in various price ranges) here: http://slickdeals.net/

Good luck.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to eggplant (Reply #38)

Sun Mar 30, 2014, 04:28 PM

40. Thanks!



Reply to this post

Back to top Alert abuse Link here Permalink


Response to steve2470 (Original post)

Sun Mar 30, 2014, 01:38 AM

7. If your hardware isn't something upgraded from windows 98

Chances are, you can upgrade to Windows 7.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to steve2470 (Original post)

Sun Mar 30, 2014, 01:40 AM

8. Dump it.

put on Linux. There's no reason in fact to keep XP, there hasn't been for years and if it's on the net in any form it's vulnerable. Or if there is data transfered via cd, dvd or thumb drive (or diskette) to any other computer, that computer is vulnerable.

It's not worth it !!!



Reply to this post

Back to top Alert abuse Link here Permalink


Response to defacto7 (Reply #8)

Sun Mar 30, 2014, 02:46 AM

10. Would you suggest Ubuntu, or soemthing else?

There was another Linus, something like deanna? so maybe a discussion about the options would be good to hear.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to truedelphi (Reply #10)

Sun Mar 30, 2014, 03:05 AM

12. There are a lot of great Linux OS systems

Ubuntu is a good option with different desktop choices. There is Mint which is a stable Ubuntu/Debian knockoff. Many love it. There are some Linux OSs that are for more experienced users like Debian and Slackware and some for very old and small machines. There are some OSs that run completely on ram at an extremely fast rate like Puppy Linux and Damn Small Linux. There are also different desktop options that have totally different screen functions or in my case... I like the good old Gnome Classic. I also run Enlightenment desktop but that is sort of experimental. Bodhi Linux does a great job of putting up Enlightenment desktop.

Here's a link to a vast collection of Linux OSs you can browse: http://distrowatch.com/ It has explanations for each, their origin, what application they work best with. When you decide, you just download and install. I suggest a live cd.

To make it simple, you can always choose Ubuntu, try it out with the standard desktop (Unity) and if you don't like the unity desktop, download the Gnome classic and give Ubuntu a whirl with that one.

The possibilities are endless... and free.

Any specific issues with installation or the like, I'd be glad to talk with you. It's a favorite subject for me.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to defacto7 (Reply #12)

Sun Mar 30, 2014, 03:26 AM

16. *crickets*

Reply to this post

Back to top Alert abuse Link here Permalink


Response to cprise (Reply #16)

Sun Mar 30, 2014, 03:40 AM

22. Yep.. good fish bate.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to truedelphi (Reply #10)

Sun Mar 30, 2014, 03:23 AM

15. I'd probably recommend you try Ubuntu

and specifically the Lubuntu distribution--it uses LXDE, the "Lightweight Desktop Environment", which runs quite well on older hardware and is similar enough in look and feel to WinXP that you'd be comfortable with it.



And here:


http://www.omgubuntu.co.uk/2014/02/four-reasons-why-windows-xp-users-should-switch-to-lubuntu-this-april

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Spider Jerusalem (Reply #15)

Sun Mar 30, 2014, 03:36 AM

20. Nice choice.

I use the same on a laptop and it's solid and fast.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Spider Jerusalem (Reply #15)

Sun Mar 30, 2014, 11:40 PM

41. That looks enticing. However, here is one question -

Will I be able to play YouTube files on lubuntu?

Reply to this post

Back to top Alert abuse Link here Permalink


Response to truedelphi (Reply #41)

Sun Mar 30, 2014, 11:48 PM

43. Yes

it installs the Flash plugin you need to play web content like Youtube videos. Or rather, there is an option for you to install it when you set up the system; Flash and certain other software for DVD/MP3 playback is non-free/not opensource, so you have to tick an extra box to have it included.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Spider Jerusalem (Reply #43)

Sun Mar 30, 2014, 11:51 PM

44. Got it. Thanks for posting this info. n/t

Reply to this post

Back to top Alert abuse Link here Permalink


Response to steve2470 (Original post)

Sun Mar 30, 2014, 03:14 AM

13. The way I look at it is whether the user is a high risk user

that's always in trouble with viruses. Otherwise, I'm not concerned at all. Personally, I don't even use anti-virus software. And before the flamers get too carried away, I have installed them, but after I scan once and find nothing, I remove them. I'm like many users who are low risk. Our Internet behavior, the sites we visit, are not likely to contain viruses and if on the odd chance they did, I doubt they'd make it through my browser.

I have a Windows 98 PC, three Windows XP Pro SP3 PCs and one Windows 7 64-bit PC. 30 years of computing, not one virus to show for it.

You guys go ahead and upgrade. I'm not.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to ffr (Reply #13)

Sun Mar 30, 2014, 11:42 PM

42. Publish one news article critical of Monsanto, and suddenly beign virus-free

becomes a thing of the past.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to steve2470 (Original post)

Sun Mar 30, 2014, 03:14 AM

14. Thanks for the link.

My old computer (currently on XP Pro) won't handle anything newer than Vista. My sons are thinking of switching me to some variety of Linux.

We just stripped the thing down and reloaded Windows, and I hate to start over again on all my programs, but we'll do it.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to steve2470 (Original post)

Sun Mar 30, 2014, 03:31 AM

17. Glad you brought this up

My mom was just asking about this. I'll send it to her. She bought a new Samsung notepad, but still has an outdated computer with XP on it.

Way OT:

She also asked for suggestions on what to name her wireless connection. Apparently someone in the neighborhood had theirs labeled "FBI Surveillance Van". Probably someone trying to prevent people from messing with their connection.

If anyone has suggestions I'll pass them on.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to davidpdx (Reply #17)

Sun Mar 30, 2014, 03:33 AM

18. for giggles I name mine NSA_FT_MEADE_MD

For more info about XP, we have pinned threads in Computer Help and Support.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to steve2470 (Reply #18)

Sun Mar 30, 2014, 03:37 AM

21. I suggested NSA Special Ops

I think the others were:

Secret Service
Guantanamo drop off point (I know, bad)

and my favorite...

Putin Stinks

Reply to this post

Back to top Alert abuse Link here Permalink


Response to davidpdx (Reply #21)

Sun Mar 30, 2014, 06:17 AM

27. heh

Putin Stinks

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Cha (Reply #27)

Sun Mar 30, 2014, 06:26 AM

28. My mom's reaction was

Yeah, that's true but I'm not going to use that. So much for a sense of humor.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to davidpdx (Reply #28)

Sun Mar 30, 2014, 06:28 AM

29. hehe.. can't fault

her knowledge of Putin though.

Reply to this post

Back to top Alert abuse Link here Permalink



Response to steve2470 (Original post)

Sun Mar 30, 2014, 03:47 AM

23. Limit XP to a game OS for things that don't run under wine.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to steve2470 (Original post)

Sun Mar 30, 2014, 06:03 AM

25. Additional considerations...

Remember that security holes don't just stop at the operating system.... Windows XP support is ending on 4/8/14, but also Microsoft is pulling support and updates for Microsoft Office 2003! If you must stick with Windows XP, make sure you upgrade your MS office to 2007 or 2010. (2013 is not supported on Windows XP). Or, if spending bucks is out of the question, consider a free Microsoft-compatible suite such as LibreOffice.

Update your browser, yes! As much of an Internet Explorer fan as I am, I'd recommend staying off of even IE8, the last version supported by Windows XP.

Lastly, my 2 cents so take it for what it's worth... but I'm currently running Windows 8.1 Pro and have been running various derivations of Windows 8 since the first consumer preview version came out in early 2012... That said I don't agree with all the negative press about it. It IS different than previous versions and for newbies will take some getting used to... but it's not bad in my opinion. Especially 8.1 as it gives a lot more options to cater to those who prefer to stay on the Windows 7/XP-like desktop.

As an IT pro, my best advice is to ditch XP. With a 12 year old operating system, this would be like running Windows 3.0 in 2002. Ridiculous! But, if you absolutely have to (or prefer to) stick with XP, treat it as a vulnerable machine.... because it will be. Avoid handling sensitive info such as bank passwords, credit cards, bill payments if at all possible.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to steve2470 (Original post)

Sun Mar 30, 2014, 06:11 AM

26. Just remember when you upgrade to 7, get Vista first

then do a full install. Skip the update. Back up your files first. Might want to think about using Ctrl+Shift+N when just surfing. Don't ever buy any version of Home anything or Premium from microsoft. Spend the extra bucks and get Pro or Ultimate.

Or skip all that get 8.1.

You still get a few years of MSE updates on XP, but I would switch to Vista or 7 asap.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Rex (Reply #26)

Sun Mar 30, 2014, 07:05 AM

31. the only thing dumber than putting on Vista would be installing 8.

It's always best just to do a total fresh install than upgrade.

The main security problem is the ID ten T error.

"I don't understand why I got a virus. I have protection" I've heard that more times than I can count.
My response "When you click on something you just gave it permission"

Reply to this post

Back to top Alert abuse Link here Permalink


Response to hobbit709 (Reply #31)

Sun Mar 30, 2014, 12:09 PM

36. Actually Vista works great all updated.

I actually had to replace the HDD I had Vista installed on, it outlasted the hardware. Once updated, it runs like 7. Of course I recommend 7 Ultimate.

Yeah 8 is total crap, you have to automatically update it to 8.1 just for it to work on some systems.

STICK WITH 7 folks.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to steve2470 (Original post)

Sun Mar 30, 2014, 06:47 AM

30. Get the free version of Sandboxie (at least)

Use it to run anything internet-aware (browsing, emails etc) + anything novel (until you know the novel app is safe).

http://www.sandboxie.com/

http://www.techsupportalert.com/content/introduction-and-quick-guide-sandboxie.htm

Reply to this post

Back to top Alert abuse Link here Permalink


Response to steve2470 (Original post)

Sun Mar 30, 2014, 11:41 AM

32. Don't forget that MalWareBytes will still support WinXP ...

some may find this article useful: http://www.digitaltrends.com/computing/end-support-windows-xp-survival-guide/#!A8vsP

I have to point out, though, that just having the original WinXP install disk may not help. I bought a Dell refurb years ago, and when I reinstalled WinXP from the CD the new installation needed to be activated -- MS would not do this, because the OS was too old (this was well before the end of XP support was announced).

Reply to this post

Back to top Alert abuse Link here Permalink


Response to eppur_se_muova (Reply #32)


Response to steve2470 (Original post)

Sun Mar 30, 2014, 11:56 AM

33. If possible uninstall Adobe Flash Player, Adobe Reader and Java

Or at least uninstall Java from your browser.

Additionally running NoScript will stop a lot of things in your browser.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to steve2470 (Original post)

Sun Mar 30, 2014, 12:06 PM

34. Also be aware Win 7 will no longer be safe in XP Mode.





MS will no longer provide support for XP Mode after the cutoff date.


This from MicroSoft ...




See number 5 ... http://gcn.com/Articles/2014/03/27/XP-mitigation-ISC2.aspx?Page=2


Reply to this post

Back to top Alert abuse Link here Permalink


Response to steve2470 (Original post)

Sun Mar 30, 2014, 12:07 PM

35. Install Ubuntu 12.04 on a new WD Raptor ...then run your .exe's from your XP hard drive with Wine.

Reply to this post

Back to top Alert abuse Link here Permalink

Reply to this thread