Still Using Windows XP

/ August 26, 2015

Welcome to the Fast-Air Tech Talk newsletter. The Tech Talk newsletter is a free service for all Fast-Air customers. Please feel encouraged to suggest newsletter topics.

Estimates vary but approximately 15 to 20% of users connected to the web still use Windows XP. Yet XP no longer is supported, having reached End of Life (EOL) on April 8, 2014. While an XP system continues to function just fine as long as the hardware keeps running and there is no malware, the lack of support and the lack of security updates means XP is a classic potential security time bomb.

Most XP users have not stopped using XP because of several reasons:

  • Laissez-faire: If it ain’t broke, don’t fix it.
  • Legacy apps, usually business and hobbyist users with vertical software needs.
  • Legacy hardware not supported in newer versions of Windows.
  • The additional cost of updating app software to be compatible with newer Windows.
  • App compatibility not available on newer Windows.
  • The drudgery of reconfiguring updated apps and learning new versions of apps.
  • Budget restraints prevent buying new hardware to run more recent versions of Windows.
  • Many people do not like the Windows 8/8.1/10 Metro “tablet” interface.
  • Some users have no critical locally stored data, strictly web surfing with web email, and do not fear malware attacks.

The question facing XP users is one of risk vs. benefit. Is the risk of being hacked worth the benefit of continuing to run XP? While there are reasons to justify continued use, do those reasons outweigh the risks? While not a proverbial boogie man under the bed, continuing to use XP does present challenges.

What options remain available to current XP users? Some facts help visualize options.

  • Retail versions of Windows 7 no longer are available.
  • OEM versions of Windows 7 remain available but are tied to a computer.
  • Windows 7 likely will not run well on most XP era hardware.
  • Windows 7 Professional has an XP compatibility mode, which needs more hardware muscle.
  • Updating to Windows 7, 8.1, or 10 requires purchasing a new license.
  • Windows 8/8.1/10 will not run on XP era hardware.
  • XP users are not eligible for the free Windows 10 update, even when hardware compatible.

Those facts do not mean users have no choice other than to buy a new computer. Moving to something other than XP is wise, but there remain a few options.

There no longer are security updates for XP. Users must accept that security is now solely their responsibility. XP can still be used but steps must be taken to limit being hacked and introducing malware. While official support for XP ended in April 2014, Microsoft Security Essentials updates continued until July 14, 2015. Those updates too are now gone.

Accept that software developers are removing support for XP. Soon there will be no updates for such software. That means no security updates for those apps even when exploits are discovered. Like XP, those apps will remain functional but cannot be updated.

In the short term, ensure the XP system is as secure as possible. If previously running with auto updates off, then enable those updates to ensure all of the last security updates are installed. Be aware that the Microsoft Security Essentials update service is now discontinued although updates prior to July 14, 2015 will still download.

Understand that a significant amount of malware is not destructive or noticeably disruptive to the host system but instead is used to quietly host web bots.

Keep current anti-malware software updated, but again accept that XP no longer is supported and is being phased out.

Backups are important.

Stop using an administrator account. Create a standard non administrative account. This one simple step limits the damage malware can do to a system. This is sound advice on any computer system and not just XP. For years Linux and Mac users have run their computers this way, which is one reason those operating systems are considered more secure. Windows has had this feature for years, but typically is the default only in enterprise use. The administrator account should be used only for administration tasks, such as installing known safe software. On an XP system there should be no need to update any software because the operating system is not supported.

If more than one person uses the XP system then limit access only to those users who actually need access.

If the XP system does not need network services then pull the network cable. The system then cannot be hacked from the web.

If the system needs networking, then enable a firewall service.

If the system needs networking, then consider placing the XP system behind a router, which provides an additional firewall and barrier.

If the system needs networking, then minimize exposure to the web as much as possible. Most malware attacks these days are web based, being introduced through web browsers and email clients. To minimize exposure, stop using insecure apps such as Internet Explorer and Outlook. Use a web browser that is continually maintained and updated, such as Firefox. Use a mail client that is continually maintained and updated, such as Thunderbird. Both Firefox and Thunderbird are free software.

Be super cautious opening email attachments. A good policy is to copy attachments to a known secure operating system before opening.

Malware often is introduced through removable media. To reduce locally introducing malware, disable all removable media portals, such as USB ports, optical, and floppy drives.

If still needing removable media devices then disable auto-play.

Malware can be introduced through Microsoft Office macro execution. Disable that feature. Further, the Microsoft folks stopped supporting Microsoft Office 2003 on April 8, 2014, which means no more security updates. If still needing an office suite, use LibreOffice, which is compatible with Microsoft Office. LibreOffice is free software.

Remove software that are known magnets for malware, such as Flash, Silverlight, Java, and Adobe Reader. Most people using XP should not be using a web browser and therefore do not need Flash. Most users do not need Java and Java no longer supports XP. There are dozens of free PDF readers that are more secure than Adobe Reader.

If the XP system is running only to keep using legacy or vertical apps, then the system should not be used for web browsing, email, reading PDFs, etc. Remove all such related software.

If the system is used for web related tasks, web browser plugins are an avenue for malware. Web browsers such as Firefox can be configured to ensure those plugins are always updated with the latest versions.

Popular video web sites now support HTML5 and the Adobe Flash plugin no longer is required at those web sites. Consider removing the Flash plugin.

For users running XP because of specific legacy apps and the budget is not a primary restraint, consider newer hardware running a newer operating system. Then consider virtualization as a way to run and isolate an XP system.

Virtualization is slick technology, running one operating system directly within another operating system.

An interesting aspect of virtualization is the virtual system can be reimaged easily after a malware attack or infection. Snapshots can be used to restore the virtual image to a known safe condition.

For those users who have access to a Windows 7 Professional system, there is an option called XP Mode, in which XP can be run. XP Mode requires CPU virtualization extensions. Like XP, security patches no longer are available for XP Mode, but this virtualization option is more secure than running XP itself. If the XP system does not need network access, then disable that feature to ensure the XP virtualization is secure from web hacking.

Windows 8.1 and 10 do not directly support XP Mode but another virtualization option is the free VirtualBox.

VirtualBox does not require CPU virtualization extensions. This is useful with certain CPUs. The Fast-Air Linux demo system has such a CPU. Generally virtual machines on such hardware are a tad slower but not in a painful way.

Converting an existing installation of XP to a virtual system requires reactivation, but that is easy to perform. For whatever reason the Microsoft folks have granted perpetual reactivations of XP. A couple of mouse clicks and the virtualized version of XP is reactivated.

Virtualization requires sufficient RAM to run both the host system and virtual system.

To see how a virtual machine actually works, stop in at the Fast-Air office and play with the Fast-Air Linux demo computer. A copy of Windows 7 is installed as a virtual machine.

If the budget limits buying new hardware or a newer Windows license, and you are not using legacy or critical apps, Linux is a solution that will not require buying new hardware. VirtualBox also runs in Linux, which allows converting an XP system to run inside the Linux system. Stop in at the Fast-Air office and play with the Fast-Air Linux demo computer to see whether than option might help.

A final note. XP users searching the web will find a suggested registry hack for Windows XP 32-bit. Do not use this registry hack. This hack fools a desktop XP system into acting like an embedded point-of-sale XP system. Embedded versions of XP are still receiving security update support, but embedded XP systems are not the same exact operating system as desktop systems. The security updates might help but just as easily might not because the updates are intended for a specific version of XP. The hack likely violates the XP license. More importantly, the hack likely, eventually, one way or another, will brick your system.

Technical trivia: The Commodore 64 is acknowledged as the most sold computer model of all time, with estimates between 10 and 17 million units.

Next issue: Getting Computer Help.

So you thought Michael Jackson invented the moonwalk? Think again.

Video

Latest posts by Backwoods Geek (see all)

Related posts