Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

How do I maximize security for XP even after support ends?

Sep 6, 2013 9:45AM PDT
Question:

How do I maximize security for XP even after support ends?


I would like very level heads to answer this request for me, please: How can I maximize security for XP when Microsoft stops supporting it in April 2014? That is a search term. Can someone help me with some answers. My system is Dell Dimension 3000 with XP, SP 3. I use MSE for security and also OnlineArmor Firewall with HIPS (free edition). I use MBAM as a second opinion as well as Hitman Pro, SuperAntiSpyware Free Edition. I am totally disabled and have used XP very comfortably, but I have no wish to buy more expensive hardware and software, thanks! Please try to answer within these terms: suggest ways to make XP very secure for along time. Many Thanks!

-- Submitted by: Robb T.

Discussion is locked

- Collapse -
from us older pensioners
Sep 21, 2013 11:43AM PDT

Here here, bloody good statement, facing the realities of some of us older pensioners as well as those poor buggers lost their jobs , trying to get back in to the work force because they cannot retire , all trying to keep up with all the constant changes to OS's and security requirements etc etc?
All we want to do is have a system that works for us ,does what we need when we need it and does NOT require us to spend most of our days constantly re-learning all this technology,& worrying about whether we are going to get scammed,virus-ed,ID thieved etc etc.
Easy for the ones with all the knowledge to say just do it ,but for the rest of us with far less tech. ability that is not always an option people,try to understand that we are not all equal on PC's.
Easy for you ,difficult for me.

- Collapse -
from us older pensioners ......
Sep 21, 2013 1:24PM PDT

well said! But don't forget: us pensioners don't have the deep pockets that a lot of people who comment here appear to have - pensions don't go very far in this day and age particularly here in Australia where we are faced with constant price gouging when it comes to computers/computer parts amongst other things. M$ and Apple amongst other IT companies were quite unapologetic about their Australian prices when they were confronted by a parliamentary committee some time ago. Add to that the fact that a lot of on-line retailers appear to have double standards on pricing - as soon as they realize that we are trying to buy their goods, and where we are located they slap on a higher price (above what they advertised on the net).

- Collapse -
Old software
Sep 20, 2013 5:26PM PDT

I have software that won't run on any newer system, there was some code removed from Win 98 when it got changed into XP.
Emulators just don't work, even Win 95 emulator in XP
I have an old box specifically to run it. There is no form of updated software that does the same or similar job so I can't even buy new stuff

- Collapse -
Virtual Machine
Sep 20, 2013 10:50PM PDT

You can run Oracle's VirtualBox and install a new instance of Windows 98 (or 98SE) or you can make a VM instance out of that old box you are running now. Since it sounds like you have a newer machine you are using, this wouldn't cost you anything in terms of hardware. VirtualBox is free to use and there's really good information about it online. Also, there is free software to convert existing machines into VM instances.

- Collapse -
Virtual machine
Sep 21, 2013 1:20AM PDT

Thanks, I'll look into it as I was at something of a loss what to do when the old box 'dies'
I'm about to replace motherboard capacitors on a 2002 MB to 'upgrade' old machine (there were millions of faulty cap boards made from 2000~2005)

- Collapse -
Creating VMs for VirtualBox
Sep 27, 2013 7:09AM PDT

Hello Winston,

VirtualBox supports a number of different VM types, such as it's own format, VMware's, and Microsoft's. Here are a couple of free tools to create a VM from an existing, running machine.

Disk2vhd (by Mark Russinovich at Microsoft) - it creates a VM in VHD format from a live, running machine.

VMware converter - from VMware. I believe it creates a VM in VMDK format.

Anyway, save these images to an external hard drive. When you get a new machine, you can move this image over to the hard drive (check out VirtualBox's forums and do some searches, there's a ton of help available) of the new machine and open VirtualBox and load the VM in. Your old machine will be available virtually.

Just wanted to tell you that not all hardware will be available. This is a big problem with virtual machines.

Also, remember to create these VMs on a regular basis, in case your machine dies. If you don't and your machine dies, then you won't have anything to virtualize.

- Collapse -
What is your hardware configuration?
Sep 20, 2013 2:14PM PDT

Hi Robb,

I think if you supplied your hardware configuration it would help everyone here supply a more definitive answer.

Hardware can greatly affect what software you can use and how many programs you can run simultaneously. Anyway, without that information, this is my personal suggestion:

New computers are quite affordable these days and I'd recommend getting a computer with Windows 7 (not Windows Cool, then in the "Advanced System Settings", choosing the "Best Performance" option. Not only will this let your computer run with the least "Windows options" but it changes the look to a generic Windows look, very similar to Windows XP without the eye candy. However, you've stated that you don't want to get a new computer.

Therefore, based on your choices of using free software, I'd do the following:
1: Change your AV to AVG Free 2014, as I think it's much better than MSE. When installing, disable what you don't need during the installation process, such as LinkScanner, which I think is a resource hog. Moving to a paid AV suite might be your best option here, especially a good cloud-based version, which works like a VPN to route all your traffic through their software before coming onto your computer.
2: Comodo Free Firewall is very good in my opinion. It even has a sandbox feature that seems to work well. However, most firewalls are resource hogs, so keep this in mind.
3: Just use MBAM and SuperAntiSpyware free editions for scans you do periodically, rather than running MBAM all the time, which will free some resources.
4: I've also found Emsisoft Emergency Kit to be an excellent free scanner for malware that can fix things that MBAM and SuperAntiSpyware aren't able to find and fix.
5: Run Firefox, Chrome or another browser instead of IE when support stops in April 2014, as long as XP will continue to be supported as a platform for it. Comodo Free Firewall has an option to install their own browser, which some people I know use and like.
6: WOT is a good little add-on for IE (when you have no choice but to use it), Chrome and Firefox to help block bad websites. Other free tools like this are Norton Identity Safe.
7: Don't install Java unless you have to.
8: Create an administrator account to use for important things and create a limited account for regular usage.
9: Use Secunia PSI to see if all your programs are up-to-date, which is often a way that malware can enter your computer. I wouldn't recommend keeping it running because it uses system resources, and you have an older computer. Instead, use it regularly to make sure you software is up-to-date.
10: See what software you have on your computer and if you don't need it, uninstall it (use Revo Uninstaller Free) as it does a better job than Windows built-in tool.
11: Download all software directly from the source if at all possible. If not, consider sources such as FileHippo.com, as they don't include unwanted software, as Download.com is wont to do.
12: Download and install CCleaner. You can use this to clean up your system and it also has a lot of other features built into it, such as the ability to disable startup programs, rather than using Msconfig.exe. Keeping the number of programs your running constantly will free up resources and help your system more sprightly.
13: Don't upgrade this computer to Windows Vista, 7, or 8. I think that's a waste of your money as it will cost $80+ and you can save it for when you buy a new computer.

I think that you should get a new computer instead of trying to keep everything going. There's a lot of free software I mentioned, besides in the list above, that can satisfy all your needs. Windows 7 has CD/DVD burning software built-in, for example, and all the software above will work with Windows 7 (32- and 64-bit), except Revo Uninstaller Free, which will only work partially (free version only works with 32-bit programs, so try IObit Uninstaller for 64-bit programs; it doesn't even need to be installed). Intel and AMD's integrated graphics now are almost certainly better than what you have in your computer and you can still use your current monitor, keyboard and mouse (you may have to get PS/2-to-USB adapters if you have those for your KB and mouse). The new computer will also be much more easily upgradable. I have seen websites selling some solid base computers for $400 and under, which will be much faster than what you have.

Finally, Windows 7 will be supported for years to come by Microsoft, so you don't have to worry about that problem. (Also, don't forget to do backups, please)

- Collapse -
Do nothing
Sep 20, 2013 2:58PM PDT

Believe me, hackers always target new systems where new problems introduced. XP is currently much secure than Windows 8. Do you think why Linux more secure that Windows? Wrong, Linux has lot security problems but it was simply never targeted of cyber attacks. So general problem not in storing a million dollars in your closet. problems is in let people know you have it there.

- Collapse -
Stick with what you have
Sep 20, 2013 3:31PM PDT

I am not a computer security expert so take this with a grain of salt.

If your computer is operating to your satisfaction stick with your present set up. Back up your important files, keep MSE updated, watch where you click & what you download. If you have the latest SP you should be fine for years.

A couple of free options that may improve security and performance: Consider Firefox, AVG may be a better long term choice vs MSE.

If you come across a computer with a little more horsepower consider Windows 7. It is a very nice OS. Very similar to XP, runs much faster Happy

I hope you get many additional years service out of your computer.

Don

- Collapse -
How do I maximize security for XP even after support ends?
Sep 20, 2013 4:12PM PDT

Well, all of us how are currently using WinXP will eventually have to face the fact that ultimately (usually within about 12 months) all antivirus program updates etc will become incompatible with XP ie antivirus program providers will drop support for XP - how do I know?? Well, that happened to me when M$ stopped support for Win98SE, so I cannot see anything changing when M$ stops support for XP, particularly when it comes to the free editions of such software.

However, one of the first programs you should stop using is IE8. I would suggest that you switch to the latest version of Mozilla Firefox immediately. (some web sites have already placed restrictions on IE8 access).

Your term: 'suggest ways to make XP very secure for along time' is only possible IF you do not access the internet with your computer AT ALL. That way XP will last as long as the computer (but that's in a perfect world). You say that you are totally disabled but you don't explain how you access your computer so I suppose the following would be impossible for you but it might help others: after M$ issues the last update for XP do a thorough security/antivirus scan of your C drive, then clone it onto another hard drive which you then store safely - you use this clone to reclone your C drive as often as required (or at least once a week). As for documents etc that are stored on the C drive by default I would suggest a second drive (internal or external) to which you transfer all documents etc at the end of each computer session or you can change the default settings so that everything is automatically stored on the second drive - or even a large USB thumb drive.

You, and all of us who use XP and don't like the latest M$ offerings, will have to get used to the idea that eventually we will have to change our OS if we wish to remain on the internet. The question is to what will we change (remember: NO software is supported forever)?

I would suggest that you change your OS to Linux Mint (32 bit version) - its free, installs without any problems straight out of the 'box', updates are seamless (no reboots) and is not hardware dependent***. If you use M$ Office, Libre Office is a free replacement that works for me in the home environment. As for other programs, you would be surprised at what FREE software is out there for Linux.

***(As an example I'm currently running Linux Mint 14 Nadia and LibreOffice 3.6.2.2 on a Dell OptiPlex GX270 desktop/minitower)

The bottom line is that within 12 months of M$ stopping support for XP I suspect that all of us XP users will be up the creek without a paddle as far as M$ is concerned.

- Collapse -
vpc
Sep 20, 2013 4:28PM PDT

Run a virtualpc. Can download from ms. When you have thant configured create an image backup. If you ever do get hit with a nasty delete your running image and use your backup image.

And its free

- Collapse -
re image backups?
Sep 21, 2013 11:58AM PDT

Hi, I have tried to use the Windows backup provided, but then was told that to boot it up I would need a floppy boot disc?? No mention of setting up a floppy disc in advance (no idea how anyway) so all that time backing up to external drive was a waste of time?
How do you create an image back up and then be able to re set that up each time as required please?

- Collapse -
Ubuntu
Sep 20, 2013 4:37PM PDT

Put Ubuntu Linex on your computer along with XP and set it up to dual boot, or you can just run Ubuntu from a jump drive.

Use Ubuntu for all your internet. Use XP for all your Windows programs that don't require an internet connection.

- Collapse -
Ubuntu
Sep 27, 2013 3:51AM PDT

That's exactly what I'm doing, except I will probably migrate everything onto Linux within the year of MS dropping support
I've said it many times, but I'll say it again, Microsoft has 'shot itself in the foot' this time

- Collapse -
Robb T., you don't really want to use MSE
Sep 20, 2013 4:45PM PDT

Here's why: http://www.av-test.org/en/tests/home-user/windows-7/julaug-2013/

This site rates all antivirus programs in terms of protection, performance, and usability.

If you scroll down to the very last antivirus in the list, you will see MSE.

Here, MSE is being used as the baseline for all antivirus programs tested.

What does that mean and what is a baseline?

Well, a baseline is the lowest base level of whatever parameter you wish to compare something to, or, if in a rating system such as here, the base level standard of protection of a Windows system as supplied by the vendor or manufacturer. (Hint: Microsoft.)

Note that MSE is the worst of 26 antivirus products offered in protection capabilities, not so good on false positives (reporting a known clean file as infected when, in fact, it is not infected at all) for usability, and the only area it shines, more or less, is on performance, or computer slowdown speed vs. the same system not running any antivirus at all.

MSE slows down the computer less but does not offer the highest level of needed protection; the best of both worlds would be superior protection and high usability. High actual and correct detection rates is a definite plus. Here MSE does not do so well.

Reporting a file as a false positive can/will be a problem for newbies and less technical users as the tendency is to delete such a file when detected as malicious and not choose to quarantine it or ignore. Reporting a file as infected when it is not only compounds the problem, it does not make it better.

Once a file is deleted by your antivirus program, it is gone forever.

Disaster awaits those whom make the wrong choice.

Can one trust MSE to protect their system after Microsoft ends all support for XP?

Probably not.

Use the list provided above, some of them are free to use and offer the same or close to the same protection as their paid licensed versions.

If you want to run XP after April 8th, 2014, the one thing you need is the best antivirus protection available. If it is free and top-notch, that is icing on the cake.

MSE is not it.

- Collapse -
Robb T., you don't really want to use MSE
Sep 21, 2013 8:13AM PDT

Unless Microsoft's response is provided together with this, I am skeptical. Believe me, I have seen it all through the pro and anti Microsoft eras. I thought we were past this but it appears not. Moreover, one benchmark program is just as subject to issues as any other program, so a comparison between two benchmark programs comparing the same items might make more sense.

I went to the web site to find that indeed MSE was listed as the baseline. Well, all I can say is that in all my years of using MSE I have never had a problem as listed in this post. I also note that MBAM is not even covered.

If MSE is so bad, how come I have experienced only one virus in the 20 years I have been computing? This happened when I temporarily disabled MSE to deal with another issue. Am I really expect to believe that Microsoft would be so delinquent as to provide an inferior anti virus program?

- Collapse -
Thanks for the link
Sep 27, 2013 3:55AM PDT

Independent testing is always interesting, as an 'ordinary person' I wasn't even aware of Independent IT- Security Institute mainly because I had no reason to look for it or anything similar

- Collapse -
Win XP on Dell 3000 Here Too
Sep 20, 2013 7:16PM PDT

Wife had XP Home on her Dell 3000 and viruses drove us nuts until:

1. We turned off Win updates

2. We cancelled any and all subscriptions to social networks like Facebook

3. We removed all anti virus freeware.

Have not had a virus problem in 2 years because of the above.

- Collapse -
Not knowledgeable
Sep 26, 2013 3:27PM PDT

2 Years is not very long at all.
Do you have a "paid" version of AV ?
If using a top 3 or top 5 Free AV, removing them makes no sense as they are not "giving you virus problems".
I'll bet your biggest reliever was not using the social sites, because I bet that also means someone isn't clicking on ads and other stupid things and probably not clicking unknown website links in searches and things of this nature.
So it gets used less.
I also bet they are using a different computer to do those social things Happy
With no AV. adware and such you do not really know if you are infected or not.
Maybe you're not infected to the point of popups, hijackings or blue screens or non start ups, But....

- Collapse -
Update
Apr 12, 2014 3:41AM PDT

Just the wife and me. No others on soc networks. I do run ASC 5.0 and Superantispyware every now and then. I used to run Essentials but it never caught anything. Point taken on infections but above anti virus stuff finds nothing but dead registry entries and tracking cookies. That is not a bad thing. Reason I killed antivirus and turned off software firewalls was because the system ran too slow with them on and active. I am a former IT pro and my philosophy is "never fix what ain't broke".

I do confess to a stealth Win7 migration. Ordered a laptop with Win 7 Home Premium and will place it in service this month. Rejected Win 8/8.1 as my legacy software will not run under Win8. Photoshop 5.0, H&R Taxcut, Lotus Smartsuite, X10 ActivehomePro, others.

- Collapse -
test yourself
Apr 12, 2014 5:52AM PDT
https://www.grc.com/x/ne.dll?bh0bkyd2

Do the router PNP test.

then test "common ports" and "all service ports".

Here's my report;


GRC Port Authority Report created on UTC: 2014-04-12 at 19:44:10

Results from scan of ports: 0, 21-23, 25, 79, 80, 110, 113,
119, 135, 139, 143, 389, 443, 445,
1002, 1024-1030, 1720, 5000

0 Ports Open
0 Ports Closed
26 Ports Stealth
---------------------
26 Ports Tested

ALL PORTS tested were found to be: STEALTH.

TruStealth: PASSED - ALL tested ports were STEALTH,
- NO unsolicited packets were received,
- NO Ping reply (ICMP Echo) was received.


Then first 1000 ports tested;



----------------------------------------------------------------------

GRC Port Authority Report created on UTC: 2014-04-12 at 19:46:50

Results from scan of ports: 0-1055

0 Ports Open
0 Ports Closed
1056 Ports Stealth
---------------------
1056 Ports Tested

ALL PORTS tested were found to be: STEALTH.

TruStealth: PASSED - ALL tested ports were STEALTH,
- NO unsolicited packets were received,
- NO Ping reply (ICMP Echo) was received.

----------------------------------------------------------------------


Universal Plug n'Play (UPnP)
Internet Exposure Test

This Internet probe sends up to ten (10) UPnP Simple Service Discovery Protocol (SSDP) M-SEARCH UDP packets, one every half-second, to our visitor's current IPv4 address (***.64.84.87) in an attempt to solicit a response from any publicly exposed and listening UPnP SSDP service. The UPnP protocols were never designed to be exposed to the public Internet, and any Internet-facing equipment which does so should be considered defective, insecure, and unusable. Any such equipment should be disconnected immediately.


THE EQUIPMENT AT THE TARGET IP ADDRESS
DID NOT RESPOND TO OUR UPnP PROBES!
- Collapse -
Self test
Apr 12, 2014 1:03PM PDT

I just ran it with very similar results

- Collapse -
xp is very old..
Sep 20, 2013 10:33PM PDT

I would say that if you're still using xp it's for one of two reasons #1 you have a very large it dept.that is relying on xp as it's primary op sys. or #2 you're afraid to try new things and prefer to stick with the tried an true..if your answer is #2? my advice would be to move on and get with the times if the answer is #1 I think it's time for your it dept. to upgrade to something with support..it only makes sense. the bottom line? xp is no longer viable because it's really not safe nor was it really EVER that safe

- Collapse -
XP is stable, not old
Sep 21, 2013 1:10AM PDT

Seems there could be a third reason, XP works but it seems Windows 'fanboys' are the ones afraid of change and won't try new things
Too many people believe the hype that Windows is the 'only' OS that can be used, just shows how dumb people can be, why think and learn?
It was true in the past and majority of business used Windows for the office suit, etc.but Microsoft is in BUSINESS to make MONEY so have to release new 'mo-betta' products periodically
It's now down to do you want to support MS or do you feel held hostage by MS
I drive a 9 yr old car and have multiple 30+ yr old motorcycles, both of which I understand enough to 'upgrade' whenever I want and can adapt 'new technology' if I desire
Android and Linux are both 'threats' to MS and Apple, learn to live with it and get to understand how they work

- Collapse -
re get used to change?
Sep 21, 2013 11:08AM PDT

Hi,all very well to say get used to change and learn the new things that come along,but they come along too often ,in my opinion unnecessarily in most cases, and it might be ok for the younger minds who are used to handling this type of technology from childhood, but it is getting to be too much of a challenge for us older users(@ nearly 70 Y.O.) to keep on top of all the time, especially with no support close and handy to get us out of trouble with every problem.
Cheers, Bukti.

- Collapse -
Your best option...
Sep 20, 2013 10:35PM PDT

Buck up and get this computer! $130 with no operating system. This is a GREAT computer for the price! Check out the specs and I'm sure you will agree. I have 6GB of ram in each of them and they purr like a kitten and run as fast as a Jaguar. I repair computers and I recommend this one. It can handle W7 or W8 with ease. I have two of these and I love them! It is built for easy access for techs and you can easily swap out hardware should you want to.

http://www.cwioutlet.com/p-7192-lenovo-thinkcentre-m58p-core-2-duo-3-0ghz-3gb-ram-250gb-hdd-dvd-cdrw.aspx?gclid=CPy9pfC83LkCFabm7AodGnUACg

Can't afford an operating system? Save up then. I don't suggest getting an operating system through the torrent sites, but if you can't wait to try W7 or W8, should you go the route, use it for testing and learning until you can afford the operating system. Look: using XP, no matter the reason, is just plain counter-productive. Get real and get going--NOW!

- Collapse -
Counter productive?
Sep 21, 2013 1:14AM PDT

If you really believe a computer is so helpful, try downloading a doctor, dentist. or mechanic to fix you car Laugh

- Collapse -
What???????????????????????
Sep 21, 2013 4:26AM PDT

What are you talking about? Read my reply again. Then reply with some semblance of reality! If you are out to just have some stupid fun, go elsewhere.

Note: This post was edited by its original author to remove personal attacks on 04/14/2014 at 9:28 AM PT

- Collapse -
Are you SURE?
Apr 13, 2014 1:40AM PDT

I can't claim to know exactly what that other user meant; but, knowing a person who is above 70, struggling to stay alive, due to many heart attacks, stints, and other serious medical problems, which also causes many cash flow problems, I could see them telling you the same thing.

For ALL you people who are so arrogantly thinking EVERYONE can so easily upgrade to a new operating system every three years, and then becoming so asinine to make the comments you are making, understand a plain and simple fact: NOT EVERYONE CAN!

For those who think XP is old, understand this: XP was SUPPOSED to be the final Windows OS. Ever, It was supposed to only require updates, patches, etc. Then MS realized that did not materialize enough money. So now we are on a worse track (in my not so humble opinion), a new OS every 3 years.

So, now we have a problem. MS can't keep supporting older software, and, there are those who cannot afford to keep upgrading. There are people, as mentioned above, who have no real reason to upgrade every 3 years. Some people just really don't do enough with their computers to keep up. Simple games, email, and maybe now video chat.
It really makes no sense for someone who might be dead by year's end to upgrade. It certainly makes no sense for some young punk who thinks they know it all to go out and think EVERYONE is in THEIR situation. Usually the young and dumb. I was like that when I was young and dumb too. Now that I am just old and dumber, I sometimes still forget there are those who just can't do what I can. When I get even older, and probably dumber yet, I will probably forget I cant do what I once did. But, to act the part of the fool, as you did, calling others stupid, because you did not understand, makes even less sense.

Just so you might "get it"; I took other poster's comments to mean, "There's more to life than computers". Again, as stated above, someone who is potentially dying could care less about tech crap. So (if I understand them correctly) they are saying, Can your computer add another year to their life?
(Actually, it can, but, that may be too late, if that technology is not yet available).

Just so you know, I am running Windows 8.1, ran Windows 8, 7, Vista, XP SP1, 2, and 3, ME, 95, and 3.11, and even DOS, and some versions of Mac.
And for everyone's 411, Vista was not as bad as everyone thought. It actually worked. Unfortunately, it was after XP, and it just didn't work with a lot for XP hardware. The same was true with XP when it first came out. And heres the really dumb part about Win 8. One of the biggest gripes is no start button? There's a Windows button on the keyboard that does the same thing. So, those who gripe about 8; well, they shouldnt. It, like every new OS, requires a learning curve. But, one thing should be known: An OS is an OS, and they ALL basically do the same thing. Just in different ways.

- Collapse -
If you could not replay within Robb's parameters you should
Sep 21, 2013 5:47AM PDT

have just kept your mouth shut! Why would you suggest someone buy a new computer without an OS?