VirtualAcorn Technical support:
Windows XP - taking precautions to tighten XP security
This document is offered for information purposes only. Any of the actions suggested are undertaken at the users own risk. 3QD Developments Ltd do not warrant that any of the suggestions in this article will make Windows XP as secure as a more modern OS. Our advice is to upgrade to Windows 7 which has much better security. If you are determined to stick with Windows XP the following article should help improve your machine's security and help to get critical security errors fixed.
As from the 8th of April 2014 Microsoft have withdrawn support for consumer versions of Windows XP. This doesn't mean that Windows XP will stop working, what it does mean is that Microsoft will no longer provide any more bug fixes or updates. At the time when support ended a double digit share of the world's PC were still running Windows XP.
That's bad news if you have decided to stick with XP, let me explain why. A double digit share of the market means millions of PCs, more than enough to interest criminals. If a security flaw comes to light in Windows Vista, Windows 7 or Windows 8 then Microsoft will fix it. But if the same flaw is present in Windows XP then it won't be fixed. So all criminals have to do is get details on each new flaw that's fixed and test it on Windows XP. If the flaw is present then they have a way of exploiting a PC running Windows XP.
If you take action now you can greatly reduce the opportunities that criminals will have to get hold of your information. At VirtualAcorn we know that many of our customers are going to stick with Windows XP for some time and we will continue to support the use of our products on Windows XP for as long as we are able. If you are using Windows XP after April 2014 then we strongly advise that you take the following action immediately:
- If you have Internet Explorer 8 or Google Chrome installed remove them as soon as possible.
Download the Opera browser (which can import your bookmarks) and then remove Chrome and/or Internet Explorer (Control Panel, Add Remove programs, Add/Remove Windows Components).
- Make sure that you are running an up to date anti virus package.
If you have already downloaded and installed Microsoft Security Essentials then you will still receive new virus definitions for the moment, but Microsoft will pull the plug at some point. We recommend using Avast antivirus as it's free and isn't intrusive. Avast also includes the 'SafeZone' web browser which has better security.
- Install an application designed to spot other malware which an Anti Virus package might miss. MalwareBytes can find all sorts of nasties that an anti-virus package might miss. It's free and blocks known malware in real time. Download and install it as soon as possible.
If you do the above and you are careful then you should be able to continue using Windows XP. But there's something else you might want to look at...
Windows XP - good for another five years?
At the start of this article we explained that support for consumer versions of XP had finished, but what about 'non consumer' versions? Microsoft have offered extended Windows XP support to various large organisations around the globe who need to use XP based equipment until 2019. So if you are big enough and have deep enough pockets Microsoft will continue providing updates for Windows XP. This means bug fixes and the patching of security flaws. In effect a similar service to that which Microsoft used to offer consumers for free.
Around the world there are millions of payment devices that run Windows. This includes POS (Point of Sale) units in shops, cash tills on the high street and many other places. UK banks have taken out extended support contracts with Microsoft as a large number of payment devices in the UK and run an operating system called Windows Embedded POSReady 2009. This is based on Windows XP Service Pack 3. Perhaps 'based' is the wrong word, Windows Embedded POSReady 2009 is little more than Windows XP with a wig on.
So updates for an operating system that's 99.99% identical to Windows XP will continue for the next five years (until 2019) paid for by British banks. So, here's a thought, how does Windows update know the difference between Windows XP and Windows Embedded POSReady 2009. A German researcher decided to find out and what he found was very surprising. As far as Microsoft update is concerned the difference is one entry in the Windows Registry:
Windows Registry Editor Version 5.00
If you add this entry to the Windows XP registry, low and behold updates start appearing. Obviously there is a risk that an update designed for Windows Embedded POSReady 2009 might not work properly, or might even crash Windows XP, so keep regular backups. However this risk is a lot less than the risk of running an unpatched Windows XP that has access to the outside world
So if you decide it's time to get something back from the banks and you are prepared to take the risk all you need to do is download a zipped copy of the XPupdate registry file and then open the zip file and double click on xpupdate.reg. The Windows registry will be updated and after a few hours Windows Update should start finding new updates to install.
Update 11.06.14 : Today is the first day after 'Patch Tuesday' (the second Tuesday of the month is traditionally when Microsoft make most patches available) and I've checked the updates for Windows 7 and Windows XP (using the method shown in this article) and patches for the same vulnerabilities were downloaded on both machines. You can therefore reasonably expect miscreants to start working on exploiting unpatched XP installations fairly soon.
Update 30.07.14 : There have been a number of other new Windows XP updates since this the previous update.
Update 04.05.17 : Updates for XP are still being released and have installed without problems on our legacy XP system. We have refreshed the content of this article to recommend the use of Opera as a web browser and Avast for antivirus.
All details in this article were correct at the time of publication. Any changes you make to your computer are done entirely at your own risk. Always keep backups of important data.