How to Lock Down Windows XP now that Support has Ended

Windows XP LogoIf you are using Windows XP, you have surely received the notice that support ended on April 8, 2014.  So what can be done?

  • Upgrading to Windows 7  is a good solution if your hardware is good enough, but chances are if you are running XP, your hardware might not meet the system requirements, or even it if it does it might run really slow (although there are ways of making Windows 7 quicker)
  • Using Lubuntu (or Ubermix for schools) as a Windows alternative is a possibility, but even with PlayOnLinux (which includes the Windows Emulator, WINE) installed, it does not run as many Windows programs (and those that do run, are not as stable as running in Windows), and its interface is different enough, that less techy folks may find it doesn’t meet their needs.
  • So you may be stuck with running Windows XP.   That is how we are with Highlands Community Charter and Technical Schools (HCCTS).  We have many student machines that have Windows XP licenses, and due to cost, time, and needs, the above solutions just don’t work well.

So, we are in the process of locking down the systems as best we can, and this is how we are doing it.  But keep in mind, no matter how well you think you lock down a system, there is always a chance of being hacked, especially with outdated software like Windows XP.

Consider Doing a Fresh Install

There is a high probability that your computer is infected with malware, which can potentially steal your passwords, credit cards, etc.  Our experience has been that even after scanning and removing malware with Malwarebytes (currently one of the best tools to catch malware), we still have malware “mysteriously” return.  To me this means that Malwarebytes didn’t catch everything, and even if you run every anti-virus program out there, they can still miss things, and so trying to lock down a system that has already been compromised will not work.

Thus, reformatting and installing a fresh copy of Windows XP is a safer option.  Be sure to do this behind a firewall, as sometimes you can get infected with malware before you have time to get all the updates!  (Yes, this has happened to me, although it was with Windows 2000 a long time ago…)  Of course, also be sure to back up your data, and have copies of installation media or downloads for your programs.

Install as Many Service Packs and Updates as Possible

Whether or not you have a fresh install, if you don’t already have it, you should install Service Pack 3.  Then, you should look into the unofficial Service Pack 4.

Set Your Main Accounts as Users (or even Guests) and Not Administrators

Windows XP was the first widely used version of Windows to have good multi-user support, with accounts.  But it did not have all the protections that came with Windows 7 and above (OK, technically Vista had these protections, but few people like Vista…)   By having your primary account being one that does not automatically have administrator rights, you GREATLY reduce the ability for bad software to get installed on your system.

Use Firefox or Chrome in Place of Internet Explorer

Internet Explorer (IE) has had many security holes over the years, and new IE problems found in XP will not necessarily be fixed, and it does not have as many additional security options, features, and add-ons as either Firefox or Chrome.  So other than using Internet Explorer to potentially get Microsoft Updates, you should NOT use IE for your general web browsing.  Google Chrome will be supported for XP users until April 2015, but Firefox does not currently have an end-of-life planned for XP, so it is the recommended software to use.

With Firefox (or Chrome), you should get several security add-ons, including:

There are a lot of other great security add-ons for Firefox, with this article having a good list of them.  You should also regularly do the Firefox Plugin Check.

Use a Physical and Software Firewall

This step is probably already done.  If you are using DSL or Cable, and you have a router, it is doing a function called Network Address Translation (NAT), which has an upshot of acting like a firewall.  If you have DSL or Cable, and you don’t have a router because you only have one computer connected, you should get a router!

Windows also has its software firewall turned on by default.  But you should double check it, and if you didn’t do a fresh install of XP, see how many exceptions are turned on.

Install and Turn On Security Software

This is important, but in my opinion, is your other security software (anti-malware).  Which software is best to use changes with time, but PC Magazine usually offers useful reviews.  Although, there has been some debate about Malwarebytes free version, which does any excellent job of detection, but doesn’t have a real-time scan.  Whichever security software you choose, you should consider when it plans to stop supporting XP, and this article has many of these dates listed.

Read Other Lock Down Guides

If you search Google, you will find other guides to lock down XP, such as this one.




Leave a Comment

Your email address will not be published. Required fields are marked *