Securing Windows XP

Windows XP is no longer Supported by Microsoft.

Contents:

Introduction and background

Windows XP was originally released for testing on 31st October 2000 with the full release on 24th August 2001. This was the result of an extensive research and development process that began in the late 90’s where Microsoft aimed to drastically change the Windows user interface to include a full start screen, activity centres known as hubs and a more solid foundation taken from their server software. Interestingly, Hubs are very popular in Windows phone and the start screen is a similar concept used today in Windows 8. The important point to note here is that Windows XP was originally based on concepts and ideas that stem back from the mid to late 90’s and when it was released in 2001, it was an innovation that consumers and businesses quickly adopted. For that reason, thirteen years after Windows XP was originally released for testing consumers and businesses are still actively using it.

However, Windows XP has been through a lot of changes over the years.
Service pack 1 released on 9th September 2002 let users change the programs that were used by default to open music, pictures, websites and other files and media, it also incorporated support for USB2, a standard still used today for printers, digital cameras, scanners, MP3 players and other peripherals.
Service pack 2 released on 25th August 2004 is acknowledged by some as being such a huge upgrade to Windows XP that it could have easily been released as an entirely new version of Windows. It introduced the Security Centre, support for a new wireless authentication method called WPA, a pop up add blocker for Internet explorer 6, a very helpful technology for managing the system called WMI and an array of security enhancements.
Service pack 3 released on 21st April 2008 provided even more security enhancements and fixes but also increased the ways in which Windows XP could be managed in business environments. Support for network security protocols such as 802.1X was also included along with about 6000 other general fixes and improvements.

It was aimed that Windows XP would reach its end of life date on 21st January 2009 so on 14th April 2009, Windows XP moved into what Microsoft call their extended support system. This is where patches are no longer pushed out as frequently, no design changes will be considered and technical support is dropped. This extended support ended on 8th April 2014. That is over twelve years after Windows XP was officially released. Microsoft ordinarily only provide this level of support for ten years after the official release date.

Why the history lesson?
I want to explain that Windows XP was innovative thirteen years ago but it has been surpassed by Windows Vista, Windows 7 and now Windows 8. Since that time, we have moved from Internet explorer 6 to the much more efficient, secure and usable Internet Explorer 11. Thousands of changes have been made to all Microsoft products in this time and the learning curve will be pronounced for users who have not made the change yet however you are strongly recommended to move to Windows 8 as soon as possible.

That said, I acknowledge that a number of people simply don’t have this option. Maybe you don’t have the money to upgrade or you are using some application or device that doesn’t support the new versions of Windows. In that case, this page is for you.

Securing Windows XP

Antivirus

The very first thing you need to do right away is ensure you have an Antivirus application. I don’t recommend that you use the Windows defender application as although it will be supported until July 2015, it doesn’t rank very highly when compared against other free Antivirus applications.
A free Antivirus application that performs well is
Avast. The free version of this application is very effective. With a good Antivirus application, threats should be found before they have time to damage your system.
For heightened security, try Kaspersky Internet Security. This application includes the ability to use heuristics to catch threats such as Malware or Ransom ware.
Many other applications are also available that come highly recommended however the list would be too extensive. Research the alternatives to find the best match for your budget and needs.

Apply all updates

Yes, Windows XP won’t receive any updates but you probably have a lot of other software installed that may have updates available. Attackers can exploit any application on your computer that hasn’t been written with security in mind so it’s very important that you keep everything up to date. A lot of applications will automatically check for updates but if you want to take care of this using one simple interface, consider using an update utility such as Secunia or Update Notifier. These will automatically check for updates of almost every application installed on your computer. Installing the new versions is usually as easy as clicking on an icon.
As well as updating the software on your computer, you should also consider updating your device drivers. Drivers are basically instructions that are given to Windows to enable it to communicate with the hardware in your computer. It’s rare for security exploits to be found or used in device drivers but it isn’t unheard of. Be careful when updating device drivers. Be aware that an incorrect driver could cause your computer to become unreliable until you update the driver again. Sometimes, you are better to source the driver updates manually from the manufacturer’s website. If you would like to use an automatic checking tool, take a look at Device Doctor.

Your browser

One of the best changes you can make to secure Windows XP is move to using an alternative Browser. No one using Windows XP should be using Internet explorer. IE version 9 is the last version to be supported on Windows XP and this is two versions out of date. A number of exploits are known in Internet explorer version 9 that will not be patched. Recommended alternatives are Mozilla Firefox and Google Chrome. Both support Windows XP and both are very secure.

Java

In our experience, people using Windows XP often run into problems with security in Java applets that run within a web browser. We therefore recommend that unless you keep Java fully up to date you should stop Java running within your browser. To do this:

  • Go to the control panel.
  • Use the Classic view.
  • Select Java
  • Move to the Security tab
  • Uncheck the box labelled Enable Java content in the browser.
  • Click OK.

Create a standard user account

In 99% of computers running Windows XP, everyone logs in with administrator accounts. This means you can install applications, update drivers, delete system files and make system changes. That means that if you download a virus, it can too.,
In other systems such as Linux, this has been strongly discouraged for years however Windows Vista, 7 and 8 have only taken steps toward the more secure way of setting up computer users in the past few years.
The most secure way to use your computer is to run with an account with as few privileges as possible so when you need to install an application or make any change to your system you explicitly choose to do this with an account with elevated privileges. Unfortunately, Windows XP doesn’t support this way of working as well as later versions of windows and sometimes, you will need to log off your normal user account and log back on with the administrator account to make changes but overall, this will vastly increase the security of your computer.

First make sure your account has a password.

  • Go to control panel.
  • Click User accounts.
  • Select your user account.
  • Click Create password.
  • Enter your new password twice in the boxes provided.
  • Enter a hint if you want.
  • Click OK.

Create a standard user account.

  • Assuming you are following along, click the Home link. If you’re not following along, go to the Control panel then click User accounts.
  • Click Create new account.
  • Give it a name.
  • Click Next.
  • Select Limited.
  • Click Create account.
  • Create a password for it by selecting the account and then click Create new password.

Now log in with your newly created account.
You will notice that if you try to install a new application you will be presented with a message saying that you don’t have permission. To work around this, instead of double-clicking the setup file, right click it and click Run as administrator. You will be prompted to enter the administrator username and password.

Need more help?

If you need more help, please feel free to Talk to us about upgrading or securing Windows XP.