How to use Windows XP securely - mitigating risk for millions still in use
How to use Windows XP securely - mitigating risk for millions still in use
Microsoft Windows XP is perhaps Microsoft's most-storied Operating System (OS).  Released in 2001, it was meant to fix Microsoft's cycle of releasing separate OS for consumers and enterprises with a single unified OS for use by everyone. As many in the security industry are aware, in April 2014 extended support for Microsoft XP ended and the OS ceased to receive further security support or updates for most of its users.

However, four years later there are still a huge number of PCs running XP. There are over a billion devices running Microsoft Windows - perhaps as many as 1.5 billion devices, depending upon which statistics you look at - and the number of them running Windows XP has stayed about the same over the last few quarters at around 5.5 percent.  While that may not sound like much, it means there may be over 80 million computers out there still using Windows XP.  

This means there are still a huge volume of computers around today which are being left exposed to attackers targeting the OS. 

While no security expert would ever advocate the use of Windows XP, there are still some steps users can take to bolster their security.  However, the best method is always to upgrade to a newer and more secure version of Windows.  While there are measures that can improve Windows XP's security, they cannot fix underlying vulnerabilities in its code.

Why people still use Window XP today

There are several reasons why people might continue using Microsoft Windows XP today, however they generally fall under three categories: 

Software: The computer is used to run (a) key application(s) that only works under Microsoft Windows XP 

Hardware: The computer is used to operate a piece of hardware that works only with Microsoft Windows XP

Familiarity: The computer is used to perform a specific set of functions, which employees are trained on, familiar with and comfortable using

Security advice for Windows XP

If you plan to continue using Windows XP, there are some measures you can take to help boost security. 

Install a new clean version of XP

First, get your PCs ready for long-term usage by starting with a clean installation of Windows XP.  If the current installation of Windows XP is more than a few years old, chances are it is littered with the detritus and debris that befall any old installations of Windows. As a reminder, do not use the computer to access the Internet while installing all of Windows XP's service packs, patches, hot fixes and other updates.  Windows XP is vulnerable to attack and the computer should remain behind a firewall to prevent its as-yet unfixed vulnerabilities from being exploited.  

Backup strategies

If your usage of Windows XP is routine, there is probably nothing additional you need to do with your installation, other than to download the final set of Windows Updates from Microsoft.  However, if your intended use of Windows XP is for running a business-critical application, then things can get a little trickier.  It is crucial to keep backups of all data running on the OS and if the computer running Windows XP is used to control industrial or scientific equipment, it becomes even more important to keep backup copies not only of the software, but of the hardware as well

Physical security

If the computer running Microsoft Windows XP is going to be in a publicly-accessible location, it's worth taking a moment to consider how to secure it from potential attackers.  While the theft of a computer is quite noticeable, it is likely that far more damage would be caused by an attacker who is able to access the computer for the purposes of installing software, altering its information or copying files from it.  For this reason, it is important to limit access to a computer's input and output devices.  This includes expansion ports like USB ports, access to the power switch, keyboard and mouse, floppy diskette drive, CD and DVD drives. 

Securing Windows XP with Microsoft's built-in tools

Additionally, anyone still using Windows XP can also take advantage of some of the built-in security features in the OS, which include:

Removing Administrator privileges from the accounts that will regularly access the computer and change them to have only Standard User privileges. 

Disabling AutoRun

Enabling Data Execution Prevention

Configuring Windows File Explorer to show file extensions

Enabling the Windows Firewall

At some point, the time will come to decommission remaining computers running Windows XP, until that time these steps will help those still using the OS improve security. 

Contributed by Aryeh Goretsky, distinguished researcher at ESET

*Note: The views expressed in this blog are those of the author and do not necessarily reflect the views of SC Media UK or Haymarket Media.