How to keep your PC secure when Microsoft ends Windows XP support
The Windows XPocalypse is almost upon us. After a legendary dozen year run, Microsoft will stop providing security patches for Windows XP on April 8, 2014. Without Microsoft’s protection, all those WinXP PCs will have targets painted on their hard drives.
Nearly 30 percent of Internet-connected PCs still run Windows XP, and no, they won’t die that day. They’ll continue running like normal, but they’ll be rotting inside, becoming increasingly full of security holes. Microsoft itself has dubbed the condition “Zero day forever.”
Look, let’s be honest. You should upgrade from Windows XP right now if at all possible—but not everyone can cut the XP cord so completely. If you can’t upgrade, there are some things you can do to protect yourself. Make no mistake: These tricks are like sticking your finger in a leaking dam. They’ll help a bit, but the dam is crumbling and it’s time to get out of the way.
Understand the risks
When Microsoft says it’s ending support for Windows XP, that means it will no longer produce security patches for critical vulnerabilities in the operating system. As time goes on, more and more critical security holes will be found, and attackers will have free reign to exploit them. Large organizations can pay exorbitant fees for continued custom Windows XP support, but those updates will never trickle out to everyday users or small businesses.
Smart attackers are likely waiting to exploit holes they already know about. They’ll unleash their attacks when Microsoft has moved on. The problems will never be fixed, so they can continue to attack them until the last Windows XP system vanishes from the Internet.
Other software developers will eventually stop supporting Windows XP, just as they no longer support Windows 98, creating even more attack vectors. This won’t happen overnight, but Windows XP will gradually be abandoned by everyone.
Choose your software wisely
If you use Microsoft’s Internet Explorer, it’s time to let go. Internet Explorer 8, the most recent version available for Windows XP, is already several generations old and will no longer receive security patches. Google Chrome will continue supporting Windows XP until at least April 2015, while Mozilla Firefox has no announced plans to stop supporting Windows XP. So switch to Chrome or Firefox and you’ll have a secure, modern browser.
Most antivirus solutions will still continue supporting Windows XP. Even Microsoft’s own Microsoft Security Essentials will support Windows XP until July 14, 2015. Antivirus-testing company AV-TEST asked 30 different antivirus companies about their plans for Windows XP support and all of them committed to support Windows XP until at least April 8, 2015. Most committed to supporting it for even longer, into at least 2016.
Be sure you’re using an antivirus program that’s actually receiving updates, though, because that expired copy of Norton isn’t going to help you. An antivirus app isn’t a foolproof solution, and Microsoft warns, “Our research shows that the effectiveness of anti-malware solutions on out-of-support operating systems is limited.” Still, having some type of third-party protection certainly won’t hurt.
If you’re still using the now-defunct Outlook Express, you should stop using it right now. If you really love the Outlook experience, switch to the full version of Outlook included in Microsoft Office. Mozilla is still supporting Mozilla Thunderbird with security patches, though it’s unclear how long they’ll support Thunderbird on older operating system. Of course, you can always just use a web-based email service in Chrome or Firefox.
Microsoft will also stop supporting Office 2003 on April 8, 2014. If you’re still using Office 2003—or, even worse, Office XP— you should update to a newer, supported version of Office for improved security. Yes, this means only ribbon-ified versions of Office will be supported. Sorry.
Remove insecure software
The Java browser plug-in is extremely exploit-prone on any operating system. Unless you really need Java for a specific purpose, you should uninstall it. If you do need it, be sure to disable the browser plug-in and keep it up-to-date.
Other browser plug-ins are also frequently targeted by attackers. Adobe Flash and Adobe Reader are particularly crucial, so keep them up-to-date. Modern versions update themselves automatically, but older versions didn’t even check for updates. If you don’t need these applications, you should probably uninstall them to lock down your XP system as much as possible.
PCWorld senior writer Brad Chacos got sick of the constant security klaxons and tried living without Java, Reader, and Flash, discovering that it should be surprisingly easy for many people.
To scan for unpatched software on your computer, you can perform a scan with Secunia PSI, a tool that will scan your system for security problems. You can also visit Mozilla’s Plugin Check page to see if you have outdated browser plugins installed. Don’t let the name fool you—it works in other browsers, too, not just Firefox.
Insecure behavior will be magnified in a post-patch world, too, so be sure to check out PCWorld’s guides to keeping your PC safe in the web’s worst neighborhoods and protecting yourself against devious security traps.
Now let’s roll up our sleeves and dig into the more drastic, but totally appropriate measures.
Let’s say you still need Windows XP to run some crucial business application, or to interface with a piece of hardware that doesn’t work with newer versions of Windows. If possible, you should disconnect that Windows XP machine from the network.
Sure, you won’t be able to do this if you need Internet or even local network access on your XP system. But, if you can, this is the easiest, most fool-proof way to keep an important Windows XP computer secure.
Use a limited account day-to-day
Barring being purely disconnected, if there’s a single tip that could make any Windows PC more secure, it’s this: Stay away from administrator accounts. If you’re blasted by malware, it can only do as much damage as the account it infects. Admin accounts give baddies the keys to your computing kingdom.
Once Windows XP stops being patched, stick to using a Limited account for your day-to-day activities if at all possible. Use an admin account to create the locked-down login and stock it with the software you need—keeping our previous program advice in mind—and then don’t stray from Limited land unless you need to install or update software. (And even then, only stick in the admin account for as long as is absolutely necessary to get the installation done.)
Confine Windows XP to a virtual machine
Virtual machines are an excellent way to continue using software that requires Windows XP while also upgrading to a newer version of Windows. They allow you to run Windows XP in an isolated container, placing an entire Windows XP system into a window on your desktop. Windows 7 Professional includes Windows XP Mode for just this reason, offering businesses and other professional users the ability to easily set up a Windows XP virtual machine without buying an additional Windows XP license.
If you’re upgrading to Windows 8 or even Windows 7 Home, Windows XP Mode is not included. If you really want to use Windows XP in a virtual machine, you’ll have to get a boxed copy of Windows XP—if you have an old one, that will work—and install it inside a virtual machine. You don’t have to buy virtual machine software—the free VirtualBox and VMware Player will both work fine.
Virtual machines will allow you to run most types of Windows XP applications, but not all of them. If an application needs direct access to a piece of hardware, it may not work.
Note that Microsoft is also ending support for Windows XP Mode and Windows XP in virtual machines on April 8, 2014. However, if you have to run Windows XP, running it in a virtual machine on a modern version of Windows is much more secure than running Windows XP as your primary operating system.
Let’s say you have a trusty old Windows XP PC that works okay for browsing the web and you just don’t want to buy a new PC or a new version of Windows. To stay secure, you can try installing Ubuntu Linux—we have guides to ease the transition and make Ubuntu look like Windows 7—or even Lubuntu, a more lightweight version of Ubuntu. These completely free operating systems are designed to work well on older hardware, and will be supported with security patches for years to come. In fact, the city of Munich recently handed out Ubuntu discs to their citizens to help them sidestep the Windows XPocalypse threat.
If you’re ready to upgrade to a new version of Windows but Windows 8 puts you off, you can still upgrade to Windows 7. It’ll be supported until 2020. New copies of Windows 7 or 8 cost nearly $100, however, and they might not run on hardware from the XP era, so you could be better off just buying a new computer and getting a modern version of Windows included.
Sure, Microsoft just wants to sell you a new Windows license, but it has been 12 years. Even if you have to use Windows XP for a bit longer, you should really be making plans to move on. You don’t have to go to Windows 8, but you can’t stay here—not for long, at least.