Maybe you weren’t able to migrate all your Windows XP machines to Windows 7 before Microsoft dropped support back in April. Or maybe you have critical infrastructure that currently only supports Windows XP.
The truth is, if you weren’t able to ditch Windows XP you’re not alone.
More than one-quarter of the 1.5 billion PCs in the world are believed to still be running XP. The problem is, with each passing day, these machines become more attractive targets for hackers. Here’s what you can do to mitigate risk to your remaining Windows XP assets.
Take Them Offline if Possible
Some organizations have put their XP machines on dedicated network segments and limiting access by other organization machines. The ones you need to be most concerned about are the ones running business systems. The point-of-sale terminals involved in the Target data breach last year were running XP, and XP machines are more vulnerable as more time passes. Cutting them off from the internet can help.
Keeping XP machines offline altogether is ideal, but if you can’t do that, you can install Linux on these machines (or boot Linux from a CD) and use it that way for things like surfing and email. This is a pain, and it’s slow, but it does allow you to get online while continuing to use XP.
Use Limited Accounts if You Have to Go Online
If someone must go online with XP, make sure he goes online from a limited account rather than an administrator account. Malware that gets into an administrator account can do much more damage than that which gets into a limited account. You can click the “Use Fast User Switching” box when you set up a limited account to make it easier to switch back to an administrator account for doing things like installing software. Protect all XP accounts with passwords and use Firefox or Chrome rather than IE 6,7, or 8, which are less secure.
Once you’ve done this, add the “HTTPS Everywhere” browser extension so your browser will use encrypted communication to interact with websites when possible. Finally: don’t be stupid. If you’re going to a site offering free movies or software (even worse), you’re taking serious chances.
If this guy’s sitting on your shoulder urging you to go to “that” website, don’t listen to him!
Use Good Security Software
Microsoft will continue to update Microsoft Security Essentials, but you’re better off using a belt-and-suspenders approach and adding extra protection. You can go here for some comparisons of your options. Some organizations choose to replace their Windows XP firewalls. You can find out more about your options here. You might also consider using a plugin that analyzes websites and blocks ones that seem suspicious. One free option is Web of Trust which you can get for Firefox, Chrome, or IE.
Keep Software Updated and Get Rid of Unneeded Software
If you can uninstall all versions of Java and manage without it, do so. Otherwise, make sure Java is kept up to date, as well as Adobe Flash and Adobe Acrobat. It’s smart to run the Add / Remove Programs utility and get rid of programs that aren’t being used. Fewer software programs mean fewer targets. Make sure you update browser plug-ins too, and get rid of plug-ins you don’t need. It will help security and may make your browser faster.
Finally: Be Watchful
Taking steps to make your remaining Windows XP assets less vulnerable is important, but there’s no substitute for continued monitoring and end-user education. Make sure your Windows XP end-users know what to watch out for and what to do if they are worried about their system’s security. Keep a watchful eye on increased network activity, command and control traffic, or other signs that something is amiss, and act accordingly. A little paranoia may be a good thing when protecting your assets that still use XP.