THE WINDOWS XPOCALYPSE is upon us: Microsoft is no longer providing security patches for Windows XP as of April 8, 2014. Nearly 30 percent of Internet-connected PCs still run XP. They’ll continue operating normally, but they’ll be rotting inside, suffering from increasingly numerous security holes.
If you’re using Windows XP, and you can’t upgrade your machine immediately, you can protect yourself. Make no mistake, however: The following tricks are like sticking your finger into a leaking dam. They’ll help a bit, but the dam is crumbling.
Choose your sofware wisely
If you use Internet Explorer, let it go—IE 8, the most recent version available for XP, is no longer receiving patches. In contrast, Google Chrome will continue supporting Windows XP until at least April 2015, while Mozilla Firefox has no announced plans to stop supporting XP.
Most antivirus utilities will continue supporting XP; even Microsoft Security Essentials will do so until July 14, 2015. Antivirus-testing company AV-Test asked 30 antivirus companies (go.pcworld.com/ avsupport) about their intentions, and all of them committed to supporting XP until at least April 8, 2015. Most committed to an even longer period, into at least 2016. Be sure you’re using an antivirus program that’s receiving updates, though. And as Microsoft warns (go.pcworld.com/xpav), remember that “the effectiveness of anti- malware solutions on out-of-support operating systems is limited.” If you’re still using the defunct Outlook Express, switch to the full version of Outlook in Microsoft Office. If you want an alternative, Mozilla is still supporting Thunderbird with patches, though it’s unclear how long Thunderbird support on older operating systems will continue.
Or you can use a Web-based email service in Chrome or Firefox.
Office 2003 is losing its support just as XP is. If you’re using that suite—or, even worse, Office XP—update to a newer, supported version. (Yes, this means a Ribbon-bedecked version. Sorry.)
Remove insecure sofware
The Java browser plug-in is exploit-prone on any OS. Unless you need Java for a specific purpose, uninstall it. If you need it, disable the browser plug-in (go.pcworld.com/ditchplugins) and keep it up-to-date.
Attackers frequently target other browser plug-ins, too; Adobe Flash and Adobe Reader are crucial. Modern versions of Flash and Reader update themselves automatically, but older versions didn’t even check for updates. If you don’t need these applications, uninstall them.
Scan for unpatched software on your computer with Secunia PSI (go.pcworld.com/secunia_psi). You can also visit Mozilla’s Plugin Check page (go.pcworld.com/plugincheck) to see if outdated browser plug- ins are installed. Don’t let the page’s name fool you: The check works in other browsers, too, not just Firefox.
Risky behavior will be magnified in a post-patch world. For tips, check out our complete guides to staying safe in the Web’s worst neighborhoods (go.pcworld.com/websworst) and guarding against devious security traps (go.pcworld.com/devious).
Take drastic measures
Now let’s dig into the more radical but totally appropriate tactics.
Go ofline: Say you need Windows XP only to run a crucial business application, or to interact with hardware that doesn’t function with newer versions of Windows.
In this case, disconnect that Windows XP system from the network if possible. This action is the easiest, most foolproof way to keep a Windows XP computer secure.
Use a limited account: If your machine is blasted by malware, the invader can do only as much damage as the account it infects. Administrator accounts (go.pcworld.com/ adminrisk) give baddies the keys to your computing kingdom. Stick to using a limited account for your day-to-day activities. Use an admin account to create the locked-down login and fill it with the software you need, and afterward don’t stray from limited land unless you need to install or update software. (And even then, use the admin account only for as long as is necessary to finish the installation.) Confine XP to a virtual machine: Virtual machines let you run Windows XP in an isolated container (go.pcworld.com/vminternet), placing it in a window on your desktop. Windows 7 Professional includes Windows XP Mode for just this reason, offering businesses and other professional users the ability to set up such a virtual machine without buying an additional Windows XP license.
If you’re upgrading to Windows 8 or Windows 7 Home, however, Windows XP Mode is not included. In this situation you’ll have to get a boxed copy of Windows XP—an old one will work—and then install it inside a virtual machine. Fortunately, you don’t have to buy virtual machine software: The free VirtualBox (go.pcworld.com/virtualbox43) or VMware Player (go.pcworld.com/vmwarepl) will work fine.
Inside a virtual machine, you can run most Windows XP applications.
Note, however, that if a program needs direct access to a piece of hardware, it may not work.
Remember, too, that the cessation of Microsoft support extends to Windows XP Mode and Windows XP in virtual machines. However, running XP in a virtual machine on a modern version of Windows is much more secure than running XP as your primary OS.
Suppose you have a trusty old XP system that works for Web browsing and you don’t want to invest in a new computer or a new Windows. To stay secure, you might try installing Ubuntu Linux (go.pcworld.com/ ubuntuguide) and tweaking its appearance (go.pcworld.com/ tweakubuntu), or perhaps installing the more lightweight Lubuntu (go.pcworld.com/lubuntu). These completely free OSs work well on older hardware, and will be supported with patches for years to come.
If Windows 8 puts you off, you can still upgrade to Windows 7, which Microsoft will support until 2020. New copies of Windows 7 or 8, though, and they might not run on XP-era hardware, so you may be better off buying a whole new computer.
Sure, Microsoft wants to sell you a new Windows license, but it’s been 12 years. Make plans to move on. You don’t have to go to Windows 8, but you can’t stay here—not for long, anyway.