4 Ways To Bulletproof Windows XP Forever

Windows XP is slated to be exterminated for good by Microsoft in April of 2014. It is the last stage of a multi-year effort to kill off the operating system. Microsoft previously cut support for any system running SP2, driving a massive effort across corporations to ensure their systems were all up to SP3. As of April of 2014, even that will no longer be supported with patch updates by Microsoft.

We certainly fell in love with XP here at MakeUseOf, just like everyone else. Even on my recent article on the Windows XP virtual machine, readers were commenting about how Windows XP is not down and out yet. Over the years we’ve brought you topics like finding Windows XP themes, resetting the Windows XP password, and so many other articles too numerous to list here. It’s one of those Windows Operating Systems, like Windows 3.1, Windows 95, and I suspect now also Windows 7, that generated a very loyal user base of people who are not going to be very willing to let go of it at the end of its life.

Windows XP has been no exception. The Gartner research group estimates that by April 8, 2014, even large and midsize companies are going to have at least 10 percent of their computer infrastructure made up of computers running Windows XP. I’ve personally seen it in manufacturing, where Windows XP computers are used to run everything from standalone test or measurement systems, to entire production machines. The operating system can’t be easily upgraded, because the production software running on it is ancient, and won’t run on any newer operating system. Usually, the vendor who wrote the software is long gone. So what’s a person to do?

In this article, I’ll help you make the best of a bad situation, by setting up that Windows XP system in such a way to reduce the likelihood of it getting hit by hacker lightning or a viral epidemic from the larger Internet.

Isolate and Contain

Just be aware that no solution, other than upgrading to a supported operating system, is going to be perfect. If you’re sick of having to pay for OS upgrades, then you might want to consider switching over to Ubuntu or another Linux distro. Short of this, you’re stuck dealing with Microsoft’s never-ending efforts to make more money.

On those old Windows XP systems, the idea is to block as much network traffic as possible, without disabling the PC entirely. You really need to do a full analysis of the system and decide whether or not you even need network access. Can you get away with disconnecting the network and running it as a standalone system, physically isolated from other computers? If you need to transfer data, can you use a USB stick instead?

If none of these options are viable, then start isolating by going into the control panel and clicking on the Windows Firewall.

WinXP1   4 Ways To Bulletproof Windows XP Forever

Turn it on, and if you really want to get strict, you can also select “Don’t allow exceptions”, which won’t even allow traffic listed in the Exceptions tab. This is sort of like disconnecting the network cable anyway, but it’s more of a way to block all incoming traffic than blocking all traffic. It’s likely to disable your software, if it communicates with systems over the network, but it’s worth a try. If it works, then you’re pretty well protected from incoming threats.

WinXP2   4 Ways To Bulletproof Windows XP Forever

Making Internet Browsing Safer

Another method – if you’ve read any of our past articles about killing IE – is to disable the Internet Explorer browser on your XP system. This browser is notorious for inviting hacks, viruses and malware. Hackers have targeted IE for so long that it’s essentially guaranteed that if you’re running an old version of IE on a Windows XP system, your odds of getting infected increase exponentially. So, right now, download an alternative Internet browser for that XP system (if you even need a browser at all).

WinXP3   4 Ways To Bulletproof Windows XP Forever

Once you’ve installed an alternative browser, go into the Control Panel and go to “Add or Remove Programs”. Select the icon to “Set Program Access and Defaults”.

WinXP4   4 Ways To Bulletproof Windows XP Forever

Under “Custom”, you’ll see a checkbox next to “Internet Explorer” to “Enable access to this program”. Deselect this checkbox. This will effectively disable IE on that XP box.

WinXP5   4 Ways To Bulletproof Windows XP Forever

It’ll completely disappear from view under the Start Menu and under Accessories. To the typical user, it’ll appear like IE was completely uninstalled from the system.

WinXP7   4 Ways To Bulletproof Windows XP Forever

Just removing IE alone will make the system significantly safer. Actually, not using any browser at all would help even more, but that really depends on how you need to use that old, vintage XP machine.

If it’s just to run a production system and you occasionally just need to access network drives, then disable IE and don’t install any new browser at all. If you do need to browse the Internet, then at the very least, make it a regular habit to go into the browser settings and get the latest updates. With Chrome, for example, you can check for browser updates by going into the settings and clicking on “About Google Chrome”.

WinXP8   4 Ways To Bulletproof Windows XP Forever

Just because Microsoft won’t be sending your XP any new security patches or updates doesn’t mean that you’ll be unprotected. Lots of vulnerabilities come from the software, not the operating system. So making sure your browser is still updated frequently will go a long way toward protecting you from any problems.

Install Anti-Malware & Antivirus Software

You’ve heard this advice from MakeUseOf for a long time now, but it bears repeating once you stop getting Microsoft patches. Keep that system running with anti-malware and antivirus software, and make sure to keep it fully updated! Remember that running more than one dedicated antivirus program is a bad idea.

WinXP9   4 Ways To Bulletproof Windows XP Forever

Microsoft Security Essentials is a free antivirus and anti-malware tool, which will likely continue working on XP for the foreseeable future. Set up MSE to update definitions automatically, and you won’t even have to think about it.

WinXP10   4 Ways To Bulletproof Windows XP Forever

Know that it is safe to run MSE next to a dedicated antivirus program. If that software stops working on XP, other free antivirus apps out there are sure to keep working for a long time. Open source projects are notorious for offering free software that works on older systems that are no longer supported.

Create a Secure “Gateway”

Another approach to keeping an XP system inside of a corporate environment or on your home network is to isolate that vulnerable system behind a safe “gateway” PC. Here’s my attempt to draw what such a network layout would look like.

gatewaysystem   4 Ways To Bulletproof Windows XP Forever

The red box on the left is your vulnerable XP system. This system would connect to a hub, where another system would be connected to it on the same subnet. This second system should be a fully patched, non-vulnerable Windows 7 or Windows 8 system.

This safe system would then pass through another hub via a second network card, and this would provide an indirect connection to the larger network. If you make the internal hub a router with DHCP disabled, you can enable a strict firewall as well, so that very little can actually pass through even from the “safe” gateway PC over to the Windows XP machine.

WinXP11   4 Ways To Bulletproof Windows XP Forever

On a Linksys router, you can disable DHCP, which essentially transforms it into a basic hub.

WinXP12   4 Ways To Bulletproof Windows XP Forever

This isn’t the perfect setup, because to actually transfer data off the XP machine and onto the larger network, you’d need to set up a system using something like FreeFileSync to transfer files off the XP onto the Gateway. Then, any system on the larger network could grab those copied files off the gateway PC.

This wouldn’t work so well if you need Internet access from the XP machine, but it’s an idea setup for those production systems where you need an easy way to get data onto and off of the local PC that’s running the process, but you still want to keep it fairly isolated from the larger network.

Conclusion

There are plenty of options right now for people that want to continue using XP for a while longer, even after Windows stops sending out patches for it. However, you have to keep in mind that XP will become a significant target for hackers who will not try to target people that are still using these older systems. Any vulnerability will remain after a hacker has found an exploit. Isolating your system using an approach above will help, but in the end you really have no choice but to try and upgrade your system so that you can finally move on from the beloved Windows XP system.

Are you facing a difficult transition off of XP? What challenges are you expecting? Share your own experiences and ideas in the comments section below.

The comments were closed because the article is more than 180 days old.

If you have any questions related to what's mentioned in the article or need help with any computer issue, ask it on MakeUseOf Answers—We and our community will be more than happy to help.

13 Comments -

0 votes

YYF

Are home (non-corporate) XP users really affected by the end of support? I would imagine that it’s mostly production environments that need to be upgrading, right?

0 votes

likefunbutnot

They will be when mainstream security products stop installing on XP.

0 votes

Davin Peterson

My office still uses Windows XP and is in the process of upgrading to Windows 7. If Microsoft wasn’t dropping support, then we would not be upgrading our PCs.

I’ve noticed that allot of TV/Radio stations still use Windows XP. I can see when they show pictures of the studio.

Windows XP is a good, stable OS which many people still like, however it is a bit dated.

0 votes

dragonmouth

Instead of replacing IE with Chrome, which exchanges one overlord for another, how about installing Comodo’s Dragon or Ice Dragon browser? Those are more secure versions of FireFox and Chrome.

I suppose Microsoft Security Essentials is better than nothing but in many tests it has gotten low scores. It is quite porous.

“non-vulnerable Windows 7 or Windows 8 system.”
Isn’t that a contradiction in terms? :)

0 votes

Saikat Basu

Reverse logic — malware incidences just might go down as the focus shifts to Windows 7 upwards, and WinXp’s use declines :)

0 votes

Tony

If you want to protect your PC why use the SpyWare Chrome, FireFox is a better option.

0 votes

Kristian A

This is ridiculous because most people using google for search somethings or youtube and they using cookies and spy every step that you do even you not using their browser.

0 votes

imran khan

love

0 votes

Kyle Dain

Windows XP will live forever. Don’t open un-necessary ports, and use a good tomato or dd-wrt router., Buy some NEW hardware, use Windows XP with the latest version of the Driver Packs, and enjoiy the fastest, best Windows XPerience possible.

A “new” computer DOES NOT mean that is must come with a “new” version of Windows.

Buy fast, new hardware, and USE XP!

-Kyle

0 votes
1 votes

Base

Y2K part II . 1/3 of the planet have Xp and most don’t want to change especially since you would have to wipe the machine and dig out all your old install software for everything you had.. I personally will not give in easily and there are ways to secure an XP one being disable internet explore (which I hate anyway). Microsoft are taking a chance as people might decide to change away from windows to one of the many other choices available these days so I hope people ignore the warnings and keep XP. They might be forced to support in it some way if people ignore the warnings, but even If they introduced a yearly charge for XP support surely they would make a lot of money considering the multi million amount of machines out there?
XP Forever!

1 votes

Robert Carrick

I’m wondering if it will still be possible to re-install XP on licensed machines after things like HDD replacement? What will happen with the activation servers?

1 votes

Robert Young

Have already implemented most of the suggestions to keep XP safe to use for years to come. I run dozens of XP system in my businesses and home and will not upgrade. XP will be around for a few decades more or longer. As long as there are ways to “enhance it” there is no real reason to waste time and money. Other new third party enhancements will appear and a whole “XP Support” industry will also keep this OS viable in the years to come.