5 Tips for protecting Windows XP machines after April 8, 2014

As you may have read in my post earlier this week about the end of days for Windows XP, Microsoft will cease providing security updates for this operating system on April 8, 2014. If you cannot get away from Windows XP just yet, there are still a few things you can do to defend your XP machines:

  1. The first thing is to make sure that you back up your computer’s files regularly, and periodically test you’re your backup strategy by restoring backups, preferably on a different computer, a few times a year. This helps ensure that in the event of a catastrophe, you will still have access to the information on your computer. The time to worry about your backups is not when faced with a virus, fire, earthquake or other calamity.
  2. The next thing to do is to make sure that your copy of Windows XP is up-to-date. Although Microsoft will stop making new updates for Windows XP after April 8, 2014, all of the old updates from before then will still be available, and should be applied. This also applies to the device driver software (a device driver is a computer program that allows the operating system to communicate with a particular kind of hardware), which may be available from your computer manufacturer or Microsoft’s Windows Update web site.
  3. In addition to the operating system and drivers, you should also make sure you have the latest versions of your application software on the computer, and that those are fully-patched and updated. Programs like Adobe Flash, Adobe Reader and Oracle Corp.’s Java are frequently targeted by the criminal gangs that develop and use malware, so keeping these up-to-date is just as important as looking after the operating system. Other software that you use, such as Microsoft Office, web browsers and so forth, should be on the latest version and have the latest patches applied as well.
  4. If the computer does not have to be connected to the Internet, disconnect or disable the connection so that the PC can only connect to other machines on the same non-Internet network. This will ensure that Internet-borne threats cannot directly attack your XP PC, and will make it harder for an attacker to steal data off the computer.
  5. Make sure your security software is up-to-date, as well. There are lots of security programs available for Windows XP, and most of their authors have committed to supporting Windows XP for years to come. Some are free, while others are sold as a subscription. A discussion of the features needed to protect Windows XP is outside the scope of this article, but at the very least, I would recommend looking for a security program that combines signature-based and heuristic detection, includes a firewall, and has some kind of host intrusion protection system. Vulnerability shielding and exploit blocking will be useful as well, as Windows XP will no longer be updated by Microsoft to protect against these types of attacks.

While these tips will help, your main goal should figuring out how to move away from Windows XP. If it is simply a matter of replacing a critical application, work out the cost and build that into your operating budget, likewise for computer upgrades or even replacement computers. That may be a capital expense, and an unwanted one in this economy, however, it is still better than going out of business because outdated computers failed or critical data was stolen.

Having to replace working computers every few years is not fun, but, like other mechanical equipment, computers do wear out and need to be replaced. Software, too, gets updated periodically, not just with security patches, but new features and functionality as well, that can improve your bottom line. You might find my podcast on security for older systems to be helpful listening material.

For readers who are using ESET for their anti-malware protection there is a helpful Knowledgebase article “Microsoft Windows XP end of support and ESET products.” ESET is committed to supporting the Microsoft Windows XP operating system for 32-bit and 64-bit versions of ESET products at least until the end of April, 2017.

Author Aryeh Goretsky, ESET

  • William Irvine

    There should be a law that protects consumers against companies like Microsoft Windows from pulling the rug out from under consumers who have computers with Windows XP and cannot download Windows 7 or 8 because of compatibility issues. I cannot afford a new computer. There goes my job, thank you very much.

    • Hello William,

      Microsoft had postponed the end of life for Windows XP in order to allow businesses and consumers to upgrade to newer versions of Windows. The final “no more extensions” date was announced three years ago in 2011, and Microsoft has done a lot of outreach to let people know that on April 8, 2014, the operating system would be retired.

      That’s not to say, though, that the operating system is useless. After all, your computer did not spontaneously generate a puff of smoke and stop working all of a sudden, just because it is running Windows XP.

      What it does mean, though, is that you are going to be at greater risk in the future, as vulnerabilities in the operating system will no longer be fixed Microsoft. ESET will continue to provide you with protection against threats targeting Windows XP, but bear in mind that’s not the same as fixing the operating system so those threats no longer work on it.

      We are working on additional articles about Windows XP, so stay tuned to We Live Security for more information.

      Thanks for your comments.


      Aryeh Goretsky

    • disqusted dude

      I am simply astounded at the (apparent) increasing hullabaloo over the notion of MS dropping support of XP. This does NOT means that your Operating System will fail on 14 April 2014. Neither does that mean that nefarious malfunctionaries lurking in the shadowy recesses of the internet are just waiting to pounce upon XP users at midnight of 14 April. To the contrary, because XP is becoming less and less prevalent, those malfunctionaries will find decreasing interest in spreading to the decreasing field. I do NOT use my XP computers for business, but only for my own personal pleasure. And, I don’t even use an anti-virus program. I only use a ten-year-old firewall because it was free and does precisely what I desire it to do in preventing ‘call-outs’. Have I even had a trojan or virus? Sure .. but, only extremely rarely. In those case, I know how to make and replace a pristine image of my smoothly purring OS. You should, too, and refuse to be bullied by Micro$oft’$ pernicious desire to inflate their stocks.

      • Hello Disqusted,

        Depending upon what statistics you look at and from where, the statistics for usage of Microsoft Windows XP vary wildly. For example at one extreme, Valve’s Steam Hardware & Software Survey: March 2014 puts the number of gamers still running Windows XP at 5.63%, while StatCounter’s Global Stats puts the number of computers at 49.05% in China as of January 2014. ESET’s LiveGrid™ telemetry shows us that about 30% of our customers are still running Windows XP globally, which I suspect is a more accurate tally of what’s really out there, XP-wise.

        While that may not sound like a large number, keep in mind there are about two billion PCs out there, most of which are running Windows, so that’s a huge number of targetable systems in absolute terms.

        It is important to keep in mind that the age of the operating system or how it is being used matters little to an attacker; if they are some kind of criminal, they want to make money from the system in some way, whether it’s using it in a botnet for DDoS attacks, or for establishing a foothold into a corporate network. One also has to wonder about what happens to things like PCs used in accounting departments where they run Windows XP because the app or web browser can’t be updated–those sorts of computers are prime targets.

        I strongly recommend using anti-malware software on any computer, not necessarily because the use may engage in risky behavior, but because the Internet is filled with people who do, and protecting your computer from them is one of the primary jobs of security software. if you are unable (or unwilling) to purchase software such as ESET’s, there are always free alternatives available; they may not be as good, but they do provide some level of protection, which is better than none. You might also want to try running something like ESET’s Online Scanner once in a while. It’s free, and while it won’t prevent a computer from being infected since it doesn’t offer real-time protection, it will certainly tell you what the computer is infected with and can remove it.
        While it is very easy to conflate the retirement of Windows XP with Microsoft’s desire to increase its stock value, the truth is that Microsoft could have reportedly made an additional 300-500 million dollars in additional revenue by continuing to sell premium support for Windows XP. They chose to give that up, though: As tempting as the additional revenue might have been, the benefits of continuing Windows XP were outweighed by the security problems from the twelve-and-a-half year old operating system. Frankly, even keeping an operating system supported for that long was pretty amazing engineering effort. Neither Apple nor any Linux distribution maintainer offers a decade of support for their operating system.

        Speaking of which, if you do want to continue using that computer and you are unwilling or unable to pay for a new version of Windows, you might want to consider switching to one of the various Linux distributions out there, such as Arch, Mint, Ubuntu or one of the other many “desktop friendly” ones. They tend to run well even on modest hardware, and there’s a lot of great community support out there for them as well, if you’re unable/unwilling to purchase one with a paid support offering, like Red Hat or SUSE.

        Thanks for your comments.
        Aryeh Goretsky

  • Anteaus


    Gives XP computers similar protection to UAE in Windows 7.

    Also, in most cases you should uninstall ALL versions of Sun/Oracle Java, which is a major security hole and seldom needed. In the rare case where it is needed, ensure that all OLD versions are removed, as they can still be an attack vector.

    Turn off the feature which displays Acrobat/PDF files in the Web browser. This gives no practical advantage over viewing in the Adobe Reader itself, and creates a situation where a malicious site can ‘push’ an infected PDF at you without your knowledge or OK.

    Finally, you shouldn’t need telling, but DON’T USE INTERNET EXPLORER. Especially not IE6. Get something more secure, eg Firefox.

    The last three also apply to Windows 7/8.

Follow us

Copyright © 2018 ESET, All Rights Reserved.