UPDATE (19 April - 04:45 CEST): Flexera, the developer of the Secunia PSI software mentioned in the white paper, has announced that it is being discontinued on April 20, 2018. We are still leaving it in the white paper for historical reasons.

It's probably surprising to see a blog post discussing Windows XP's security in 2018, except perhaps when mentioning the operating system in a historical context. Yet today, ESET is announcing the publication of a white paper on how to maintain this well past its end-of-life operating system.  You can download the white paper here (2.5MB, PDF).

There are over a billion devices running Microsoft Windows--perhaps as many as 1.5 billion devices, depending upon which statistics you look at--and the number of them running Windows XP has stayed about the same over the last few quarters at around 5.5 percent.  While that may not sound like much, it means there may be somewhat over 80 million computers out there still using Windows XP.  For various reasons, they are not being replaced with newer, more secure operating systems.  The goal of publishing our paper is to help people secure those computers until those operating systems can be upgraded.

To be clear, ESET is not advocating the use of Windows XP in this day and age.  Windows XP is an insecure and out-of-date operating system and we do not recommend using it when newer and more secure operating systems are available.  However, since there are still many homes, schools and even small businesses running Windows XP, we can try to get those computers into a better security posture until Windows XP can be replaced.  Using the strategies and procedures we present in our paper could not only help prevent an attacker from taking control of your computer; it also could prevent it from being used as a springboard to attack other computers.

So, what exactly does ESET's paper have in store for you?

The paper itself is 47 pages in length; if that sounds like a lot of information, you may be right.  While much of the information in this paper is aimed at home users and small businesses, IT professionals who support Windows XP in an enterprise environment may still find a few useful tips.

While creating the paper, we envisioned you might have a number of questions, which we are going to answer here in the blog post.

Q: Why release a white paper about Windows XP in 2018?
A: The paper was written over a period of several years, during which we have watched Windows XP's usage level off at about 5 percent.  It seems that these remaining computers are at risk of not being upgraded for quite some time, if at all.  Their maintainers need to take major steps to harden them.

Q: Are you recommending or suggesting that people run Windows XP?
A: No.  ESET does not recommend running out-of-date operating systems.  However, we realize that businesses sometimes do so in order to make use of a key application for their business.  While software such as ESET's can still provide computers still running with a high-level of security, this is not the same as patching vulnerabilities in the operating system, which should only be done by its developers.

Q: Are you really expecting people to read a 47-page long paper on Windows XP?
A: No.  The idea is to provide you with all the information you might use to secure Windows XP in a single location.  You can then move around through the document to read the sections that are relevant to your home or business.

Q: What is the audience for this paper?  Do you have to be a technical person to understand it?
A: The paper is meant primarily for small businesses that still rely on Windows XP for part of their workflow.  However, parts of it may be helpful to consumers and even larger businesses.  We have tried to keep the jargon to a minimum and include step-by-step instructions where possible in order to allow non-technical people to secure their systems.

Q: How long will ESET provide support for Windows XP?
A: ESET has not yet announced an end-of-life for Windows XP support as of the time of this writing.  For more information, see the following ESET Knowledgebase Articles:

ESET is committed to providing its customers with the highest level of protection possible, regardless of what operating system they run.  For more information about Windows XP's security, see the following on WeLiveSecurity:

If you have any questions about securing Windows XP, would like to share your reason(s) for continuing to use XP or to provide any other feedback, please feel free to leave a comment, below.

Are you still using Windows XP?  If so, what are you using it for?  What additional steps have you taken to secure it?  Do you have a tip or trick for securing Windows XP that wasn’t mentioned?  Be sure to let us know, below!