• May 7, 2014

8 DOs and DON’Ts for Keeping your Windows XP Machines Secure

8 DOs and DON’Ts for Keeping your Windows XP Machines Secure

8 DOs and DON’Ts for Keeping your Windows XP Machines Secure 1024 678 Managed Solution
windowsxpexpiredThe highly anticipated XP shut down has come…and gone. For those that have not yet upgraded or are holding on to legacy applications, it is important to protect your computers from vulnerability. One option is to pay for Microsoft’s Extended Support. If that is not within your organization’s means, we suggest following these DOs and DON’Ts for reducing your chances of a compromised system.

DON’Ts: 

1. Do Not Use Internet Explorer

Instead of using Internet Explorer (IE) consider using browsers such as Google Chrome or Mozilla Firefox. IE is the source of numerous attacks, such as the most recent IE Zero-Day vulnerability which gave hackers control of Windows computers. Unsupported operating systems are most at risk because there will never be a patch for new security threats.
If you MUST use IE to access internal applications that simply cannot run on other browsers, lower your risk by removing third-party browser plugins such as Java, Flash and PDF viewers.
 

2. Do Not Use Administrator Accounts

A 2013 Microsoft Vulnerability Study discovered that 92% of all critical security threats were successful in penetrating a system if the user was logged in to an account with administrative rights. Therefore, make sure users log on to a standard, non-admin account when using XP machines, or if you utilize privilege management software you can tailor settings when necessary.

3. Do Not Use Office 2003 or Office XP

Not only has support for Windows XP been discontinued, but support for Office 2003 (or earlier) as well. To reduce the risk of compromise through Office applications make sure you are using an upgraded version of Office. This protective measure applies to any other software running on the OS; upgrade or risk compromise!

4. Do Not Connect to the Network

If you are using Windows XP in a manner that doesn’t require connection to the corporate network, or internet, disconnect for maximum protection. Information can be transferred to other computers via USB stick.
If you MUST remain connected, use network segmentation to isolate XP machines from parts of the network that are sensitive.
 

DOs:

5. Virtualize Windows XP

If you are keeping Windows XP solely to run an old version of Internet Explorer, upgrade to Windows 7 and run IE in XP mode. This mode is a free download for Windows 7 Professional, Enterprise or Ultimate editions. Going this route allows users to work securely in the Windows 7 environment, yet revert back to XP when absolutely necessary.

6. Use Microsoft’s Enhanced Mitigation Experience Toolkit

EMET helps prevent vulnerabilities in software from being exploited by creating additional obstacles that an attacker must bypass in order to gain access. This is a free download that can be found at the Microsoft Security TechCenter.

7. Turn Off Autorun Feature

Computers are often infected with malware when a corrupted drive such as a USB stick is inserted and automatically run. One option is to disable all Autorun capabilities in XP Professional through the Group Policy settings. Another option is to download and deploy Microsoft’s Fix It 50471.

8. Take Advantage of Available XP Security Measures

There are still security features out there to help protect your XP machines. For example, make sure that your internal firewall is turned ON. In addition, tap in to the antivirus software still available such as Security Essentials from Microsoft (available through July 2015) or McAfee and ESET who will extend support for at least three years.

To learn more about how Managed Solution can help keep your technology secure, fill out the contact form to the right or call us at 800-550-3795.