I guess by now you
have heard that Microsoft ceased support for Windows XP on the 8th of
April 2014. In some circles this is old news, the April 2014 End Of
Life was already known in September 2010, when Microsoft announced
that Windows XP will no longer be sold after 22 October 2010. Many
people mistook this date as the date when Windows XP machines will
stop functioning and this is mainly due to the manner in which the
end of life date was announced, many sources made it sound like the
end of the world for Windows XP users. But is this really the end of
the world? In this article we will look at whether you should upgrade
to a newer version of Windows and how you can stay safe not only on
Windows XP, but on every other operating system as well.
First
of all, your Windows XP machine will not stop functioning, but will
continue to operate as it always did. The only difference is that you
will no longer receive any Windows Updates because Microsoft will no
longer develop patches for Windows XP after 8 April 2014. According
to Microsoft,
existing updates and fixes will still be available, but I guess after
some years Microsoft might even pull these from their servers. The
biggest concern by Microsoft is your security and to quote from their
end of life page; “PCs
running Windows XP after April 8, 2014, should not be considered to
be protected, and it is important that you migrate to a current
supported operating system”.
Technically, this might be true, because should a hacker discover a
flaw in a core component of Windows XP, it could be exploited to
circumvent any security measures on a Windows XP machine and
Microsoft will not be fixing that flaw. But is it fair to say that
every XP machine should not be considered to be protected? In my
humble opinion, no! There are a couple of things you can do to make
sure your Windows XP computer is safe and secure.
I've read quite a
lot of articles about Windows XP coming to end of life and from the
comments on these articles, it is clear that a lot of people are not
really worried about this. Some people feel that Windows XP is a very
old system and people should have upgraded ages ago, while other
believe that Windows XP still caters for all their needs and that
they can continue to use the system without any foreseeable risk or
problems. I am one of those people who have used Windows XP for years
(and still do to a certain extent) without a single phone call to
Microsoft for support. Whenever I ran into problems I always found a
solution on the Internet and chances are you will still find
solutions to Windows XP problems, because forums and articles will
remain on the Internet for years. Computer repair shops will still
have people with the necessary expertise to troubleshoot issues on
Windows XP and many issues on Windows XP can still be addressed by a
system restore or a re-installation, so it is not as if these tools
are going to vanish now that Windows XP has reached its end of life.
The
stark reality remains that at some stage it might be necessary to
upgrade to a newer version of Windows, because certain hardware might
not work on Windows XP, for example in the near future you might not
be able to connect your mobile phone to your Windows XP machine. This
has already been seen with the Nokia Lumia phones (running Windows
Phone off course, so it is no surprise that support for Windows XP is
pathetic). In order to connect a Nokia Lumia phone to a Windows XP
machine, you need to install Service Pack 3 with Microsoft Windows
Media Player 11. The lack of hardware support on Windows XP will boil
over to many devices including DVD players, printers and graphics
cards, because the manufacturers will no longer develop drivers for
these devices. But the chances of installing a new DVD player or the
latest graphics card in an old machine, running Windows XP is fairly
grim. I still use an old Pentium 4 machine with an AGP slot for my
graphics card, so I won't even be able to install a PCI Express card
on that machine, so why would I worry about Windows XP drivers for a
PCI Express card if I can't even install the hardware on the machine?
Still, some people are running Windows XP on fairly new machines, so
when they decide to buy new hardware in the future, they may be
forced to upgrade to a newer Windows version because there won't be
any drivers to run the hardware on Windows XP and I think this should
be the only reason to move away from Windows XP.
Many companies
still run Windows XP on their computers because their in-house
software was developed on Windows XP and upgrading to Windows 7 or
even Windows 8 is not financially viable at the moment. I can also
speak out of experience. Years ago I developed a program in Windows
98 and had to make some modifications to it to make it work under
Windows XP. I know comparing Windows 98 to Windows XP is not the same
as comparing Windows XP to Windows 7, but it remains a pain in the
neck to port your software to a new operating system. I could afford
making the modifications, because I did not make any money from this
software and I did not have any loss in production while I made these
modifications, but certain companies cannot afford the downtime, so
they opt to stay on Windows XP. If your software works well in
Windows XP and you can continue to run your business using Windows
XP, why upgrade? If it is not broken, why fix it? But in the end, I
will still advise companies to develop Windows 7 or 8 solutions on
the sideline, while running your in-house software on the Windows XP
machines in the mean time. Should the time come when you are forced
to upgrade, you will be ready to make the transition without too much
effort. This is easier said than done for small and medium
enterprises, who do not have the necessary manpower and financial
resources to make such a transition, so they opt to stay on Windows
XP for as long as possible. However, when your business model depends
on software running on Windows XP alone, I think it is time to
consider other alternatives, because you might face bankruptcy in the
face if you are forced to leave Windows XP.
Right, so in a
business environment, it might be necessary to upgrade to a newer
version of Windows, but what about the individual, the normal man on
street? I believe they have the least to worry about. If you are a
happy Windows XP user, why upgrade now? When the time comes where a
upgrade is inevitable, you will most likely have to buy a new PC,
because older PC's can hardly handle Windows 7, so what are the
chances of running a future version of Windows on a Celeron, Pentium
4 or Dual Core? (Yes I know, technically you can run Windows 7 for
example on a Pentium 4 or Dual Core, depending on the size of the
processor and RAM, but in the end they perform pretty poor when
compared to running Windows XP on these systems). What about the
Windows XP user who has a newer computer that can handle Windows 7 or
8 quite well? The question is not really about what your computer can
handle, the question is, is it necessary to upgrade, merely out of a
security point of view? I guess it depends on who you are and what
you do on your computer. Unless you are a celebrity or high profile
figure, chances are small that you are going to be targeted by
hackers, but you still run the risk of getting infected by malware,
leaking out personal and sensitive information to the creators of the
malware. In order to get infected by malware you need to do something
to introduce the malware to your system and even if the malware is
exploiting a certain unpatched vulnerability in Windows XP, the
malware still needs access to your system to make use of that
vulnerability. So if you do not browse questionable and dangerous
websites, if you are not “click-happy” (clicking on every link
you see) and ignore strange and suspicious looking e-mails you have a
lower risk introducing malware to your system.
So it boils down to
clever computer use in general and not a specific operating system,
so here are a couple of tips to keep you safe and secure on your PC
(whether you are on Windows XP, Windows 7, Windows 8 and in some
instances these tips are even good practice for Linux users).
PC Safety Tip
#1: Only browse trustworthy websites
The hardest part for this tip is how to identify a trustworthy
website. This discussion is a whole article on its own, but generally
speaking, stay away from sites involved in piracy, pornography or
advertised through spam. Rather stick to well-known sites with a good
reputation and as a rule of thumb, use your gut feeling, if something
is bothering you on a website, rather stay away from it.
PC Security Tip
#2: Do not be “click-happy” but rather “click-vigilant”
Do not click on every single link or ad you see on the Internet or in
an e-mail. You should NEVER click on any link in a suspicious e-mail
and stay away from ads making unrealistic promises, or claiming that
you have a new message, or that there are problems on your PC that
needs fixing, or that you are the quadrillionth visitor to their site
and that you have won a boat trip to the Bahamas. Use your common
sense and once again follow your gut, if it sounds to good to be
true... it probably is.
PC Security
Tip#3: Uninstall all 3rd party software that you do not use
This is a very useful tips for Windows XP users, because you
automatically close down vulnerabilities in your system by removing
unused software. Over time we install a lot of programs and some of
them is only used once to perform one specific task. If you do not
think you are going to use a specific program again, rather uninstall
it.
PC Security
Tip#4: Refrain from adding programs to your system tray / Windows
startup
Not all programs give you the option of adding it to the system tray,
but normally these programs load at startup, so if you want to remove
them, remove them from the Windows startup. As a rule of thumb, if
you are not using it constantly and if it is not a security program,
remove it from your Windows startup. Rather launch it when you need
it, than having it run in the background, filling up your memory and
introducing vulnerabilities to your system. Disable stuff like the
Adobe and Java Updaters and rather update them manually. Do not leave
your GPS updating software running in the background, rather launch
the updater when you actually want to update your GPS. Refrain from
leaving programs like TeamViewer running in the background,
especially if you do not need remote access to that computer on a
constant basis.
PC Security
Tip#5: Do not install browser toolbars or plugins / add-ons
For Windows XP users, this is a must, especially if you want to make
sure you are closing down any possible weaknesses in your system.
Browser plugins and toolbars are the most vulnerable parts of your
browser and is normally exploited to do drive-by installs. These
plugins and toolbars are normally developed by 3rd party developers
and do not go through all the security standards and checks that the
browser's own components had to go through.
Plugins are normally useless, unless it is a plugin for a specific,
useful purpose like a dictionary. Try to stay away from all browser
plugins or add-ons, but if you really need to use a browser plugin,
make sure it is from a trustworthy developer and that the plugin is
widely used.
While there are exceptions to plugins, browser toolbars are always
useless, even the ones developed by anti-virus companies. I haven't
come across a single toolbar that made my life easier. They are
normally used for ads and change stuff in your browser that you never
asked them to do. So stay away from browser toolbars, period.
PC Security
Tip#6: Do not open attachments from unknown senders
You should not even open attachments from known senders if the e-mail
look suspicious. I've seen malware sending itself to everyone on the
victim's address book, so it may appear as if your best friend sent
you a photo, but the attachment is actually an executable (EXE) file
containing malware. Use care when opening e-mails.
PC Security
Tip#7: Never let your browser save your passwords
This is once again a little common sense and good practice. The
safest storage space for a password is your brain, but we all tend to
forget our passwords sometimes, so rather store it in some offline
location or device. Never store your passwords on a device that has
Internet access and make sure the device is encrypted. I am not a big
fan of a password manager, but if you have to use one, once again,
use it on a computer without Internet access.
PC Security Tip
#8: Only use trusted USB drives on your PC and disable Autorun
You should not trust any USB drive unless you use it yourself and
even if you use it yourself, do not plug it into a computer that
doesn't have an anti-virus on it. If you have to borrow it to a
friend, colleague or family member, make sure you scan it with an
anti-virus scanner before using it again. Use a tool like Panda's
USB Vaccine to protect the USB from getting infected with Autorun
malware. This tool can also be used to disable the Autorun feature on
your PC altogether, which is a must for Windows XP users. Do not take
any chances with USB drives on your Windows XP machine, you are more
likely to get infected by a USB drive than being infected by a
malicious e-mail.
PC Security Tip
#9: Use an alternative browser and dump Internet Explorer
Microsoft might have stopped developing patches for Windows XP but
alternative browser developers will continue to support Windows XP
for quite some time. So I suggest a browser like Firefox, Chrome or
even Opera. Remember, these developers will continue to update and
fix their browsers, but Microsoft will no longer patch Internet
Explorer 8 (which is the latest version you can install on Windows
XP). Support for IE8 died when Microsoft pulled the plug on Windows
XP.
PC Security Tip
#10: Use an up to date anti-virus and firewall solution
Why did I not mention this as the first tip, it seems pretty
important to have this in place before anything else, right? Well,
that's not entirely true. If you follow tips 1 to 9 down to the last
letter, without any compromises, I will even go so far as to say that
you can remain safe and secure without any anti-virus software. I am
not promoting the use of a PC without anti-virus software, I'm merely
illustrating the point that you can minimise the risk of becoming a
cyber crime victim, by having some good PC security habits.
It is not good enough to have an anti-virus application as your only
line of defence against cyber attacks, these days you also need a
good firewall on your PC (especially Windows XP users). Your best bet
would be an Internet Security suite like avast
Internet Security, but if you cannot afford the paid version, at
least use a free anti-virus and firewall application.
Most people are running their Internet connections through a router
these days. Make sure you are utilising the firewall features of your
router and if possible, use a router with NAT (Network Address
Translation) capabilities. Having a software firewall on your PC,
combined with a NAT router is a great way of controlling both inbound
and outbound traffic on your computer.
Conclusion
Windows XP is an old system, you can't argue that fact, but it has
been and always will be a great and stable operating system. At some
stage you will have to upgrade to something newer, but it has to be
your own decision. I don't have a problem with Microsoft pulling the
plug on Windows XP, but I have a problem with Microsoft bullying
their loyal users into upgrading, by using scare tactics through
claims that all Windows XP machines are suddenly insecure.
Should you upgrade immediately? Not necessarily, you can continue to
use Windows XP for as long as it does the job for you. The purpose of
this article is to illustrate that PC security is not only vested in
a secure operating system, but also through safe and secure computer
usage practices and habits. It is not the security flaws on its own
that makes an operating system insecure, but the way you use that
operating system, where those security flaws can be exploited.
About
the Author
Coenraad is webmaster and founder of Cyber Top Cops, leaders in Internet security, analysers of security software and raising awareness about spam and malicious software.
Coenraad is webmaster and founder of Cyber Top Cops, leaders in Internet security, analysers of security software and raising awareness about spam and malicious software.
No comments:
Post a Comment