tSc’s Windows XP Survival Toolkit
Updated June 11, 2015.
Seven days after Microsoft kinda stopped supporting Windows XP, the world is (for the most part) no worse than it was last week. Here’s the reality: MANY people and MANY businesses have no intention of changing from Windows XP any time soon. All echo each other with similar reasons: the time involved, the cost, the learning curve, software which isn’t available otherwise, loss of familiarity, not knowing the current hardware landscape, etcetera.
The techies and computer people will enrage, they will huff and puff in dispute but yet another reality is that most people can continue using Windows XP without problems, at least for now. The biggest reason for this is because normal people aren’t on the radar of advanced or targeted attacks. You’re not a credit card processing company, you’re not monitoring a power grid and you’re likely not a high-level politician, business executive or military officer.
When the bulk of your computer activities is internet browsing, documents and email, the ways to break in are limited to:
- Social engineering. This is when someone sends you a malicious email or attachment and gets you to enter your personal information.
- Attacking internet-facing services accessible by your computer’s open ports.
- Opening unknowingly infected files you received from other people.
- Drive-by infections from websites you visit.
- Someone breaks into your house and has physical access to your computer (the evil maid attack)…but then you have bigger problems than no more XP security patches.
Yes, there are downsides with sticking by XP’s side and make no mistake, you do increase your risk but the world will not implode as seems to be the general online sentiment. After all, many people drive old cars without airbags in every crevice, many people live in old houses having no idea what’s in the walls—that’s increased risk, not Armageddon and not reason to suddenly buy something cookie-cutter new.
This page is called the XP Survival Toolkit because it gives you the bare essentials to apply right now, and then some. The monetary cost is very small if applicable and the time involved is not much beyond the duration of your favorite movie but these are the key points if you intend to press on with XP, especially if you in any way deal with business documents and customer data. I’m not saying you should indefinitely use XP as your primary computer’s operating system, but with what’s written here, you can at least buy yourself more time as you form a decision and prepare for migration.
1. Get Behind a Router
Here’s a very simple map of your computer’s connection to the internet (or rather, what it should be). The internet line comes into the house which eventually goes to your modem or some kind of signal conversion box. The modem is plugged into the router and then your computer connects to the router either by an ethernet wire or by WiFi.
Another common setup is the same as above, only the router and modem are combined into one box, but neither are universal. For various reasons, many people just plug their computer directly into the modem and this is a unanimous no-no unless you’re troubleshooting a connection problem and your computer is properly hardened. No matter what the operating system, you want to access to the internet from behind router.
What is a router? It’s a colloquial term for a box which, at minimum, gives you a local network. It includes a firewall and doesn’t expose your computer’s network services to the bare internet where they can be hammered away at by automated bots. Most routers can connect up to 4 computers by ethernet and more than you’d ever need by WiFi, while many also have USB ports for network storage and can give printer access over your network.
A router is a small one-time investment and because they’re such inexpensive ultra-consumable devices like mobile phones, there’s not much reason to buy a router new. For many models on Amazon, you’ll find links to order a used version in very good condition for less money. Your local classifieds and Craigslist could turn up even better deals.
Most routers come with a diagram showing how to hook it up but it’s just a matter of unplugging your computer from the modem, then plugging both into the router. Any other configurations are done through your internet browser. Chrome, Firefox, Internet Explorer, any will do. The included diagram pamphlet will give the web address and the username/password you need. Usually it’s http://192.168.1.1 and admin/admin.
This page is only meant to be a brief emergency guide but a router these days does need to be properly hardened. The default settings on these devices are horribly insecure and the firmware on store-bought new models usually needs updating (all this goes for modems too, by the way). At the absolute minimum, change the default admin/admin login and password and give the WiFi a good password.
2. Update XP One Last Time
All the Microsoft updates previously released for Windows XP are still available, even after April 8th. If your XP computer isn’t current with these patches, make sure it is. First you should figure out which XP Service Pack you have, if any. To do this, go to Start and click Run. Type winver and press Enter. You will then see something like this:
Service Pack 3 is what you want. If you see only Service Pack 1 or no Service Pack listed at all, you first need SP1a. Download and install that from Microsoft here. From Service packs 1a or 2, you can jump right up to 3 and here is the link from Microsoft for SP3.
Once you’re on Service Pack 3, you can grab all the XP updates from SP3 to April 8th. Click Start, go to All Programs, then Accessories and click Windows Update near the top of the menu. This opens Internet Explorer and from here you can follow the prompts. If it asks to install an ActiveX script from Microsoft, choose yes.
The Windows updater may need to update itself before it gets the actual system updates. Eventually you will be given the option for an Express or Custom install. Custom gives you an itemized and editable list of everything you’re about to install.
If this is torturous and you just want to be finished, choose Express and leave the computer alone for a while. When it’s done, you’ll have an April 8th current Windows XP.
3. Use Chrome or Firefox, Not Internet Explorer
This isn’t a Google vs. Microsoft thing. This is an extremely outdated browser lacking modern security features and conveniences versus one which does not thing. Now that your XP is shiny and recent, you have Internet Explorer 8. Microsoft has long given up on this version (as are even web developers) to focus on IE 11 and beyond.
Problem is, Internet Explorer 8 is the newest IE there is for XP so your only alternative is to use something else. Though it’s not as potent on XP compared to later versions of Windows, Google Chrome is currently the most secure browser available and Google will support it in XP “through the end of 2015“. If you don’t want Chrome, Mozilla Firefox and Opera each have said they currently have no plan to drop XP support at all.
What does a current version of Chrome, Firefox or Opera give you? They launch and load websites faster than Internet Explorer 8 and they’re using modern security techniques like the latest encryption protocols, URL scanning, more advanced process separation and on-demand plugins. They’re stable and reliable performers which automatically update themselves, they more accurately render web pages than Internet Explorer because they more closely adhere to web development standards and they open up a whole new dimension of features if you explore their extension libraries.
Here is where you can download Google Chrome, see here for Firefox and here for Opera. Though all three browsers should ask you by default, here are instructions to import your bookmarks and history (but never import cookies!) from Internet Explorer to Chrome, here for Firefox and here for Opera.
4. Back Up Your Data
This is critical and it applies to everyone, not just people on XP. If you do get some kind of malware infection, if your laptop gets stolen or suffers an untimely end, yeah none of those things are fun, but at least you still have all your accounting papers, documents, photos, music, etc.
The aim here is to duplicate all your files onto an external hard drive. Go to Start, click My Computer, then Local Disk (C:). To make things quick & easy, just right-click and copy the entire Documents and Settings folder, or you can sort through there for the stuff you want and leave what you do not. Paste the folder(s) onto an external drive, not a different place on the same computer. When you click Paste, walk away from the computer until it’s finished, don’t do anything in the background. This minimizes the chance of the file manager program having problems and something corrupting your data. Computers can be very moody about large file transfers.
Late XP-era computers should have around 250-350 gigabytes of storage. You may not even be using that much but a brand new 500 GB external hard drive with a USB connector will cost around $60 USD. If you need more space, 1 terabyte (1000 gigabytes) will be around $90. For data backups, you don’t want to use a USB thumb drive or flash drive like this, you want an actual mechanical hard drive because they’re more reliable, hold more data and physically larger, unlikely to get lost in junk drawers. The big names in mechanical drives are Seagate, Toshiba, Western Digital and Hitachi (owned by Western Digital). Stick with one of them but unlike the routers, this is not something you want to shop for used.
So there you are. Everything above is easily doable within an afternoon or evening, and at a total cost of around $120 for a quality backup hard drive and router (if you don’t already have one). Of course there is always room to take things further but I caution you to not view this as a permanent fix, rather it’s an emergency toolkit to hold you over until you begin the migration to another operating system, which you undoubtedly will get more benefits from than simply the resetting of an expiration date.
Now for the preemptive Q&A.
Q. What, no antivirus?! Are you mad??
Quite possibly so, but for totally unrelated reasons. AV scanners find malicious software only after it’s already on your computer—antivirus software is not preventative medicine. It is a detection method. Scanning and blocking web content before it’s rendered in your browser is one of the best preventative paths to keep you from accessing malicious software. The other is scanning external media, especially USB storage devices.
Web content blocking comes in multiple flavors. Most relevant here are:
- Link scanning. Google’s Safe Browsing (found on Chrome, Firefox, Opera & Apple Safari) and Microsoft’s SmartScreen Filter (on Internet Explorer 9 and up) are built into the respective browsers and enabled by default.
- Browser extensions. uBlock for Chrome, Firefox, Opera & Safari blocks malicious websites along with advertisements so pages load faster, use less bandwidth and won’t contain potentially malicious advertisements/payloads. If you find that μBlock doesn’t work out for you, another popular but less-potent option is Ghostery. The Internet Explorer equivalent of μBlock is Tracking Protection Lists (again, only IE 9+) though Ghostery is available for IE too.
- DNS filtering. A good decision but more difficult to manually configure. DNS filtering is arguably repetitive if already using link scanning and/or a content blocking extension. See here for a list of alternative DNS providers to choose from.
- HOSTS file. Getting more advanced now, but a HOSTS file used as a content filter contains a huge list of IP addresses that the computer is blacklisted from connecting to. A HOSTS file must be manually updated and you can read more about finding and editing the file here. MVPS and Dan Pollock’s HOSTS file are two reputable blocklists to try. Do a web search for others but know that they can introduce redundancy when used with the other three options.
However, scanning web content still means you can become infected by a USB stick you’re given by someone else. If you’re a heavy USB file sharer, you would want two things: First is to disable AutoPlay (Control Panel > AutoPlay > uncheck “…all media & devices”). Second is a scanner examining the external storage each time it’s connected to your computer. Such a scanner does require an Antivirus program but not all are capable of this.
Otherwise, I’d say (if anything) to do no more than use a free on-demand malware scanner to check through your computer once or twice a week. Avast and Malwarebytes are two reputable names which won’t spam you with upgrade banners and do plan to continue XP support. I’ve written in the past about easy, effective and no-cost ways to secure Windows computers so if you want more reading, see here for that.
Q. Why not just buy a new computer?
Because it’s wasteful and completely unnecessary. New laptop or desktop computers are significantly more expensive than the solutions given above. If an expensive tool becomes only dulled, would you sharpen it or buy a whole new tool? Only in the most extreme cases of malware infection or owner misuse does software have anything to do with the integrity of the hardware. Of course new hardware has advantages but an old or infected operating system doesn’t mean you need a new computer altogether; software is no more a part of the computer as your clothing is a part of your body.
Additionally, a new personal computer will give you one of four operating systems: Apple OS X (most expensive option), Chrome OS (laptops only, least expensive but most limited option), Ubuntu (from boutique PC vendors, generally less expensive option) or Windows 8 (most catch-all option). All four are quite different than Windows XP with their own learning curve. If you want nothing to do with learning a new computer, buying a new one goes directly against that instruction.
Q. I’ve never had problems before, why do anything at all?
Nothing is required of you, though if you’re a business acting carelessly with customer data and that ever backfires on you, it will cause damage and could result in legal action. The majority of people do just fine with no thought ever given to computer and data security. That just means the windows and doors are unlocked for anyone who wants to go in; it doesn’t necessarily mean the house is actively being pillaged.
But that said, plenty of malware is completely silent and evolves as the various scanners detect and block it. Gone are the days of clicking a link and suddenly seeing a giant skull & crossbones or hundreds of live chat popups. Some of the really effective malware like Cryptolocker is silent only until intended not to be.
It’s not surprising that we pay little attention to information we can’t directly interact with like printed forms or a driver’s license, but if you heavily rely on a computer, putting even a small amount of effort into avoiding potentially huge losses down the line is the more responsible thing you can do. And who’s to benefit? You.
Q. What are some more options & alternatives?
For routers? A lot, go poke around on Amazon, Newegg or other retailers. Amped Wireless, Asus, Buffalo and Netgear are all decent to good bets. If you can, aim for something with DD-WRT preinstalled. Stay away from Belkin, D-Link and TP-Link. SmallNetBuilder’s How To Buy A Wireless Router – 2015 Edition has a lot of useful info. If you want to get more technical and informed about consumer routers, see this page.
Concerning XP updates, you’ve exhausted them—there are no more. You can continue to ‘bolt on’ security programs to harden your XP computer and minimize risk but that’s all you can do. See here for more on that. But…if you’re both bold AND daring, you can do a registry tweak to use the XP point-of-sale system security updates until 2019. Link. This may or may not be a good idea and I claim zero responsibility.
About browsers, go through the settings & preferences and tighten them up a bit. Disable 3rd party cookies, that’s a huge benefit from the perspective of lessening tracking you across the web. Install HTTPS Everywhere, which automatically switches any site you visit to the secure, encrypted version if it has one.
On backups: Cloud storage is the other side to the data backup coin and it’s an entirely new topic all its own. If your internet connection speed is at least average, if the cloud service prices are acceptable to you and if you don’t mind the idea of storing your data on someone else’s servers, go for it. I highly recommend you choose a service which encrypts everything you upload to them. Cyphertite and SpiderOak are two exceptional cloud storage solutions with very good security. If you don’t already need Java on your computer, then remove it, and I’d generally say to stay away from services which would require installing it. If you are tethered to Java or open to an exception, Wuala is another very good cloud choice, otherwise on par with the other two mentioned.
And then there’s Mint, which we cannot ignore. One of the best things you could do is install Linux Mint on your computer alongside Windows XP. It’s about a half hour long process and is largely automated, you just pick your name, password and timezone. Nine times out of ten there are no drivers to install, the interface juxtaposes the familiar feel of XP with modern features and customization, and it shares that Apple-esque sense of ‘it just works’. Mint’s long-term-releases are good for 5 years, after which you can move on to the next.
That gives you two operating systems: Mint which is modern, secure and feature-full, and you still have Windows for the occasional program that is only supported in XP. There’s a minimal learning curve to Mint, like with most new things, but it’s really no more difficult than learning your way around a new car and I guarantee you’ll find many things easier to do in Mint than in Windows.
Mint will also run equal to or faster than XP on your current hardware so again, no need to buy something new. Speaking of buying, Mint is free to download and use. Free and Open Source Software is a resource dramatically increasing in popularity which is available to anyone and everyone. You have much to gain by making use of it. Mint 17 (the current long term release) can be downloaded here.
Regardless of your choice, realize that globally we’re in uncharted waters with this XP issue, it’s not just ordinary people at home or businesses in Western countries. Never in the history of computers has such a widely used, staple software platform suddenly become outcast and irrelevant overnight as XP has. It’ll be interesting to see if this equates to the computer doom that’s been forecasted and prophesied in recent months, but I’m not counting on it.