Lightquick Web Design - Elements of the past and the future combining to make something not quite as good as either

If you are running Windows XP for any reason then please don't be shy - just let us know here. It could be on a secondary machine or as your main machine. Please tell us what you plan to do to secure that system for the future.

The reason being that I will post here the tasks that I intend to perform to secure any XP systems that I run and I'd be happy to post your own suggestions here too and create an 'Deviant XP protection blog' that will be useful in the war against malware and the nastiness that is out there. Excuse any typos.

I'll start listing the software that I run to secure that XP system and the mindset that you need to continue to successfully run an operating system like XP. I'll also add some facts/opinions as to why running an 'older' o/s might be a good or bad idea with regard to security or functionality. We won't be arguing as to why you should run this o/s or that, all are useful in some regard. This is meant to be a helpful post for XP users rather than being a rant as to why you should run 'this' rather than 'that'.

If this might be useful to you then please feel free to comment, if you just want to add your penn'orth then please do. If you just want to repeat what you've said elsewhere then please do too! Your opinions are sought and I will personally find them useful and interesting. They may well be good grist to the mill in this continuing battle against the barstewards that daily try to infect our systems.

-oOo-

Access to the internet - PULL the internet cable - No seriously, the first thing to do is to determine whether you need to be connected to the internet. If you don't then life is a lot more simple for you. You can run without the daily/weekly/continuous testing for malware and only need to perform any security checks around the time when you are installing new software or letting anyone near the system with a USB stick, SD card, CD or floppy. If you can transfer your browsing habits onto a cheap tablet device then you are 80% of your way into securing your XP system. This latter point is a really important recommendation and I strongly suggest a table for any potentially 'dodgy' browsing. The majority of vulnerabilities are from remote attackers that require access to your machine, if you don't have a server then you don't need to give them access. Just enable/disable the network as required and keep it disabled by default.
-oOo-

Internet Explorer - If you are committed to the internet then an obvious improvement to security is to simply NEVER use Internet Explorer except for when you are visiting the Microsoft Windows Update site. IE in any form is a route directly into the operating system. IE is integrated into the core of Windows and as a result the o/s is even more susceptible to IE hacks. IE has proven itself to be the most insecure of the major browsers and a major target for hackers to infect your PC. Run Firefox as your default browser as all the tools exist to secure, monitor and analyse the sites you are visiting. Chrome is an decent browser but I avoid it as it reports back all your browsing habits to Google.

IE has so many vulnerabilities that you really should NOT use it all but if you do have to use it from time to time one thing you can do is to  fix a vulnerability in an unused bit of IE functionality - VML (vector markup language. The commands to do so are executed in a CMD window (DOS box)

32-bit systems only require the first command. But since 64-bit systems have both a 32-bit and 64-bit version of the vulnerable file, both commands must be used with them:

regsvr32 -u "%CommonProgramFiles%\Microsoft Shared\VGX\vgx.dll"
regsvr32 -u "%CommonProgramFiles(x86)%\Microsoft Shared\VGX\vgx.dll

-oOo-

Recommended Software - to run to secure your XP system:

These are all streamlined services that run with the minimum of intrusion. Unlike some security solutions (Norton, Mcafee) that slow your system drastically. The following are tried and tested solutions to help you keep your system safe.

1. Sygate Personal Firewall download: http://www.tucows.com/preview/213160
2. Malwarebytes anti-malware download: http://www.malwarebytes.org/mwb-download/
3. Clamwin Anti-virus download: http://www.clamwin.com/content/view/18/46/
4. Adblock Plus for Firefox download: https://addons.mozilla.org/en-US/firefox/addon/adblock-plus/
5. Noscript for Firefox download https://addons.mozilla.org/en-US/firefox/addon/noscript/
6. Device Doctor http://devicedoctor.com/
7. Avast antivirus http://www.avast.com/en-gb/index

Some words on the above: Sygate is supposedly obsolete software but it does the job on XP. It is stll a good firewall with a useful interface and it works. All firewalls needs to be trained to block/allow apps that you want to be enabled to access the internet. The efficacy of all firewalls are down to you and how you train the one you have installed.

Malwarebytes sits in the background and just runs. The free version must be run manually to provide protection, the paid-for version starts automatically. A scan significantly slows the system during the duration of the scan.

Clamwin needs to be scheduled to run at a frequency that is suitable to you, a scan slows the system during the duration of the scan. It also needs to be enabled to scan your browser downloads as they occur.

Adblock will block malicious pop-up ads and noscript is another Firefox plugin that should prevent malicious scripts from affecting your system. Noscript is a bit harsh though and needs to be trained to block/allow certain sites from running any scripts at all. Initially, it may stop the prettier sites from displaying correctly but it will protect you though, a confirmation being required to run any scripts that exist on the page.

In addition to this you may need a general purpose anti-virus tool such as Avast. It will provide you with extra protection but it will slightly slow down your browsing, watching online videos &c. It is easy to switch on and off again.

-oOo-

Children - One important way of securing an XP system is to let your children NOWHERE near your desktop/laptop. Children are trojans that malware writers need to have in place in order to infect your PC. Children are intelligent bypassers of security that will take any chance to play any game that takes their fancy even if infected. If they can't read then all the better for the malware writers as it means they will bypass messages and install anyway! Keep your kiddies away. Give them a tablet instead.

-oOo-

General software  - Remove Dodgy software you already have on your system.  Many pieces of software act as trojans for hackers. Filezilla has unencrypted passwords in plain text and should NEVER be installed on a Windows system. Successful hackers check first of all whether programs such as Filezilla are installed, they home in on the plain text password file and steal all your site passwords in seconds. Solution - Uninstall Filezilla now!

It is really difficult to determine whether you have any other software that acts like this, vigilance and research is the only method of finding out whether you have crapware installed on your system. No a/v tool will single out Filezilla as a vulnerability but a large number of sites that are hacked have their passwords stolen through Filezilla.

-oOo-

Crapware - Remove anti-virus tools like Norton and Mcafee as they can be said to act like viruses themselves. They slow down your whole system, interfere with the core running of the o/s, slowing browsing and other operations right down, they can cause some functionality to simply stop working, are really difficult to remove and they nag you into continuously sending more money for updates... all this sounds like a virus. I prefer anti-malware tools that run at intervals and are controllable by the user, those that are recommended by a majority of users, those that run without crippling your system and nagging you for money.

Removing them will speed up your XP system considerably and as long as you replace them with the tools listed above you should be just as safe.

-oOo-

Password security - is a trouble to everyone and difficult to implement. The method I am going to suggest is reasonably secure, not impenetrable but an certainly an improvement on most people's complete lack of security. The idea is to increase the security of your passwords and then move your password storage to a secure location. The first step is to use secure passwords of the form "hk:FHK%@_$%67".

Password generators are available to create these for you automatically. This form of password is much more secure than the usual "porsche71" and "pussycat" style passwords that most people use. Very hard to crack and impossible to remember, the only practical way of using these passwords is to let the computer manage them.

So, I let firefox remember all my passwords. In tools - options - security there is an option for "remember passwords for sites" - enable it. Then enable "use a master password". Firefox then stores all the passwords in a master password file which is encrypted to prevent access from anyone who does not know your  master password.  So, now all your sites can be secured by a complex password and you only have to remember ONE password. That's a lot easier.

Obviously, you must NEVER forget your master password. Firefox uses TripleDES as its encryption algorithm and is very hard to crack but the strength of encryption is entirely dependant upon the strength of the Master Password you choose. Something like "Tantivy_1357:-)" is a secure password - it mixes uppercase and lowercase letters, numbers and characters and would be hard to guess. The word and numbers can be devised from things that are important to you. In the above case Tantivy is the name of a cottage and the number is the date it was built. The two are separated by an underscore and followed by a smile :). That is a secure and memorable password. (Note that DA converts the combination of the : and the ) into an emoticon here whether I like if or not.)

The following Firefox plugins are installed to supplement the password functionality:

Saved password Editor here: https://addons.mozilla.org/en-US/firefox/addon/saved-password-editor/
Startup Master here: https://addons.mozilla.org/en-US/firefox/addon/startupmaster/
Password Generator here: https://addons.mozilla.org/en-US/firefox/addon/secure-password-generator/

The password editor allows you to view all of your stored password so that you have access to all your centrally stored passwords - just in case you need to confirm or renew your memory.

The Startup Master requires the master password to be typed in only once and only at browser startup. Much more convenient.

The password generator is essential to generate secure passwords in the first place. Use it and Firefox's in built password memory to ensure that your passwords are all  made up of unintelligble alphanumeric character combinations.

There are other even more secure password options such as KeepPass. I'm not a user of KeepPass yet so I can't offer advice here other than to say it is an even more secure option.

-oOo-

Synchronising Tablets - The next step does not directly concern XP but is related to the extension of your system's security features to your tablet.  Don't synch. your browser passwords from your XP system to your tablet. The browser synching feature is incredibly convenient but as soon as you synchronise your secure passwords to a mobile device you are potentially distributing them to the outside world. Very few tablets are secured sufficiently, the tools simply don't exist in the same number and quality as they do on the Windows platform. Android devices are inherently vulnerable to hacks and of course all tablet devices will at some time be dropped, lost, thrown away or stolen during their lifetimes. Once again, if you want to stay secure, don't synch. passwords to your tablet device. Use the tablet for casual browsing, porn &c but don't use it for serious work. Sounds counter intuitive doesn't it? The trouble is convenience does not often match well with security. If you have to use one of these devices ensure your android or ipad is fully encrypted and secured with a master password.

-oOo-

Yearly or Six-Monthly Backups - The correct mindset is an important condition in maintaining an older o/s. Time to take things seriously.

First of all, secure the system through backups. This means a full o/s backup followed by multiple backups of your data, whatever it is. A full system backup is best taken disc by disc as disc storage is as cheap as chips at the moment and getting cheaper and cheaper. Every few months I backup the boot drive, the windows o/s. I do this by buying a new drive every six months, each slightly faster or slightly bigger in capacity than the previous model. Therefore each backup is also an upgrade (this gives me an incentive to do the backup too). My laptop has two drive bays (the reason I bought it) and this means I can perform a disc duplication by simply plugging in the new drive and using some disc duplication software to transfer the whole contents of the old drive to the new. My first boot drive was 160gb 5400rpm unit, the current drive is a hybrid 7200 rpm model with 500gb and 8gb flash SSD memory. It runs 5-10 times faster than the original device. The old drive is simply taken out of the machine and placed on a shelf somewhere very safe.  It then acts as a backup for my newer device, all the data therein is safe and can be placed back into my machine at any time as a direct bootable replacement. The important thing is that you never use that drive. It seems terrible to take a recent-ish technology drive and not use it but you MUST resist the temptation. As a newish and relatively unused drive it will store the data safely for months and possibly years.

If your system drive ever crashes you will have a bootable drive ready to go with your whole o/s and software already installed. If you keep a note of the software you have installed over the last six months it will be easy to bring the disc up to speed.

My data drive is a separate disc and is backed up the same way. My data drive started its life as a partition on the bootable disc and has now migrated to a separate hybrid drive of 1tb with 8gb RAM SSD. Each backup has meant the drive has improved in storage and speed. The price of a 1TB hybrid drive with 8gb SSD is now approx. £50 - that is £2 per week for a solid backup per disc.

The above approach is simple and makes running of an XP system easy to achieve, regardless of any threat that might be encountered, if you can restore the system easily then you are basically secure.

-oOo-

Daily, weekly and monthly backups - can be easily taken by purchasing USB RAM sticks of an appropriate size - they don't need to be big, 1-4gb may well do. Just name them: Mon, Tues, Wednes &c, Week 1, Week 2 &c, month 1,  month 2 &c. You'll need 18 in all, put a ring in each and hang them from hooks somewhere in your home. Backup all your personal data to your USB sticks. Use them on the correct day and only re-use them when that day re-occurs again.

-oOo-

Photos seem to take the majority of space on a user's disc these days, raw data photographs being anything up to 30-40mb in size, each. Cameras these days can take hundreds of images and there is a need to store and backup them all. The cost of backing up all these images can be prohibitive as a good and solid family album can easily use up 100gb of disc space. There are on-line solutions for backups but they are expensive, year on year and the transfer time can be very, very long. Discs have an MTBF (mean time between failure) measured in only thousands of hours, this means your family album will be completely lost every two/three years if you continue to store them on disc. There is a really simple solution that has been available for a hundred years, that is the traditional photo album. Filter all your photos and get the most important photos printed immediately. Don't print them on your own laserjet or on a poor quality book - However you choose to get them printed do insist on 100 year ink and 100 year paper, otherwise your images will decay in just a few years.

You wouldn't believe the number of heartbroken parents that have come to me asking to recover their lost photos from the last 4/5 years. To get a specialist to even look at recovering a severely damaged hard disc costs £400-£500, the recovery of those photos can cost the same again. An old-style photo album costs nothing to store and is proven to last at least a hundred years. No technology required and a hell of a lot cheaper.

The above approach to photos simplifies backup of an XP system enormously when you don't have to worry about the majority of the data.

-oOo-

Driver updates - Basically, keep your hardware drivers up to date. Some device drivers have vulnerabilities in older versions and you need to be sure you have the best and most secure version. Driver Doctor is a great tool for determining the latest version of driver for your system. Beware though - your laptop/desktop might have specific needs for particular drivers and the latest may not always work for you. In particular take great care when upgrading your graphic card drivers. Nvidia GPUs have been known to require older drivers and you may lose the ability to use your graphic display... keep the old drivers available just in case and upgrade selectively. The word here is RESEARCH. Don't just upgrade derivers until you have checked on the internet what the result is likely to be.

-oOo-

General software  - more information coming here shortly about tools used to identify old versions of software.

-oOo- 

Accessing the internet from a sandbox - information coming here shortlyabout running internet based browser apps in sandbox.

-oOo- 

Running using a non-administrator account - information coming here shortly on running more securely.

-oOo- 

Follow the procedures set out above and your XP system should be much more secure for the future.

If you liked this, please consider buying me a beer., any contribution is appreciatedmfBeer Joomla! Plugin

Comments (0)

Subscribe to this comment's feed

Show/hide comment form

Name

Email

Title

Comment

smaller | bigger

Subscribe via email (registered users only)

I have read and agree to the Terms of Usage.

Add Comment