Thursday 12 March 2015

Keeping Windows XP Relevant and Secure


You like retro and refuse to give up on your beloved Windows XP operating system.  But how to keep it secure, given that the tech world moves on and cares little for backward compatibility.  MSE is gone (for XP) and Microsoft refuses to support XP anymore (meaning security holes will stay there forever).  In my experience, most antivirus solutions are now too heavy for smooth operation.  Given these problems, here’s how I recently secured a friends XP to make it a security bulldog without dragging its performance down.

  • First, make sure you’ve updated to Service Pack 3 (XP SP3):  the last big one.  It has some security concerns fixed in regard to WiFi connections.  Plus, it makes you more compatible with some software. (http://www.softpedia.com/get/Others/Signatures-Updates/Windows-XP-SP3.shtml)
  • Remove old pre-installed Windows software that is unsupported and full of security holes.  Replace windows media player with a supported player (ex. VLC player).  You do this by control panel/programs/uninstall a program/turn windows features on or off.  VLC is more secure than the old windows media player (www.videolan.org).  Also, get rid of internet explorer.  It’s full of security holes and too old to render some aspects of the modern web.  Replace it with a light browser.  I use the Qt Web browser (http://qtweb.net).  It’ll run far faster than Firefox or Chrome (etc).  But if you can handle the bigger browsers sluggishness, you can add some great security extensions (ex. Bitdefender Trafficlight, WOT, noscript, ad blockers, etc.).  To paraphrase, get rid of everything that you don’t need or use.  You need your system as lite as possible for the security programs.  Furthermore, turn off your security center and your windows updater – you don’t need them running in the background or slowing your startup.
  • Sandboxie (www.sandboxie.com).  Run your web browser through this virtualized environment.  It will give a magnificent barrier for malware to overcome.  Internet surfing is one of the primary ways to get infected.  A sandboxed browser can close this attack route, even if your antivirus doesn’t detect anything.
  • Change your DNS settings (it’s free).  Use OpenDNS (www.opendns.com/home-internet-security/) or Norton’s DNS service, called Norton Connect Safe (https://dns.norton.com/homeuser.html).  Both sites will give you directions on how to do this, and its fairly easy.  Both OpenDNS and/or Norton will screen your web surfing to remove malicious sites and content.  This is a great way to kill phishing sites (etc) and doesn’t slow down your surfing.  Comodo also has a secure DNS (www.comodo.com/secure-dns).
  • Antivirus is tricky.  I tried Avast for a while (‘cuz of its reputation for being lite and it offers great protection) but eventually uninstalled it (I want something really, really lite).  The problem is, the really, really lite stuff is not as good at protecting you (by a long shot); but that’s why we’re adding several lite, and free, layers to compliment it.  So what to use?  Try Immunet (www.immunet.com/main/index.html).  “Immunet is up to 35 times lighter than traditional antivirus solutions” and is free.  Other notable lite weights (in system impact and security, lol) are ClamWin (http://www.clamwin.com) with Clam Sentinel (http://sourceforge.net/projects/clamsentinel/) and Amiti Antivirus (amiti-antivirus).  The Clamwin has a confusing 2 part install to implement real time protection (but it’s easy sailing after that).  Amiti Antivirus simplifies this and looks prettier than Clamwin, but sometimes doesn’t seem to work properly on some systems.  I tried it on 3 and it only worked on 2 (but when it worked it rocked).  Plus, it’s a lot slower at updating its scan engine than Clamwin.  Go with Immunet, its easy, pretty, and works great.  All these use the ClamAV definitions.  They aren’t great, but XP users can’t be choosers.  Plus, Clam still keeps its older definitions that protect XP.  Many/most AV companies are now ditching XP malware definitions to save on size.  If you can afford to pay, use Webroot SecureAnywhere  Antivirus (www.webroot.com/ca/en/home/products/complete).  It is truly a marvel in size and system impact and contends for first place in the AV market.
  • Voodoo Shield (https://voodooshield.com).  It gives you anti-exe control like modern Windows computers.  And unknown exe’s are scanned with virus total:  if they’re malicious, they’re blocked.  Another plus is that it requires a newer .Net to install.  Mine was old, old, old, and I didn’t realize it.  Voodoo Shield updated it for me.
  • Bitdefender 60 Second scanner (www.bitdefender.com/solutions/60-second-virus-scanner.html).  We know Clam engine and definitions are so-so.  Soooo, we supplement them with a powerhouse, bitdefender.  And its lite, b/c it’s a scheduled demand scanner that only scans running processes.  This keeps it lite and gives Immunet a supportive peek from behind.  You can disable the scheduled scan and opt to manually run it:  it only take 1 minute to complete.
  • System Protect (http://download.cnet.com/System-Protect/3000-2070_4-10805887.html).  Yep, it’s old and obsolete … but so is Windows XP, and this was made for it.  It locks windows system files so they can’t be changed or modified.  Pretty useful.  Its owned by Webcrawler, so its legit (though Norton DNS doesn’t like it – but most AVs don’t like competition or things that might interfere with their products).
  • Winpatrol (www.winpatrol.com).  What’s not to like:  a lite hips, an anti-spyware, a system monitor that alerts you to changes, a defense against browser hijacks, etc.  If something infects you, Scotty the bull dog will alert you.  Plus, it gives you startup control, so you can delay some programs for a faster boot.
  •   Firewall.  There are a couple good options.  PrivateFirewall (www.privacyware.com/personal_firewall.html) is excellent and still in development.  I’m actually using Sunbelt Personal Firewall (www.softpedia.com/get/Security/Firewall/Kerio-Personal-Firewall.shtml).  It’s a trial and unsupported (Vipre Antivirus bought them out).  But it was pretty good on old XP in its day, and that’s what we’re after.  Plus, it has some nice goodies under the hood for extra protection. 
  • Use G-mail.  They scan all emails with a top-of-the-line antivirus before it gets to you.  This takes some pressure off Immunet.  Plus, you check your email in your browser, which will be sandboxed with sandboxie … so nothing can enter your system.
  • A demand scanner.  Occasionally, you’ll want to run a full scan with a powerful antivirus.  There are several good ones.  ESET (http://www.eset.com/us/online-scanner).  Hitmanpro (www.surfright.nl/en/hitmanpro).  Emsisoft EEK (www.emsisoft.com/en/software/eek).  Malwarebytes (www.malwarebytes.org).  There are several others, but these will offer peace of mind.
  • Backups.  Set restore points with Windows system restore.  The easiest way to clean a detected infection is to roll your system back to a point preceding it.  Also use ERUNT (http://www.larshederer.homepage.t-online.de/erunt/).  Sometimes Windows restore fails.  ERUNT is for those times.  It makes a backup of your registry.
The end affect:  A lot of small niche programs amounting to a tiny system hit, yet giving an huge system security boost.

1 comment:

  1. Hi there, just became alert to your blog through Google, and found that it is truly informative.
    I’m gonna watch out for brussels Malwarebytes Anti-Malware Premium 2.2.0

    ReplyDelete