Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

How to protect xp now that these new bugs in windows system have been found


  • Please log in to reply
12 replies to this topic

#1 rp88

rp88

  • Members
  • 3,082 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:34 PM

Posted 20 November 2014 - 12:26 PM

I have heard recently that a long list of very nasty vulnerbilities have been discovered in every version of windows from 95 right up to the current 8, 8.1 and 10. I use a windows 8 computer myself but many people i know still use xp, those people generally being quite technophobic they aren't exactly able to change operating system and i don't know enough about how to change OS to help them. I was wondering what preventative measures can be taken to keep an xp computer safe despite al these bugs which have been discovered, and which have just been patched for 7, 8, 8.1 and 10 but not for xp and other older operating systems. What preventative measures should i advise these friends to take, i can help them with fiddling with "control panel" settings and installing programs or other simple tweaks. Is avoiding using internet explorer enough to protect xp users from these bugs or would xp users still be vulnerable if they were browsing with chrome or firefox? Is removing java, disabling flash, or something to disbale macros in office documents enough to protect an xp user? If not full protection what would be mitigating steps to reduce risk to them from these new bugs which have been found?


Edited by hamluis, 20 November 2014 - 01:21 PM.
Moved from XP to General Security - Hamluis.

Back on this site, for a while anyway, been so busy the last year.

My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,098 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:34 AM

Posted 20 November 2014 - 02:06 PM

...Is removing java, disabling flash, or something to disbale macros in office documents enough to protect an xp user? If not full protection what would be mitigating steps to reduce risk to them from these new bugs which have been found?

Those are all good steps which help reduce risk in all operating systems (especially removing JAVA IMO). However, with the passage of time, we will see more and more exploits and vulnerabilities appear...putting XP users at higher risk.


Four Easy Steps that will prevent malware infection on XP systems:
1. Disconnect from all wired and wireless network connections (Ethernet, Bluetooth, Infrared, Router, Wifi, Cable Satellite, Modem)
2. Remove the CD/DVD-ROM/DVD-RAM drive (and floppy disk or zip drive if you still have one).
3. Carefully super glue or expoxy shut ALL other connectors, especially Firewire/USB ports and Ethernet cable port. Advanced users can use high grade solder instead.
4. Hide the computer in an safe place where no other users have access and it will not be prone to any dreaded dust bunny attacks.

Now you can relax, kick back and enjoy a cup of coffee knowing cyber criminals cannot access your computer or personal data.

Thumbsup.jpg


Seriously, XP users should read these topics for more tips and suggestions...
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 rp88

rp88
  • Topic Starter

  • Members
  • 3,082 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:34 PM

Posted 20 November 2014 - 02:19 PM

Is there anything practical they can do for now which doesn't make the computer impossible to use? Although i fully agree your suggestions certainly achieve the desired ends. Are there particular processes or services which could be disabled and hence make these vulnerabilities un-exploitable? If these recent bugs are based on exploiting "feature X" in a system could "feature X" be deactivated, or is "feature X" in this case a critical underlying part of the system?
Back on this site, for a while anyway, been so busy the last year.

My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,098 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:34 AM

Posted 20 November 2014 - 02:24 PM

Those steps do not make the computer impossible to use except on the Internet. XP can be safely used off-line for a variety of other tasks.

You should be encouraging people you know to upgrade to at least Windows 7...IMO that is the practical thing to do if a computer is needed for the Internet.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 j4m3s

j4m3s

  • Members
  • 287 posts
  • OFFLINE
  •  
  • Local time:12:34 PM

Posted 20 November 2014 - 04:27 PM

As noted above, the best solution is to upgrade. That should be anyone's first option.

 

That said, if that's just not an option you could also consider something like sandboxie (http://sandboxie.com/). It will run whatever programs you choose, like a browser, in an isolated area of memory (the sandbox). Any changes that are made are confined to the sandbox, so when you delete the sandbox your system should be restored to the state it was in when you started. It's important to note that this isn't bulletproof (nothing is), so don't go browsing malicious sites like you're invincible, but it's another layer of security.

 

It's the same general idea as running a virtual machine, but more lightweight and it runs in the same OS. It's too complicated for the "technophobic" people you mentioned, but if I were running XP it's one of the solutions I'd use.



#6 NickAu

NickAu

    Bleepin' Fish Doctor


  • Moderator
  • 13,856 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:127.0.0.1 Australia
  • Local time:03:34 AM

Posted 20 November 2014 - 05:05 PM

 

those people generally being quite technophobic they aren't exactly able to change operating system

That is so not correct.

Here's what this ignorant Linux user has found.   Windows 7 is just XP that looks better, Windows 8 with a start button is almost the same ( Yes there are differences under the hood ) But most Windows users will remain blissfully ignorant of these. I had no trouble navigating around Windows XP, 7, 8.1 and even 10, When I clicked the start button the window popped up and I saw the normal ( mostly ) Windows start menu.

 

Other than hardware or financial issues there is no reason to not Upgrade to a more secure Operating system.


Edited by NickAu1, 20 November 2014 - 05:08 PM.


#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,098 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:34 AM

Posted 20 November 2014 - 06:19 PM

Important Fact: It has been proven time and again that the user is a more substantial factor (weakest link) in security than the architecture of the operating system or installed protection software.

Earlier this year, Bromium published Endpoint Protection: Attitudes and Opinions, a statistical analysis of more than 300 information security professionals. The results revealed that endpoints are vulnerable, anti-virus is ineffective and end users are a weak link.

End Users Remain Biggest Security Headache as Compromised Endpoints Increase

...falling victim to data breaches that resulted from attackers exploiting employees or company vendors. Unfortunately, along with exposing millions of identities these attacks also reveal what is often the weakest link in enterprise data security the human element...

Social Engineering: Attacking the Weakest Link in the Security Chain

Recent surveys confirm that nadve users and risky online behavior make users a significant threat to their own networks...The risk of employees introducing malware to the company network was cited as a major concern by more than half of those surveyed. Nearly three-fourths stated that their network has been penetrated by malware as a result of Web surfing, and almost two-thirds declared that they had been compromised through email, just in the past year...

Studies prove once again that users are the weakest link in the security chain

* Nearly half of those who have accessed spam (46%) have done so intentionally...
* Four in ten (43%) say that they have opened an email that they suspected was spam
* Among those who have opened a suspicious email, over half (57%) say they have done so because they werent sure it was spam and one third (33%) say they have done so by accident
* Less than half of users (48%) hold themselves personally responsible for stopping these threats

Millions of users open spam emails, click on links

2013 was a wildly visible year for cyber security and online privacy...And yet for all the visibility, punditry, and drama, new data suggests that internet users are still terrible at choosing a good password...

Its 2014 And Our Passwords Arent Getting Better
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#8 wizardfromoz

wizardfromoz

  • Banned
  • 2,799 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:34 AM

Posted 21 November 2014 - 01:13 AM

I love Quiet Man's sense of humour, and reading his articles. BUT - have you noticed there is always a but?

 

I attended the release of Windows 95 in, just, 1995 (it was running late), in my former home city of Brisbane, Queensland, Australia. The theme of the release,apart from the appropriate Rolling Stones song "Start Me Up", was "Think outside the square you live in". In years to follow, this devolved to "Think outside the box". Edward (aka Eduardo) de Bono in 1967 called it ... Lateral Thinking.

 

BC's jeffce, from Malware Response Team, has a good article here. I've corresponded with jeff, he seems an approachable fellow.

 

  1. As a SHORT term aid to XP users, you should enable displaying full filenames, down to extensions. Adobe have an article here, which details How To, for XP through to 8.x.For prior to that time,you might  need to search further afield. Try searching eg "Windows 98 display full filename", &c. For the Adobe article and others, if you/they are using Firefox, with NoScript installed,you will need to temporarily or fully allow the site to display.
  2. If you are using Firefox without NoScript installed, you should install it immediately.

With 1. above, for all Windows versions listed by Adobe, and before, I would not display hidden files and folders and system files - not for Novices.

 

Once 1. above is implemented, it should certainly help your friends (and you, perhaps) to NOT fall for the trap listed here, with apparently innocuous PDF files.

 

CryptoWall, CryptoLocker, Coin Vault - the list goes on and on, and can be read about on the front page NEWS on this site - very doom and gloom, but necessary for the User to know, and brought to us by Grinler and his Team, zealously.

 

With the demise of support to XP from, was it, April 8? - XP Users have never been more vulnerable. And I had a fondness for XP, also enjoyed Windows 7 before I blew it away to embrace Linux.

 

BUT - there I go again - to say, as a blanket statement eg "Get a newer version/upgrade", &c discounts the possibility that some of your friends may be elderly and/or impoverished/on Social Security. Any regular Windows User will know that from Vista on, the minimum system requirements for hardware, memory, chip &c - the REAL requirements, not just those advertised - skyrocketed.

 

Not to mention the wastage involved in throwing out a perfectly good, working computer (and maybe peripherals such as printers) - that were perfectly good with XP.

 

I read Grinler's News every day, and in this article, I was mortified to read of a fellow who lost 2TB of data of mostly personal and sentimental value. My link brings you in at page 3 but by all means read the whole Topic- page 3, because it mentions ListCWall (available here) and RKill which was developed by and at, BC. I get those two confused, as I don't need them, under Linux ... Yet! So I may have made a boo-boo somewhere referring to them.

 

Uplifting news I read today, from News, read, in  part, from another User:

 

 

hope this helps at least one person.  The important part was my son's baby pictures were all recovered.

 

page 4, same topic.

 

I said above about Lateral Thinking, and a key element that should be in everybody's strategy or arsenal, is ... Linux. I am part way through developing a Topic found in this very Forum, here, about this strategy.

 

If you search under (without the quotes) "Beat the Black Hats" (space between k and h, or not) you may find that this Topic is ranked No.1 in Google and No.2 in DuckDuckGo and Yahoo.

 

Given the change in venue of this Topic from XP to General Security, I have no hesitation in shining a light on Linux.

 

BUT - there I go again - I am neither trying to poach Windows Users from this or any other Forum, nor to gloss over any flaws in Linux Security. It IS demonstrably safer than a Windows ONLY alternative. And as you will find if you read my Topic, there will always be some Jerk who wants to trash your machine because of a mad on against the world (he should employ his talents at an IT Security firm and do something useful). Sad to say, he is a fellow Australian. :cherry:

 

Think about all of this, and ask any questions you like, here (your Topic) or there (mine). If there, or even here, I may refer you to previously published and ongoing Topics over at Linux, but don't feel you are getting the Bum's Rush.

 

For your friends, come armed with specs on - CPU, RAM, HDD storage capacity, and GPU/Video Card if any.

 

Cheers

 

:wizardball: Wizard



#9 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,098 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:34 AM

Posted 21 November 2014 - 06:56 AM

I had forgotten about jeffce's topic which I previously linked to in the End Of Support For Windows XP SP3 thread months ago.

Bleeping Computer is a family oriented site where we offer assistance to those who know very little about computing. As such, our forum discussion board and tutorial are targeted more for the novice user since they comprise much of our membership. We provide help based on that premise because it is impossible for us to know the extent of a member's background, knowledge level and experience level until we get to know them. We keep this in mind when writing replies since we know many novice members read various topics searching for answers without ever posting a reply. Thus for most novice users, it would be more practical to upgade XP or discontinue use of that OS on the Internet.

With that said, we also have many experienced/professional members who contribute technical assistance to others and we certainly welcome those individuals who fall into that category. All this makes Bleeping Computer the great community it is and stand apart from many other forum boards.

 

This is my list of tips.

 

:step1: Do not open email attachments from an unknown or unsolicited sources). Crypto malware can be disguised as fake PDF files in email attachments which appear to be legitimate correspondence from reputable companies such as banks and Internet providers or UPS or FedEx with tracking numbers. Attackers will use email addresses and subjects (purchase orders, bills, complaints, other business communications) that will entice a user to read the email and open the attachment...see here.

:step2: Do not open Office documents with embedded macro as they can be infected...see here.

:step3: Do not click links in an email message, an instant message or on a social networking site. If the link is malicious, you can be redirected to a compromised site and become infected by exploit kits that deliver drive-by downloads.

:step4: Turn on file extensions in windows so that you can see extensions. Ransomware disguises .exe files as fake PDF files inside a .zip file attached to the email. These disguised files have a PDF icon and are typically randomly named. Since Microsoft does not show extensions by default, they look like normal PDF files and people routinely open them.

:step5: Turn Off Flash to Avoid 'Malvertising' Attacks and block advertisements in your browser with AdBlock.

:step6: Using Java is an unnecessary security risk so remove Java if you don't use it or disable Java Plug-ins or add-ons in your browsers if you do.

:step7: Follow Best Practices for Safe Computing when browsing the web. Important Fact: It has been proven time and again that the user is a more substantial factor (weakest link) in security than the architecture of the operating system or installed protection software.

:step8: Read the following for more prevention tips.

 


.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#10 rp88

rp88
  • Topic Starter

  • Members
  • 3,082 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:34 PM

Posted 21 November 2014 - 10:31 AM

"those people generally being quite technophobic they aren't exactly able to change operating system" I meant this is the sense of how to perform the upgrade, not in the differencs between user interface before and after it.
Back on this site, for a while anyway, been so busy the last year.

My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB

#11 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,098 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:34 AM

Posted 21 November 2014 - 12:38 PM

"those people generally being quite technophobic they aren't exactly able to change operating system" I meant this is the sense of how to perform the upgrade, not in the differencs between user interface before and after it.

technophobic = of or relating to or showing technophobia.
technophobia = fear of or aversion to technology, especially computers and high technology.

IMO that's a condenscending attitude toward folks you refer to as "those people generally."

While many folks are novice users and ignorant in regards to security and best practices (and other areas), I doubt they would consider themselves to be afraid of technology, especially if they have been using computers for years. While it may take some effort and a little research...these folks certainly could learn how to perform an upgrade.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#12 wizardfromoz

wizardfromoz

  • Banned
  • 2,799 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:34 AM

Posted 21 November 2014 - 05:18 PM

 

:step7: Follow Best Practices for Safe Computing when browsing the web. Important Fact: It has been proven time and again that the user is a more substantial factor (weakest link) in security than the architecture of the operating system or installed protection software.

 

...makes for excellent (I would say, essential) reading, and is referred to in  may Posts around this site, under differing OSes (Operating Systems).

 

I would doubt that rp88 was being condescending, "underestimating" might be a better word.

 

In Australia for many years now, the largest age bracket, outside of the young, for learning about puters, email, the Internet and so on - is the 70 yrs to 80 yrs bracket.

 

Amongst others, we have (and you may have too) U3A - University of the Third Age, where Seniors can get expert help at minimal prices in a classroom environment (and meeting people), even one-on-one for those mobility-challenged. As long as they have their wits about them, you might be surprised.

 

:wizardball: Wizard



#13 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,098 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:34 AM

Posted 21 November 2014 - 05:36 PM

And there is always SeniorNet.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users