Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Is my current Windows XP secure enough?


  • Please log in to reply
39 replies to this topic

#1 argonvegell

argonvegell

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:07:54 PM

Posted 28 November 2014 - 08:56 AM

I cannot upgrade to Windows 8, my laptop is only designed to handle Windows XP, no, Linux is not an option for me, the software I need doesn't run on Wine, and no, I cannot buy a new laptop, don't have the money for it. I hope that clarifies things.

Anyway, I have Windows XP SP3, which is connected to the Internet, my anti-virus is Avast, my firewall is Comodo Firewall, my web browser is Comodo IceDragon, with Adblock Plus and NoScript.

Is there anything else I can install to secure my Windows XP?


Edited by hamluis, 28 November 2014 - 03:18 PM.
Moved from XP to General Security - Hamluis.


BC AdBot (Login to Remove)

 


m

#2 JohnC_21

JohnC_21

  • Members
  • 21,638 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:54 AM

Posted 28 November 2014 - 09:39 AM

If you have XP pro, you can use SRP to lock the computer down by not allowing software to launch from certain paths.

 

http://technet.microsoft.com/en-us/library/bb457006.aspx

 

http://blog.windowsnt.lv/2011/06/01/preventing-malware-with-srp-english/

 

Another link

 

Take a look at Microsofts EMET.

 

Do your browsing in a LUA, not an admin account. I don't have experience with Ice Dragon but install an addon like No-Script if it supports it.



#3 Al1000

Al1000

  • Global Moderator
  • 6,684 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:11:54 AM

Posted 28 November 2014 - 09:44 AM

Secure enough for what?

The best you can do is make sure it's as secure as possible.

If this is a stand alone computer, and you haven't done so already, then I would also disable all networking except the internet connection in Network Connections - this will speed up your computer as well as make it more secure.

If your only reasons for not using Linux are that you want to continue using XP, and you don't want to install Linux on your computer, then Linux Puppy, which is designed to run entirely in RAM (but still uses only a fraction of RAM compared to XP) and to boot from CD, would be an option for things like browsing the internet and particularly for internet banking etc.

While no computer is completely immune to viruses, a live Linux CD is about as secure as you can get, as you are guaranteed a clean installation every time you boot up, and it's immune to Windows viruses.

Edited by Al1000, 28 November 2014 - 09:45 AM.


#4 NullPointerException

NullPointerException

  • Banned
  • 125 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:24 PM

Posted 28 November 2014 - 12:21 PM

Secure enough for what?

The best you can do is make sure it's as secure as possible.

If this is a stand alone computer, and you haven't done so already, then I would also disable all networking except the internet connection in Network Connections - this will speed up your computer as well as make it more secure.

If your only reasons for not using Linux are that you want to continue using XP, and you don't want to install Linux on your computer, then Linux Puppy, which is designed to run entirely in RAM (but still uses only a fraction of RAM compared to XP) and to boot from CD, would be an option for things like browsing the internet and particularly for internet banking etc.

While no computer is completely immune to viruses, a live Linux CD is about as secure as you can get, as you are guaranteed a clean installation every time you boot up, and it's immune to Windows viruses.

I wouldn't recommend a live CD. An installed version would be better. Nobody likes to get their files deleted every time they restart. As Linux is immune to Windows malware (except for the CoinThief and other few malware designed to run on Linux specifically), it's more than enough.

 

OP, you are missing a lot of on-demand scanners, including EEK, EOS, MBAM, TFC.  I recommend you to save money to buy a new laptop.



#5 Al1000

Al1000

  • Global Moderator
  • 6,684 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:11:54 AM

Posted 28 November 2014 - 12:29 PM

Nobody likes to get their files deleted every time they restart.

 

What files?



#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,582 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:54 AM

Posted 28 November 2014 - 05:38 PM

Prevention Tips to Avoid Malvertising and ads:I recommend changing Shockwave Flash to "Ask to Activate" or "Never Activate" as follows...
Open Firefox, go to > Tools > Add-ons > Plugins > Shockwave Flash > click the drop-down box and select "Never Activate" or "Ask to Activate". This way the plugin will stay disabled per default but can be activated on a per-site basis.

* Disable or remove Add-ons in Firefox
* How to disable/turn off Adobe Flash Player in Firefox
* Flash Player Help / Enable (Disable) for Firefox

Resources to help prevent advertisements & block websites:
How To Block advertisements in Firefox, Internet Explorer, Chrome, and Opera
BlockSite for Firefox
NoScript - NoScript FAQs
NotScripts for Chrome
Karma Blocker for Firefox <- intended for advanced users
Flashblock for Firefox
Block Unwanted Ads with Custom MVPS Hosts File
How to Block a Specific Website Without Software

About Adblock Plus
Adblock Plus Overview
- Adblock Plus for Internet Explorer
- Adblock Plus for Firefox
- Adblock Plus for Chrome
- Adblock Plus for Opera
- Adblock Plus FAQs
Element Hiding Helper for Adblock Plus - How to Use the Element Hiding Helper with Adblock Plus

Do not use Internet Explorer since the version in XP cannot be upgraded and it is a security risk.
 
You may want to read this topic for more tips and suggestions...How to protect xp now that these new bugs in windows system have been found
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 rp88

rp88

  • Members
  • 2,895 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:11:54 AM

Posted 28 November 2014 - 07:33 PM

that's new, the noscript type product from symantec.


As far as plugins go just disabling is probably best, sometimes thye will be neede on particular sites, and when they are you can turn them "on" or rather set them to "ask to activate", then once you've finished watching the video that needed flash you can fully re-disable plugins again, howver risky a plugin (including the old java ones) disabling the plugin should be enough to keep the user safe, disabling rather than fully removing is easier for most plugins and can always be quickly undone in the unlikely event of a plugin turning out to have a use somewhere.


Just out of asking, in comparison to an antivirus how much protection does noscript (and it's equivalents, the concept has clearly become popular) offer? An antivirus obviously scans files and downloads but do those sort of script blocking extensions offer more anti-driveby protection than the average antivirus? Obviously best to combine with an antivirus though, but does the script blocking act as a more significant layer in the "armour" than the antivirus does? is this the sort of thing where ,even if an antivirus is a pretty poor one, using noscript (or equivalents) would boost a user's layer of protection against non-user-initiated attacks(drivebys and such being non-user-initiated, downloading and then conciously running an exe file being user-initiated) to above the level that the best antiviruses alone would offer?

Edited by rp88, 28 November 2014 - 07:33 PM.

Back on this site, for a while anyway, been so busy the last year.

My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB

#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,582 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:54 AM

Posted 28 November 2014 - 07:40 PM

that's new, the noscript type product from symantec.

Not really...it has been around since at least 2004.

BTW argonvegell...another useful tool for XP is RollBack Rx XP Free.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 1PW

1PW

  • Members
  • 316 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North of the 38th parallel.
  • Local time:03:54 AM

Posted 28 November 2014 - 08:22 PM

Hello argonvegall:

Additionally, please consider these freebies:

  • Thoughtfully populate your Windows HOSTS file from http://winhelp2002.mvps.org/hosts.htm. abelhadigital's HostsMan helps considerably here. Don't add everything you see. Just use MVPS's file above. Then only, permanently disable XP's DNS Client service through services.msc.
  • Install BrightFort's, very lightweight, SpywareBlaster® and manually update it once per month.

Neither of these 2 steps will have noticeable impact on your laptop's hardware resources.

HTH :)


All viruses are malware but not all malware are viruses and if the malware doesn't self replicate it just isn't a virus.


#10 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,620 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:54 PM

Posted 30 November 2014 - 03:07 PM

I cannot upgrade to Windows 8, my laptop is only designed to handle Windows XP, no, Linux is not an option for me, the software I need doesn't run on Wine, and no, I cannot buy a new laptop, don't have the money for it. I hope that clarifies things.

Anyway, I have Windows XP SP3, which is connected to the Internet, my anti-virus is Avast, my firewall is Comodo Firewall, my web browser is Comodo IceDragon, with Adblock Plus and NoScript.

Is there anything else I can install to secure my Windows XP?

 

Do you run as administrator? Then you can create a non-admin account and use that for daily tasks.


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2018
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#11 rp88

rp88

  • Members
  • 2,895 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:11:54 AM

Posted 30 November 2014 - 04:55 PM

"Do you run as administrator? Then you can create a non-admin account and use that for daily tasks."


A shame they didn't build UAC into xp in some of it's final updates, despite all the annoyance some people have felt from that feature it's a good extra layer of protection, knowing that an "allow or deny" flash up message stands between you and evilexefilewithhiddenextensioninstaller1.png.exe .

Edited by rp88, 30 November 2014 - 04:55 PM.

Back on this site, for a while anyway, been so busy the last year.

My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB

#12 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,620 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:54 PM

Posted 30 November 2014 - 05:03 PM

That's the nature of the market. New features go into new versions that need to be purchased.


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2018
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#13 Crazy Cat

Crazy Cat

  • Members
  • 808 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Lunatic Asylum
  • Local time:11:54 PM

Posted 30 November 2014 - 07:17 PM

And malware authors are finding more ways to request elevation stealthy. User Account Control. http://en.wikipedia.org/wiki/User_Account_Control
 

Two things are infinite: the universe and human stupidity; and I'm not sure about the universe. ― Albert Einstein ― Insanity is doing the same thing, over and over again, but expecting different results.

 

InternetDefenseLeague-footer-badge.png


#14 argonvegell

argonvegell
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:07:54 PM

Posted 30 November 2014 - 11:52 PM

Do your browsing in a LUA, not an admin account. I don't have experience with Ice Dragon but install an addon like No-Script if it supports it.

Do you run as administrator? Then you can create a non-admin account and use that for daily tasks.

Sorry for the late reply.

I use both Administrator and Limited User accounts, for installing security and defragging, I need to run as Administrator, but for daily tasks, like word processing with OpenOffice and broswering the web, I use LUA. Thanks for the tip.

 
OP, you are missing a lot of on-demand scanners, including EEK, EOS, MBAM, TFC.  I recommend you to save money to buy a new laptop.

Thanks for the tip, I installed Malwarebytes Anti-Malware Free.

BTW argonvegell...another useful tool for XP is RollBack Rx XP Free.

Thanks for this, I downloaded it, but I have yet to install it though, I have some questions on it.

Does this prevent fragmentation? For example, I defrag my system, then I take a snapshot of my system, and when I restart or boot up my system, would it undo any fragmentation that occurred during use?

Edited by argonvegell, 01 December 2014 - 12:37 AM.


#15 NickAu

NickAu

    Bleepin' Fish Doctor


  • Moderator
  • 11,728 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:127.0.0.1 Australia
  • Local time:10:54 PM

Posted 01 December 2014 - 04:28 AM

 

I wouldn't recommend a live CD. An installed version would be better

I would for online shopping and banking and a great and safe way to surf the net.

 

 

Nobody likes to get their files deleted every time they restart.

This is the whole point of a Live Boot without persistence. 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users