Reactions to Microsoft's announcement have been mixed. Predictably, there are lots of Chicken Little reactions: Windows XP is not secure, security updates won't be available, Windows XP is a risk to the whole organization, the sky is falling!
Well, the good news is that the sky is not falling. Many users already bought new computers with Windows 7 or Windows 8. But, if you want to continue to use Windows XP, there are a few things that you should do.
Let's start with Windows security model. The problem is not the Windows XP security model, the problem is the way we choose to use Windows XP. Following on the heels of Windows 95/98/ME, many of us use Windows XP as if it was Windows 95. We take advantage of the convenient features, and we choose convenience over security.
Windows 95 and its successors were really just graphical user interfaces sitting on top of a single-user operating system. Microsoft built Windows XP on top of the Windows NT, so the Windows XP security model shares similarities with secure mainframe and workstation operating systems. If we use Windows XP more like a workstation and less like Windows 95, then we can use Windows XP securely. Our computer may not be as convenient to use, but it will be more secure.
Use passwords: Passwords and log in screens were available in Windows 95, but most users didn't bother using a password: you turned on the computer, and you were automatically logged on. Windows XP offered the same convenience of automatic log in. Don't do it! Always use a password, and pick a secure password.
Use the NTFS file system: Windows XP inherited both the FAT32 file system from Windows 95 and the NTFS file system from Windows NT. Early Windows XP computers were usually shipped with the FAT32 file system; conversion to NTFS was an option. The FAT32 file system has no security built in; any user can read or write or delete files anywhere on the disk. The NTFS file system can be secured, and a user must have authorization to read, write, or delete files. In the FAT32 world, it's easy to corrupt the /Windows directory (or any other directory); in the NTFS world, an unauthorized user can not corrupt the /windows directory. If you're still running a FAT32 file system, convert it to NTFS.
Use the Limited User and Computer Administrator account types. This is another very important security feature that Windows XP inherited from Windows NT. Mainframe and Unix workstation users are familiar with the idea of granting certain users permission to update the operating system and restricting access to other users. Windows XP has this capability, too. Windows XP Home users are either Computer Administrators or Limited Users. An Administrator can install programs, and an administrator has permission to read/write to any directory in an NTFS file system. A Limited user can not install software, and the NTFS file systems limits the disk access.
This is a secure way to manage a computer, yet most XP users do not take advantage of it. Instead, we always log in as an Administrator, and we use our XP system as if it was Windows 95. Do not do this! The only good reason to log in as an Administrator is to install software, run the defragmenter, or perform other system administration tasks. For browsing the web, word-processing, working with spreadsheets, etc, create a Limited user account, and use the Limited user account for daily work. Never do your day to day work as a Computer Administrator.
Unfortunately, some software vendors insisted on writing applications that saved data to a sub-directory of the \Windows directory. This was a bad practice, but it was not uncommon. If you have an application that does this, you may be able to use the application's options to change where it saves files. If that does not work, you can run the application as an Administrator. That does defeat the security, but sometimes it's the only way to run an older application.
Disable the guest account. The Unix workstations we used back in the 1980s and 1990s usually had a "guest" account. Guest accounts were intended for use by friendly guests who could log in with out a password. It was a convenience feature that quickly caused us more work than it saved us. Guest accounts became back doors to our systems for unfriendly hackers. Windows XP ships with a guest account; it's an unlocked back door to your computer, so be sure this feature is disabled.
Update Windows: As of this writing, there are a few days left to run Windows update. Microsoft tightened up the XP security in XP releases SP2 and SP3. Be sure you are running SP3 with the latest updates. Run Windows update, upgrade to SP3 if you need to, and get the last few updates. Although Microsoft won't be updating Windows after April 8th, the good news is that after fourteen years, the hackers are unlikely to discover a serious bug.
To the cloud and beyond: Early XP computers were usually shipped with 40GB or perhaps 60GB disks. After years of use, many of us are running out of disk space. Or the applications that came with our old computer have become dated. This is a good opportunity to investigate cloud services. With a Microsoft live.com account or a google account, we have access to many GB of free storage and a suite of applications for word processing, email, spreadsheets, blogging, etc, all delivered via a web browser. We get up-to-date applications delivered via the web, we get free disk storage, and the cloud service does all the maintenance. What's not to like? Let's be honest: when was the last time you backed up your computer?
Use a modern browser: That brings us to our next recommendation: upgrade your browser. Install the latest FireFox or Chrome or Internet Explorer browser, and let these applications keep themselves updated. And remember to install the software using your Computer Administrator account.
Security Suite: Another good practise is to run some security software. In addition to free security suites such as AVG, some Internet service providers offer free subscriptions to popular security suites. Comcast offers Norton anti-virus free to its customers. Also, check the security software license at your place of business. With many office workers telecommuting from home, businesses have invested in licenses that allow employees to install the same security suite on their home computers that they use at work. Another option is Microsoft Security Essentials, available through Windows Update. Run Windows update manually, click the Custom button (not the Express button), scroll through the list of optional updates, check the Microsoft Security Essentials, and finally click on Review and install updates.
Summary
Windows XP is not an insecure operating system; however, many of us use XP insecurely. By taking advantage of XP security features, we can continue to safely use our XP computer.
- Create passwords for your users.
- Convert to NTFS. FAT32 is not secure.
- Use the Computer Administrator account only for computer administration tasks.
- Use a Limited user account for everything else.
- Disable the guest account.
- If you share a computer at home, everyone using it should have a unique Limited user account
- You have a few days left; be sure you have all the available XP updates applied.
- Upgrade to a modern browser. Chrome and FireFox will update themselves.
- Add a security suite.
