Thursday, April 10, 2014

XP won't explode now there are no more patches!

My Father-in-law called on the evening of the 7th March because he'd been spooked by the warning that Windows XP was giving. It transpires that MS are updating big customers like the British NHS but for now all us little people will have no more patches for vulnerabilities as they become known. The marketing guys in Redmond no doubt have been pushing for this for years as XP is still just fine for lots of applications. Given how poorly received Vista was it's no surprise that a full one third of folks visiting Google yesterday were doing so with Windows XP.
Given that pretty much all of the patches that XP got in 2013 were also applicable to Vista, Seven and Eight it seems that going forward as they patch those newer versions the bad guys will reverse engineer the fixes and find those vulnerabilities in WinXP. So, the risk to XP will get worse quicker than it has previously. However; according to Steve Gibson at Security Now! (why are you not listening to that podcast, IT warrior?!) if you look at all the vulnerabilities in XP patched between 2011 and yesterday you would not have fallen foul of any of them if you were doing the following;
  1. NOT running as admin; I know most Windows users assume this is necessary but it isn't. Once you've got that account running as you like wind it back to being a standard user. Just don't forget to make a new admin account before you do! You will need it occasionally.
  2. NOT running MS Internet Explorer - really; there are much better browsers.
  3. NOT running Java - you don't need it.
  4. NOT allowing active content to run by default in your browser; Firefox with NoScript and AdBlock mean you have a hassle for a day after you've switched, but once you've trained NoScript to the sites you use you are an order of magnitude safer on the web.
  5. MS Office - do you really need it? Libre Office is now good enough for 99% of people - unless you live deep inside Excel the open source alternative is as good/better.
So - if switching away from MS Office is a step too far just doing 1 - 3 would have saved you from 97% of exploits - in fact just doing no. 1 would have saved you from 93% of nasties.

No comments: