Keeping Windows XP secure


Now that Microsoft stopping XP support is upon us, can anyone suggest ways to help ensure that their machines stay secure? I manage a small number of PCs running XP, and we don't have the money to upgrade, so I want to take every step possible to protect the systems going forward.

Is antivirus and internet security sufficent?

Many thanks,

you can surf wisely, use malwarebytes as an on demand scanner, get a good antivirus, Kaspersky paid is still supporting xp, the free 360 Internet security from Quiho is very good, and there is avast that will supprot xp for 2 more years I believe.
And you could also run in a Sandbox environment, available from Sandboxie and Quiho.


One antivirus running in real time
Ondemad scanners for malware and spyware
use ad blockers
have a software updater if you can not remember to check for updates to your programs
Run daily quick scans and weekly full scans
There are also online one time scanners from Kaspersky , google for some others.

And anytime a pc does something you do not want it to do, and you suspect infection, then get it cleaned.
A good forum for this is Geeks to Go, and there are other malware removal forums.

The best way to clean infections is to wipe and reinstall, If you could afford Acronis true image, then you can always restore a complete image of your pc.
I've been using a product call AppGuard from Blue Ridge Networks. It's NOT an AntiVirus product. What it does is stop bad behavior. So even if you do catch a virus, it won't be able to execute.
I used Panda for a while, on a recommendation. It slows the machine terribly.

Currently using ZoneAlarm.

Incidentally, does anyone else rely upon their hardware firewall in their router?
I use windows built in firewall, I believe there is another firewall in the machine I plug into to get dsl service. Also running avast free on one xp, and 360 internet security from Quiho on two other xp's

also have mbam and mbae, and spywareblaster installed.
I hope that my post falls within the current topic of this thread --

I have a Model EL1200-06w e-machine on which I have two operating systems:
1. (C: )
a. Windows XP, version 5.1 (Build 2600.xpsp_sp3_qfe.130704-0421 : SP3)
b. ZoneAlarm firewall, set to stop all internet activity except when it's absolutely necessary to have access to the internet or my home network
c. Avast anti-virus - I keep my virus definitions up and scan regularly despite the fact that I no longer surf the web or download anything on this side of the computer other than updates for this program
d. Malwarebytes - I keep the definitions up and scan regularly despite the fact that I no longer surf the web or download anything on this side of the computer other than updates for this program

2. (D: )
a. Windows Vista Home Premium, version 6.0.6000 Build 6000 *
c. Avast anti-virus
d. Windows Defender
b. Windows firewall
e. Definitions are kept up-to-date on the above programs, though I do not always allow the optional updates from Window. I am usually only doing artwork or word processing on this side of the computer, and usually only use the internet because I just happened to be logged in to the Vista side. Otherwise, the majority of my online surfing and downloading is done on another machine.
f. Preferred/Default browser - Mozilla Firefox

*Whether I do Start>Run>winver or [right-click]>Computer>Properties or open System Information, I cannot find what service pack I am working with.

Before anyone starts crucifying me for still working with WinXP, I keep it, and will continue to work with it until it become impossible - I have programs (especially art progs) that I have used for years that will not funtion properly, if at all in some cases, on Windows Vista and Windows 7.

I do not surf the web on the XP side of the computer. I allow internet access only when I need to access a file in another area of my home network, or when I must update ZoneAlarm, Avast or Malwarebytes. If I need to download something from online for the XP side of the e-machine, I do it on my laptop or on the Vista side of this e-machine, save it to an external drive, then access what I was after from that drive the next time I boot to the XP side.

That brings me around to my question: When I am booted to and working on the Vista side of the computer as described in 2e above, is the XP side of my computer vulnerable to attacks that are alleged to become inevitable for those who take the chance and continue using XP in a normal way? And when I say "normal," I mean the way in which many people use a computer: surfing, downloading, blogging, vlogging, word processing, shopping, chatting/messaging, paying bills, etc.

Thanks in advance for anyone's help and input.
However, having said all that, most malware does only infect the one OS partition. ...unless you get his by one of those file-encrypting bits of malware which might encrypt every file on your PC regardless of drive letter.

from here


If you do install a version of Windows no longer supported by Microsoft or any other obsolete operating system (without the current service packs and updates) you should be aware that you're placing your computer at greater risk of security breaches, malware and viruses if the computer is connected to the Internet. This places all your data at risk if you're sharing it between various installations.

from here


I believe it comes down to being safe in what you download

updates and scans with what you have installed on xp should be okay since you do not go to surf the internet with xp

if you insert or copy data from the vista to xp, always copy to desktop and scan before ever clicking on it to open and do not allow your usb to be opened automatically, always open from My Computer, this way you can right click on usb thumb drive in My computer and scan the thumb drive before opening, that is why Windows came up with an update to halt autoplay, but this can be bypassed if there is an autorun .ini on the drive, then you will have to alter the registry to stop it from opening automatically.
ALSO on your sp's for vista:

Go to Start and type Winver in the Search Box.

Press Enter to display the version dialog. You should see Version 6.0 (Build 6001: Service Pack 1).

If you see anything else, then SP1 is not installed. The update you installed may have been one of the pre-requisite updates that is required before SP1 can be installed. You can check the update history to get the details of what was installed.

In Windows Update select 'View update history' in the left side menu. You can right click any of the updates shown and select Details to see exactly what was installed, including the date.

Keep checking for updates.

from here

so I suspect you have no service packs installed and should be at 2 .
Additionally, the new updates via POSReady 2009 should be mentioned (at least for the sake of completeness). I know most of you dismiss that practice, but I think there needs to be a change of attitude here towards the reg hack that allows this, as the updates receives are binary compatible and provide patches to known loopholes.

It buys you updates that will come until 2019
Hello Gingertommy from Aunty Jack,

I gave up with Avast, AVG, and Defender a while ago. Have a look at Immunet 3. It is a cloud based antivirus, free or upgrade to full from about $25.00 Aussie dollars. It may handle small network set-ups.

Cheers, Aunty Jack.
hi to increase you security turn off remote assistance go to start right click compter, properties, then click remote, uncheck allow remote invitaions to be sent from this computer, this will stop hackers accessing your computer without your permission. You need to be an administrator to do this.
Here are some generic tips to keep your Windows XP operating system safe:

  • Install up-to-date and working anti-virus software. If you need a free antivirus which offers basic protection and low system resource requirements, try Microsoft Security Essentials 4.4.340.0 XP, and install MalwareBytes Anti-Malware as a secondary scanner.
  • Keep Internet Explorer and Windows Media Player up to version 8 and 11 respectively, and install the latest updates for these programs. Software that downloads or receives information from the internet uses Internet Explorer, for example.
  • Install only software you can trust or has been recommended by respectable people, such as from this community.
  • Keep all your hardware and drivers up to date. This is small but necessary.
  • Don't think 'Turn off Windows Update as support ended over a year ago', because the Malicious Software Removal Tool is still updated for Windows XP for some reason, and very rarely, updates are issued.
  • Use an alternative browser such as SeaMonkey or Qupzilla. Avoid Google Chrome or Safari, the former is known to collect everything you do on the internet (it's adware, but antimalware systems don't classify it as one, because Google would sue them billions of pounds), and Safari is not updated anymore for Windows.
  • Make regular backups of your system (I recommend once every month) in case any malware compromises your computer and stops you from using System Restore.
  • Add a password to all of your accounts, including the hidden Administrator account.
  • Alternatively, you could use a limited account for everything unless you need to do an administrative task.

Funny enough, I don't follow nearly every single one of these tips myself, but these tips are common sense but useful.
Continuing to use your PC with the XP operating system can be risky. Which is why we wanted to offer a few tips to keep your device as secure as possible.

Be sure you are using a security solution that offers application whitelisting technology. This will not patch the security holes, but if malware is attempting to execute on your system, a solid security platform will help to prevent an infection. PC Matic offers application whitelisting technology, and is compatible with Windows XP.
Remove all programs that are known for security holes on their own. A few of these programs include Adobe Flash, Adobe Reader and Java. If you use these programs regularly, it is best practice to be sure they are updated to avoid any security holes that may need to be patched.
Since your operating system cannot be updated, it is important to mitigate the risks of other security holes. Be sure all applications that you are using are up to date.
Back up your data. Realistically, you are at a higher risk of a malware infection due to the security holes within your operating system. If you are attacked, it will be much easier to recover if you have your information backed up.
Using XP offline will also significantly decrease the risk of malware exposure. You could also use XP on a virtual machine, which if infected would then impact only the virtual machine.
Overall, it is important for XP users to understand the risks of using an operating system that is not only outdated, but not able to have security patches. The above steps will help mitigate the risk of a malware infection; however, in no way replace the security found on an operating system that has security patches available. If you choose to continue the use of XP, please proceed with caution.

Ethan Stark
POSReady 2009 updates eventually killed my 2 XP boxes using it, I backed up some stuff and reverted to an Acronis image from before I implemented the mod. I now don't use any updates post April 2014 and haven't had any issues.

As long as you trust no newly downloaded exe without vetting it first via multiple methods, and only browse known safe websites on XP, have plenty of offline data and boot drive image backups (critical), you'll be ok.

Abobe Flash and Acrobat may have security holes, but I've never seen an actual attack through those vectors (I was a Systems Admin for about 100 Windows 7, XP, 2000, 98 PCs for several years). Attacks have been through user error (phishing emails) and visiting websites with 3rd party ads. I got hit at work by visiting and That's right- reputable websites often host unsafe third party ads. It happened on Windows 7, and AVG caught each attack. UltraVNC's site has been compromised for several years... don't know why they can't remove the virus. You can only visit it safely from Linux.

Moral is that no Windows version is safe for general web browsing- even with Chrome or Firefox 57, you are taking a risk with every newly visited website.

Rather than use XP in a virtual machine on a newer Windows OS (there are no safe versions of Windows), use a VMWare Player Linux virtual machine on XP with Firefox and/or Chrome installed. There will be a thread dedicated to doing this, as this is how I've been browing on XP for the past 3 years. This post is being made from that setup- VMWare Player running on XP32, Linux Mint 17.3 with Firefox 53 running in a virtual machine.
Anyways heres my security suite:
* Avast Antivirus
* POSReady trick
* SSL 2.0,SLL3.0 TLS 1.0 disabled only TLS 1.1 and TLS 1.2 enabled(for security reasons)
* SUPERANTIspyware for cleaning up tracking cookies
* MalwareBytes as a secondary scanner(scanning every month)
* Disabled unsecure chipers
* ProxHTTPSProxy for making Internet Explorer 8,Advanced Chrome 54 to load all websites
* Ublock Origin on Chrome
* SpywareBlaster for making Internet Explorer a little bit more secure
Thats my security suite :) :) :)