10 ways to keep Windows XP machines secure

Paul Rubens

You can download EMET 4.1 from the Microsoft Security TechCenter.

5. Don't Use Administrator Accounts
Many of the vulnerabilities that affect Windows XP - 92 percent of all critical vulnerabilities in Microsoft's 2014 security bulletins, according to a 2013 Microsoft Vulnerabilities Study carried out by Avecto - can be exploited successfully only if the user is logged onto an account with administrative rights.

Making users log in to standard, nonadministrator accounts makes it possible to mitigate the overwhelming majority of the risks of running Windows XP at a single stroke. In larger organizations, privilege management software can be used to control user accounts and elevate privileges when necessary.

6. Turn Off 'Autorun' Functionality
A common way to infect computers with malware is to automatically run executable software that's present on a USB drive when it's inserted.

It's possible to disable all Autorun features in Windows XP Professional by configuring Group Policy settings - but an easier way is simply to download and run Microsoft Fix it 50471. (Autorun can be re-enabled if necessary by running Microsoft Fix it 50475.)

7. Turn Up Data Execution Prevention Protection
Data Execution Prevention Protection (DEP) is designed to prevent the execution of malicious code on parts of the computer's memory that are intended to hold data rather than program code. Malicious code may be placed in these parts of memory during a buffer overflow attack, and an attempt may subsequently be made to execute it from this location.

To get the maximum protection from DEP, ensure that it's turned on for all applications. (If a particular application becomes unstable with DEP turned on, you can selectively disable DEP for that application.)

To set DEP for maximum protection follow these steps:

8. Don't Use Office 2003 (or Office XP)
Support for Microsoft Office 2003 and earlier has been discontinued along with support for the Windows XP operating system. To minimize the chances of a Windows XP machine being compromised through Office, you should upgrade to a later version of Office or use an alternative product such as the open source LibreOffice.

It's also important to ensure that any other software running on a Windows XP machine is up to date with the latest security patches and to discontinue the use of any software (such as Outlook Express) that's no longer supported if an alternative exists.

9. Make the Most of Available Windows XP Security Software
Windows XP may not be updated anymore, but it does have some defenses. This includes the built-in firewall (which should be turned on) and plenty of antivirus options.

Microsoft's free Security Essentials antivirus product will continue to receive updates until July 14, 2015. Other well-known vendors such as McAfee have pledged support for at least two years; some, such as ESET, have promised support for at least three.

Previous Page  1  2  3  Next Page