5 Tips for protecting Windows XP machines after April 8, 2014

Microsoft will cease providing security updates for this operating system on April 8, 2014. Microsoft will release its final security updates for Windows XP, and stop providing support and fixes for it. The operating system will still function the same way it has, and all old updates and fixes will still be available, but regular system updates are used to repair exploits and patch existing security vulnerabilities.

If you cannot get away from Windows XP just yet, there are still a few things you can do to defend your XP machines:

  1. The first thing is to make sure that you back up your computer’s files regularly, and periodically test your backup strategy by restoring backups, preferably on a different computer, a few times a year. This helps ensure that in the event of a catastrophe, you will still have access to the information on your computer. The time to worry about your backups is not when faced with a virus, fire, earthquake or other calamity.
  1. The next thing to do is to make sure that your copy of Windows XP is up-to-date. Although Microsoft will stop making new updates for Windows XP after April 8, 2014, all of the old updates from before then will still be available, and should be applied! This also applies to the device driver software (a device driver is a computer program that allows the operating system to communicate with a particular kind of hardware), which may be available from your computer manufacturer or Microsoft’s Windows Update web site.
  1. In addition to the operating system and drivers, you should also make sure you have the latest versions of your application software on the computer, and that those are fully-patched and updated. Programs like Adobe Flash, Adobe Reader and Oracle Corp.’s Java are frequently targeted by the criminal gangs that develop and use malware, so keeping these up-to-date is just as important as looking after the operating system. Other software that you use, such as Microsoft Office, web browsers and so forth, should be on the latest version and have the latest patches applied as well.
  1. If the computer does not have to be connected to the Internet, disconnect or disable the connection so that the PC can only connect to other machines on the same non-Internet network. This will ensure that Internet-borne threats cannot directly attack your XP PC, and will make it harder for an attacker to steal data off the computer.
  1. Make sure your security software is up-to-date, as well. There are lots of security programs available for Windows XP, and most of their authors have committed to supporting Windows XP for years to come. Some are free, while others are sold as a subscription. A discussion of the features needed to protect Windows XP is outside the scope of this article, but at the very least, I would recommend looking for a security program that combines signature-based and heuristic detection, includes a firewall, and has some kind of host intrusion protection system. Vulnerability shielding and exploit blocking will be useful as well, as Windows XP will no longer be updated by Microsoft to protect against these types of attacks.

While these tips will help, your main goal should be figuring out how to move away from Windows XP. If it is simply a matter of replacing a critical application, work out the cost and build that into your operating budget, likewise for computer upgrades or even replacement computers. That may be a capital expense, and an unwanted one in this economy, however, it is still better than going out of business because outdated computers failed or critical data was stolen.

Having to replace working computers every few years is not fun, but, like other mechanical equipment, computers do wear out and need to be replaced. Software, too, gets updated periodically, not just with security patches, but new features and functionality as well, that can improve your bottom line.

For readers who are using ESET for their anti-malware protection, ESET is committed to supporting the Microsoft Windows XP operating system for 32-bit and 64-bit versions of ESET products at least until the end of April, 2017.

by Aryeh Goretsky

ESET will not end Windows XP products support

windows-xp-54321-623x420

After 8th April 2014, Microsoft will no longer provide system updates for Windows XP.
ESET will support the Microsoft Windows XP versions of ESET products at least until the end of April 2017.

Q: What exactly happens on April 8, 2014? Will Windows XP stop working?
A: On April 8, 2014, Microsoft will release its final security updates for Windows XP, and stop providing support and fixes for it. The operating system will still function the same way it has, and all old updates and fixes will still be available. Regular system updates are used to repair exploits and patch existing security vulnerabilities.

Q: Will ESET products and virus definitions on Windows XP still be updated?

A: Yes. At least until the end of April, 2017 ESET will maintain support for customers with ESET products installed on the Windows XP operating system and will continue to offer the following services during that period:

  • Regular virus signature updates for the latest threats
  • Consistent updates to other parts of the antivirus engine
  • ESET Customer Care support requests

Currently, ESET still supports and provides updates for endpoint products that work with Windows NT 4.0 and Windows 2000, both of which reached end of life (EOL) status in 2004 and 2010, respectively.

Q: Will all versions of Windows XP cease being supported by Microsoft after April 8, 2014?
A: No, not all. Windows XP Professional for Embedded Systems, a special version of Windows XP used in devices such as cash registers, ATMs and ticket machines, etc., will be supported until December 31, 2016. However, that date is fast approaching and if you have devices running XP Embedded you will eventually need to replace or update them.

Q: Are other Microsoft programs going to cease being supported?
A: Microsoft Office 2003 will no longer be supported after April 8, 2014. The next major end of life date is July 14, 2015, which is for Windows Server 2003. If your office has any servers left running Windows server 2003, you should be planning on updating or replacing them as well.

Q: I have to run Windows XP and cannot upgrade or replace my PC. Is there anything I can do to protect myself?
A: Make sure that your copy of Windows XP is fully patched and all your applications are on the latest versions with the latest patches as well. Please note that while your service from ESET will not change, your system could become more vulnerable to threats because it will no longer receive regular system updates from Microsoft.

We recommend that you use the latest version of your ESET product to maintain the highest degree of protection possible with the non-updated Windows XP operating system.

To maintain the highest level of security, we recommend that you upgrade your operating system or move your important data onto a computer with a more current operating system.

by Urban Schrott and Aryeh Goretsky

Time to Move On From Windows XP

The world today is a much different place than it was in 2001 when Microsoft released Windows XP. With Windows XP Microsoft combined features to handle games and multimedia for consumers, and to provide stability and reliability for businesses. This strategy made for a wildly popular operating system. Now, thirteen years later, Windows XP comes to an end of sorts on April 8, 2014. After this, Microsoft will cease providing security updates or support for this venerable operating system.

Consider how your own use of technology has changed, in the last 13 years: In 2001, my home PC had an Intel Pentium 4 processor that ran at 1.8GHz and a gigabyte of RAM. Today, my home PC has an Intel Core i7 processor that runs at 3.7GHz and 32 gigabytes of RAM. While the processor in today’s PC appears to be only twice as fast as my computer from 2001, such comparisons are misleading. The actual difference in performance between the two is closer to 60-fold, and even faster for some operations. And my Internet connection? That went from just under a megabit-per-second to 20 megabits, a twenty-fold increase in speed.

Technology evolves, and just as our computers have changed, so has the software they run. Microsoft Windows is no exception to the rule, especially when it comes to security.

Numerous updates to Windows XP were released over the years, including three giant Service Packs in 2002, 2004 and 2008 that not only fixed numerous vulnerabilities that had left Windows XP open to attack, but added new features. In 2007, Microsoft’s struggle to release the successor to Windows XP ended with the release of Windows Vista. Microsoft then resumed releasing operating systems on a two-year cycle. Windows 7 arrived in 2009 and Windows 8 in 2012, just a little behind schedule.

Each new version of Windows has not only brought new features, but greatly strengthened security. The six-year gap between Windows XP and Windows Vista and the lackluster response to Windows Vista meant that a lot computers remained on Windows XP. Those computers remained vulnerable to attacks that, if they were not blocked completely by newer versions of Windows, were at least much more difficult for attackers to exploit successfully.

What you can do

If your home or business PC is still running Windows XP, it is not too late to upgrade.

I do not recommend going to Windows Vista, simply because support for it will be ending in 2017. Microsoft will stop supporting Windows 7 in 2020, and Windows 8.1 in 2023. From a security perspective, Windows 8.1 is a great improvement, but the interface is very touch-focused. Unless you are using a touchscreen, you might be better off upgrading to Windows 7 or using a program that makes the Windows 8.1 interface more like an earlier version of Windows. Computers running Windows 7 are still available from stores and computer manufacturers online.

The business-focused editions of Windows 7 (Professional, Ultimate and Enterprise) can run Windows XP Mode, which embeds the older version of Windows inside the new one.  This might let you run a last remaining application requiring Windows XP, at least until it is replaced. Keep in mind Windows XP Mode suffers identical issues to Windows XP and is a bridge to replacement of Windows XP, not a means of prolonging XP’s life. Windows XP Mode is not available for Windows 8.1.

XP Questions and Answers

Q: What exactly happens on April 8, 2014? Will Windows XP stop working?
A: On April 8, 2014, Microsoft will release its final security updates for Windows XP, and stop providing support and fixes for it. The operating system will still function the same way it has, and all old updates and fixes will still be available.

Q: Will all versions of Windows XP cease being supported by Microsoft after April 8, 2014?
A: No, not all. Windows XP Professional for Embedded Systems, a special version of Windows XP used in devices such as cash registers, ATMs and ticket machines, as well as various industrial and scientific equipment, will be supported until December 31, 2016. However, that date is fast approaching and if you have devices running XP Embedded you will eventually need to replace or update them.

Q: Are other Microsoft programs going to cease being supported?
A: Microsoft Office 2003 will no longer be supported after April 8, 2014. The next major end of life date is July 14, 2015, which is for Windows Server 2003. If your office has any servers left running Windows server 2003, you should be planning on updating or replacing them as well.

Q: I have to run Windows XP and cannot upgrade or replace my PC. Is there anything I can do to protect myself?
A: Make sure that your copy of Windows XP is fully patched; all your applications are on the latest versions with the latest patches as well; your PC is not just regularly backed-up, but you are testing those backups by periodically restoring them; your PC is running up-to-date security software; and you should also be figuring out how you can move away from Windows XP to a newer version of Windows.

Resources: Windows XP-specific

General Advice: How to secure a PC

Resources: Windows 8-specific

We will have more to say about XP’s retirement on We Live Security. Let us know your concerns and we will endeavor to address them

Author Aryeh Goretsky, ESET

CyberThreats Daily: Win7 machines harder hit by infection as VXers change tactics

Win7 infection rates rose during the second half of 2010 even as malware hit rates on XP machines declined, according to official statistics from Microsoft.

The latest edition of Microsoft’s Security Intelligence Report shows an infection rate of four Win7 PCs per 1,000 in the second half of 2010, up from three Win7 PCs per 1,000 during the first half of 2010. The rise of more than 30 per cent contrasts with a drop of the infection rate, albeit from a much higher starting point, for older and less secure machines running Windows XP. Read more on The Register.

Getting a grip on Flash cookies: Adobe publishes Flash 10.3

Adobe has published version 10.3 of its Flash Player for all platforms. This version finally gives users control of their Flash cookies, but only if one of the currently supported web browsers is used: Firefox 4, Chrome 11, Internet Explorer 8 (or higher) and, soon, Safari. Full article on The H Security.

Magic Lantern: Shining a light on the AV numbers game?

“You don’t hear anything about the FBI’s Magic Lantern spyware – sorry, policeware – for years, and then suddenly it’s all over the place. Media-wise, at any rate: I don’t have any exciting news of an epidemic of electronic surveillance, but there seems to be a lot of interest in Computer and Internet Protocol Address Verifier (CIPAV) again… “ writes David Harley, ESET senior research fellow

CyberThreats Daily: FBI closes in on zombie PC gang

US crime-fighters closed in on a gang behind a huge botnet after taking control of the criminals’ servers. The authorities issued their own commands, effectively ordering the malware to shut down. They also logged the IP addresses of compromised machines.

BBC news wrote about it, as ESET’s David Harley in the article Coreflood Reduced to a Backwater.

Latest PowerPoint security patch has problems

On its recent patch day, Microsoft released security updates to fix vulnerabilities in multiple versions of its Office products. The patch for PowerPoint 2003 can, however, have negative consequences – after installation existing presentations may be unable to be opened or may cause an error message stating that the file is corrupted and cannot be fully displayed. See full article on H Security.

KB2506014 kills TDL4 on x64

Not so long ago, Microsoft released a security patch addressing the way Windows x64 operating systems check integrity of the loaded modules. In our recent report (The Evolution of TDL4: Conquering x64) we described a method used by the TDL4 bootkit to load its malicious unsigned driver on 64-bit systems, even though those systems have an enforced kernel-mode code signing policy. The new security update is intended to fix the “feature” (vulnerability) in x64 OS’s (Windows Vista and later) exploited by TDL4. More in ESET Blog.

CyberThreats Daily: The Top Ten Commandments of Password Protection

Protecting your passwords is a vital component of keeping your online accounts safe and secure. Careless users often find themselves the victim of email or Facebook hacks.  Armed with the right information, it only takes a few moments to properly secure your email accounts, social networking profiles and sensitive, web based logins.

The nice people at Facecrooks have put together a handy list of password protection tips to help you in this endeavor.

Microsoft: massive patch day planned

Microsoft has announced that it plans to release a total of 17 bulletins for its upcoming April Patch Tuesday, patching 64 security vulnerabilities in its products. The company rates nine of the bulletins as “critical”; the remaining eight are rated as “important”. More at H Security.

Oops. Where did the Internet go?

ESET’s David Harley was was mildly amused to note that Internet connections to Georgia (Eastern Europe, not the US) and Armenia were cut off by a 75-year-old woman. Read his blog here.

Security Feature: Misplaced trust in trustworthy names?

Just the other day a journalist commented to me, as so many have before, that “surely people can be relatively safe online, if they just avoid dodgy sites” (and by dodgy sites, they usually mean porn or piracy sites). After all the years of telling people about malicious code injections, about drive-by downloads, and about Trojans just about everywhere you look (or don’t look), some still believe all they have to do to stay safe is to refrain from visiting dodgy sites. Well, just recently we have again been reminded that not only are troubles not limited to dodgy sites, but that even some sites we’d expect to be completely trustworthy can be compromised.

At the beginning of February, ESET researchers Aryeh Goretsky and Randy Abrams wrote about an infection that seems to have originated from Microsoft. In late January a customer reported that ESET NOD32 Antivirus had prevented a Trojan from infecting a mobile user’s computer, but that the source of the infection was Microsoft’s own Update Catalog. Though this was no direct fault of Microsoft, their driver updates page provides users with many third-party driver updates, and it is into one such that a Trojan sneaked (more in Aryeh’s full story). Randy Abrams then followed up with a detailed breakdown how the third party updates function, how such occurrences are not unusual and why Microsoft didn’t catch it.

Very soon after that came reports of BBC6 Radio’s homepage being afflicted by a malicious link which was reported to carry various types of malware. In addition Lush cosmetics websites have been compromised and customer data stolen (more in ESET researcher David Harley’s blog). David also reported that public access PCs in libraries have been found with hardware key-loggers attached, stealing people’s log in data. (See also Keyloggers in the Library and Dan Raywood’s article for SC Magazine on Keyloggers found plugged into library computers).

ESET’s Marek Polesensky added his contribution to the growing list of reports on Facebook threats, with a report on a slew of worms, including Win32/Yimfoca.AA and Win32/Fbphotofake, where for a few weeks Win32/Yimfoca.AA has even ranked in the ThreatSense.Net Top Ten Threats in many European countries.

Financial institutions weren’t spared either. In Ireland we’re still seeing plenty of phishing emails using templates of well known Irish banks, as well as a recent phish purporting to be from the Revenue Commissioner, and indicating that the recipient is entitled to a tax rebate. Elsewhere Trusteer has reported of a Trojan that keeps online banking sessions open for crooks to exploit, even after the user has logged out.

Combine then the confidence that everything will be all right if one avoids dodgy websites, with the reality that the above threats are lurking everywhere, even in supposedly very known and safe institutions. We sort of expect such organisations to take care of security concerns for us: since this clearly isn’t always the case, it comes as no surprise that one fifth of Irish businesses have experienced a data breach and UK business is losing over £20 billion to cyber crime, as reported in ESET Ireland’s blog. And tying in with this data, EU statistical office reports that a third of EU computer users have caught a computer virus.

Antivirus vendors, such as ESET, have often been accused by media of fear-mongering in order to stimulate sales of our products, but all one really has to do is glance over news headlines to see that every day there can be found a different report about another breach, fraud, scam, item of malware, etc. And very few of these are harmless or easy to ignore. And most of these stories don’t even come directly from antivirus vendors. Perhaps now, with names we have come to accept as trustworthy coming under attack, it is time for a less complacent attitude in dealing with cyber threats on the part of both the media and the general public. Just as regular crime is no longer seen exclusively in the dodgier parts of towns, so cybercrime has long since stopped being the domain of dodgy websites. On the contrary: the more successful security types are at spotting and taking down malicious sites, the more the bad guys will try to compromise sites that you’d expect to be thoroughly respectable and clad in virtual armour.

Urban Schrott,
IT Security & Cybercrime Analyst,
ESET Ireland

Follow

Get every new post delivered to your Inbox.

Join 66 other followers