[msdivy]

Quote:

Originally Posted by GTO

I don't understand the point of this recommendation?

The computer must be run as limited user. In XP, this is the screen where this selection can be made:

Note: This is not just for XP. It is true for Win 8, Win 8.1 or any OS - always use it as 'Standard User', instead of 'Administrator'.

Quote:

1. Why would the user want to avoid patches from MS being applied? Those are critical security updates.

Nobody is avoiding patches. MS won't release any patches & patches are not available.

Quote:

2. Logging in as a regular user (vis a vis Administrator) still keeps your computer vulnerable to attacks inevitable on an outdated, unsupported OS.

The steps I listed would seal the paths of attack. XP is time tested & stable OS. Though I recommend using the latest & greatest version, if somebody is unable to upgrade due to some reason, then they can continue using taking the precautions. They are plenty of software, including OS, which are being used even though they are not supported by their manufacturers.

Note: Even after the April 8th, there will be millions of ATMs, POS systems which will continue to run XP. Since they are in closed network or not exposed to Internet, these systems are not under threat.

[Live To Jive]

Since you anyway have to upgrade to a New OS, which I understand you are uncomfortable with, why don't you just move to Mac OS or Linux. The amount of effort put in to get familiar with the new OS will be the same for you whether it is Windows 7/8, Mac or Linux.

[hellmet]

Windows 7 is as close to XP as possible. If you plan to upgrade, upgrade to Win7. But if you're looking at Windows 8, then you might as well learn Linux or MacOS (like already said by dude above). I highly dis-recommend Windows 8 for all purposes.

[satyamkaushik]

Quote:

Originally Posted by Live To Jive

Since you anyway have to upgrade to a New OS, which I understand you are uncomfortable with, why don't you just move to Mac OS or Linux. The amount of effort put in to get familiar with the new OS will be the same for you whether it is Windows 7/8, Mac or Linux.

I suppose he being a CA, will face problems finding a replacement for accounting softwares like Tally & Busy on Mac or Linux.

[Max]

Quote:

Originally Posted by GTO

I don't understand the point of this recommendation?

1. Why would the user want to avoid patches from MS being applied? Those are critical security updates.

2. Logging in as a regular user (vis a vis Administrator) still keeps your computer vulnerable to attacks inevitable on an outdated, unsupported OS.

You may simply install an strong firewall (Comodo Firewall is good) and antivirus software to keep all hackers and viruses away. With firewall you can keep track of what applications are accessing internet. If you do not trust the application simply don't allow access to it. Good firewall will also be able to block any incoming attacks, example an hackers trying to port scan your computer to see if anything is listening. Good firewall will also be able to block all applications. Keep your UAC on and never allow any application to execute which you do not trust or know.

Also, as msdivy suggested use your computer in limited account mode, this will reduce threat as application will not have access to many files.

Also, never open any executable email attachment or directly open any attachment, always save and open email attachments.

Last, always keep backups of your files in secure place, just in case.

[Arch-Angel]

The main concern as i see it would be security. Windows 7 has made better use of the clunky implementation of "user access control" and now, it doesn't frequently annoy the user with the frequent pop-ups. Also, even on accounts with administrator privileges, the user must grant consent explicitly if access to special system resources/processes is a concern. Xp failed in this department and used to allow autoruns from pen drives to modify system files resulting in rampant infections of operating systems not adequately protected by good antivirus solutions. Even iframe viruses which used to randomly infect pcs on xp/98 are really low on threat levels on windows 7.

If you still want to run XP. Believe me it still is possible but how much ever a software is patched, there still are vulnerabilites which might not have been discovered and also, if you happen to install a program online(most people do at times, and expose themselves to risks by installing adware and spyware by mistake). Install a good paid antivirus(Kasperky internet security and bitdefender are good also, KIS filters incoming and outgoing requests/responses and reads header content of responses to filter out any sort of malware coming through). The limited account on XP denies elevated privileges and registry access, the two most important methods of virus infection and thus keeps you comparitively safe.

My advice: Move to windows 7(32/64 bit depending on how much RAM your pc has. Windows 8 is exactly what windows vista was: A phail . I hope the upcoming windows polishes UX and compatibility issues.

[500ContyCruiser]

Quote:

Originally Posted by msdivy

The computer must be run as limited user. In XP, this is the screen where this selection can be made:

Quote:

Originally Posted by Max

You may simply install an strong firewall (Comodo Firewall is good) and antivirus software to keep all hackers and viruses away. With firewall you can keep track of what applications are accessing internet. If you do not trust the application simply don't allow access to it. Good firewall will also be able to block any incoming attacks, example an hackers trying to port scan your computer to see if anything is listening. Good firewall will also be able to block all applications. Keep your UAC on and never allow any application to execute which you do not trust or know.

Also, as msdivy suggested use your computer in limited account mode, this will reduce threat as application will not have access to many files.

Also, never open any executable email attachment or directly open any attachment, always save and open email attachments.

Last, always keep backups of your files in secure place, just in case.

I hope rahul4321 is that Tech Savy to keep monitoring his machine for any external attacks. Unless one of you is helping him to protect his machine on timely manner.

We all know how vulnerable internet can be and Rahul is not using his machine for just browsing or gaming. The existing security updates will take care of his today's requirement and still he is open for any security attacks in the upcoming days.

How long will you keep protecting your PC with age old security patches?

Considering Rahul uses this machine for daily work (not just playing games) and his work involve storing of very important financial documents on his PC, I STRONGLY recommend to upgrade his machine with latest OS. Be it Win7 / Win8.1 / Linux / iOS, whichever his preference.
Let us not do blame game on which OS is more secure. They are all vulnerable one or the other ways.

[NetfreakBombay]

Quote:

Originally Posted by msdivy

The computer must be run as limited user.
The steps I listed would seal the paths of attack.

This does not prevent "privilege escalation" threats that run as normal user but gain additional access
.
http://en.wikipedia.org/wiki/Privilege_escalation

Every OS has these issues and such issues are fixed by patches. Given that XP will not receive patches for free, machine will remain vulnerable.

Quote:

Originally Posted by msdivy

Note: Even after the April 8th, there will be millions of ATMs, POS systems which will continue to run XP. Since they are in closed network or not exposed to Internet, these systems are not under threat.

ATMs / POS and other "commercial/enterprise" setups will continue to receive patches for XP if they choose to pay for extended support.

http://www.telegraph.co.uk/technolog...P-support.html

[msdivy]

Quote:

Originally Posted by Max

Also, never open any executable email attachment or directly open any attachment, always save and open email attachments.

I recommend, if possible, avoid opening/reading emails. Emails are still main source for spreading of malicious content. If somebody still want to use it, then as you suggested, they must scan the attachments by a good antivirus. Also they must avoid clicking on links in emails.

Quote:

Originally Posted by Arch-Angel

also, if you happen to install a program online(most people do at times, and expose themselves to risks by installing adware and spyware by mistake).

By now the user must have fair idea his usage of common applications. Trying out new applications is risky. So settle down with the fixed applications and no more adventure with unknown application.

Quote:

My advice: Move to windows 7(32/64 bit depending on how much RAM your pc has.

RAM is one factor. If I remember correctly, XP ran well on Intel Celeron & AMD Semphron processors. The whole XP installation was around 400MB or so. No other OS (with UI) will run with such constraints. If any user can't upgrade the hardware or they run specialized software supported only on XP, then there is no choice but to continue with XP. If user has the budget, then I recommend buying the latest hardware & software.

Quote:

Originally Posted by 500ContyCruiser

I hope rahul4321 is that Tech Savy to keep monitoring his machine for any external attacks.

Nobody needs to be tech savy to follow the steps I have listed. They are good practices, not just on XP but on any OS.

Quote:

Considering Rahul uses this machine for daily work (not just playing games) and his work involve storing of very important financial documents on his PC, I STRONGLY recommend to upgrade his machine with latest OS. Be it Win7 / Win8.1 / Linux / iOS, whichever his preference.

Yes, considering the constraints from the steps I have listed, if somebody is unable to perform their normal activities within those constraints, then they have no choice but to upgrade. Note that without these best practices, even the latest & greatest version of patched OS is still vulnerable.

Quote:

Originally Posted by NetfreakBombay

This does not prevent "privilege escalation" threats that run as normal user but gain additional access

Every action requires a trigger, such as clicking on email link, running unknown software or using pen drives without scanning & so forth. If somebody is constrained to use XP, then they have to eliminate these trigger points.

[rahul4321]

Thank you so much for all your valuable suggestions, inputs and insights. Since most of the people here are of the view that going online on an XP system would not be a good idea in the long run- and since I do go online quite often to check my emails and also connect to my client's server; I think I will gradually switch to Windows 7 atleast on one laptop and then take it as it comes

Thanks a ton everybody!
Rahul

[NetfreakBombay]

Quote:

Originally Posted by msdivy

Every action requires a trigger, such as clicking on email link, running unknown software or using pen drives without scanning & so forth. If somebody is constrained to use XP, then they have to eliminate these trigger points.

One of the basic trigger is visiting a website (and resulting drive-by downloads). Removing this trigger will make PC useless for average user.

[500ContyCruiser]

Today is the last day for XP SP3 support. It will end in 11 hours 40 minutes

http://www.microsoft.com/en-us/windo...f-support.aspx

[sgiitk]

If you are using a decent Anti Virus you can pull on more time. Incidentally, I am and have been on Win 7 for ages, and now have an 8.1 as well. No XP for me for a few years now.

[NetfreakBombay]

This threat of XP being exploited is no longer theoretical.

http://securityaffairs.co/wordpress/...ro-day-ie.html

XP users are already being targeted specifically for large scale automated attacks.

[msdivy]

Quote:

Originally Posted by NetfreakBombay

This threat of XP being exploited is no longer theoretical.

http://securityaffairs.co/wordpress/...ro-day-ie.html

XP users are already being targeted specifically for large scale automated attacks.

Couple of issues here:
1) The reported issue is Internet Explorer bug, not XP (as OS bug).
2) The articles say the attack was observed in IE9 to IE11. The last version of IE supported for XP IE8, which is really outdated.
The recommended browser for XP is Firefox or Chrome, where the latest version is still supported for XP.

Coming to the mechanism of exploit, the article says,

Quote:

An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website

Unless your hobby or job is visiting unknown sites, then this should not affect normal usage. If you indeed want to visit unknown sites, then XP or IE is not the right software.