How to keep Windows XP SP2 safer after Microsoft stops patching
Patch third-party programs, especially browser plug-ins. According to most vulnerability experts, it's not your operating system that today's attackers target: It's non-Microsoft software, particularly browser plug-ins.
Antivirus vendors McAfee and Symantec have both reported huge surges in attacks exploiting bugs in Adobe's Reader, one of the most widely-installed plug-ins. McAfee, for example, said that exploits of Reader jumped 65% in the first quarter of 2010 compared to 2009's total.
Those kind of numbers mean you should be spending more time patching third-party products, less time worrying about the inevitable vulnerabilities in Windows XP SP2 that Microsoft will no longer fix.
But that's tough: Most non-Microsoft software lacks automatic updating. Adobe, for instance, only instituted auto-updating for its regularly-exploited Reader and Acrobat in April -- and requires users to manually switch it on -- but it still hasn't offered the same functionality for its just-as-often-attacked Flash Player plug-in.
Stay safer. Without patches for the operating system, it's even more important than ever to practice safe computing.
- Install antivirus software or a multi-component security suite if you don't have one on the PC already. If you do, keep it up to date by regularly downloading new signatures. Several AV programs, including Microsoft's own Security Essentials, are free.
- Also, keep the firewall turned on -- easily done since Windows XP SP2 was the first Microsoft OS that not only included a firewall, but enabled it by default.
- And remember the wisest advice: Don't steer to sites you're not sure can be trusted, don't open e-mails and attachments you didn't expect to receive, and don't download software from questionable sources.
We know, we know..., the same advice you've heard a hundred times.
Keep reading Microsoft's security bulletins. Just because your copy of Windows XP SP2 won't receive any more updates doesn't mean you should stop looking at the bulletins Microsoft publishes each Patch Tuesday.
Those bulletins may not strictly apply to XP SP2, but Microsoft often includes steps users can take to protect themselves if they're not able to deploy a patch. In the bulletins, that information is tucked under the subhead "Workarounds" beneath the information for each vulnerability.
The workarounds may include steps you can take with XP SP2 to deflect or hinder attacks. Obviously, your mileage may vary.
Microsoft's irregular security advisories -- generally issued as a prelude to an eventual patch -- also contain worthwhile information, including which Windows versions are affected, how attacks (if there are any at that point) are exploiting the bug and whether there are workarounds that can block or help block assaults.
Install Tuesday's patch. One of the four security updates slated for Tuesday applies to Windows XP SP2 -- the one that addresses the vulnerability a Google-employed security researcher revealed last month. You should, of course, grab it.
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer or subscribe to Gregg's RSS feed . His e-mail address is firstname.lastname@example.org.
Windows XP lives
- Microsoft slashes Windows XP custom support prices just days before axing public patches
- Update: IRS misses XP deadline, will spend $30M to upgrade remaining PCs
- Microsoft Patch Tuesday bids adieu to Windows XP
- FAQ: Good-bye old pal, old paint, Windows XP
- Windows XP: The end is nigh
- How to Support Windows XP Now That Microsoft Isn't
- Microsoft sketches out final Windows XP security updates for next week
- Last-minute lazybones dump Windows XP
- Microsoft returns to scare tactic well in dump-XP campaign
- Microsoft tries to tempt XP diehards with $100 discount on new PCs
Read more about Windows in Computerworld's Windows Topic Center.
- Path Selection Infographic Path Selection Infographic
- Hyperconvergence Infographic A wide range of observers agree that data centers are now entering an era of "hyperconvergence" that will raise network traffic levels faster...
- Preparing Your Infrastructure for the Hyperconvergence Era From cloud computing and virtualization to mobility and unified communications, an array of innovative technologies is transforming today's data centers.
- How WAN Optimization Helps Enterprises Reduce Costs If you wanted to break down innovation into a tidy equation, it might go something like this: Technology + Connectivity = Productivity. Productivity...
- Cloud Knowledge Vault Learn how your organization can benefit from the scalability, flexibility, and performance that the cloud offers through the short videos and other resources...
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users? All Windows White Papers | Webcasts