|
Yeah, I know. Get a computer that's not from 2001. Sadly, I have no control over that. I've got a naive co-worker still running XP on his home machine. He wants me to keep it safe. Oookay. I assume he looks at porn and clicks Yes for every junkware install. Is there anything that's still worth a drat available for XP? Bonus points if it's free, because of course he doesn't want to spend any money.
|
# ? Dec 27, 2016 22:54 |
|
|
# ? Jul 27, 2024 15:29 |
|
1) Don't use XP. I know you 'don't have a choice' here, but it's still the top bullet point. Nothing you do is going to secure XP. The OS itself has known vulnerabilities that won't get fixed, and drat near all the software you're going to be able to run on it will be old versions of things (since the new versions don't get updated for XP anymore), and those old versions will have vulnerabilities of their own. If you run an XP box, it will get owned; it's just a matter of when. But if you insist: 2) Run under a normal user account, not under an administrator account. This is XP we're talking about here; and running under a normal user account means many, many things won't work right; suck it up. If you can get away with it, don't even let the primary user know the administrator account password; or at the very least give it to them in a sealed envelope with the warning that you won't support their machine again unless they can produce the still-sealed envelope. 3) Configure SRP to only allow specific, known applications to run and block everything else. 4) Chrome isn't supported on XP as of Chrome 50, since April 2016. But Chrome 49 is still probably your best bet for a browser. Run uBlock Origin. Run NoScript. Disable all plugins, including (and especially) the internal Flash plugin. Said co-workers' favorite site doesn't work without scripting and/or Flash? Too bad. If the machine's going to be used for more than just browsing the web, it's probably not a bad idea to set up a separate user account just for Chrome and use a RunAs script to launch the browser as that user instead of running it under the 'main' account. 5) Set Windows Firewall to block all outgoing connections except those known to be needed (i.e., from Chrome on ports 80 and 443). Configure it to block all incoming connections. Don't allow it to prompt. 6) Make a backup image you can quickly restore for when the machine is violated. It will be violated.
|
# ? Dec 27, 2016 23:16 |
|
That was awesome. Thank you. I'm hoping to convince the guy to get a tablet, but that costs money. I hate that it's not worth $200 to him to get a tablet, but he has no problem asking me to spend a bunch of time on it.
|
# ? Dec 28, 2016 00:57 |
|
You can get an x86 Win10 tablet for like $50 now.
|
# ? Dec 28, 2016 01:17 |
|
As an addendum to this, in addition to this being just about all you can do to secure XP these days, hopefully the onerous/annoying nature of all the restrictions can be used as a means of convincing the guy to move to a supported version of Windows. Low-end x86 hardware running Windows 10 will smoke his creaky Pentium 4 at this point.
|
# ? Dec 28, 2016 01:59 |
|
Domus posted:That was awesome. Thank you. I'm hoping to convince the guy to get a tablet, but that costs money. I hate that it's not worth $200 to him to get a tablet, but he has no problem asking me to spend a bunch of time on it. Tell him to pay you. If your time is free, why shouldn't he ask you to do poo poo to save him money?
|
# ? Dec 28, 2016 03:57 |
|
biznatchio posted:security tips Thanks for writing this up, I'm going to keep it in mind the next time I have a relative who breaks their XP install and refuses to change.
|
# ? Dec 28, 2016 03:58 |
|
You can also keep getting updates on xp, open notepad, copy and paste Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SYSTEM\WPA\PosReady] "Installed"=dword:00000001 save as whatever.reg double click to import into registry and you will get new updates.
|
# ? Dec 28, 2016 05:39 |
|
antivirus is useless, but tell your idiot coworker to go gently caress himself anyway. hth op
|
# ? Dec 28, 2016 06:10 |
Domus posted:That was awesome. Thank you. I'm hoping to convince the guy to get a tablet, but that costs money. I hate that it's not worth $200 to him to get a tablet, but he has no problem asking me to spend a bunch of time on it. As others have said, don't work for free. Unless this dude is blackmailing you to protect his lovely worthless computer then it's not worth it.
|
|
# ? Dec 28, 2016 06:40 |
|
Eh, what can I say, I'm a sucker. But I think I'll just tell him there's no real option that works, and encourage him to move his pictures and such to a thumb drive.
|
# ? Dec 28, 2016 14:04 |
|
Upgrade it to Vista
|
# ? Dec 28, 2016 17:52 |
|
Domus posted:Eh, what can I say, I'm a sucker. But I think I'll just tell him there's no real option that works, and encourage him to move his pictures and such to a thumb drive. Its ok to be nice, especially to those you work with. Particularly when it involves wiggling your fingers in a chair for 30 minutes. But I think the best option here is the truth: you can't secure windows XP.
|
# ? Dec 28, 2016 20:19 |
|
I did support for two people running XP until earlier this year. One took the opportunity to upgrade to 10 (or rather, have me upgrade them) two days before the free upgrade offer ended. That friend bought a cheap off-lease machine running Vista for the other. The process of getting there pretty much killed any urge to do tech support again. I guess what I'm saying is that one of you is going to end up paying for an upgrade for this cheap prick.
|
# ? Dec 28, 2016 23:24 |
|
He agreed to get a kindle fire, and not use his computer for anything involving a credit card! I'm calling it a win. He did insist on installing AVG, but that's his loss.
|
# ? Dec 29, 2016 00:36 |
|
This might be one of the few legit cases of "install linux, problem solved". It's free, runs well on old hardware and if you are using a 15 year old PC you probably don't do anything other than run a web browser and maybe a word processing suite. Not like he needs all his proprietary engineering software.
|
# ? Dec 30, 2016 00:02 |
|
Malwarebytes Anti Exploit claimed it would be ideal for this situation but it seems it has been rolled into MBAM 3.0 and the claims are now gone. MBAM 3.0 does run on Windows XP, so if you must use XP this is probably your best bet at getting Sisyphus' boulder uphill. Found it "Malwarebytes Anti-Exploit for Business doesn't waste valuable CPU cycles employing virtual machines. Making it the perfect solution for older hardware and EOL operating systems like Microsoft XP, which is no longer supported with security updates." Although vague, they pushed this angle hard when they first introduced it (cira XP EOL if I'm not mistaken) Gay Weed Dad fucked around with this message at 17:41 on Jan 4, 2017 |
# ? Jan 4, 2017 17:38 |
|
biznatchio posted:
This is most important. That or some sort of virtual machine/network boot that resets everyday and he can save his stuff to google drive. No sense in wasting time coming back to fix a stupidly vulnerable computer every week.
|
# ? Jan 13, 2017 06:56 |
|
Bieeardo posted:I did support for two people running XP until earlier this year. One took the opportunity to upgrade to 10 (or rather, have me upgrade them) two days before the free upgrade offer ended. That friend bought a cheap off-lease machine running Vista for the other. The process of getting there pretty much killed any urge to do tech support again. But why?!? Support for Vista ends this year and unlike XP no one will care.
|
# ? Jan 13, 2017 07:04 |
|
OhFunny posted:But why?!? Support for Vista ends this year and unlike XP no one will care. Yeah, no poo poo. Win7 is noticeably quicker on the same hardware and you can buy a Pro key online for just a few dollars that somebody cut off the back of a recycled business laptop.
|
# ? Jan 15, 2017 14:45 |
|
Basic ignorance. The one dude is almost completely computer illiterate; he listens to music and watches videos, and that's it. The one who bought him the replacement hardware (which was cheap, at least) once tried to convince me that responsibility for keeping XP safe had devolved to antivirus developers, and that it was still a perfectly safe operating system.
|
# ? Jan 17, 2017 15:35 |
|
Bieeardo posted:Basic ignorance. The one dude is almost completely computer illiterate; he listens to music and watches videos, and that's it. The one who bought him the replacement hardware (which was cheap, at least) once tried to convince me that responsibility for keeping XP safe had devolved to antivirus developers, and that it was still a perfectly safe operating system.
|
# ? Jan 17, 2017 16:47 |
|
Preaching to the choir. Of course, a few days after I got the one dude up on 10, he gets a bad load from a porn site.
|
# ? Jan 18, 2017 01:01 |
|
WRT XPs vulnerability is it OK to just log in to Steam with whatever frequency is required to be able to play games in offline mode (I heard it was every 2 weeks) or is being connected to the internet at all (however briefly) a bad idea?
|
# ? Feb 22, 2017 17:54 |
|
Death Zebra posted:WRT XPs vulnerability is it OK to just log in to Steam with whatever frequency is required to be able to play games in offline mode (I heard it was every 2 weeks) or is being connected to the internet at all (however briefly) a bad idea? Do the reg patch to get new updates. Make sure you are behind a router, install the latest firefox, and you really dont have much to worry about.
|
# ? Feb 22, 2017 18:06 |
|
biznatchio posted:6) Make a backup image you can quickly restore for when the machine is violated. It will be violated. That said, all of the options in this thread - even this one - will take your time. Unless this guy saved your life or something like that, you're going to be spending way more time keeping an XP machine afloat than it should be worth to you.
|
# ? Feb 25, 2017 01:44 |
|
NihilismNow posted:This might be one of the few legit cases of "install linux, problem solved". If he literally just surfs the internet, install Neverware CloudReady (a Chromium build of ChromeOS that runs on basically everything).
|
# ? Mar 12, 2017 18:10 |
|
Why do you care about your idiot coworkers home pc again?
|
# ? Mar 13, 2017 03:03 |
|
|
# ? Jul 27, 2024 15:29 |
|
Don Lapre posted:You can also keep getting updates on xp, open notepad, copy and paste I was about to come here to mention this, XP still gets official security updates Edit: oops, what an old thread
|
# ? Mar 13, 2017 20:09 |