How to secure Windows XP after it Xpired?

Thats also the case with both programs that go by the name TimeFreeze. I am now using ShadowDefender on both of my computers (XP/W7) but I used both TF in the past, never had any kind of problem or experienced any kind of bug neither. I feel both programs as well as SD are great options for us still using XP as well as other systems.

Bo

 

If I recall correctly, both the Time Freezes offer the option to save changes if you want to.
That seems to provide a vector through which a malware might get installed.
It's been a while, don't remember what happened when I tried them.

- On the 1st page of Time Freeze by Wondeshare: "It is flexible for you to save or discard virtual system data, and you can set different mode for folder protection."

- On the 1st page of Time Freeze by Toolwiz: "Don't reboot to accept all the changes. It will take several minutes to save the changes to your real system"
and
"Very easy switch between virtual & real system."

There is no such option with Powershadow. If you shut down a machine while Powershadow is running, all changes are gone right then. If a malware shuts down and restarts the machine to install itself, it doesn't work, since the changes are already gone.

Not everyone would like that. I do, because I have become accustomed (addicted??) to it.

Once I have updated whatever needs it, I just start Powershadow and from there on no changes will persist. Of course anything I want to save has to go to a separate storage medium. I think of Powershadow sort of like running win xp from a live CD. Not exactly right, but close.

Edit: I agree with you though, the Time Freezes are good programs, maybe even easier to use. And they do work with OSs later than win xp. Never tried Shadow Defender, might give it a shot soon.

 

I have tested WTF and TTF on XP...SD and Returnil in different version also...every one was good specialy SD and WTF with their quite 3-4 years practice on my XP. Currently on XP SP3 still works WTF, SD on Vista, TTF on W7. I'm not sure if LV apps are effective against cryptolocker because it search every reachable disk...even those in network...so changes are made not only on system disk. Maybe something like "anti-exe feature" in RVS 2008 could be good to protect system?

 

And these "tools" will only affect John & Jane Q typical end user, not anyone posting in here I'd wager. Authors always target the OS that is most used. There will be far more targeting directed at Win7 & 8 than at XP, and the former have immensely larger attack surfaces on them as well.

Out of the XP box is a very insecure OS. But if you know it inside and out you can make it extremely secure, even before adding any 3'rd party software. Add measures like Sandboxie, virtualization, very picky classic HIPS, trim back all the deadwood and you have a very secure setup with an attack surface the size of a flea. My odds of being infected are the same as anyone on 7 or 8... next to nothing.

And if we consider privacy as a part of security as a whole (which I do), XP obliterates Windows OS's made since. And I trust it as less likely to have backdoors as well. See, I can run XP Pro here without having to allow svchost an internet connection. Without .NET FW, which is incredibly bloated & insecure. And without running about 20 other services that OS's since are dependent upon. It had darn well better have a strong kernel, because the surface is enourmous.

Anyone calling XP an insecure OS clearly doesn't know it as intimately as I do. The day I change to 7 I will feel less secure, and not more.

 

You are right Login. Sorry, now I get what you meant. Shadow Defender also has that option (to save all changes). Like you, I don't like the option and never used it during the three years that I being using LV programs.

I used both TimeFreeze programs and Shadow defender. WTF and SD in XP, never a problem and enjoyed using both. Same feelings for TTF and SD in W7.

Bo

 

@ bo elam:
The two time freezes and/or Shadow Defender might well be better solutions for mattdocs12345. They certainly have more users, therefore more available helpers if something goes wrong.

I just wanted to chip in about Powershadow because it is so rarely mentioned on the 'net. It made a small splash a few years ago then silence.

The absolute nature of Powershadow is a curse as well as a blessing. One can lose hours of work if the computer shuts down unexpectedly or (horror of horrors) one forgets and shuts it down himself.

Anyhow now the nature of the those apps is pretty well described by neutral folks who have actually used them, so a good straightforward discussion should help matt make a choice.

 

Hey Luciddream, I agree with your comment. A few nites ago I installed EMET to help fortify my XP rig but was required to 1st download .net framework 4, which I did. The bloat I understand, the following day I received a Windows update of 11 items for .net fw totaling 92MB. Question: what are the factors that make .net fw insecure in your view?

 

I think that one drawback, (maybe others?), by not being corrected for whatever reason was the cause of it being short-lived. POWERSHADOW blew in rather quickly and got noticed but just as when it showed all the signs of a useful addition to windows security development went completely dark but the app itself moved along with only the support of it's users. I think it was of China origin?

Same exact thing happened with the classical HIPS EQSysecure. After a few regular updates and bug fixes for improvement, the developer took a walk. Fortunately for 32bit systems and unlike Powershadow users, Eqs. grew in brief popularity mostly due to the sole effort from another of it's devoted user's, Alcyon. He kept that project alive and actually pushed it along more actively then it's developer with his rolling out of continued RuleSets for it.

I had no idea POWERSHADOW failed completely to hold it's virtualization on a hard or sudden reboot or shutdown.

I really endorsed it highly myself for awhile until Shadow Defender came along and completely captured my attention and won my confidence.

EASTER

 

That was probably the reason, there might have been some others. It did originate in China. I thought the government there had something to do with its disappearance. Not a shred of evidence for that, just a hunch.

Version 2.8, the first one published here, had to phone home to activate, so when the server went unavailable it was finished. The later free version, (oddly named v-2.6), was thought to phone home, but I blocked it with the application rules in Outpost firewall, they are set to "Block and Notify". For years I have seen no evidence that it phones out, and Outpost would notify if it did. Also, I watch the net traffic fairly closely.

I don't think it phones home or I'd have never recommended it. In these times one can't be sure of much, but I'd give that a 99.99 percent.

Another thing that worried some folks was that it writes a tiny bit of code into the boot sector, and that bit survives any kind of reinstall that doesn't reformat the entire HDD. That was probably its biggest downfall, as the kernel protection features in vista and after won't allow that change.

I actually like the fact that it drops all changes at shutdown. Once you get xp set up like you like it, it stays that way. Of course if you want to add or remove something, you just do it before you start PS.

 

Possibly a result of overfocused attention given mostly if not only to XP at the time. MS as we know are notorious for changing code in mid-stream under the assumption of potential security breaches which some were not as dangerous as others, but nonetheless they pressed forward and in many cases circumvented the more effective "fix" from security vendors better coverage for their own.

Revisiting the China syndrome again, i seen some absolutely outstanding startup security program's like POWERSHADOW, EQSysecure, and others which were eons ahead in new and better effective innovation for Microsoft windows simply storm the scene with unique creations only to seemingly fall right off the cliff.

Why on earth? Is anyone's guess. Perhaps your alluding to their government control indeed pulled down the blinds on these great and exciting projects in a move to restrict those inventions to private government use.

At any rate it's a sour taste that still lingers even today and into windows 8 AFAIK.

There's some pretty sharp precision coding that's originated from those Chinese folks as evidenced in part with a couple of once pronounced apps we're discussing right here.

Given half a chance it's a sure bet that POWERSHADOW and EQSysecure would by now been widely received and sought after security programs if allowed to proceed to today.

Case in point. Shadow Defender after a long absense from it's developer is returned and SD never lost it's usefulness in all that time. It's returned development is a very popular virtualization security for the very latest MS platform.

 

I like the way you keep your system intact, Login. If I had discovered LV programs before Sandboxie, I probably would be doing something similar to what you describe

Bo

 

Thank you, bo, it works pretty well. I first learned of PS from the late Franklin here at wilders; am forever in his debt, may he RIP.
Fwiw, Powershadow and Sandboxie work together without conflict. Imho, a good combination if you have an old xp box to maintain. Add in an anti malware app or two to catch the nasties as they try to get in, and you have a system that will last until the hardware fails. Also, as mentioned earlier, making an image is a good idea, too.

Sorry to digress from matt's original post, hopefully this is the sort of stuff he wants to know.

@ matt
The only download link I am sure of is the link to CNET or Download dot com in that earlier post. It goes to the same exe I use. Some of my older links don't work now. The first one I ever used was at Tucows, but it now downloads a different file. I checked the hashes.
Powershadow 3.0 is still available but I wouldn't trust it, plus it costs about 40 bucks.

Full disclosure: PS has begun to fail on a dual boot machine here. It is an oddball setup, UEFI BIOS, GPT formatted HDD, win 7 on one SATA HDD and xp on a separate SATA HDD. Darned difficult to get set up, as HP doesn't make drivers for it that run on xp. Don't know why, but lately PS just won't start on that machine. No harm is done, all software still works normally, but the "shadow" feature just won't start sometimes. PS still works fine on the other xp machines.

 

XP is an old ironclad warship. The armor looks impressive, but the stuff underneath is wood. It was great back in the day; now it's a museum piece.

In short, I would not recommend using it... Least of all after support ends. If you can't get anyone to upgrade to Vista/7/8, I'd suggest moving as much online activity as possible to Linux systems.

Some thoughts on Linux setups:

- Some live distros, such as Porteus, can be installed to a Windows partition. You can then install a bootloader and select between the live image or WIndows on boot. Puppy and Slax can do this too, but both run as root by default, so I wouldn't use them for anything serious.

- Alternatively it's possible to do a full Linux install to a (sufficiently large) USB stick. I believe most distros support this by now. This way might be better, since the install can then be updated with apt-get or whatever (and useful programs such as password managers can be installed).

 

Easter here.

I must respectively disagree with that opinion, and it is just that, only a personal opinion.

One can forget and dismiss the "museum piece" analogy. One case in point, what happen to the animated Microsoft agents that are no longer included in a windows 8. Artificial Intelligence took a hike in the new platform. I dunno about windows 7 because i personally.made my jump straight from XP Pro to Windows 8. The MS agents feature proved useful beyond the cartoonish style characters and some very effective programs were written for them that made it an interesting useful assistance to that platform.

AI companys actively adapted ever newer aids that added no-touch automation to perform a myriad of useful tasks structured to either the PC clock by schedule or by live update for example, RSS breaking news and weather and so forth.

Security? Ample availability of Patchguard/ Digital Signature clones long before standard UAC/UEFI Secure Boot were finally integrated to tighten security.

One could keep a local active XP system offline and perform an endless list of educational duties, home security monitoring, gaming, and so much more.

Online, XP is easily IronClad secure by implimenting a combination of malware and interruptiion prevention apps from an enormous pool of security programs, many of which trumps anything depended on today.


Anyone who is been part.of the XP generation knows it's security resources are endless and indefinite.

Like i said times before, newer never always equates to better.

EASTER

 

Well...endless toppic as in realty any possible solution to secure XP can be defeated...but we must dare isn't it?
There is already a market for XP users
ExtendedXP http://www.arkoon.net/en/extendedxp/
(not affiliated with this French firewall company of course)
Automatic hardening with Preempt
http://pivx.com/HomeOffice/
That can be done with most hardening advises, my old ones included
http://kareldjag.over-blog.com/article-6649283.html

A reboot and restore protection is a must, and there is enough free ones to find the right choice.
As browser is the major infection vector, using it with a sandbox condom is also recommended like Geswall or SecuBrowser.
Regarding sensitive task like banking, this is more a process than a simple product that is required, reliable VPN, virtual keyboard like Oxygener KeyShield, hardened browser settings and addons/extensions and a minimum of two authentication factors is good strategy.

I personally use on untrusted XP machine a simple hardening trick to reach a read only OS, that can counter most malwares, but not client/server side attack of course. Maybe should i post it in a special thread.

Yes we can make XP very secure, maybe more than a fresh install of Seven for instance. But being the captain of this XP requires often solid experience and skills...or beware of the Titanic syndrome...
I tend to be agree with SLE, especially when i follow the kernel vulnerabilities since years...break the kernel, and all the extra security by third party softwares is already dead.
Anyway... good dreams in our spyworld.

Rgds

 

Without 3rd party help, all MS operating systems are little better than wood. Some use a bit harder wood but none of them qualify as ironclad. Microsofts "armor" has too many gaps between the plates, some of them deliberate.

Your own tests with HIPS, firewalls, etc have shown that they're not all the same, the test on Win2K with SSM for instance. If I understood your PM correctly, you tested the free version. Testing individual security apps on specific operating systems has its uses, but how well any particular application performs isn't that important. It's how the entire package performs as a unit that matters.

 

But if the OS itself is weak, that undermines everything. This was visible in my tests too - Online Armor worked much better on SP3 than SP2, because it uses mechanisms that were improved in the later version.

BTW, SSM still allowed keylogging, screenshots, and downloading files off the target system. Persistence would be more difficult with it, but nothing about it would stop an attacker from stealing your data.

@EASTER: this stuff works okay for now because there are no known outstanding kernel vulnerabilities, and few vulnerabilities in client softwares that run on XP. (e.g. Firefox, etc. are still updated.) Once the updates stop, vulnerabilities will continue to be discovered for some time, and will not be fixed. Anyone who can exploit those vulnerabilites will be able to blow through third-party security software like a chainsaw through butter.

Remember, I have basically no prior experience with pentesting, and was using a tool available on the open market in my tests. Any script kiddy could probably have done a better job; and a bona fide crook would probably be using a black market exploit kit, with much better capabilities in terms of persistence, data theft, automation, etc.

 

the safety of windows xp 3 will depend on how long security vendor will support it.

After they stop supporting windows xp you can always upgrade it to latest linux distro, seeing that you are proficient with it.

 

Argh, no. You read my post above correctly. It doesn't matter if the security vendor supports it; if Microsoft doesn't support it, vulnerabilities will gradually accumulate that will undermine the efficacy of third-party security software. As I said, this is observable between XP SP2 and SP3; in fact one of the OA developers pointed that out to me, after I failed to take it into account.

To be frank, I think it would be irresponsible of security software firms to continue supporting XP for very long after Microsoft's support ends.

Edit: you know what, we're going in circles here. I'm going to remove myself from this discussion, as I'm clearly not going to have much impact on it.

 

Assuming XP users, especially Wilders members, are immune to social engineering attacks, would their biggest concern after support ends on XP be attacks via malicious scripts on a compromised website or a compromised ad(s) on a website? I'm thinking drive-by downloads and XSS in particular.

 

Old vulnerabilities aren't the heart of malware attacking surface. The new ones are.

So, could you imagine, how many new 'holes' are added with every Windows update! New technologies, new architecture - how do you think, folks: who reveals them first? Developers? Users?? Or hackers? ;-)

Well every old system is the old and smaller attack surface. There are a lot of old malware circulating in the PC world but all the real threats are current threats, mostly zeroday threats.
And they are made for most actual and popular OSes. Win98 now (with all its poor design) is almost as secure as MacOS and Linux ;-) Modern malware cannot even run there sometimes.

And this is XP future in terms of security. Well - there are more design compatibility between XP and newer OSes. So it's more risky to use it without additional defense. But we all know there is a number of tools, moreover - a number of ways to secure and harden your XP.

Yes, average user isn't enough experienced to do it by himself. But average users in the nearest future will change XP for 7 or 8. Or simply start with them if they are novices. XP people will remain in minority - but SMART and EXPERIENCED minority.
So there is no reason to debate - use what you want, what you used to. I will stay the same time on XP, 7, Puppy and other Linux distros.

You are free to make your choice. YOUR one! That is what I call freedom!

 

One more factor to consider, microsoft maintained xp for longer than most of its OSs, longer than they wanted to, imho. So it got tuned up pretty well before they abandoned it. And tons of apps got developed for it.

Just sayin'.

 

Re: How to secure Windows XP April 2014?

@matt,

I don't know if you settled on something yet, but what you list above minus what I struck out (because I see no need for two anti-exec approaches-you already have SRP) should be fine. For a possible browser alternative:

1. SBIE + Firefox w/NoScript - Allow Top level domains, bookmarked sites and block iFrames. Ensure all mitigations in EMET are enabled for it. Use AdBlock Plus plugin as well. Disable the PDF reader plugin. A PDF file can be downloaded and viewed with a separate reader such as Foxit or Sumatra, for example.

Just mho, but I really think you need to focus on restricting javascript, as this will significantly reduce what is probably the biggest threat to an XP user: drive-by downloads and XSS. EMET is excellent because it should reduce the chances of a shellcode being inserted into Firefox' memory heap, just in case a malicious script/iFrame is accidentally allowed. SRP should take care of a payload that might slip through and attempt to install. Sometimes malicious ads are used to compromise a legit site, so AdBlock helps here.

 

EMET is great, but it's somewhat limited under XP. Also it does not include stage2 protections against exploit payloads running in case its mitigations are bypassed. I strongly suggest running MBAE instead or (at least) in addition to EMET.

 

+1 Just what I have done.