{"id":100198,"date":"2014-04-08T14:07:34","date_gmt":"2014-04-08T12:07:34","guid":{"rendered":"http:\/\/mybroadband.co.za\/news\/?p=100198"},"modified":"2014-04-08T14:08:55","modified_gmt":"2014-04-08T12:08:55","slug":"how-to-securely-use-windows-xp-after-support-ends","status":"publish","type":"post","link":"https:\/\/mybroadband.co.za\/news\/software\/100198-how-to-securely-use-windows-xp-after-support-ends.html","title":{"rendered":"How to securely use Windows XP after support ends"},"content":{"rendered":"<p>While support for Windows XP ends today (Tuesday, 8 April 2014), Gartner Fellow and vice president Neil MacDonald has said that organisations can reduce the risk of continued use of the venerable operating system.<\/p>\n<p>In a statement issued on Tuesday, 8 April 2014, MacDonald said that any system, supported or not, carries risk.<\/p>\n<p>\u201cFor the majority of use cases, XP can continue to be used with the risk managed to a tolerable level, without requiring the enterprise to pay Microsoft for expensive custom support while migrations are completed,\u201d MacDonald said.<\/p>\n<p>\u201cWhile doing nothing is an option, we do not believe that most organisations (or their auditors) will find this level of risk acceptable,\u201d he added.<\/p>\n<p>Gartner recommended the following 10 best practices for using Windows XP beyond 8 April 2014:<\/p>\n<ol>\n<li><strong>Restrict Network Connectivity to the Minimum Possible<\/strong> \u2014\u00a0Protecting XP systems is easier when other systems can\u2019t communicate to them over the network, the primary vector for attacks.<\/li>\n<li><strong>Implement an Application Control Solution and Memory Protection<\/strong> \u2014 This can be accomplished using a dedicated solution, a host-based intrusion prevention system (IPS), or Microsoft\u2019s Group Policy object (GPO)-based software restriction policies to establish a \u201clockdown\u201d posture for XP to prevent the execution of arbitrary code.<\/li>\n<li><strong>Remove Administrative Rights<\/strong> \u2014 This should be mandatory for all remaining users on Windows XP.<\/li>\n<li><strong>Address the Most Common Attack Vectors<\/strong> \u2014 Web Browsing and Email: Remove Web browsing and email software from XP systems, and provide these capabilities from a server-based system that is up to date.<\/li>\n<li><strong>Keep the Rest of the Software Stack Updated Where Possible, Including Office<\/strong> \u2014 Vendors of other software solutions and versions running on these XP systems may continue support. This further minimizes the vulnerable surface area that can be attacked.<\/li>\n<li><strong>Use a network or host-based IPS to Shield XP Systems from Attack<\/strong> \u2014 Confirm that your IPS vendor will continue to research vulnerabilities and attacks on XP and provide filters and rules to block these attacks where possible.<\/li>\n<li><strong>Monitor Microsoft<\/strong> \u2014 Microsoft will not publicly disclose if new vulnerabilities against XP are discovered (unless you have paid for custom support). However, pay particular attention to critical vulnerabilities that affect Windows Server 2003 as these will likely impact XP.<\/li>\n<li><strong>Monitor Community Chat Boards and Threat Intelligence Feeds<\/strong> \u2014 Third-party threat intelligence feeds are an independent source of information. Communities of interest are expected to emerge specifically for sharing information related to XP.<\/li>\n<li><strong>Have a Predefined Process Ready If an XP Breach Occurs<\/strong> \u2013 Have a plan to isolate XP workstations in the event of an attack that gains a foothold by quarantining these systems from a network perspective until mitigating steps are understood.<\/li>\n<li><strong>Perform a Cost\/Benefit Analysis<\/strong> \u2013 The cost and resources to implement the steps above might be better spent in accelerating the migration of the remaining XP systems, or it might be simpler to pay Microsoft for custom support.<\/li>\n<\/ol>\n<p>If organisations do not implement these best practices, MacDonald said that they could consider paying Microsoft for custom support if the enterprises\u2019 risk tolerance is low, or if regulations require.<\/p>\n<p>Microsoft recommended on its End of Windows XP support website that users either upgrade to Windows 8.1, or buy a new PC.<\/p>\n<p>The software giant warned that users should consider the age of their computer before electing to upgrade to Windows 8 and ensure that their programs and devices are compatible with the new operating system.<\/p>\n<h3 id=\"related\">More software news<\/h3>\n<p><a href=\"http:\/\/mybroadband.co.za\/news\/software\/99982-pirate-software-costs-sa-businesses-millions-in-fines-bsa.html\"><strong>Pirate software costs SA businesses millions in fines \u2013 BSA<\/strong><\/a><\/p>\n<p><a href=\"http:\/\/mybroadband.co.za\/news\/software\/99956-windows-8-1-update-1-launch-date.html\"><strong>Windows 8.1 Update 1 launch date<\/strong><\/a><\/p>\n<p><a href=\"http:\/\/mybroadband.co.za\/news\/software\/99760-apple-app-store-price-increase-for-south-africa.html\"><strong>Apple App Store price increase for South Africa<\/strong><\/a><\/p>\n<p><a href=\"http:\/\/mybroadband.co.za\/news\/software\/99490-office-for-ipad-launched.html\"><strong>Office for iPad launched<\/strong><\/a><\/p>\n<p><a href=\"http:\/\/mybroadband.co.za\/news\/software\/98770-office-365-personal-price-launch-date-for-sa.html\"><strong>Office 365 Personal price, launch date for SA<\/strong><\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Gartner has published a list of 10 best practices if you keep using Windows XP beyond its end-of-support date today<\/p>\n","protected":false},"author":23,"featured_media":75749,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[16],"tags":[36,5032,24458,4806],"class_list":["post-100198","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-software","tag-active","tag-gartner","tag-neil-macdonald","tag-windows-xp"],"_links":{"self":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts\/100198"}],"collection":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/users\/23"}],"replies":[{"embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/comments?post=100198"}],"version-history":[{"count":1,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts\/100198\/revisions"}],"predecessor-version":[{"id":100200,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts\/100198\/revisions\/100200"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/media\/75749"}],"wp:attachment":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/media?parent=100198"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/categories?post=100198"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/tags?post=100198"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}