Now that Microsoft no longer supports Windows XP, the only way to keep the operating patched for newly discovered security vulnerabilities is to pay for Microsoft for Extended Support. If that's not an option for your organization, then it's only a matter of time before many of your computers running the aging operating system are compromised.
That said, you can reduce the vulnerability of machines still running Windows XP. These 10 tips will help.
1. Don't Use Internet Explorer
Internet Explorer is the source of many vulnerabilities. As recently as the end of April, a new IE zero-day vulnerability was discovered. This flaw let attackers take control of Windows computers, putting millions of Windows users at risk until it is patched.
"The more potentially severe issue is that anyone still using XP will be completely exposed as long as they continue to use the unsupported OS," says Pedro Bustamante, a security expert at anti-malware vendor Malwarebytes. "For them, there will never be a patch."
Instead of IE, use a browser such as Google Chrome or Mozilla Firefox that still receives security patches.
2. If You Must Use IE, Mitigate Risks
One key reason many organizations still run Windows XP is to run old versions of Internet Explorer to access internal applications that are incompatible with other browsers or more modern versions of Explorer.
You can reduce the risk by removing third-party browser plugins such as Java, Flash and PDF viewers, since Explorer vulnerabilities often come from these types of plug-ins.
3. Virtualize Windows XP
If the need to run an old version of Internet Explorer is the only reason for staying on Windows XP, consider upgrading to Windows 7 and then running the old version of Explorer in XP Mode. This is a Windows XP virtual machine that runs inside Windows 7 and allows you to launch XP Mode applications (such as old versions of Explorer) from the Windows 7 desktop.
The advantage of this approach is that XP is used only when absolutely necessary (to access legacy applications, for example). The rest of the time the user is working in the more secure Windows 7 environment.
XP Mode is a free download for Windows 7 Professional, Enterprise or Ultimate editions.
4. Use Microsoft's Enhanced Mitigation Experience Toolkit
EMET is a free Microsoft tool which lets you to force applications to "backport" to XP some of the security measures present in later versions of Windows.
One such technique is Structured Exception Handler Overwrite Protection (SEHOP), which was introduced in Windows Vista to help prevent buffer overflow exploits. EMET lets you extend this protection to XP machines.
Sign up for CIO Asia eNewsletters.