He also suggests using application whitelisting technology to try to prevent unknown code being executed, although he points out that whitelisted applications can still be compromised.
Also Consider Privilege Management, the 'Zero Option'
Since most malware requires administrator rights, privilege management solutions - which allow the use of accounts with standard privileges, elevating them to administrator accounts only when necessary to perform certain tasks - can be an effective way to reducing risk.
A Microsoft vulnerabilities study carried out by Avecto, a privilege-management software vendor, found that 92 percent of the critical vulnerabilities highlighted in Microsoft's 2013 security bulletins would be mitigated by removing administrator rights. This included 96 percent of critical vulnerabilities affecting Windows and 91 percent of vulnerabilities affecting Microsoft Office.
Simple steps such as disabling Java and Flash and using a third-party browser such as Chrome, which will continue to be updated, can also improve a Windows XP machine's security posture.
There's also the "zero" option: Disconnecting XP machines them from the Internet to isolate them from Internet-borne threats. But Silver points out that there's still a risk of infection by malicious software (such as ransomware that encrypts data) introduced on a USB stick.
Luckily, Windows XP Risk Falls Over Time
The danger of running Windows XP machines is likely to increase over the next 12 months, as newer vulnerabilities that are patched in Windows Vista and Windows 7 are exploited in XP. The good news is that, ultimately the risk will go down, Silver believes.
That's because the installed base of Windows XP machines will fall to such a low level that it's no longer attractive for malware authors to target - as is the case with Linux and OS X machines.
"For the next year or so, the risk of running XP machines will be high. Beyond two or three years, there will be less risk," Silver says. 'But that is a long time for organizations running XP to have to ride out."
Sign up for CIO Asia eNewsletters.