Blog Post

This is the end of XP as we know it… Do you feel fine?

Jordan

“Hardening” your computer, which is the process of taking steps to make it less vulnerable to attack, is important and appropriate for everyone all the time. However because April 8, 2014 will mark the end of support for Windows XP, Office 2003 and Server 2003, I thought it would be a good time to go over some basic things almost anyone can do that will help keep their computer safer. I will focus mainly on strategies that are good and wise for everyone on any version of Windows. So if you’ve already moved off of XP, congratulations you can skip right to the Beginners Hardening guide. However if your still using XP computers, please keep reading to understand why you should upgrade to a supported version.

April 8th will be the last time Microsoft will release updates and security fixes for XP and Office 2003. We strongly encourage everyone who can move off of XP to do so as soon as you possibly can, preferably before the 8th. But for those of you who can’t it is very important that you take some time now to make sure that the way you are using your computer isn’t opening up any extra vulnerabilities. Because this end of support date has been known for so long it is expected that there are miscreants in the internet’s underground that have developed exploits for XP, and are holding them until after April 8th so they can don’t have to worry about their exploits getting blocked.

The recommendations below should require only basic to intermediate knowledge of a computers. I’m however assuming that your user account on your computer is able to install programs. Without further ado, let’s jump in.

The Beginners Hardening Guide.

Non admin user – By default when you create the first user account on a computer it is given administrative permissions, which basically means you can do anything you want. Unfortunately that means that if a virus runs while you’re logged in, it can do anything it wants and in many cases without you ever knowing it’s there. In fact, if they had not run while the user was logged in as administrator, over 90% of exploits on Windows in 2013 would have been defeated. So our first recommendation is to convert your user account to a standard user, and use that account all the time. Since every computer must have an Admin account you also need to create a new Admin account. (Side note: The most simple solution would be to start your user account as a standard user, but considering you probably are already using an account and don’t want to lose access to your files and settings, we’ll walk through converting your account to a standard user.)
To do this:
[expand title=”Create Admin Account on Windows XP” alt=”Add Admin user on XP”]Click on Start > Control Panel > User Accounts > Create a new account. Now enter a username (it can be anything you want you would like, then click Next. Make sure “Computer administrator” is selected as the account type and click “Create Account” Now click on the new account you just created then click the link “Create a password” to password protect your new Admin account. [/expand][expand title=”Create Admin Account on Windows 7″ alt=”Add Admin user on Windows 7″]Click on Start > search for ‘add remove user accounts’ (click on link) > Click the ‘Create new account’ link. Give it any username you want and make sure “Administrator” is selected as the account type and click “Create Account” Now click on the new account you just created then click the link “Create a password” to password protect your new Admin account.[/expand]
Now you just need to make your account a standard user account.
[expand title=”Change account type on XP” alt=”Changing Account User type on Windows XP”]From the User Accounts page of the Control Panel click “Change an account > select your Username > Change my account type > Pick Limited and click the Change Account Type button[/expand][expand title=”Changing Account User type on Windows 7″ alt=”Changing Account User type on Windows 7”]From the “add remove user accounts” page select your account > click “Change the account type” > Select Standard user, then click the change account type button.[/expand] Now whenever you try to install a program, you will need to provide the password for the admin account, but that really shouldn’t be very often for most users. When prompted stop and think what program is asking for admin rights and if you trust this program. If you’re comfortable with the answers to both of those questions, go ahead and put the password in so the program can continue.
Is your computer up to date? – This is something that most people know and yet can be pretty difficult to keep up on, even for us IT professionals. A good rule of thumb is if you don’t use it, uninstall it because if it’s not installed you don’t have to keep it up to date. The big groups of software you need to update are Microsoft products, Adobe Acrobat and Flash, and Java. Keeping Microsoft products up-to-date should be as simple as making sure your Windows Updates are enabled to automatically check for updates AND to check for updates to other Microsoft products. Adobe Acrobat (your PDF viewer) and Flash aren’t quite so easy, while Acrobat does check for updates Flash often does not. As far as Java goes, if you don’t know for sure that you need it, uninstall it, if something comes up that you find out you do need it for, you can always go back and install Java again, but most people find that they really don’t need Java. To manually check for updates and keep everything up to date you almost have to go through your computer and find every program, and then check at least once a month for updates. The good news is there is an easier way to go, you can use a 3rd party program to monitor what programs you have installed and notify you if any of those programs need to be updated. For instance, Secunia, makes a product called Personal Software Inspector or (PSI) which is free for personal use that can will notify you if any of the programs it knows about are updated. There are other options for businesses as well, though we would recommend checking with your trusted IT service provider before shelling out your hard earned cash to make sure that the solution you’re looking at will work well in your business environment.
Uncheck all the boxes – When you run updates for things like Java, or install that great free weather app or photo editor there is a good chance that it is coming with other software that you do not want installed on your computer. So be careful when you’re installing things, don’t just click next, next, done, or there is a good chance you’ll have extra junk on your computer. Read each window carefully and make sure you’re not opting into any special offers or great software that the program you’re trying to install or update wants to bring along.
Microsoft EMET – The Microsoft Enhanced Mitigation Experience Toolkit, will bump up the security settings on your computer and help prevent many of the favorite methods attackers use to get a foot hold on your system. Anyone who is planning to continue running XP or Server 2003, should absolutely install and configure EMET on there systems. Due to the fact that EMET really deserves a blog post of its own, and this blog post is too long already I’ll just link you over to a great artical about EMET that includes a detailed step by step install guide for EMET 4.1. Please check out TrustedSec’s Blog post EMET 4.1 Security Strategy and Installation Step-By-Step.
Install Antivirus – Antivirus programs are not all created equal. There are free ones like Microsoft Security Essentials , Avast , Avira , and others as rated by about.com , free antivirus are often license-limited for personal use, and are generally not as good as the paid versions. So if you’re looking to protect computers at your business be sure to check the licensing or buy a commercial offering.
Cover your Webcam – As long as your computer is on, your webcam could be recording everything it sees. If your computer is ever left on, and you don’t want those images to become part of the internet’s memory, put something like a sticky note over it when not in use.
Get informed and talk about it – “Cyber Security” needs a hero with a catch phrase, like Smokey the Bear’s “Only you can stop forest fires!” or like the Ad Counsel’s “Friends don’t let friends drive drunk”. Until we get one I’ll have to borrow the iconic Uncle Sam’s “I want you” to tell your friends and family, and help them stay safe online.

As this has been a beginners guide there and only a blog article at that, it cannot hardly be considered a conclusive hardening guide, but will get you past 99% of the exploits you’re likely to encounter. If you’re working in IT or just trying to sure up the computers in your business, feel free to reach out to us we’d be happy to help you create a more tailored approach to security in your work place.

< Older Post Newer Post >

Mail

Catching the Big Phish

By Eberly Systems • 20 Sep, 2024

We're all in the same boat trying to avoid cybercrime! Here's our top ways to identify a potential phishing attempt.

Key Notes from the Security Team: Q3 2024

By Eberly Systems • 10 Sep, 2024

Focus on integrating with new team members and new customers

Key Notes from the Security Team: Q2 2024

By Eberly Systems • 09 Jul, 2024

Keeping you abreast of security news

Eberly Systems Acquires Lebanon County LYLAB Technology Solutions

By Eberly Systems • 02 May, 2024

West Lawn, PA, May 2, 2024 — Eberly Systems , the West Lawn-based managed IT services and managed voice provider, today announces its acquisition of the Lebanon-based LYLAB Technology Solutions. Eberly Systems seeks to further a movement of people who are motivated and equipped to make a difference in their world through their daily work. They believe in building lasting partnerships based on trust and transparency while delivering industry-leading solutions to support and protect critical business assets. Driven by the principles of people, excellence, integrity, and stewardship, the team prides itself on partnering with companies to securely, reliably, and efficiently grow their businesses. “We cannot be more excited to join forces with the LYLAB team,” comments Kordel Eberly, Eberly Systems President & Founder. “ The integration of LYLAB Technology Solutions into Eberly Systems solidifies our commitment to providing small businesses with unparalleled service and support. We’re proud of this new opportunity to carefully design and manage the IT infrastructure and systems of even more local businesses and communities.” The acquisition solidifies the Eberly Systems commitment to supporting businesses in Lebanon County. Merging the two teams together as one entity offers the collective team the benefit of enhancing capabilities, refining processes, and extending reach to better serve the evolving needs of small businesses in the surrounding area. Future plans include expanding their presence into Lancaster County.

Navigating Small Business Success: The Power of IT Outsourcing for SMBs

By Eberly Systems • 16 Jan, 2024

A trusted MSP can be your invaluable strategic partner.

Enhancing Business Security and Productivity with Microsoft Office 365

By Eberly Systems • 02 Jan, 2024

These 5 key features of Office 365 Business Premium make it essential for businesses to have.

Key Notes from the Security Team: Q4 2023

By Eberly Systems • 19 Dec, 2023

Eberly Systems has been hard at work over the last year in a concerted effort to enhance the security posture of our clients’ information technology environments. Here are the quarterly updates.

Customer Success Story: Construction

By Eberly Systems • 03 Jul, 2023

After years of steady growth, the workforce at a construction development and property management company was becoming increasingly frustrated by disorganized data. Eberly Systems deployed a hybrid cloud storage solution for efficiency and secure data access.