While Microsoft ended support for Windows XP about four years ago, the operating system still runs on millions of PCs around the world. This is partly caused by software piracy, according to a white paper about Windows XP security written by a researchers from antivirus vendor ESET.
There are still a considerable amount of computers running Windows XP. The white paper mentions that 5.5% of ESET's customers still runs Windows XP as of March 2018. This means there are still millions of computers that no longer receive security updates. ESET therefore released a white paper (PDF) that explains how to keep Windows XP secure while looking for migrating to a newer OS.
The white paper also tries to answer why users are still on Windows XP. One of the reasons is software piracy, according to ESET. The author of the white paper, security researcher Aryeh Goretsky, spoke with several users who continued to work with the operating system because of an illegal Windows XP version.
“Not only has this left them unable to upgrade legally to a newer operating system using inexpensive upgrade editions; it also means they often avoid installing security patches and updates, fearful that one of them will disable their pirated copies of Windows,” according to Goretsky.
“This paranoia was not helped by Microsoft’s release of Windows Genuine Advantage (WGA),” Goretsky adds. WGA is Microsoft's Digital Rights Management (DRM) tool that is designed to block pirated Windows installations from receiving non-critical updates. The feature also disables personalization features and displays warning messages to the users stating the OS might be unlicensed.
“That Microsoft released WGA through the auspices of the Windows Update service, claiming it to be a critical security update, left many people with pirated copies of Windows operating systems hostile towards Microsoft as, in fact, it fixed no vulnerabilities in the operating system and collected information that could be used to identify computers running it uniquely,” Goretsky explains.
Microsoft's way of dealing with piracy caused many users to disable Windows Update because they feared that Microsoft would totally disable their illegal OS or that the software giant would spy on them. Especially these computers are vulnerable, because they miss years of security updates. Goretsky recommends owners of such systems to perform a clean installation of Windows XP. In case no valid Windows XP license is available, Goretsky recommends purchasing a legal license with installation CD from e.g. eBay.
Obviously, ESET recommends users to switch to a safer OS, but the company understands that this not possible for some users or for specific applications. Therefore, the white paper also contains several advices on how to better secure Windows XP computers.
In case the OS is only required to run specific application, Goretsky recommends to run Windows XP in a virtual machine.
When this is not possible, Goretsky has several other recommendations that should make Windows XP a bit more secure. There are e.g. to download the latest XP security update, to use an account without administrator privileges, to disable AutoRun, to enable Data Execution Prevention (DEP), to enable displaying file extensions and to install Microsoft's Enhanced Mitigation Experience Toolkit (EMET), Microsoft Baseline Security Analyzer and Microsoft Security Essentials.
Goretsky also recommends installing an antivirus product that is compatible with Windows XP such as ESET's own solution.
The best advice is still upgrading Windows XP systems to a newer OS, as Goretsky concludes, “while it is possible that they might be replaced with a computer running Windows Vista, Windows 7, Windows 8.1 or perhaps even macOS or Linux, it is more likely it will be replaced with a computer running Windows 10, the latest, and perhaps last, desktop version of Microsoft Windows for the foreseeable future. While Microsoft Windows 10 looks and behaves differently than Windows XP; some of the biggest changes to it are in terms of security.”
