My situation will require the ongoing use of an XP computer in the office network which includes limited file exchange and printer sharing for the XP box with the rest of the system.

Given that my internet work will be done on a W7 box, is this an acceptable option for keeping the XP machine alive on the local network but shut off from the big bad online world?

Block Internet Access over Network but allow Network Access / File & Print Sharing in Windows 8 , 7 , Vista , XP | TroubleShoot Windows

Please just technical advice if you can - there is no need for your personal opinions on my circumstances and motives. I know the local requirements and this is what has to happen.

Thank you,
FOR

FOR, a good firewall and XP machines that cannot surf the net or receive uncertified software should be fine.

However, a few weeks ago I was reading a paper on how a bunch of smart hackers came to exploit a PDF file and make it launch executable code. Adobe has since patched up their PDF reader but you can bet that if something similar is discovered after XP support ends then Adobe *may* not provide an update for XP. This means that something as innocent as opening a PDF file may work ok on W7 but compromise your XP machines.

Thanks cattletruck, appreciate your comments.

Interestingly a friend of mine got "caught" about 6 months ago with a infection which somehow came with a PDF file. It was quite messy, but the local 'mixture' was able to restore order. :ok:

A good point - I'll keep it in mind. It will be a different world and I need to work with that.

Thanks again ...
FOR

PDF files... pah... that's for beginners.

I've seen tales of exploits hidden in innocent looking jpeg images. :E

Configure the IP manually (both v4 and v6) and do not set a default gateway.

Machines on the local network will still be able to see the XP machine, but the XP machine will not be able to find its way out on to the internet.

BUT ... the ideal solution is still to rid yourself entirely for XP though, because if you get an exploit on to the XP machine, it will still be capable of infecting your local network, and thus get onto the internet indirectly.

I still have difficulty believing you have a genuine reason for running XP though .... print & file server is no excuse.... ;-)

Yes, you can, but if it's internet connected it's just as vulnerable as any other instance of XP.

SD

As I've said a million times before on the subject, its not a case of the third-party vendors providing updates for their products, otherwise anti-virus etc. on XP would be a viable option.

The problem is that anti-virus, Adobe and every other software package is running on top of the Operating System and are dependent on it and its APIs (developer coding interfaces).

As a result... unsupported, obsolete and vulnerable Operating System equals vulnerable software.... no matter what the software or whether its developer is still providing updates.

FOR, the "traditional" way of doing that is to use 127.0.0.1 as the DNS - that's internal reference to the computer itself.

The problem with this approach is it just blocks address resolution and not Internet access. By using IP addresses it's possible to get in and out. Also it's not isolated from the network so if another system happens to cop a dose of something the WinXP system is vulnerable, and as has been highlighted it's still vulnerable to infected files. Obviously those are a smaller risk than actively taking it online, but it's a risk none the less.

Much to mixture's chagrin, I plan on running my XP machine until it dies.

Now before the ever so helpful and knowledgeable 'mix' gets all riled up please let me explain. I purchased this ASUS EeePC some 5 years ago with the intention of it being a sacrificial net surfing machine. The computer is not powerful so I had to turn off many Windows services to make it run to my liking. I do not run virus protection software although I have occasionally installed a free version when my suspicions were aroused only to find nothing, then I uninstall it. I only use the windows firewall that came with XP for internet protection. I do not install Windows updates.

Other than Windows XP the little NetBook also runs FireFox 26, Office 2003, VLC, Quicktime, Photoshop (old version), vim, Winzip, Cygwin and Kyodai Mahjongg - that's quite a punch for a little tacker - and they all work well enough to be useable.

I have recently setup another W7 laptop to become this one's replacement should it eventually croak. After 5 years and many net hours of use, the little EeePC is showing some physical signs of stress. The power supply plug has been replaced 3 times. The batteries are almost unusable and confusing the run-on-battery mode OS feature. Sometimes I can even hear faint electrical arcing noises emanating from the back.

But I will persist with it dammit....until its very last CPU cycle regardless of what those Microsoft people say. :ok:

I trust you are merely pulley my leg, because that sort of computing is incredibly reckless and you have been very, very,very,very lucky to not have been caught out by your utter contempt in more ways than one (i.e not only talking about viruses here, but the overall benefits that come with installing windows updates).

I wouldn't say I was lucky, nor reckless, I guess the good outcome is more a reflection of the kind of internet activity I choose to engage with. I should have also added that I did reconfigure that internet firewall to be extremely strict. The only thing of value on this laptop is the time invested in setting it up.

I recall many years ago working at a big Swedish multinational telco when one of their retarded employees who wanted my job told me about a new super duper flight simulator to download. It was in RAR format which immediately raised my suspicions. He even downloaded it onto my work computer but he chose not to install it even though he was talking up its amazing appeal. See where this was going? I put the file on a usb key and stored it for posterity. 4 years later I decided to run a virus check on the RAR file and sure enough, just as I suspected there was a half recognised virus in it.

There are plenty of internet sites that invest a lot of time and effort to help you stay out of the dark side on the internet, use them and a lot of your net experience will be worry free.

As I said, updates in particular are not always to do with security related matters.

Anyway, I'm not being drawn into this one, so I'm not commenting any further other than to say your style of computing is very much questionable and not an example for others to follow.

One day it'll come bite you in the backside, don't come here looking for tea and sympathy.

Just curious, does anyone know what XP 'stands for'?

According to the press release way back in 2001....

I thought it was originally to be called Windows 2000 but the code name was so good they kept it...

...around the same time the 586 became the Pentium. We were hoping the next in the series would be called Hex, but Terry Pratchett got there first.

Well said. What I do here, which is motivated by dirt cheap computing and getting the biggest bang for your buck won't work for everyone. I am computer literate and can smash 'em and fix 'em anytime I like, well most of the time.

Thus spake Mixture:

It probably seems that way. However there is a reason - it's to do with space in the domestic office. The only physical option for my Canonscan 9000F is where it is. The only computer which can drive it in that location is the one at the amateur radio desk on the other side of the room. It presently runs on XP under which regime it operates the scanner.

Next month it will be a dual boot linux mint machine for the online AR requirements. But XP is still needed to operate the scanner and also for a very few quite specific offline AR requirements which W7 could not accommodate if it were to be installed.

Scanned files need almost always to be fed back to the (wired) local network printer which is connected to the new W7 machine at the main desk.

There is one other XP computer which has six years of emails on it (this one actually). They ain't being copied to the new W7 box which is getting a clean install of T'bird and Firefox. Only the AD book and the bookmarks are being imported to what will become the primary online desktop - running usually 15 hours a day. I still need access to those older emails from the older XP box from time to time - with facilities to produce hard copy. That machine also needs to be available to the local network, but nothing beyond that.

There might be other ways of doing this, but that's what the domestic situation will stand and I need to work with that. (I can't cook) :O

Apologies for the complexity, I can work with it, indeed I have to. And thank you for your helpful comments.

Rgds

FOR

Huh ??!?!? :confused:

You have a machine running XP. You install Windows 7 or 8 on said machine.

Consumed office space remains unchanged.

No, Windows 2000 was called Windows 2000. Something to do with the year it was released in, I believe.

XP was released in 2001, so Windows 2000 would hardly have been an appropriate name for it.

Of course, many people did say that XP was what Win2K should have been, rather like Win 7 and Vista, so perhaps that's where your confusion originates.

FBW

- this is where it is quite confusing! You are saying that if, in W7, I run an XP installed programme (or even one installed under W2000) which uses the internet, the Win7 'security', plus patches will not protect the machine?

Surely the onus is on M$ to ensure that any internet activity actioned via the W7 OS is protected as much as possible?

Recalling Pinguin's post earlier, why is 'dual-booting' relevant in all this? Surely as far as the machine is concerned it is running the selected OS and is technically 'oblivious' to any other installed OS, be it Mac or Linux etc?

Ok, first things first. When you run a OS in a virtual machine, its a valid OS and is therefore vulnerable to all attacks. So you have to be careful.

Host OS = Windows 7
Guest OS = Windows XP (XP mode running under Win 7)

Win XP mode is 'sandboxed' which means its independent of the host OS (in this case win 7) and any vulnerabilities should remain in the 'sandboxed' guest OS.. However, XP mode maps all you host OS drives, so any corrupted files opened in XP mode can affect your host OS. BUT, if you are running a fully patched host OS with good virus protection, you host OS should be secure enough to prevent any attack. Your guest OS however still remains vulnerable.

Essentially I say what Andy_P said.

I would add that you have to look at it in the context of Windows 7, in that when Windows 7 was introduced, Windows XP was still supported.... so the XP feature was introduced to ease the migration pain. However, now Windows 8 is the current version of the system people should have by now really been fully migrated over to Windows 7 and no longer be relying on the XP VM.

So yes, in essence, you should not be using Windows 7 XP Mode just as you should not be using Windows XP. In particular I would highlight the following bit from Andy's post ...

"Should" being the operative word.... there are exploits out there that can figure out they are in a virtualised environment and actively seek to work around that temporary obstacle in their path.

In the end we're talking about software virtualisation here, so the segregation is only as good as the memory management (and other aspects).

Andy - very helpful, thanks. It would seem that those of us who wish to continue running those 'older' programmes should make sure that internet access is not available for them to be sure. Other than something like Zone Alarm where each internet connection has to be 'approved', is there any other safe way? The problem lies in being certain that any particular prog does not try to connect.

mixture to be honest I think your screwed. It doesn't matter how much the IT pros go on about it there will be millions and millions of XP computers out there for years and years.

The rest of you take a clone of your hard disk as the last update goes through in fact make 2.

Keep your data on an external disk and have a plan how your going to clean it. Then if you get anything clone back the OS and clean the data disk before plugging it back in.

This is either going to go three ways.

1. The whole of the internet will be screwed when the next big one goes through and MS won't do a thing.

2. Same as 1 but MS sorts it out mainly because they are supporting huge corporate XP setups anyway.

3. Bugger all will happen.

Please read what us very experienced IT people are telling you !

When we say disconnected .... we mean DISCONNECTED.

i.e. never, ever , ever connected to the internet ever again ... I don't care if its only sometimes/intermittently/whatever...... we mean NEVER connected.

As I've said time and time again.... I don't care what third party "security" tools (e.g. Zone Alarm) you are thinking of running on your obsolete good for nothing XP system.... they are ALL vulnerable because the operating system and system APIs they rely on are vulnerable. You wouldn't build a house on weak foundations in the middle of a boggy swamp-like field.... well that's exactly what you're proposing when you're thinking of running "security" software on XP after April the 8th..... its utterly pointless.

Yeah, and all you clinger on home users sit there and don't give a damn, whilst the rest of us have to spend thousands and expend thousands of man-hours fighting DDoS and spam attacks launched by your infested zombie computers against corporate networks and ISP infrastructure.

Thanks very much indeed. :mad:

That about sums it up btw i don`t own an xp machine. But everyday i work with them. They are provided for me and I know there is no plan to change them until the unit is replaced.

Unless there is a free upgrade path and even then i suspect alot won`t bother people will stay with it.

And they really won`t care how much it costs the pro`s

Lets face it there is still 30% of internet connections in feb are xp. You will be lucky if that drops below 25% by the cut off date. MS must be pooing themselves a bit because this could get quite spectacularly silly very quickly. As i bet there will be something just waiting to be released on that day. If i was synical i might even say MS would have an input into it.

MS are going to be making patches for XP Embedded until at least 2019... :E

if you can't or won't change it then live with it.

It seems to me with your ability to cajole and communicate that you might have more luck in setting enforced standards that the millions of us have to follow

and TRY to understand without going off on the usual rant.

You almost got it right, but should have written - then you would have understood. I was NOT posting about using security software on the XP OS. It would have helped if you could have read my whole post through the red haze. Ah well! Your rants are effectively wasted, I'm afraid. I suspect there will be those who feel like running XP just to annoy you!

Agreed. My earlier post was not read properly (even though I typed it very slowly :rolleyes:), and a totally false assumption and useless response resulted.

One thing really worries about these promises of the end of the world for anyone who turns on an XP computer connected to the WWW on the morning of the 9th April.

They are asserted with such confidence that I find myself wondering if those who make them aren't in the know in some degree or another with the people who are writing these nasties. The more I read about this, the harder it becomes to evade that conclusion. I'm sorry about that, it's almost certainly the case that they aren't, but given the absolute confidence of those assertions it is becoming ever more difficult to dismiss an uneasy connection.

Fact is that millions of XP computers will be going on line on April 9th just as the were on the 8th. No amount of gentle coaxing otherwise within these peaceful walls will change that. If the online world comes to an end as a consequence, the media will go for the obvious target and it won't be pretty for the big M.

FOR

Ideally, you should look to update your software so you dont need XP mode. Most stuff should run natively under win7.

In saying that, I use a program that wont run under Win7 at all. I could upgrade (its protel, electronic design software) but I just dont use it enough these days to justify the cost. Plus the new sofware is subscription based, you pay $8000pa. So its just not worth the upgrade. I digress..

Yes, you should avoid the internet if possible. The connection to the internet is also sandboxed, so it has to run through the host OS's firewall, so once again there is some protection. If you can, you should block XP mode from connecting to the internet. As mixture said, its possible for someone to exploit the Virtual machine and attack the host, but provided you keep the host patched and run up-to-date virus software you should be fairly safe.

Its simple....

You pay me, I'll happily sit there hold your hand and dance around on eggshells waffling away paragraphs of nicely composed rose-tinted advice....

However, expect me to give you advice for free when you don't even fall into the "family & friends" category ? Sure I'll spend a little time here giving you advice, and of course it will be technically accurate..... but its going to be brief and to the point, I'm not going to beat about the bush.

And when it comes to certain topics, like Windows XP. There is no debate to be had.... no matter who you ask in the technical community, pro, anti or neutral Microsoft .... the answer will be the same you are taking substantial risks running XP after its expiry in April. I really fail to see what's so difficult to grasp about the concepts, and why the complaints about something Microsoft have given you years of notice for ! You've had the time to prepare, now just bite that darn bullet and make the switch !

None of the XP clinger-ons on this forum has demonstrated to me an ounce of viable justification as to why they must continue using XP other than their pure stubbornness....

Agree with everything you post

It's like my pappy told me, "do it and you will go blind eventually"



While the great majority will keep on using it until they need glasses.

You need to gear up to sell glasses and not advice :E

This is a tedious argument.

Personally, I don't think there will be a Big Bang in April. I think what will happen is that those people who say "aww nothing's going to happen, you're scaremongering us" will crow about it for a while and wallow in self-congratulation either that they've dodged a bullet or stuck it to the IT man.

However, slowly but surely there'll be the odd user here and there who'll find their XP machine doesn't work quite right. They'll call their IT guy and get one of two responses: either "XP? Are you mad?", or an IT kid who spends an inordinate amount of time trying to fix the issue only to either have it repeat the very next day or have to admit defeat.

The end user, not knowing their arse from their elbow, will chastise the IT guy for not making it work, and will dismiss the counter-argument of XP being inherently flawed from that moment on as unproven.

It'll therefore be a slow-moving mass of pain to a greater or lesser extent depending upon how much reliance is placed on the system by the end-user, how we'll they've achieved their own updating obligations, and how soon an API exploit becomes generally available.

All in all, it's going to be miserable for all concerned, but to what extent we will have to wait and see.

Dam I'm screwed, I'm still running an old XP with programs set to run in windows 95 compatability mode.

But then its not hooked to the internet anymore as I know for a fact its virus ridden:p And just run Linux instead;)

That summarises things nicely ! :D

I agree with your entire post Mr Bracknell ... some people will only learn the hard way.

I don't think they will.


So situation normal then.

Again situation normal. And has been ever since we moved away from terminals onto mainframes. Well to be honest it was like that before then even though I only saw the tail end of them getting removed out of service.

I would say extremely slow moving as the majority don't actually use them for much. If they were high end users they would have upgraded their hardware years ago.

Only way your going to stop people using it is if you make the OS useless for general use.

ie . Change the major web sites such and search engines, social media, mass email system refuse connection and be unusable to XP machines.

BTW I just finished work and in the course of this morning I came across 8 XP machines.

Then again there are quite a few NT4 machines still kicking around and nobody makes a fuss about them. But then again the numbers will be low enough that nobody can be bothered doing anything to stuff them up.

Awwww - luvvit! Please, please keep it up mixture, your posts are the best ever prose posted on pprune.


avid reader but unaffected, am on jelly bean contemplating update to kitkat :}

So what Jock? I'm a user of XP and will be until the 8th. There may be some under-the-bonnet stuff that is out of date security-wise, but the rest of the new-fangled OSs is just nerds running the asylum. The best move I never made was Vista, nor Windows 8. Ooohh goody, it looks like a mac! Woopy Doo! :hmm:

I was just saying this idea of a mass transfer away from it is cloud cuckoo material.

If people can turn it on and it fufills its function then it will stay as it is.

Being a nosey person when bored in airports, I looked at what systems were up and running on a recent trip to Siem Reap and Saigon via Bangkok on Thai Air.

Thai are very definitely still using XP.

Getting a bit late for a global change by them........

I predict more customer service issues when they become infected.