On Tuesday (April 8), Windows XP receives its final updates and security patches, and Microsoft officially ends support for the operating system. Future software flaws and security vulnerabilities won't be fixed, and some experts predict an "XPocalypse" of malware attacks on the 13-year-old OS.
Yet between 20 percent and 30 percent of Windows users worldwide were still using XP as of the beginning of April, and many of those users have no plans to switch to another operating system. If you're among the XP holdouts, here's what you can do to keep your XP system as safe as possible in the face of the XPocalypse.
1. Fully update your system. Make sure all Windows XP system updates and patches are installed. You want to have Service Pack 3 (SP3) — or, on Windows XP Professional 64-bit, Service Pack 2. (To see what you're currently running, press the Windows key and the Pause/Break key on your keyboard simultaneously; laptop users may have to press the Fn key as well.)
Go to your Start menu, select All Programs, then Windows Update. Select Check for Updates and install everything that Microsoft flags as "Important." Under Change Settings, set Windows Update to Install Updates Automatically.
2. Ditch Internet Explorer. Like Windows XP, Internet Explorer 6 reaches the end of its working life April 8. But if you're running IE 7 or 8 on XP, those editions of Explorer won't get further updates, either. Even worse, IE has deep hooks into the Windows operating system, and malware attacks on it will go far.
To protect yourself, switch to a non-Microsoft browser, such as Google Chrome, Mozilla Firefox (with the NoScript plugin installed) or Opera, all of which will continue to receive updates and security patches for at least another year. We especially recommend the Aviator browser, which builds in several security features, such as requiring the user's permission before media files can play.
3. Use Webmail instead of Outlook Express. After April 8, it will be safer to open emails in a non-IE Web browser than to open them in Outlook Express. Sign up for a free Gmail or Yahoo Mail account, and make it your primary email address.
4. Ditch Microsoft Office. Microsoft is also ending support for the 11-year-old Office 2003 (its predecessor, Office XP, died in 2004). But don't try upgrading to or using Office 2007; it might not get any more updates on Windows XP systems.
Instead, switch to an alternative office suite, such as LibreOffice or OpenOffice; both are free and will handle your Office documents, spreadsheets and presentations just fine. Or just go right to the cloud with Google Docs.
5. Install antivirus software, and pay for it. Every Windows PC should be running antivirus software. In our experience, the paid software offers protection, such as screening Web links and automatically scanning email attachments, that free software can't match.
If you're worried about the $50-to-$80 yearly subscription cost of antivirus software, remember that you're already saving money by not upgrading to a better computer or operating system. Most antivirus software makers will be supporting Windows XP until at least April 2016.
6. Create and use limited accounts. Windows has two types of user accounts: administrators, who can install, update and remove software; and limited users, who can't modify software (except for user-specific applications such as Google Chrome). Most pieces of malware "borrow" the user privileges of the account they infect; a Trojan that infects a limited-user account will do much less damage than one that infects an administrator account.
To minimize the effects of malware infection, create a limited-user account for each user of your Windows XP machine, including yourself, and use those accounts for all purposes — Web, office work, Photoshop — except modifying software. Use the administrator account only when adding, removing or updating applications and other pieces of software, and log out of this account when you're done with those tasks.
7. Turn on your system's firewall. Go into Control Panel, select Windows Firewall, select "Turn Windows Firewall on or off," then select "Turn on Windows Firewall" for all options.
If you're a bit technical, Microsoft recommends a few more fine-tunings that can harden your system. All require administrator privileges.
8. Turn off automatic opening of files on a USB stick. A USB stick is a great way to spread malware, especially in Windows XP, which opens files on a USB stick as soon as it's plugged in.
Stop this by using the Group Policy editor. From the Start menu, select Run, type in "gpedit.msc," and hit OK or the return key.
You'll see a pop-up window with two panes: in the left-hand pane, select Administrative Templates under Computer Configuration (NOT User Configuration). Then, in the right-hand pane, double-click System.
Scroll down to Turn Off Autoplay and double-click it. Another pop-up window will appear; under Turn Off Autoplay, select the Enabled radio button, select All Drives in the "Turn off Autoplay on" menu and close the window.
9. Maximize Data Execution Prevention (DEP). DEP protects against malware attacks on running memory. It's activated by default in Windows XP Service Packs 2 and 3, but can be turned up.
From Control Panel, select System, then the Advanced tab. In the Performance section of the resulting pop-up window, click the Settings button. In the next pop-up, select the Data Execution Prevention tab. Select "Turn on DEP for all programs and services except for those I select." Hit Apply, then OK and then restart the computer.
If you find that DEP interferes too much with certain applications, go back to the Data Execution Prevention tab and select Add to make exceptions for those programs (you'll have to browse through the file system to select them).
10. Install the Microsoft Enhanced Mitigation Experience Toolkit (EMET). EMET hardens installed applications one by one. It's complicated to configure, but Microsoft includes a user's guide with the EMET software. Both tools are available from Microsoft's Download Center (opens in new tab).