Defending Our Decision to Support Our XP Users for One More Year

Recently we worked on an XP computer belonging to a lady who is a member of a computer club. After we finished cleaning and optimizing her computer, removing malware, installing Chrome, configuring it, importing IE favorites, and then installing and configuring Emsisoft, we pronounced her computer good to go for another year. She was delighted with the service we provided and she went back to her computer club to sing our praises and tell the other members about us — she got a skeptical reception. Many of the members have read the blogs and the doomsday scenarios posted on the Web about what will happen to those who still use XP after 4/08/2014.

And before we get started, let us make it clear that we’re not recommending anyone keep Windows XP, but we know many of you will be keeping it, either because you cannot afford a new computer or don’t feel much like learning a new version of Windows. It’s a personal decision that only you can make. If you can afford a new computer you should move out of XP and into Windows 8. Chromebooks and Apple computers are great, but their operating systems are more different from XP than Windows 8 is. Our job is to keep our Windows XP users as safe as possible for as long as possible and that’s what we are doing and will continue to do.

The primary weakness of any operating system, supported or not, is the person using it. From what we’ve seen, hackers and malware distributors have made a mockery of Windows security protections – we’ve seen Windows 7 and Windows 8 computer with hundreds of Rouges, hacked Internet connection settings, malware, etc.

We’re not going to give more credence to the doomsday conspiracy theorists. No version of Windows is “safe”. Will Windows XP become incrementally more prone to attack? Indeed. It would be foolish to say it won’t. But the main entry point for hackers and malware/rogue distributors isn’t via the network to which Windows is connected (most modern routers have a hardware firewall built-in and it works regardless of the version of Windows one is using). The way most attackers and malware distributors attack Windows is via the browser. And Internet Explorer 8 has been outdated and flawed for quite a while already.

For instance this from WhatsMyBrowser.com :

“Internet Explorer 8 users receive an “Internet Explorer 8 is out of date” warning on WhatIsMyBrowser.com, for the simple reason that Internet Explorer 8 is out of date.

https://community.rapid7.com/community/metasploit/blog/2012/09/17/lets-start-the-week-with-a-new-internet-explorer-0-day-in-metasploit 

http://articles.latimes.com/2012/dec/31/business/la-fi-tn-microsoft-responds-to-security-hole-in-internet-explorer-20121231 …”

The article above is not even very recent; there have been three new versions of Internet Explorer since Internet Explorer 8 – IE 9, IE 10, and IE 11.

Simply installing and correctly configuring Google Chrome on Windows XP and setting it as the default browser, is in itself a security update for Windows XP. Of course, users will have to actually stop actively using Internet Explorer and use only Chrome in order to take advantage of the many security benefits of using a modern browser vs. one developed and released ten years ago. Another advantage is that unlike Internet Explorer, Chrome updates itself automatically, so users are always using the newest version of Chrome.

Google employs some of the top software architects, security experts, and threat analysts in the business. Google is not going to support Chrome on XP if it deems it is going to be an unsafe platform within a year. And we will continue to believe those who know, than a group of bloggers and conspiracy theorists who are predicting doomsday for XP users based on what happened with Windows 95 and Windows 98 almost two decades ago. There was no Chrome in those day. Both Internet Explorer and Netscape Navigator (the only two browsers in general use) were both not secure and both had vulnerabilities that allowed easy access to the operating system.

Installing Chrome increases security. Chrome will be supported by Google for at least one year beyond April 8, 2014, and that tells us that their experts, which we trust much more than tech bloggers, sensationalists, and alarmists.

Also, and this is not only true for Windows XP users, but for all Windows users: Viruses, worms, and Trojans are indeed dangerous threats to Windows users — but the truth is, most of us will never see a virus on our computers. Most antivirus software is fantastic at preventing viruses, worms and some Trojan – but antivirus software is incredibly bad at protecting computer user from he threats they face almost every day and almost every time they download anything. And no doubt, miscreants and criminals know that the fastest way to compromise a Windows computer isn’t by creating a virus or a Trojan or a worm — but by creating malware programs and rogues — against which most antivirus software is useless.

We once recommended Malwarebytes be used with antivirus software to protect users from malware and rogues. But we stopped recommending Malwarebytes when we discovered it stopped detecting most malware and rogues. We wrote to Malwarebytes and asked them for an explanation as to why Malwarebytes wasn’t detecting malware and rogues as it once did. In fact, we wrote them three times – they never answered. A few months later, in a blog post, they announced a sort of renaissance and asked everyone to join them in the fight against malware. Malwarebytes’ resurgence was short-lived, we’ve continually tested it since then, and we have found it ineffective in removing and/or preventing the kinds of malware and rogues that users face nearly every day.

Last summer, TC spent two weeks testing antivirus and antimalware programs. He loaded down a test computer with as much malware as he could and found that most antivirus programs do not prevent infection by malware nor do they remove it or even detect it: Norton, McAfee, Avast, AVG, Panda and others all failed to adequately prevent or remove the kinds of malware that we all are most likely to encounter.

When he found Emsisoft he had his doubts — generally off-brands of antivirus never perform well. But Emsisoft was different –it uses the BitDefender scan engine and BitDefender is one of the best antivirus programs available. So, we thought, why is it called Emsisoft Anti-Malware and not Emsisoft Anti Virus? We found the answer after Emsisoft Anti-Malware detected and removed all the malware from the test machine and prevented new malware from being installed by warning of potential threats during and installation. We were happily surprised. Not only is Emsisoft Anti-Malware one of the top-rated antivirus programs according to many independent testing labs, it is the best anti-malware programs we’ve ever used.

We install Emsisoft Anti-Malware on XP computers for users who intend to use Windows XP beyond April 8 because we know that the biggest vulnerability in Windows XP is the user. The next biggest threat comes from vulnerabilities in the browser (Internet Explorer 8) – which is why we install Chrome and set it as default. And the other biggest threat comes from malware and rogues — both of which can easily elude antivirus programs. Malware can be dangerous – it can completely reconfigure your Internet connection so all Internet traffic from your computer goes through the malware distributors servers and thus knowing every site you visit, every transaction you make, and creating a tunnel through which they can send commands or more malware to your computer. And this is not exclusively a Windows XP problem, this vulnerability can be exploited on any version of Windows, including Windows 8. It is, however, much easier to accomplish on a Windows XP computer. And a software firewall is powerless to prevent your Internet connection from being compromised and changed – because when you installed the malware (you’ll be tricked into it) you have given it permission to change settings on your computer. Emsisoft can prevent this by warning you that a program is trying to change your Internet connection or other settings.

Installing Emsisoft on Windows XP computer, adds an extra layer of security by helping users recognize and stop malware bundled with freeware or other kinds of malware from being installed. Emsisoft can remove malware that is already installed. And Emsisoft consistently ranks in the top five antivirus programs. So installing Emsisoft not only helps users avoid being compromised by malware, but also provides great antivirus protection too.

By first insuring that the Windows XP computer is free from malware and other malicious files, by optimizing the PC, checking the hard drive, installing and correctly setting up Google Chrome and Emsisoft, we are more than confident that Windows XP will be much safer to use for another year. Does this mean we’re telling people they should not upgrade to Windows 7 or Windows 8x? No, we are not saying that. In fact, we encourage all those who can afford to buy a new computer with a more modern operating system to do so. But we don’t think those who can’t afford to upgrade or simply don’t want to learn a new operating system should be unnecessarily frightened by the doomsayers. It’s simply not true that Windows XP will become vehicle for the devil himself when Microsoft stops supporting it on April 8, 2014.

Emsisoft’s experts have decided, like Google, to support Windows XP for at least one more year past the end of support date for Windows XP (April 8, 2014).

We know that the experts at Google and Emsisoft know far more than the sensationalist tech site, tech blogger, or those who run around saying “The sky is falling”. Google, Emsisoft, and others know what they are doing…and no one is going to support their products on Windows XP, unless they are sure that the operating system isn’t going to rot beneath them.

In the end, the computer user’s safety is not in the hands of security companies and browser companies, or in any software program. Online safety starts with a knowledgeable user, one who knows how to separate information from misinformation.

We stand by our Windows XP Secure Service and will continue to offer it to those who decide to stick with Windows XP for another year because they cannot afford to buy a new computer right now, or those who simply don’t want to learn a new operating system. Are we saying that people shouldn’t buy a new computer if they can afford it? No. Are we saying we agree with those who don’t want to take the time to learn something new? No. But we do understand. And it’s our job to keep those who do choose to use Windows XP beyond April 8, 2014 as safe and secure as possible.

If you’re an XP user and you’ve decided to continue using Windows XP beyond April 8, 2014, and you’re interested in making it more secure, you can read more about our Windows XP Security Customization service at http://thundercloud.net/direct/2014/custom/index.htm#xp