Will's Windows Security Baseline

June 28, 2014 - You Tell Me: Is It Worth $100?

Let's keep this short and sweet. Now that XP has no extended (security) support in place for XP, the best you can do is put together a suite of third-party products that will form at least a partial barrier. I describe my choices below, and let me make clear that you need all of them. It's not a menu.

First, though, here's a quick review of the steps you need to take in XP for maximum protection.

  • Run Windows Update to make sure you have all applicable XP updates. Even though no new updates will arrive, older ones are still there.
  • Turn on Windows Firewall.
  • When using the PC, log in using a user account without administrative privileges. Use admin rights only when absolutely necessary.
  • Turn on email junk filtering if you are using an email client like Outlook or Thunderbird.
  • Use the features of Outlook or Thunderbird to mark junk so that those programs can do a better job of automatically detecting it.
  • If you get email without a subject line, ignore it.
  • Don't open email attachments unless you know, with as much certainty as possible, that the sender is trusted.
  • Don't click links in emails unless the sender is trusted. Even then, use your common sense.
  • Take your time, be patient, with email. Bad emails are the quickest way to get in trouble and the effects can be very bad, so an extra second to examine each email carefully could save you days of recovery.
  • When in doubt, hesitate, then hesitate again!

Oh, there is one other option. Move up to Windows 7 or 8. (Sorry, I had to say it. See my caveat below.)

I recommend a suite of three paid products and one free product to protect XP. All these products continue to support XP, which you can confirm on their respective sites. The suite will cost $70 to $100 per PC, depending upon how many PCs you need to protect.

ESET NOD32 Antivirus  - $40

NOD32 is a powerful and fast AV program. I have direct and long experience with the program and have recommended it to many clients over the years. The only reason I don't recommend it more is that Microsoft Security Essentials is very good and free. But now that MSE is no longer active for XP, ESET is the company I recommend.

One reason I liked MSE was that it was very respectful of its user. It got less in the way and consumed far fewer resources than products like AVG and Norton/Symantec. When running scans manually it took longer, but scanning overnight solved that problem. NOD32 is the fastest AV scanner with which I'm familiar, making it an excellent replacement for MSE.

If you need to protect multiple PCs and buy licenses at the same time, you can get the cost down to $20 per PC.

Malwarebytes Anti-malware - $25/year, 3 PCs

The Malwarebytes software has been around for a long time and I consider it the best anti-malware program around. I have used the free scanner for many years and it has helped me salvage innumerable catastrophes.

So why the $25 if I say it's free? Because for XP, I recommend the Premium version. The free scanner is manual; you run it when you suspect you already have a problem. The paid scanner is real-time and can thus detect possible threats before they gain a foothold. The Premium version does a lot more than just malware; see the site for details.

WinPatrol Plus - $25/PC/Lifetime

WinPatrol Plus is probably the best bargain in security software on the planet. It's been around for over 15 years and I've been using it for almost the entire time. Your one-time payment of $25 gives you a few additional features and access to an online database, but that's not why you should pay. You should pay to support the product because it does what no other product does and it represents an excellent, last line of defense.

Scotty, WinPatrol's mascot, watches Windows in real time looking for configuration changes of any kind. When it sees one, it pops up a warning and allows you to reject the change if you consider it suspect. The Plus version lets you look into WinPatrol's database to learn more about the change that is being made, giving you a leg up - so many products just tell you "don't do it" without explaining what it is or why.

Now this may seem like Windows UAC (User Account Control) that so many pundits complained about with Windows Vista. Yes, it's similar. But so what? Do you want protection or not?

Mozilla Firefox - Free

The newest versions of Microsoft's Internet Explorer do not work in older versions of Windows. I'd like to see Microsoft improve this situation, but IE has strong ties to the OS and I can understand Microsoft's position. Because IE 8 is no longer supported and is the latest version available for XP, you need a replacement.

I recommend Firefox. I do not recommend, nor trust, Chrome. (Google the company is pretty low on my trust radar.)

Other Versions of Windows

This security baseline is not limited to Windows XP. I recommend Malwarebytes Premium and WinPatrol for any version of Windows. The only difference in my baseline is that I recommend MSE for antivirus in Windows Vista and later. But that's a matter of choice; as long as you have some AV product, you're good.

I also continue to recommend IE 11 or later. These days I consider Internet Explorer the best Web browser, period.

Caveat Emptor

Let me emphasize, again, that my security baseline for XP provides a "bubble" around XP. It can't always fix, nor protect against, exploits that are discovered in XP (you know, the ones that Microsoft isn't fixing any longer). All this suite can do it up the ante a little bit by making your protection a little more proactive.

Use my security baseline if you must continue to XP, but by all means work diligently to abandon XP. If you choose to stick with XP, take security more seriously than you ever have before.