Results 1 to 7 of 7
  1. #1
    New Lounger
    Join Date
    Nov 2012
    Posts
    6
    Thanks
    1
    Thanked 0 Times in 0 Posts

    Safe use of post-mortem XP on a network

    If we accept the notion that using Xp won't be safe when MS pulls the plug, I was wondering if old XP boxes could be sufficiently hardened/firewalled to be used as thin clients on a LAN, accessing a terminal server (inside the LAN) via RDP. The server will be running a fully-patched version of Server 2008 R2. All internet access will be from within the remote desktop session.
    This could be an economical solution for internal networks with a lot of XP pro boxes.
    Amy thoughts?

  2. Subscribe to our Windows Secrets Newsletter - It's Free!

    Get our unique weekly Newsletter with tips and techniques, how to's and critical updates on Windows 7, Windows 8, Windows XP, Firefox, Internet Explorer, Google, etc. Join our 480,000 subscribers!

    Excel 2013: The Missing Manual

    + Get this BONUS — free!

    Get the most of Excel! Learn about new features, basics of creating a new spreadsheet and using the infamous Ribbon in the first chapter of Excel 2013: The Missing Manual - Subscribe and download Chapter 1 for free!

  3. #2
    Administrator
    Join Date
    Jun 2010
    Location
    Portugal
    Posts
    10,208
    Thanks
    129
    Thanked 1,145 Times in 1,054 Posts
    I think that could be a reasonable usage scenario. Add something like a good HIPS to XP and it will be even safer.
    Rui
    -------
    R4

  4. #3
    Lounge VIP
    Join Date
    Apr 2011
    Location
    Scotland
    Posts
    1,168
    Thanks
    44
    Thanked 134 Times in 115 Posts
    You would also need to ensure you are running a supported version of Office and PDF reader plus lock down USB/Optical drives.

    The latter can be used for sneakernet, while Office has many vulnerabilities that will continue to be patched. If you collect a compromised Office document or PDF, you could just as easily be compromised.

    However, with a HIPS and no network route to the outside world any damaged caused though the vectors mentioned should be fairly small.
    In God we trust; all others must bring data.

    - William Edwards Deming. 1900 - 1993

  5. #4
    Platinum Lounger
    Join Date
    Dec 2009
    Location
    Earth
    Posts
    3,551
    Thanks
    7
    Thanked 225 Times in 213 Posts
    XP is easy to tie down so you can auto-logon and run RDP, then logoff / reboot when the session finishes. You could even freeze the OS with something like DeepFreeze.

    cheers, Paul

  6. #5
    Star Lounger
    Join Date
    Feb 2013
    Posts
    74
    Thanks
    4
    Thanked 11 Times in 10 Posts
    My opinion is that one should probably migrate as soon as one can. There are many large organizations like the VA, hospitals , clincs and companies which are on XP. When MS pulls the plug they will stop updates which keep the wolves at bay and the attacks will multiply pretty rapidly unless some other company steps in to plug the dykes but it won't be free or cheap and maybe not widely applied. It may be a mish mash of small companies with conflicting junkware. This will happen within the next few months after the MsExit. It is not panic time yet but maybe Pre-Panic or PRE Pre Panic.

    Op'Inion

  7. #6
    Platinum Lounger
    Join Date
    Dec 2009
    Location
    Earth
    Posts
    3,551
    Thanks
    7
    Thanked 225 Times in 213 Posts
    An image backup and freeze software will protect against any new threat.

    cheers, Paul

  8. #7
    Super Moderator
    Join Date
    May 2002
    Location
    Canberra, Australian Capital Territory, Australia
    Posts
    3,879
    Thanks
    0
    Thanked 183 Times in 168 Posts
    IMHO the imminent demise of XP is greatly exaggerated. Not a single AV vendor has announced that they'll stop supporting it - even the AV products from MS will continue doing so for the foreseeable future. Sure, MS won't be issuing patches to the OS, but that's not to say every OS flaw that might be revealed creates a fatal vulnerability for the hacking/virus writing community to exploit.
    Cheers,

    Paul Edstein
    [MS MVP - Word]

  9. The Following User Says Thank You to macropod For This Useful Post:

    gemini06720 (2013-12-08)

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •