Errius wrote:

What can be done with old XP computers that haven't the horsepower to run newer Windows?

I installed Lubuntu on a couple P4's for light Office internet and usage and seem to be ok. Not saying I would want it as my main PC though

Errius wrote:

They're under no obligation to support an expired OS. People were warned to move off XP years ago.

Also thought this was actually quite nice of MS.
They ran a big enough campaign explaining the risk of continuing to use XP, They could of used this as the final nail in the coffin.

As an example I support a company that still uses about 5 XP machines hooked up to industrial size printers, (Google HP TJ 8600) which only support XP.
Each of these things make the company £1000's a day and run 24/7 (admittedly not non stop) They aren't going to get rid of them just casue they run a old OS.

And yes we have patched the machines as a precaution, even though they are only used for the print software, they still have limited network access for remote support.
As a general rule MS are actually pretty good at supporting the corporate world IMHO

Errius wrote:

What can be done with old XP computers that haven't the horsepower to run newer Windows?

First, install the microsoft patch. Then install CryptoPrevent. The patch will keep an infection from spreading to other devices on the network, CryptoPrevent will hopefully keep an infection from occurring in the first place.

I think XP is still fine as long as you practice safe computing. 😉

It's not me it's my parents. My dad is paranoid about XP and wants to install Windows 7/8/10 on their computer. I've warned him it will become too slow to use if he does that. So he just doesn't use it any more. Problem is, all of his emails are on there going back years. Can Linux email clients import Outlook 2007 email archives?

Errius wrote:

It's not me it's my parents. My dad is paranoid about XP and wants to install Windows 7/8/10 on their computer. I've warned him it will become too slow to use if he does that. So he just doesn't use it any more. Problem is, all of his emails are on there going back years. Can Linux email clients import Outlook 2007 email archives?

Not very easily. 🙁 If his mail account supports IMAP, and he's using something with lots of storage (like gmail) then he could just connect Thunderbird on Linux to the IMAP acct and suck them in that way.

Honestly, if you secure XP well, he should be able to keep using it. I recommend CryptoPrevent, Norton ConnectSafe DNS, MVPS HOSTS, and uBlock Origin browser plugin. That combination should keep his XP secure for the time being. And occasional scans with Malwarebytes.

I suppose you could get Outlook working in Linux with Wine, but I don't have experience with that:
http://www.webupd8.org/2011/01/how-to-install … ce-2007-in.html

Even if the original mail host used POP or MAPI, probably the easiest way to transfer is via an IMAP server. Full folders can be copied over to IMAP from Outlook and then copied into your new mail client.

Thunderbird can also import compacted .PST databases, but the client itself is probably as heavy on resources as any modern operating system. I've had it using 1GB of RAM simply idling and watching for new mail, but I also have over 100,000 messages in my IMAP storage and mirrored locally.

kode54 wrote:

Thunderbird can also import compacted .PST databases, but the client itself is probably as heavy on resources as any modern operating system. I've had it using 1GB of RAM simply idling and watching for new mail, but I also have over 100,000 messages in my IMAP storage and mirrored locally.

According to this page, this only works on older versions of Thunderbird. At any rate, the page does give a lot of the other suggestions that have been described here.

Jade Falcon wrote:

I had a xp VM I was able to infect. Maybe there is more then one stran of the malware? I can also confirm that the patch only p […]
Show full quote

I had a xp VM I was able to infect.
Maybe there is more then one stran of the malware?
I can also confirm that the patch only prevents it from spreading.
this is my experience with the 2.0 version

As I thought. There seems to be a lot of mis-reporting on this in the tech world. They are reporting that if you have the MS patch installed, you are immune from infection. Actually, you're only immune from passing it on to other computers on your network via SMB.

clueless1 wrote:

Jade Falcon wrote:

I had a xp VM I was able to infect. Maybe there is more then one stran of the malware? I can also confirm that the patch only p […]
Show full quote

I had a xp VM I was able to infect.
Maybe there is more then one stran of the malware?
I can also confirm that the patch only prevents it from spreading.
this is my experience with the 2.0 version

As I thought. There seems to be a lot of mis-reporting on this in the tech world. They are reporting that if you have the MS patch installed, you are immune from infection. Actually, you're only immune from passing it on to other computers on your network via SMB.

Well I have installed CryptoPrevent on my PC's --all of them. That should make them immune to infection, no?

Kreshna Aryaguna Nurzaman wrote:

Well I have installed CryptoPrevent on my PC's --all of them. That should make them immune to infection, no?

Never trust a 3'rd party security tool you haven't proven to work as intended.
Not saying it doesn't help. But I have a hard time putting blind trust into anything AV or anti malware.
Malware is always evolving and I don't trust AV or anti malware to keep on top of it for me. This is way I always have a few test systems/VMs for testing anti malware software with new malware.

Think of Anti malware and AV as insurance in that its better to have it then no to, but it will not make the all the bad things stay away for good.

Jade Falcon wrote:

Never trust a 3'rd party security tool you haven't proven to work as intended. Not saying it doesn't help. But I have a hard tim […]
Show full quote

Kreshna Aryaguna Nurzaman wrote:

Well I have installed CryptoPrevent on my PC's --all of them. That should make them immune to infection, no?

Never trust a 3'rd party security tool you haven't proven to work as intended.
Not saying it doesn't help. But I have a hard time putting blind trust into anything AV or anti malware.
Malware is always evolving and I don't trust AV or anti malware to keep on top of it for me.

You should read up on the CryptoPrevent page. They disclose everything they do. Basically, they use software restriction policies to prevent malware from executing if it gets on your system. They are not some cheesy security program that does who-knows-what with some secret sauce. Even in the UI, you can see exactly what rules are available and being implemented, and you can choose which to implement and which to not. It's like implementing SRPs via group policy, but you don't have to be joined to a domain or have a Pro version of Windows.

edit: they have demonstration videos infecting themselves, then applying their policies and showing how they don't get infected.

Kreshna Aryaguna Nurzaman wrote:

Well I have installed CryptoPrevent on my PC's --all of them. That should make them immune to infection, no?

You can never say you are immune to infection. But you are well-protected. CryptoPrevent does periodically update their rules, so you will want to keep it updated (or pay for it and have it automatically update). In fact, I think they tweaked some rules in response to WannaCry.

One thing that I learned after doing digital forensics and cyber security in college is that nothing is safe, once the basement dwellers and script kiddies figure out what is running on a system it is only a matter of time till a exploit is found. Wouldn't surprise me that at some point people will resort to isolated systems or even analog if it is sensitive enough. The part that scares me the most is that critical infrastructure like power plants is exposed to this crap.

Since i'm only sharing files/printer over the LAN, and most of them are using Win XP or 9x, i would simply disable NetBIOS over TCP/IP and install NETBEUI as alternative protocols.
Its too bad since Win 7 (or was it Vista?), Microsoft despise such workaround and make NETBeui protocol non functional.

Here's a video by Foolish IT (the company that makes CryptoPrevent) published today (May 18, 2017) that shows WannaCry vs. Windows XP and CryptoPrevent.
https://www.youtube.com/watch?v=mleDcyOFXcA

clueless1 wrote:

Jade Falcon wrote:

Never trust a 3'rd party security tool you haven't proven to work as intended. Not saying it doesn't help. But I have a hard tim […]
Show full quote

Kreshna Aryaguna Nurzaman wrote:

Well I have installed CryptoPrevent on my PC's --all of them. That should make them immune to infection, no?

Never trust a 3'rd party security tool you haven't proven to work as intended.
Not saying it doesn't help. But I have a hard time putting blind trust into anything AV or anti malware.
Malware is always evolving and I don't trust AV or anti malware to keep on top of it for me.

You should read up on the CryptoPrevent page. They disclose everything they do. Basically, they use software restriction policies to prevent malware from executing if it gets on your system. They are not some cheesy security program that does who-knows-what with some secret sauce. Even in the UI, you can see exactly what rules are available and being implemented, and you can choose which to implement and which to not. It's like implementing SRPs via group policy, but you don't have to be joined to a domain or have a Pro version of Windows.

edit: they have demonstration videos infecting themselves, then applying their policies and showing how they don't get infected.

Trust is a weakness. And you should never trust someone trying to sell/pitch something to you.
I'm not saying that it doesn't work. Just don't blindly trust someone with software like this.
Look at what happened to AVG free. Not so free nowadays is it?

Errius wrote:

What can be done with old XP computers that haven't the horsepower to run newer Windows?

POSReady2009 updates. Or install Linux. 😉

mr_bigmouth_502 wrote:

Errius wrote:

What can be done with old XP computers that haven't the horsepower to run newer Windows?

POSReady2009 updates. Or install Linux. 😉

Carful with pos updates.
They arnt tested on xp pro or home. But I can't see anything bad happening other then a false sense of security. Pos update may be different enough at times to be ineffective on pro or home. But I have yet to see that. But I'm not really testing all the pos update ether.

Looks like some tech news places are now saying XP can't spread the worm? I found that it can. But did had trouble getting it to spread on a bone stock install of xp. Maybe something in updates alows it to spread? I really should to do more testing and take time in writing a paper on it. Bit I'm not taking my work home with me.

Jade Falcon wrote:

clueless1 wrote:

Jade Falcon wrote:

Never trust a 3'rd party security tool you haven't proven to work as intended.
Not saying it doesn't help. But I have a hard time putting blind trust into anything AV or anti malware.
Malware is always evolving and I don't trust AV or anti malware to keep on top of it for me.

You should read up on the CryptoPrevent page. They disclose everything they do. Basically, they use software restriction policies to prevent malware from executing if it gets on your system. They are not some cheesy security program that does who-knows-what with some secret sauce. Even in the UI, you can see exactly what rules are available and being implemented, and you can choose which to implement and which to not. It's like implementing SRPs via group policy, but you don't have to be joined to a domain or have a Pro version of Windows.

edit: they have demonstration videos infecting themselves, then applying their policies and showing how they don't get infected.

Trust is a weakness. And you should never trust someone trying to sell/pitch something to you.
I'm not saying that it doesn't work. Just don't blindly trust someone with software like this.

That's why I suggested that you read up on the product and test it out. I've already done that. You should understand the significance of it using SRPs--it's already built into Windows via local or group policy, and uses zero resources. That to me makes it more trustworthy. It's when security programs come up with their own proprietary secret formulas that you need to trust blindly. At least with this product, you can see what it's doing and base your trust on something tangible.

Wait, so all it does is change group policy settings and Software restriction policies, basic file/folder monitoring and black lists PUP?
Why would one need this? You can do all this without any app with what's provided within windows.
Sound more like a lazy way out to me but If it does what's it clams to do it should stop most ransomware along with malware that try's to make system changes. Neat idea for those that don't know or have the time to properly secure there systems.