Threat Level: green Handler on Duty: Kevin Liston

SANS ISC: XPired! - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
XPired!

Yes, Windows XP is about to Xpire. This sunset has been a while in the making, and has even been paused so that the world could admire it a while longer. But now, it really is upon us, on April 8, the earth rotation will stop for a second or three, and then move on.

If you don't know whether you are running Windows XP, you are probably not reading SANS ISC, but for the off chance that you are, Microsoft now have a cute site http://AmIRunningXP.com to tell you. I wonder how many Mac users connect to that site, just to make sure :).

If you are still running XP anywhere, the current MSFT Blog states that users of XP who have "auto-update" turned on will see a *Warning* come March 8. So ... expect grandma to call and ask about the weird pop-up. It was anyway overdue that you talked to her. Kudos to Microsoft for keeping us connected with our family!

Long story short: If you are still on XP, get off it. The mentioned blog is now even offering migration tools, though that "free" offer is somewhat of a trojan: If you want to move applications in addition to your data, it comes with a 23$ price tag. But why anyone would opt to "migrate" applications rather than go for a clean re-install is anyway beyond me .. as is using a "migration tool" black-box without knowing what is actually being migrated.

Here's my XP migration 101:

  1. Determine if your box can run Windows 7 (enough muscle and memory). Yes, I wrote Windows 7. Who wants Windows 8, anyway?
  2. If no, buy a new computer. Not necessarily a PC. Then go to step 8.
  3. If yes, get yourself a new Hard Drive that fits, and a USB drive enclosure for the disk that is currently in the box.
  4. You'll need to buy a new OS. It doesn't come for free. You might find out that you have to buy Windows 8 after all, because Windows 7 supply is artificially shortened. Well, you had it coming. Life punishes he who is late. What were you waiting for? If the price tag of disk+enclosure+OS turns out bigger than buying a new computer, go to step 2.
  5. Install the new HD, and the new OS onto it.
  6. Boot the new OS. It probably won't bluescreen. Reinstall only the ~five applications that you remember using in the past two weeks or so.
  7. Attach the old HD via USB
  8. Manually copy whatever you still need of your data over. Be skimpy, you can always go back to the original disk if something vital is missing.
  9. Enjoy, sort of.

 

Daniel

367 Posts
ISC Handler
"1. Determine if your box can run Windows 7 (enough muscle and memory). Yes, I wrote Windows 7. Who wants Windows 8, anyway?"

I would add this advice: if the CPU does not support hardware Data Execution Prevention, it's an automatic no-go. For the record, Windows 8 does have substantial security hardening above and beyond Win7 (ref: Valasek's presentation at Black Hat 2012) , and with a free or very cheap Start Menu add-on it's tractable enough that the occasional UI annoyances are worth the security IMO.
Daniel
12 Posts Posts
Microsoft is apparently trying even harder now to nudge people away from XP by providing a free data-migration tool which "copies your files and settings from your Windows XP PC to a new device running Windows 7, Windows 8 or Windows 8.1. This tool will copy your files, music, videos, email and user profiles and settings from your old PC to your new device, transferring across your home or work network, and even enables Windows XP users to customize exactly what they want to bring over to their new device."

Ref:
http://blogs.windows.com/windows/b/windowsexperience/archive/2014/03/03/new-windows-xp-data-transfer-tool-and-end-of-support-notifications.aspx

--roseman
Anonymous
Posts
Hey Daniel,

nice article, but maybe you would like to write an additional article, how to deal with XP within enterprise networks.

- network segregation
- host based firewall
- etc etc

A
A

3 Posts Posts
You wrote Windows7? That explains all those goto's in your psuedo-code. ;-)
Moriah

133 Posts Posts
The Emerging Threats ruleset for SNORT has rule sid:2016879 in emerging-policy.rules. That detects "Windows NT 5.0" in outgoing user agent strings (Windows 2000). It could be easily duplicated to help you look for "Windows NT 5.1" (Windows XP) machines on your network too.
Steven C.

171 Posts Posts
One thing I haven't seen reported elsewhere, is that NOW is the time to put up your XP honeypot. You way be wondering why I would say that... but assuming there is about to be an uptick in malware using techniques the purveyor doesn't expect a patch for, it's a good chance to catch these techniques in the live. And quite likely a good many of the techniques would have some application for later versions of the Windows OS as well.
Anonymous
Posts
Last week, I helped a friend migrate from Windows XP to a Mac Mini running OSX Mavericks.

Apple has a migration-tool to copy files/contacts/bookmarks/E-mail, but the documentation did not really emphasize that it is a direct computer-to-computer migration, not a "dump-the-good-stuff-to-an-external-device".

The Xpiring computer had PS/2 keyboard and mouse, and a VGA-only monitor. Since the Mac Mini comes without peripherals, I had to scramble to find a second monitor (with DVI input), a USB keyboard, a USB mouse, power-cords for the monitor, the 2-Ethernet-port router, and a power-bar to connect the second monitor and the Mac Mini and the router, since there were insufficient empty sockets on the existing power-bar.

Tha Apple software recommends to turn-off Windows Automatic Update, and to turn-off the Windows Firewall (although the file-transfer worked without this action). I would add to disable the "up-link" Internet connection on the router.

Note: the first time that you turn the Mac Mini on, you can choose to run the Migration software, or to do it later.
I could not get the Migration software to do the "first-time" computer-to-computer connection, but the "do-it-later" option worked fine.

Hint: when configuring the Mac Mini, create the first ID with a name like 'Administrative Account', intead of the personal name of the purchaser, because the migration tool will create a second ID to receive all the transferred stuff.

The only item not transferred was the E-mail password from Outlook Express on the Xpiring system.
Ask the purchaser to "remember" that value -- they may have forgotten it, since Outlook Express has been remembering it on their behalf.
Anonymous
Posts
I have been putting older folks and others that do not want to buy a new pc on Linux. Have settled on Linux Mint Mate as it really seems to perform well on old hardware and the start menu is in the same place as xp. The hardest change for older folks is switching from outlook express.

I have been putting my business clients on windows 7. The ones with enough cash for new equipment I am putting windows on vm's with cent os underneath. In the long run this xp changeover is going to lessen my visits to each machine and more monitoring remotely. I like it.

Server 2003 still has another year left in it and I am hoping to move all of those old servers onto aws or other cloud service.

This has also been an opportunity to get people off MS Office.
zdanb

1 Posts Posts
I haven't seen anything definite, but the original XBOX ran a custom XP version.

How many may still be in service?

Anyone know if these game consoles are vulnerable and has anyone come up with migrations other than never ever connecting to the internet again?
BezantSoft

1 Posts Posts

Sign Up for Free or Log In to start participating in the conversation!