Safe use of post-mortem XP on a network

Topic

New Reply

If we accept the notion that using Xp won’t be safe when MS pulls the plug, I was wondering if old XP boxes could be sufficiently hardened/firewalled to be used as thin clients on a LAN, accessing a terminal server (inside the LAN) via RDP. The server will be running a fully-patched version of Server 2008 R2. All internet access will be from within the remote desktop session.
This could be an economical solution for internal networks with a lot of XP pro boxes.
Amy thoughts?

Reply | Quote

Replies

I think that could be a reasonable usage scenario. Add something like a good HIPS to XP and it will be even safer.

Reply | Quote

You would also need to ensure you are running a supported version of Office and PDF reader plus lock down USB/Optical drives.

The latter can be used for sneakernet, while Office has many vulnerabilities that will continue to be patched. If you collect a compromised Office document or PDF, you could just as easily be compromised.

However, with a HIPS and no network route to the outside world any damaged caused though the vectors mentioned should be fairly small.

Reply | Quote

XP is easy to tie down so you can auto-logon and run RDP, then logoff / reboot when the session finishes. You could even freeze the OS with something like DeepFreeze.

cheers, Paul

Reply | Quote

My opinion is that one should probably migrate as soon as one can. There are many large organizations like the VA, hospitals , clincs and companies which are on XP. When MS pulls the plug they will stop updates which keep the wolves at bay and the attacks will multiply pretty rapidly unless some other company steps in to plug the dykes but it won’t be free or cheap and maybe not widely applied. It may be a mish mash of small companies with conflicting junkware. This will happen within the next few months after the MsExit. It is not panic time yet but maybe Pre-Panic or PRE Pre Panic.

Op’Inion

Reply | Quote

An image backup and freeze software will protect against any new threat.

cheers, Paul

Reply | Quote

IMHO the imminent demise of XP is greatly exaggerated. Not a single AV vendor has announced that they’ll stop supporting it – even the AV products from MS will continue doing so for the foreseeable future. Sure, MS won’t be issuing patches to the OS, but that’s not to say every OS flaw that might be revealed creates a fatal vulnerability for the hacking/virus writing community to exploit.

Cheers,
Paul Edstein
[Fmr MS MVP - Word]

Reply | Quote