Just to add, if some software forces you to install to C:\ and you don't have a big enough drive, pre-make the directory as an NTFS junction to a directory on another drive.
I was waiting to see what miraculous solution the author had for making Windows XP safe to use, especially since they were adamant that they didn't use sandboxes or VMs. Turns out their safety is just "don't download weird stuff" and "if you care about security you are probably a paranoid loser". So really you should not follow this guide and if you do for heaven's sake do not connect the machine to the internet. You are unlikely to be targeted by a 0-day or even a 1-day but when it comes to 1000+-day vulnerabilities against an OS with barely any security mitigations you are just tempting fate. Don't do this.
Same, the title made me think someone maintained/compiled an extensive list of patches to have XP with countermeasures against all the 1000+ vulnerabilities you talk about :)
Too bad, XP was pretty great UX and indeed fast. I didn't ever used Windows on my own devices since...
I was expecting a half joking guide to disabling the networking stack completely. I don't know if it was true of XP, but I'm pretty sure there are operating systems that let you straight up uninstall TCP/IP, which would result in a mostly safe operating system...
>for heaven's sake do not connect the machine to the internet. You are unlikely to be targeted by a 0-day or even a 1-day but when it comes to 1000+-day vulnerabilities against an OS
1. If you don't have a firewall between your computer and the internet, regardless Windows XP, you're doing security wrong.
2. Assuming the above has been followed, the primary threat vectors to be concerned about are the things you run on Windows XP like a web browser and things that come into physical contact with the computer.
You are making the classic case of "Look at all these CVEs and be terrified of them!", and as someone who actually doesn't have enough damns to give to every single threat vector imaginable, the only "loser" here is you for engaging in fearmongering.
Keeping yourself secure isn't accomplished by just running a supported Windows and letting Windows Update run. Come the hell on.
And rebooting servers. My FreeBSD colocated box is now on 1100+ days uptime. Two of them actually.
Running FBSD 12, Double firewall (at core hw, and at OS). Within in a jail with SSH off sits all other processes running many FBSD14 bHyve VMs.
When all that machine does is run a single VM within a Jail, where exposure to the internet is to only to deliver packets. I don't see a purpose to reboot.
There is absolutely no need and proven so to reboot that machine. Right or wrong, that's my boast anyway.
If you are using a firewall as a security feature, you are doing something wrong.
Because you run whatever cruft on your device, and you think that you can prevent all of this bad software from harming you, based on nothing but L3/L4 informations.
Firewall are very efficient in hurting sane usage. And very inneficient against malicious actors.
I don't think you understand how attack surface works. I am not pointing to a list of CVEs and scaremongering–in fact I didn't even list any. I honestly have no idea how many there are beyond there being a lot. The actual problem here, which you have missed, is that when you run your browser on Windows XP (let's assume, for the same of argument, that it's a fully up-to-date browser somehow, instead of like Firefox from 10 years ago), it will assume that the system it is running on is not completely broken. And that is not true for Windows XP. This means that when it goes to talk to your graphics card it will expect that it can pass command buffers to the OS and they will faithfully be forwarded without the system dying, except XP is old enough that it probably is missing half a dozen checks on that code path, and when you fail one of those checks someone with who took a 4 week binary exploitation class can probably pwn your entire machine. So yeah, that's what I am talking about.
There are people who run the latest-updated Windows with all the defaults (including automatic updates) and still manage to get infected by malware or otherwise mess up their system enough to need reinstalled regularly, and then there are people like this (and I know many others) who have no problems with the same system for literally decades.
I've long believed that user actions make the biggest difference in security, but because gullible users are easily phished and taken advantage of, both legally and otherwise, it's in the companies' best interests to not encourage users to become aware of that.
>then there are people like this (and I know many others) who have no problems with the same system for literally decades.
Can confirm, am one of them. Have a Pentium 4, Windows XP machine with the same install since 2008 still kicking ass; likewise a 2700K, Windows 7 machine with the same install since 2012.
Most people treat their computers (and Windows installs) like a god damn landfill with the worst refuse known to mankind.
Amen! Some folks have no concept of computer hygiene (as in, run the least amount possible, install them in a consistent manner, consider very seriously if an app is needed at all)
But it's not entirely the users' fault when apps are shaggy and put their tendrils all over, and there are, what now, seven different ways to install apps on Windows?
I stopped reading when I read that Mr Genius here judges computer speed solely based on how quickly his computer boots and shuts down.
Objectively, how quickly your computer opens programs and undertakes operations (encoding, decoding, rendering, etc), are far more important than the speed involved in turning it on and off, things which might happen twice a day each.
There are also many things that could impact how quickly a PC boots up that don't reflect that computer's hardware, but honestly crying about boot speeds after about 2013 is crazy - post-Sandy Bridge era processors and memory are all fast enough that you should only have boot speed issues if you are literally doing something wrong.
My Windows 11 12700 PC boots in 8 seconds (and that's with fast boot OFF).
I abhor Windows 11 but acting like Windows XP is a panacea (particularly if the machine is connected to the internet) is as laughable as it is asinine.
Is it really (2020)? This sort of “debloat Windows by disabling random services and tweaking random registry keys” was popular 20 years ago, when spinning rust was the only option, and it was slow spinning rust, alongside a slow CPU. You risk breaking your system for a minor improvement — minor in 2004, but completely not measurable in 2024.
Many of the suggestions are just weird, wrong, pointless cargo-cult. And hoping that disabling things in XP can make it secure, or that blocking 4500 websites will protect you from malware.
"I have been using Windows XP for over 20 years now. In 2024, I switched to Sparky Linux 7.3 LXQT, and I used it for about 3 months, and it was okay. However, I have noticed that I am more productive when I use Windows than Linux, so I went back to using Windows XP."
I, too, am not a coder, just a dilettante who likes to use several "outdated" apps simply because they do their one thing better than newer software. This is why I always find people like this interesting. There's a peculiar kind of intellectual freedom or decidedness in sticking with old/underpowered/etc non-mainstream setups.
And, I do like how unified e.g. the Win2k user interface felt. The interplay with apps from that era was flawless IMO (or I just don't remember the more annoying moments). FWIW, my own contemporary usage of e.g. WinXP (for audio montage software that a particular studio uses) has always been strictly offline, though.
This guy is very naive if he thinks flicking a few buttons in the UI of his ancient operating system is going to keep him from getting pwt.
Edit: might as well provide more info. Windows XP was notorious for its security issues which were fixed in the server version at the time. Even recent versions of Windows have been effected by 'zero-click' vulns in the TCP/IP stack which is about as bad as it gets. MS rated it a 9/10 but if all that's needed to own a box is sending the right packet then I can't imagine what a level 10 vuln looks like.
If you are behind a normal consumer router (default deny incoming connections) how to you send the right packet to the computer? It would have to be a response to a connection you initiated.
If you were careful about sites you connected to, you should be reasonably safe. I.e. I don't see Google/Microsoft/BBC/Apple/Wikipedia sending a xp-hacking packet in response to an HTTP request.
31 comments
[ 2.8 ms ] story [ 88.7 ms ] threadWhat is the reason for doing this? I use XP for some music software which is more than 120G and requires to be installed in C:/
https://www.betaarchive.com/wiki/index.php/Microsoft_KB_Arch...
Too bad, XP was pretty great UX and indeed fast. I didn't ever used Windows on my own devices since...
1. If you don't have a firewall between your computer and the internet, regardless Windows XP, you're doing security wrong.
2. Assuming the above has been followed, the primary threat vectors to be concerned about are the things you run on Windows XP like a web browser and things that come into physical contact with the computer.
You are making the classic case of "Look at all these CVEs and be terrified of them!", and as someone who actually doesn't have enough damns to give to every single threat vector imaginable, the only "loser" here is you for engaging in fearmongering.
Keeping yourself secure isn't accomplished by just running a supported Windows and letting Windows Update run. Come the hell on.
Running FBSD 12, Double firewall (at core hw, and at OS). Within in a jail with SSH off sits all other processes running many FBSD14 bHyve VMs.
When all that machine does is run a single VM within a Jail, where exposure to the internet is to only to deliver packets. I don't see a purpose to reboot.
There is absolutely no need and proven so to reboot that machine. Right or wrong, that's my boast anyway.
I get it but I just don't feel it.
Because you run whatever cruft on your device, and you think that you can prevent all of this bad software from harming you, based on nothing but L3/L4 informations.
Firewall are very efficient in hurting sane usage. And very inneficient against malicious actors.
Also, for your enlightenment:
>let's assume, for the same of argument, that it's a fully up-to-date browser somehow,
https://win32subsystem.live/supermium/ | https://github.com/win32ss/supermium
I've long believed that user actions make the biggest difference in security, but because gullible users are easily phished and taken advantage of, both legally and otherwise, it's in the companies' best interests to not encourage users to become aware of that.
However security also depends on the foundation, that's the OS and hardware beneath. If those are poor then there's no hope for stability.
Can confirm, am one of them. Have a Pentium 4, Windows XP machine with the same install since 2008 still kicking ass; likewise a 2700K, Windows 7 machine with the same install since 2012.
Most people treat their computers (and Windows installs) like a god damn landfill with the worst refuse known to mankind.
But it's not entirely the users' fault when apps are shaggy and put their tendrils all over, and there are, what now, seven different ways to install apps on Windows?
Objectively, how quickly your computer opens programs and undertakes operations (encoding, decoding, rendering, etc), are far more important than the speed involved in turning it on and off, things which might happen twice a day each.
There are also many things that could impact how quickly a PC boots up that don't reflect that computer's hardware, but honestly crying about boot speeds after about 2013 is crazy - post-Sandy Bridge era processors and memory are all fast enough that you should only have boot speed issues if you are literally doing something wrong.
My Windows 11 12700 PC boots in 8 seconds (and that's with fast boot OFF).
I abhor Windows 11 but acting like Windows XP is a panacea (particularly if the machine is connected to the internet) is as laughable as it is asinine.
Keep the money flowing, I guess?
Many of the suggestions are just weird, wrong, pointless cargo-cult. And hoping that disabling things in XP can make it secure, or that blocking 4500 websites will protect you from malware.
"I have been using Windows XP for over 20 years now. In 2024, I switched to Sparky Linux 7.3 LXQT, and I used it for about 3 months, and it was okay. However, I have noticed that I am more productive when I use Windows than Linux, so I went back to using Windows XP."
I, too, am not a coder, just a dilettante who likes to use several "outdated" apps simply because they do their one thing better than newer software. This is why I always find people like this interesting. There's a peculiar kind of intellectual freedom or decidedness in sticking with old/underpowered/etc non-mainstream setups.
And, I do like how unified e.g. the Win2k user interface felt. The interplay with apps from that era was flawless IMO (or I just don't remember the more annoying moments). FWIW, my own contemporary usage of e.g. WinXP (for audio montage software that a particular studio uses) has always been strictly offline, though.
I'd argue that not installing antivirus on your HVAC control system to make it faster is a bad idea.
Edit: might as well provide more info. Windows XP was notorious for its security issues which were fixed in the server version at the time. Even recent versions of Windows have been effected by 'zero-click' vulns in the TCP/IP stack which is about as bad as it gets. MS rated it a 9/10 but if all that's needed to own a box is sending the right packet then I can't imagine what a level 10 vuln looks like.
If you were careful about sites you connected to, you should be reasonably safe. I.e. I don't see Google/Microsoft/BBC/Apple/Wikipedia sending a xp-hacking packet in response to an HTTP request.