How I Use Windows XP in 2025
I seen a recent post on Reddit asking about using Windows XP securely, so here are my recommendations:
First make sure your machine is at the very least behind a NAT/Router that has a firewall, and make sure you aren't port forwarding things to your Windows XP machine unless you know exactly what you're doing.
I would then disable UPnP (Printer & File Sharing Services), and 100% disable Remote Desktop stuff, including in the Windows Firewall if the exception is still checked in there.
You can disable some of this by going to Control Panel > Add and Remove Programs > Add/Remove Windows Components, and unchecking IIS, Networking Services, and Other Network File and Print Services.
Then, go to Control Panel > Switch to Classic View > System > Remote Tab, and uncheck "Allow Remote Assistance invitations to be sent from this computer" as well as "Allow users to connect remotely to this computer".
Then, go to Control Panel > Switch to Classic View > Windows Firewall > Exceptions tab, and uncheck "File and Printer Sharing", "Remote Assistance", "Remote Desktop", and "UPnP Framework".
Finally, open up legacyupdate.net and make sure you have all the updates, and install Windows Security Essentials from there. Then go to legacyupdate.net/faq/issues and download the "Windows XP and Vista 32-bit Security Essentials" definition updates that it provides. This will protect you from old viruses by bringing Security Essentials up to date through 2019. Any new virus techniques made after 2019 won't be protected, so you may want an additional virus scanner.
My last recommendation is to check out protoweb.org for a proxy service that recreates the late 90s web.
There are likely other recommendations that will help to make sure you stay more protected on Windows XP:
- You can switch out Internet Explorer for Supermium or some other browser that has gotten more updates, or you can choose to disable JavaScript and cookies completely from browsers.
- Putting your machine on a VLan is even better to make sure it cannot access the other computers on your network.
- Also, make sure you know that any programs you are installing/running are safe.
Apr 02 ยท 1 day ago ยท ๐ wasolili, HanzBrix
20 Comments โ
๐ stack ยท Apr 02 at 14:49:
That is a very useful guide, thank you!
My XP Black downloaded from the newsgroups in the 90's is probably a bad idea!
๐ธ HanzBrix ยท Apr 02 at 15:03:
I think the best recommendation would be for it to not be allowed to directly touch the internet. ๐
Even shortly after the run out of the last security updates, there was so many exploitations discovered (no cve's, as the system wasn't supported by then).
I think VLAN is a good idea, but maybe also cap all access to that VLAN through a modern proxy. In general, the system should not be allowed to call outside the VLAN for unverfied IP/URL's.
๐ฆ bluesman ยท Apr 02 at 15:45:
Thanks. I sometimes use XP in VirtualBox to check out a program I wrote in Turbo Pascal back in the day. Wait, maybe it's actually Windows 98. Scary.
๐ clseibold [OP] ยท Apr 02 at 16:16:
@HanzBrix I didn't mention this in my post above, but after Windows XP security updates stopped, they were still releasing updates for Windows Embedded POSReady. So that Legacy Update I mentioned will basically allow you to install those updates. They only go up to 2019, but it offers better protection.
I'm not sure if anybody has created any other updates, but I know theres Extended Kernels (and the OneCore API, which has loads of bugs, but does offer some interesting compatibility stuff).
Legacy Update does also update the Certificate Trust List too.
To my understanding, the majority of the bugs come from old network protocols (like SMBv1, Remote Desktop, and UPnP), which is why I show how to disable those things.
It's always unfortunate to me the way Microsoft's OS updates always discards support for older hardware. You don't see this in Linux. I could install a new version of Linux on my old Windows XP machine. I *can't* install Windows 10 or 11 on it, however.
This is why it irritates me when people say "just don't choose to use Windows XP and use a new OS." You *can't* actually use new Windows versions for old unsupported software *or* or old hardware. The only alternatives right now are Wine or ReactOS, both of which don't have the full compatibility that they need to run all of the software from this era.
๐ธ HanzBrix ยท Apr 02 at 17:29:
@seibold I still think the biggest attack surface is the web, as a lot of the attack surfaces that were discovered with the web, that can't even be patched into XP.
Plus even 6 year old updates is very out of date.
I honestly thought ReactOS was just another *nix xD
๐ป darkghost ยท Apr 02 at 17:46:
ReactOS is the easiest way to reproduce the Windows 95 experience. It is very buggy with questionable security. (I still think it's an awesome effort.)
It's odd as an old person to be thinking of retro OS's as internet capable in such a degree that it becomes useful to put them on the net. Sure it's fun to put windows 98 on the internet and you could back in the day. But there was still plenty of offline software and an internet connection wasn't either a given or a constant. XP existed from the time you primarily bought software on CD to the time you no longer did. It's a transformative era and worth exploring some more.
๐ธ HanzBrix ยท Apr 02 at 18:27:
@darkghost Personally I always felt WinXP was the pinnacle of windows, it was all back downhill from there. :P
If ReactOS ever gets a version of office to work, I would happily use that instead.
๐ clseibold [OP] ยท Apr 02 at 18:37:
@HanzBrix Sure, but if you have all your browsers go through the ProtoWeb proxy, then the attack surface is much lower :D
What's cool is ProtoWeb does have some live current content: Wikipedia, WarpStream (a YT alternative made to look like very old YT), Shoutcast (Live Radio), Weather Forecasts, Dictionary.com, Garfield Onine, Rocketsnail, and Runescape.
If anybody wants to contribute to get more old websites online, or more live content, then you can go to their website and sign up for that.
๐ clseibold [OP] ยท Apr 02 at 18:41:
I think you can get one version of Microsoft Office to work on ReactOS, but I'm not sure. Development is kinda slow, but they are actually now working on getting newer win32 APIs from Vista onwards supported. I'd try it in a VM, as it has just gotten a new update that improved security and a bunch of other stuff.
The only weird thing right out of the gate is the default filesystem is still Fat, even though they have an NTFS driver, afaik.
๐ stack ยท Apr 02 at 19:18:
ReactOS is the easiest way to reproduce the Windows 95 experience. It is very buggy with questionable security.
That makes it that much more like the real thing!
๐ฆ wasolili [...] ยท Apr 02 at 19:26:
You may be able to reduce some of the security risk of web browsing by using a sandbox program like sandboxie or whatever the goto in the windows world is these days.
๐ป darkghost ยท Apr 02 at 22:17:
@Hanzbrix Allegedly ReactOS runs Office 2010. I found old forum posts mentioning this, I haven't verified this personally.
๐ธ HanzBrix ยท Apr 02 at 22:19:
@dark I'm off to see if I can find a version of 2010 ๐
There is at least one website I know of that still occasionally shares modified Windows XP releases. They come with backported modern browsers, updated root certificates, slipstreamed tweaks, forks of popular programs, and more. The site's comment section has link to even more useful resources. I've tried their builds, and they work fine as a daily driver. (I won't name the site I know of, since their images use cracked WGA and thus constitute piracy.)
Perhaps you could mention the URL, so that we can ...cough... avoid becoming pirates and stay away from it?
Might be a dumb question, but do we actually care about piracy on Gemini?
'Intellectual Property' is not at all property. It is a legal illusion enforced by people with guns. Property can be owned by virtue of transferability -- the other party no longer has it. It is absurd to consider ideas or information property.
If you really care, do not disclose it and keep it secret.
I would not want to deprive a lone programmer of income, and decency is a moral, not a legal choice.
However, I would not feel bad about copying of an abandoned operating system, especially considering that Microsoft is pretty close to an 'evil empire'. Retro sites often maintain and improve and document abandoned code, and should be supported.
Also, piracy is a propaganda term. Pirates raped and pillaged, killing people and taking their crap.
Making a copy of a published sequence of bits, while the owner still has these bits, is not piracy. Let us not feed the bear.
๐ป darkghost ยท 6 hours ago:
Stealing in the abstract, depriving rights holders of their legally sanctioned monopoly on a series of images, a sequence of sounds, an assemblage of words, or a specific stream of ones and zeros. Antithetical to the human desire of sharing common experiences, making illegal a basic social need. Remember, it is an illegal public performance to have a radio on that is playing music. And it is illegal to hum along.
This is quite different from burning down a galleon owned by the world's richest empire and taking the gold for personal profit.
@stack From this day on, it shall be known as librarying!
Source