Microsoft issues less-than-helpful tips to XP holdouts
Don't click on bad stuff and back up a lot, Redmond tells refuseniks
Microsoft seems to have realised what most everyone figured out years ago: come April 9 there will still be millions upon millions of computers running Windows XP and therefore open to all sorts of potential attacks.
Redmond's recognition of the problem appears in a new ”Cyber threats to Windows XP and guidance for Small Businesses and Individual Consumers” document, that identifies five likely risks XP holdouts will face and offers advice on how they might be ameliorated.
Here's the list of threats and our translation of Microsoft's answer:
|Risk||Mitigation||Flaw in Microsoft's argument|
|1. Surfing the Net||Just don't visit any dangerous websites||You don't know upgrading from XP is a good idea and you're expected to know how to avoid a dodgy website?|
|2. Malware links in email and IM||Don't click||See above|
|3. Removable drives can carry malware||Don't plug in any USB storage||Not even this stick my grandson says has cute cat photos on it?|
|4. Worms targeting 0-days we won't fix||Review your firewall exceptions||WTF? Who threw the switch from general consumer advice to sysadmin-land?|
|5. Ransomware||Back up more often so you can do a clean reinstall||But what if my backup is on the USB device you warned against in Risk 3?|
If you never connect to a network, Microsoft's mitigations would probably mean you could use your XP machine safely. For the rest of us, learning about firewall exceptions looks like the best alternative, unless you are willing to follow Microsoft's oft-uttered advice that the best thing XP users can do is go buy a new computer as soon as is feasible.
Or install Linux, an operating system utterly likely to leave an XP machine eminently usable and secure. Whether many of the kind of folks who need the kind of advice Microsoft is now dishing out would find Linux an equivalent experience is a matter for other minds to consider. In the comments, perhaps? ®
Sponsored: Network DDoS protection