Keeping an XP machine safe

CraigB

CraigB

Ich bin ein Kartoffel
DONOR
Joined
Feb 14, 2007
Messages
17,851
Location
SWMO
Car(s)
Mustang SVO - Frontier Pro-4X - BRZ - D21 Hardbody
At the trophy shop I've got an ancient XP machine that runs one of the engravers. The software and hardware required to run it will not work with a newer computer. The engraver it's self is a rock solid old unit that works every time and they still build (with different software and hardware) today. I don't want to spend the money to upgrade the engraver since it does work as it sets. So, that leaves me keeping the XP machine running.

I have already taken the steps of disconnecting it from the internet and I'm working on removing any software not necessary to running the engraver. I need to keep Corel Draw on it as well to occasionally retrieve old designs the previous owner had done for dye sublimation.

I do need to move files from the XP computer with a thumb drive on occasion. Mostly just the old VND files that the engraving software uses. I take them over to the new laser computer/engraver and use them to build a new laserable file. However not everything we do can be moved to the laser and there are some legacy plaques that need to be matched on the old engraver.

My questions: Is there anything else I can do to keep the XP computer safe? What should I do about the thumb drive I use between the three computers at the shop (iMac, Windows 8, XP)?
 
We're taking steps to virtualise anything that's XP and critical (some older software). In it's simplest form that means downloading XP mode on a Win7 machine and putting your software on that. Some packages will allow you to take snapshots and revert to them if there are problems, meaning that you should always be able to access a working and clean machine. Also doing this means you're plugging the thumb drive in to a later machine that's up to date first so any nasties should be caught before they hit XP.

That's how I'd do it anyway. :p
 
Have a virus scanner scan anything you put on that thumbdrive before you insert it into the XP machine. But basically the only step needed to take is to take it off the internet and other forms of networking. As soon as it's off the internet, you're safe from 99.999% of attack vectors, nor are you of any interest to 99.999% of hackers. They cannot use it for botnets, they cannot use it to get your bank details, they cannot use it for anything except perhaps some of the more far-fetched and only theoretical hacks that use ultrasonic sound and other non-network wireless communication. But I doubt you're a high-profile enough target to warrant such an attack.
 
I would do regular disk images... that way if there's something gone wrong, you can restore to a previous image hopefully not too old.
 
I agree with mpicco, if the hard drive clanks out you may have a tough time restoring it without an image. Otherwise Adunaphel is on the mark.
 
It has a external hard drive that we back all the jobs up to and I have the software that we run the engraver with. I've actually had to start from scratch with this computer before when the first computer literally blew-up (as in sparks and smoke from a poorly installed power supply).
 
As has been pointed out before, disconnecting the machine from the internet will eliminate most attack vectors, especially most that may be exposed by newly-discovered security flaws MS won't fix.

If you want to add an extra layer of security, you can keep a virus scanner like MS Security Essentials up-to-date manually even without an internet connection and after Microsoft's XP support ends: Just because Microsoft stops providing updates for Windows, it does not mean that antivirus software makers (including Microsoft's antivirus division) stop supporting their XP products.
 
Have you thought of doing the physical-to-virtual conversion and seeing if the software will run in an XP VM on a more recent machine? That's been a solution to many similar situations I've had with legacy gear at clients. It also neatly lets you bypass the "what if the critical but old hardware dies" issue if it works.
 
mpicco said:
Don't forget about this incredibly helpful tool bar with Ask search!
Click to expand...

You haven't lived until you've installed McAfee!
 
Spectre said:
Have you thought of doing the physical-to-virtual conversion and seeing if the software will run in an XP VM on a more recent machine? That's been a solution to many similar situations I've had with legacy gear at clients. It also neatly lets you bypass the "what if the critical but old hardware dies" issue if it works.
Click to expand...

I might try something like that with the laser computer (Windows 8). It does lack the parallel port required to run the hardware though.
 
Keeping an XP machine safe

You can still get parallel cards and sometimes a USB to parallel adapter will work.
 
Last edited:
CraigB said:
The software used has a hardware dongle that had to be plugged in as well. I guess I'll buy a card to try it out.
Click to expand...

Good luck. If you need some help, PM me - I have lots of experience with this sort of conversion.
 
You must log in or register to reply here.
Top