Perfect protection for Windows XP
The hysteria around Windows XP is very similar to “Error 2000”, when everyone was afraid of the onset of this same two thousand year. How many budgets were put for it, how much new equipment was sold, and how much was earned from research and consultations ... In general, “there has never been and here again,” as Chernomyrdin used to say. Now, everyone is burying Microsoft XP with the help of Microsoft - we also need new operating systems, new hardware, and most importantly advice on switching to a more modern one. In fact, the transition to a new version of the OS is, often, the transition to a new hardware and it is for this money that Microsoft, Intel and other high-tech consumers of money count.
But it seems to me that this operating system began a new life. Since it has long been gone, those who need to constantly put updates to be in trend, users of games and the Internet, fans of all software and forget about it. There are only those who use this OS for work, for whom more modern crafts in general do not add anything, except for the resources needed for all sorts of beauty. Of course, Microsoft is interested in translating all to new versions, and, of course, for the most obstinate, the legend about the insecurity of Windows XP and mass attacks after the end of support for this OS was invented and promoted. Analysts say that the security of Windows XP suddenly suddenly - in one day - will decrease five times. But why change what works. The peculiarity of such “working” OS configurations is a stable environment, the absence of the need for new programs and a resource constraint. This allows you to make an almost perfect environment for protection.
Since no corrections or new programs need to be installed into the system, it is sufficient to simply fix the starting sequence of the operating system so that not a single malware can enter it. To do this, you can protect the BIOS from password modification, make the operating system executable files read-only, and consider any attempt to install a new program or configuration change in the registry for malicious activity. True, you need to pre-configure "My Documents", temporary directories and space for storing system logs on another disk, which, of course, open including to write, if necessary. As a result, you can get almost perfect protection.
Of course, holes in such a system will remain, therefore buffer overflow and other attacks will be quite relevant, but they will not be able to be fixed in the system. Therefore, the more often such a system will reboot, the better. Nevertheless, defense mechanisms in an immutable environment will work better and more efficiently - it is enough to control its immutability and prevent the unusual behavior of applications, which is considered a sign of an attack. It is possible specifically for such a task to adapt any Open Source product, such as ClamAV, or you can take advantage of commercial developments - products for implementing these principles are quite there in Symantec and Safe'n'Sec, so it’s not necessary to refuse working products for their supposed insecurity. You can simply change the protection paradigm of Windows XP, without relying on Microsoft who has betrayed its brainchild.
But it seems to me that this operating system began a new life. Since it has long been gone, those who need to constantly put updates to be in trend, users of games and the Internet, fans of all software and forget about it. There are only those who use this OS for work, for whom more modern crafts in general do not add anything, except for the resources needed for all sorts of beauty. Of course, Microsoft is interested in translating all to new versions, and, of course, for the most obstinate, the legend about the insecurity of Windows XP and mass attacks after the end of support for this OS was invented and promoted. Analysts say that the security of Windows XP suddenly suddenly - in one day - will decrease five times. But why change what works. The peculiarity of such “working” OS configurations is a stable environment, the absence of the need for new programs and a resource constraint. This allows you to make an almost perfect environment for protection.
Since no corrections or new programs need to be installed into the system, it is sufficient to simply fix the starting sequence of the operating system so that not a single malware can enter it. To do this, you can protect the BIOS from password modification, make the operating system executable files read-only, and consider any attempt to install a new program or configuration change in the registry for malicious activity. True, you need to pre-configure "My Documents", temporary directories and space for storing system logs on another disk, which, of course, open including to write, if necessary. As a result, you can get almost perfect protection.
Of course, holes in such a system will remain, therefore buffer overflow and other attacks will be quite relevant, but they will not be able to be fixed in the system. Therefore, the more often such a system will reboot, the better. Nevertheless, defense mechanisms in an immutable environment will work better and more efficiently - it is enough to control its immutability and prevent the unusual behavior of applications, which is considered a sign of an attack. It is possible specifically for such a task to adapt any Open Source product, such as ClamAV, or you can take advantage of commercial developments - products for implementing these principles are quite there in Symantec and Safe'n'Sec, so it’s not necessary to refuse working products for their supposed insecurity. You can simply change the protection paradigm of Windows XP, without relying on Microsoft who has betrayed its brainchild.
')
Source: https://habr.com/ru/post/219381/
All Articles