Solved

Windows XP and Ubuntu

Posted on 2014-01-10
26
485 Views
Last Modified: 2014-02-03
I am trying to find a way to continue to use Windows XP pro past April 2014, when Microsoft will stop providing security updates. I was thinking about installing Ubuntu on my current PCs and then using some virtual hosting software to run Windows XP guests. That way my users can use Ububtu to browse the internet and check email and that will allow me to isolate Windows XP from potential security flaws. Does this make sense? If it does how would I go about isolating Windows XP so as to shield it from the internet (I am assuming some kind of private LAN but have no idea how to set that up).

If my suggestion does not make sense then what would be the best way to do this? Please keep in mind that 1) Windows XP is a must to run the companies financial and sales software--no way around this (major budget crunch); and 2) We cannot go to Windows 8 and run VMs on it because we cannot afford the expense at this time. So whatever solution you suggest it must allow for using the current hardware and VERY MINIMAL additional costs. Thank you.
0
Comment
Question by:lionelmm
  • 9
  • 9
  • 2
  • +4
26 Comments
 
LVL 9

Expert Comment

by:rawinnlnx9
ID: 39771955
That's a very heavy handed approach. I think you'd be fine to install the free zone alarm firewall or Microsoft Security essentials.

Also, get a good firewall between your users and the web. SonicWALL has great products. I use the SOPHOS line of products which I find awesome as you can wrap destination PC's with layer upon layer of security.

Using Ubuntu to host XP won't do anything for you. I guarantee that unless you cripple IE on XP your users will still use XP to browse over switching back and forth. Also, the system resources involved, etc...

Have you stood up a test of this idea and tried using it yourself for a week? I bet you'd stab yourself in the heart in just a few days.
0
 
LVL 34

Expert Comment

by:Seth Simmons
ID: 39771986
if you don't want internet access, simply remove the default gateway in your network configuration; traffic would have no way of routing to the outside

doesn't completely prevent issues (in the event something is infected internally) but it helps
0
 

Accepted Solution

by:
wdf121 earned 100 total points
ID: 39772071
With Ubuntu and I think all Linux distros you can use Wine to emulate a Windows environment. Try the software you need with Wine to see if it works first but Wine runs just about any Windows program just fine. The other alternative is to use VM Ware but its not free and its would take more computing power than Wine to run.
0
 
LVL 9

Expert Comment

by:rawinnlnx9
ID: 39772110
How many users are we talking about here?
0
 
LVL 24

Author Comment

by:lionelmm
ID: 39772123
9
0
 
LVL 9

Assisted Solution

by:rawinnlnx9
rawinnlnx9 earned 200 total points
ID: 39772306
I still think network protection is the best vector. There's an abundance of great Linux firewalls out there you can run. If you have a box with two NIC's run one of the Linux firewalls on it. If not I purchased two gigabit USB nic's for $20 and they work flawlessly.

Ubuntu is going to give you some protection but that would drive me crazy having to switch back and forth.

I'd put a ring of steel around your network with a good firewall (that actually updates it's rule set by posted threats) uses a good heuristic scanner and knows about XP vulnerabilities.

This really shouldn't be an issue with a decent firewall on the fence. Microsoft security essentials on each desktop (or a purchased client you can get Zone Alarm Security Essentials) 3 pc license for $69 and it protects from all sorts of threats.

Ubuntu is a desktop it's not a security product. You address security concerns with tools that were made for that job.
0
 
LVL 15

Expert Comment

by:Ess Kay
ID: 39772369
why not do a dual boot?


Heres how with pictures
http://www.wikihow.com/Dual-Boot-Windows-XP-and-Ubuntu



1Insert the Ubuntu Installation CD into your CD-ROM Drive. It is assumed that you already have Windows XP installed on your computer and that you have Ubuntu Desktop Edition downloaded and burned onto a CD already
Ad

2Restart your computer.

3Press your BIOS/Setup key (Usually: F1, F2, ESC, or DEL key) while the computer starts up to get into the BIOS.

4Go to the screen where you can adjust the boot priority of your devices and move the CD-ROM Drive up the priority list, by pressing the + key, so that it comes before the Hard Drive entry as seen below.

5Save & Exit out of the BIOS with the F10 key, your computer will restart.

6On the Ubuntu Setup screen, hit Enter to Start or install Ubuntu.

7Double-click Install on the Desktop.

8Go through the installation wizard (if using Ubuntu 8.04 until you reach step 4). Ubuntu 8.10 installs a dual-boot by default installation.

9If using Ubuntu 8.04, then at step 4, select the first option, Guided - resize and you can specify how much disk space you want the new partition to use as shown below.

10Continue through the rest of the steps and click Install on step 7.

11Click Restart Now and remove the CD from CD-ROM drive.

12Done!! Every time you start up your computer now you will be prompted to select what operating system you want to start up through the GRUB Bootloader screen as seen below.





heres the youtube

https://www.youtube.com/watch?v=SrWqKbqDQpU
0
 
LVL 32

Expert Comment

by:_
ID: 39772944
I agree. Running XP in a VM is basically useless for securing it.
As far as XP is concerned, it is still directly connected to the outside. You still need an AV and Firewall.

The best you can do, is make sure you get the last updates (download them as files, so you can have them handy. Same with the SP's).
And like rawinnlnx9 said, get a good hardware Firewall, a software firewall wouldn't hurt either, and a AV that still does updates. Just because XP will no longer be supported by MS, that doesn't mean the programs you run on it will stop running and updating.

I'm still running W2K, using Zone Alarm 7, and Avira Free 10.

added note:
while there are still nasties out there that will eat on XP, the focus is moving over to Vista, W7, and W8.
So while it will not completely go away, the newer variants are less and less likely to affect XP as time goes on.
0
 

Expert Comment

by:wdf121
ID: 39773266
OK so again why not use Wine to run your Windows programs in Linux? Security and compatibility with ease...
0
 
LVL 24

Author Comment

by:lionelmm
ID: 39773587
OK thanks for all the comments especially the stab in my eye (I do run Ubuntu myself on my personal laptop and use virtual box to run XP--it is a simple shortcut on my desktop that I double click and leave open just as if it is an application). My question wasn't so much about if this can work from a functional point of view but to keep it secure. To that end thanks for all the comments on how to do so. Regarding dual booting that will not work at all--that would mean each time users wanted to use Windows then they would have to reboot and then if they wanted to check their email reboot again. I will check out Wine and then see how much some of the firewalls you recommended are. Regarding the comments about XP not being as big of a target anymore, I can only hope you are right but the history of past Windows OS's show some final activity increases by hackers who try to find any further exploits that they know will not be fixed. This is my concern. I do use a firewall already but it is a simple Linksys router firewall and I also use AVG internet security which has a software firewall in it. Thanks I will get back with you once I have had time to try some of the suggestions.
0
 
LVL 32

Expert Comment

by:_
ID: 39773640
>> ...some final activity increases by hackers who try to find any further exploits that they know will not be fixed

Good point. I forgot about them.
0
 
LVL 9

Expert Comment

by:rawinnlnx9
ID: 39773687
If you need some assistance on further selecting security products and evaluating them I've only been in this industry for 17 years. If you want my private contact information post back here and I'll find a way to put where you can get it. I have no issues at all helping you go deeper on this effort as it's of an interest to me as well. I've considered this scenario several times (not with XP but Windows in general) and perhaps I can benefit from a deeper dive as well. Of course why not just keep the dialog going here where everyone can benefit? If that's of interest to you I'll keep monitoring this thread. Who knows, I might even carve out a VM and play in the sandbox right along with you.
0
 
LVL 9

Expert Comment

by:rawinnlnx9
ID: 39773691
Another option that's the best of both world's is to setup a Linux box with firewall and proxy server. All traffic going through a proxy being angry-eyed by Linux is going to be a pretty hard target.
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 24

Author Comment

by:lionelmm
ID: 39788496
I have taken a pretty good look at Wine for Linux and I have been able to install several Windows applications. I have not yet tried the accounting program, the critical requirement (but I will) but it does look promising. On the firewall suggestions I have read up on quite a few but I don't know how to decide what is the best one to get. Considering that my hope is to "secure" Windows XP PCs which one would be the best to put into place? If I were to setup a Linux box how would I go about setting it up and how would that reduce the risks?
0
 
LVL 24

Author Comment

by:lionelmm
ID: 39800551
OK I am considering this Sonic Wall firewall http://www.newegg.com/Product/Product.aspx?Item=N82E16833339271 any comments or suggestions?
0
 
LVL 24

Author Comment

by:lionelmm
ID: 39811958
Anyone still willing to help me decide on a firewall? Will the one selected above work--keep in mind that no budget is what has me asking this question so I must recommend something that will work for sure but also that is not too expensive. I understand that it is better to pay a bit more now to prevent an even costlier situation later so please advise on above model or suggest one that will do the job without breaking the bank--thanks.

I am also still very hopeful on Linux and Wine--test on my laptop have gone very well for most Windows programs installed. I just have not had the opportunity to go onsite to test installing the accounting program (requires access to the server to work).
0
 
LVL 24

Author Comment

by:lionelmm
ID: 39815257
OK it looks like I lost anyone willing to respond to this question anymore so I will close it and re-ask the question in a different question and ask specifically for a review of the above mentions firewall and/or recommendations for the best (very) small business firewall.
0
 
LVL 9

Expert Comment

by:rawinnlnx9
ID: 39815267
Hey I will.
0
 
LVL 9

Assisted Solution

by:rawinnlnx9
rawinnlnx9 earned 200 total points
ID: 39815282
The SonicWALL's are an awesome product. However you are leaving out the subscription for security services and such. If you like SonicWALL and wan't more protection then go to http://www.sonicguard.com and have a look.

The caveat on SonicWALL is that it's now owned by Dell. Who know's long term what that means.

I switched to a new product called Sophos and there UTM 110 is an outstanding product. I can go deeper in this discussion but it should be posed as a new question about firewall selection.

Now we are really getting into some very technical domain knowledge and it's worth spreading some more points around.

Super stoked to hear that wine has stepped up. Years ago when I tried it, it lacked a lot. Of course time heals many wounds and Linux deserves a lot of praise these days. I'm using Linux right now to recover data off failed Windows drives. What does that tell you?

Windows cannot even recover it's own drives but ntfsprogs and ntfs3-g can? I call bs on that.
0
 
LVL 27

Assisted Solution

by:serialband
serialband earned 200 total points
ID: 39815849
You could also run the linux iptables firewall on one system and put 2 network cards in it and just run the XP system behind that.  It requires some linux knowledge, but you wouldn't have to keep paying an annual subscription fee to update the firewall.  You could even just use one linux system as your firewall/gateway/NAT server that everything else runs through.  It worked well enough for me for several years.

@rawinnlnx9
Linux live Distros have a lot to offer, but if you're mainly, or only, a Windows user and you're just recovering data from damaged Windows drives, Roadkil's unstoppable copier works wonders.  You'll just have to pull out the drive and put it in another system either directly into the IDE or SATA chain or on a USB to IDE/SATA adapter.  http://www.roadkil.net/unstopcp.html  There's other really useful utilities as well.  http://www.roadkil.net/listing.php/C2/Disk%20Utilities
0
 
LVL 24

Author Comment

by:lionelmm
ID: 39815930
So if I understand this right if I buy a firewall (like SonicWall) there are additional yearly maintenance costs to keep up with the firewall "up top date"? If I were to use an additional box to run Linux which version would you suggest? After this I think I will close this question and ask another for more specifics on setting up a Linux firewall.
0
 
LVL 27

Assisted Solution

by:serialband
serialband earned 200 total points
ID: 39816709
I think it depends on the version of SonicWall you choose.  The higher end models come with subscriptions.  You can continue to run the higher end SonicWall firewall without the yearly maintenance, if you eventually decide that it's not worth the money.  It really depends on what you need.

As for the linux system, that's entirely personal preference.  They all have the same basic capabilities.  If you don't know that much linux, you should buy the SonicWall first, since that will be much easier to manage.  They'll even configure it for you.

I just threw out the linux idea in case you already have someone that knows enough linux and is willing to learn more.  Eventually, you should configure your linux firewalls even with the SonicWall or other Firewall appliance in place.
0
 
LVL 24

Author Closing Comment

by:lionelmm
ID: 39825641
Thanks for the helpful information. I am excited about trying Wine (sound like drinking) and seeing if I get it to work. Just wish that on the firewall side of things someone could say "if you have a small business with a very limited budget, 2 servers and 9 PCs, you should use xyz..", otherwise thanks so much
0
 
LVL 9

Expert Comment

by:rawinnlnx9
ID: 39829979
Okay so there's an option out there. Put all your money on black, spin the wheel and then read this: https://doc.pfsense.org/index.php/InstallationGuide

More info on the free but absolutely awesome pFsense. http://www.pfsense.com/
0
 
LVL 9

Expert Comment

by:rawinnlnx9
ID: 39829988
If you try to set that up and have trouble let me know. I'd be happy to blank one of my d-link or linksys firewalls to give you a hand.
0
 
LVL 24

Author Comment

by:lionelmm
ID: 39831236
Thank you
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

SSH (Secure Shell) - Tips and Tricks As you all know SSH(Secure Shell) is a network protocol, which we use to access/transfer files securely between two networked devices. SSH was actually designed as a replacement for insecure protocols that sen…
I. Introduction There's an interesting discussion going on now in an Experts Exchange Group — Attachments with no extension (http://www.experts-exchange.com/discussions/210281/Attachments-with-no-extension.html). This reminded me of questions tha…
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now