• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 505
  • Last Modified:

Windows XP and Ubuntu

I am trying to find a way to continue to use Windows XP pro past April 2014, when Microsoft will stop providing security updates. I was thinking about installing Ubuntu on my current PCs and then using some virtual hosting software to run Windows XP guests. That way my users can use Ububtu to browse the internet and check email and that will allow me to isolate Windows XP from potential security flaws. Does this make sense? If it does how would I go about isolating Windows XP so as to shield it from the internet (I am assuming some kind of private LAN but have no idea how to set that up).

If my suggestion does not make sense then what would be the best way to do this? Please keep in mind that 1) Windows XP is a must to run the companies financial and sales software--no way around this (major budget crunch); and 2) We cannot go to Windows 8 and run VMs on it because we cannot afford the expense at this time. So whatever solution you suggest it must allow for using the current hardware and VERY MINIMAL additional costs. Thank you.
0
Lionel MM
Asked:
Lionel MM
  • 9
  • 9
  • 2
  • +4
5 Solutions
 
rawinnlnx9Commented:
That's a very heavy handed approach. I think you'd be fine to install the free zone alarm firewall or Microsoft Security essentials.

Also, get a good firewall between your users and the web. SonicWALL has great products. I use the SOPHOS line of products which I find awesome as you can wrap destination PC's with layer upon layer of security.

Using Ubuntu to host XP won't do anything for you. I guarantee that unless you cripple IE on XP your users will still use XP to browse over switching back and forth. Also, the system resources involved, etc...

Have you stood up a test of this idea and tried using it yourself for a week? I bet you'd stab yourself in the heart in just a few days.
0
 
Seth SimmonsSr. Systems AdministratorCommented:
if you don't want internet access, simply remove the default gateway in your network configuration; traffic would have no way of routing to the outside

doesn't completely prevent issues (in the event something is infected internally) but it helps
0
 
wdf121Commented:
With Ubuntu and I think all Linux distros you can use Wine to emulate a Windows environment. Try the software you need with Wine to see if it works first but Wine runs just about any Windows program just fine. The other alternative is to use VM Ware but its not free and its would take more computing power than Wine to run.
0
Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
rawinnlnx9Commented:
How many users are we talking about here?
0
 
Lionel MMSmall Business IT ConsultantAuthor Commented:
9
0
 
rawinnlnx9Commented:
I still think network protection is the best vector. There's an abundance of great Linux firewalls out there you can run. If you have a box with two NIC's run one of the Linux firewalls on it. If not I purchased two gigabit USB nic's for $20 and they work flawlessly.

Ubuntu is going to give you some protection but that would drive me crazy having to switch back and forth.

I'd put a ring of steel around your network with a good firewall (that actually updates it's rule set by posted threats) uses a good heuristic scanner and knows about XP vulnerabilities.

This really shouldn't be an issue with a decent firewall on the fence. Microsoft security essentials on each desktop (or a purchased client you can get Zone Alarm Security Essentials) 3 pc license for $69 and it protects from all sorts of threats.

Ubuntu is a desktop it's not a security product. You address security concerns with tools that were made for that job.
0
 
Ess KayEntrapenuerCommented:
why not do a dual boot?


Heres how with pictures
http://www.wikihow.com/Dual-Boot-Windows-XP-and-Ubuntu



1Insert the Ubuntu Installation CD into your CD-ROM Drive. It is assumed that you already have Windows XP installed on your computer and that you have Ubuntu Desktop Edition downloaded and burned onto a CD already
Ad

2Restart your computer.

3Press your BIOS/Setup key (Usually: F1, F2, ESC, or DEL key) while the computer starts up to get into the BIOS.

4Go to the screen where you can adjust the boot priority of your devices and move the CD-ROM Drive up the priority list, by pressing the + key, so that it comes before the Hard Drive entry as seen below.

5Save & Exit out of the BIOS with the F10 key, your computer will restart.

6On the Ubuntu Setup screen, hit Enter to Start or install Ubuntu.

7Double-click Install on the Desktop.

8Go through the installation wizard (if using Ubuntu 8.04 until you reach step 4). Ubuntu 8.10 installs a dual-boot by default installation.

9If using Ubuntu 8.04, then at step 4, select the first option, Guided - resize and you can specify how much disk space you want the new partition to use as shown below.

10Continue through the rest of the steps and click Install on step 7.

11Click Restart Now and remove the CD from CD-ROM drive.

12Done!! Every time you start up your computer now you will be prompted to select what operating system you want to start up through the GRUB Bootloader screen as seen below.





heres the youtube

https://www.youtube.com/watch?v=SrWqKbqDQpU
0
 
_Commented:
I agree. Running XP in a VM is basically useless for securing it.
As far as XP is concerned, it is still directly connected to the outside. You still need an AV and Firewall.

The best you can do, is make sure you get the last updates (download them as files, so you can have them handy. Same with the SP's).
And like rawinnlnx9 said, get a good hardware Firewall, a software firewall wouldn't hurt either, and a AV that still does updates. Just because XP will no longer be supported by MS, that doesn't mean the programs you run on it will stop running and updating.

I'm still running W2K, using Zone Alarm 7, and Avira Free 10.

added note:
while there are still nasties out there that will eat on XP, the focus is moving over to Vista, W7, and W8.
So while it will not completely go away, the newer variants are less and less likely to affect XP as time goes on.
0
 
wdf121Commented:
OK so again why not use Wine to run your Windows programs in Linux? Security and compatibility with ease...
0
 
Lionel MMSmall Business IT ConsultantAuthor Commented:
OK thanks for all the comments especially the stab in my eye (I do run Ubuntu myself on my personal laptop and use virtual box to run XP--it is a simple shortcut on my desktop that I double click and leave open just as if it is an application). My question wasn't so much about if this can work from a functional point of view but to keep it secure. To that end thanks for all the comments on how to do so. Regarding dual booting that will not work at all--that would mean each time users wanted to use Windows then they would have to reboot and then if they wanted to check their email reboot again. I will check out Wine and then see how much some of the firewalls you recommended are. Regarding the comments about XP not being as big of a target anymore, I can only hope you are right but the history of past Windows OS's show some final activity increases by hackers who try to find any further exploits that they know will not be fixed. This is my concern. I do use a firewall already but it is a simple Linksys router firewall and I also use AVG internet security which has a software firewall in it. Thanks I will get back with you once I have had time to try some of the suggestions.
0
 
_Commented:
>> ...some final activity increases by hackers who try to find any further exploits that they know will not be fixed

Good point. I forgot about them.
0
 
rawinnlnx9Commented:
If you need some assistance on further selecting security products and evaluating them I've only been in this industry for 17 years. If you want my private contact information post back here and I'll find a way to put where you can get it. I have no issues at all helping you go deeper on this effort as it's of an interest to me as well. I've considered this scenario several times (not with XP but Windows in general) and perhaps I can benefit from a deeper dive as well. Of course why not just keep the dialog going here where everyone can benefit? If that's of interest to you I'll keep monitoring this thread. Who knows, I might even carve out a VM and play in the sandbox right along with you.
0
 
rawinnlnx9Commented:
Another option that's the best of both world's is to setup a Linux box with firewall and proxy server. All traffic going through a proxy being angry-eyed by Linux is going to be a pretty hard target.
0
 
Lionel MMSmall Business IT ConsultantAuthor Commented:
I have taken a pretty good look at Wine for Linux and I have been able to install several Windows applications. I have not yet tried the accounting program, the critical requirement (but I will) but it does look promising. On the firewall suggestions I have read up on quite a few but I don't know how to decide what is the best one to get. Considering that my hope is to "secure" Windows XP PCs which one would be the best to put into place? If I were to setup a Linux box how would I go about setting it up and how would that reduce the risks?
0
 
Lionel MMSmall Business IT ConsultantAuthor Commented:
OK I am considering this Sonic Wall firewall http://www.newegg.com/Product/Product.aspx?Item=N82E16833339271 any comments or suggestions?
0
 
Lionel MMSmall Business IT ConsultantAuthor Commented:
Anyone still willing to help me decide on a firewall? Will the one selected above work--keep in mind that no budget is what has me asking this question so I must recommend something that will work for sure but also that is not too expensive. I understand that it is better to pay a bit more now to prevent an even costlier situation later so please advise on above model or suggest one that will do the job without breaking the bank--thanks.

I am also still very hopeful on Linux and Wine--test on my laptop have gone very well for most Windows programs installed. I just have not had the opportunity to go onsite to test installing the accounting program (requires access to the server to work).
0
 
Lionel MMSmall Business IT ConsultantAuthor Commented:
OK it looks like I lost anyone willing to respond to this question anymore so I will close it and re-ask the question in a different question and ask specifically for a review of the above mentions firewall and/or recommendations for the best (very) small business firewall.
0
 
rawinnlnx9Commented:
Hey I will.
0
 
rawinnlnx9Commented:
The SonicWALL's are an awesome product. However you are leaving out the subscription for security services and such. If you like SonicWALL and wan't more protection then go to http://www.sonicguard.com and have a look.

The caveat on SonicWALL is that it's now owned by Dell. Who know's long term what that means.

I switched to a new product called Sophos and there UTM 110 is an outstanding product. I can go deeper in this discussion but it should be posed as a new question about firewall selection.

Now we are really getting into some very technical domain knowledge and it's worth spreading some more points around.

Super stoked to hear that wine has stepped up. Years ago when I tried it, it lacked a lot. Of course time heals many wounds and Linux deserves a lot of praise these days. I'm using Linux right now to recover data off failed Windows drives. What does that tell you?

Windows cannot even recover it's own drives but ntfsprogs and ntfs3-g can? I call bs on that.
0
 
serialbandCommented:
You could also run the linux iptables firewall on one system and put 2 network cards in it and just run the XP system behind that.  It requires some linux knowledge, but you wouldn't have to keep paying an annual subscription fee to update the firewall.  You could even just use one linux system as your firewall/gateway/NAT server that everything else runs through.  It worked well enough for me for several years.

@rawinnlnx9
Linux live Distros have a lot to offer, but if you're mainly, or only, a Windows user and you're just recovering data from damaged Windows drives, Roadkil's unstoppable copier works wonders.  You'll just have to pull out the drive and put it in another system either directly into the IDE or SATA chain or on a USB to IDE/SATA adapter.  http://www.roadkil.net/unstopcp.html  There's other really useful utilities as well.  http://www.roadkil.net/listing.php/C2/Disk%20Utilities
0
 
Lionel MMSmall Business IT ConsultantAuthor Commented:
So if I understand this right if I buy a firewall (like SonicWall) there are additional yearly maintenance costs to keep up with the firewall "up top date"? If I were to use an additional box to run Linux which version would you suggest? After this I think I will close this question and ask another for more specifics on setting up a Linux firewall.
0
 
serialbandCommented:
I think it depends on the version of SonicWall you choose.  The higher end models come with subscriptions.  You can continue to run the higher end SonicWall firewall without the yearly maintenance, if you eventually decide that it's not worth the money.  It really depends on what you need.

As for the linux system, that's entirely personal preference.  They all have the same basic capabilities.  If you don't know that much linux, you should buy the SonicWall first, since that will be much easier to manage.  They'll even configure it for you.

I just threw out the linux idea in case you already have someone that knows enough linux and is willing to learn more.  Eventually, you should configure your linux firewalls even with the SonicWall or other Firewall appliance in place.
0
 
Lionel MMSmall Business IT ConsultantAuthor Commented:
Thanks for the helpful information. I am excited about trying Wine (sound like drinking) and seeing if I get it to work. Just wish that on the firewall side of things someone could say "if you have a small business with a very limited budget, 2 servers and 9 PCs, you should use xyz..", otherwise thanks so much
0
 
rawinnlnx9Commented:
Okay so there's an option out there. Put all your money on black, spin the wheel and then read this: https://doc.pfsense.org/index.php/InstallationGuide

More info on the free but absolutely awesome pFsense. http://www.pfsense.com/
0
 
rawinnlnx9Commented:
If you try to set that up and have trouble let me know. I'd be happy to blank one of my d-link or linksys firewalls to give you a hand.
0
 
Lionel MMSmall Business IT ConsultantAuthor Commented:
Thank you
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 9
  • 9
  • 2
  • +4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now