• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 606
  • Last Modified:

xp mode

at work we are almost done getting all computers to windows 7.
there are a few stragglers mainly because of legacy software that we still have to use. And this legacy software doesn't work with compatibility mode. I was thinking that maybe using XP mode would be the way to go. However, I'm I correct to say that even though XP mode is a virtual environment, it is still vulnerable?
Or can you "isolate" XP mode so that it can not interact with Win7?
If you can do something like that, my vision would be to just run the legacy app in XP mode, not to have a full blown virtual XP mode "pc" running the application.
0
JeffBeall
Asked:
JeffBeall
  • 3
  • 3
  • 3
  • +2
4 Solutions
 
dronethoughtCommented:
I just posted a similar question...popular subject. I have xpmode running with access to the internet so xpmode is updated but I am closing internet access for xpmode... coming up. I have the xpmode pc joined to my domain and it has it's own seperate IP address. I am not bridging the connection, the xpmode pc is just as real as a physical xp computer. With that said, I am stilling using a strong antivirus/firewall.

Remove all adobe products off XPMODE...first and foremost. No flash, no Reader. Block all ports except for the port you need for your legacy app. You no longer have to update XP after next month. And yes, xpmode is vulnerable. For example, if Windows 7 is known to have a flaw and Windows 7 is based on some of xp, then an attach on Windows 7 also can attack xpmode. If the fix is not in on Windows 7, xp most likely does not have the fix either. Make sure xpmode does not have JAVA insalled, no Apple products, etc. I would not even run any browser in XPMODE after next month. The problem is my xpmode machines have access to the server...so it is difficult to cover all bases.
J
0
 
bigeven2002Commented:
Hello,

Short answer, yes it is possible to still be vulnerable, as Windows 7 will always need to communicate with XP mode.  There could still be unpatched flaws that allow access to the virtual environment from the parent OS.

Does the legacy app depend on an Internet connection?  If not, then XP can be isolated to an extent.

First, you would have to disable the integration features that are on by Default when installing XP mode.  This more or less separates XP from Windows 7 to where it just simply becomes a Virtual Machine.

Then in the XP machine settings, you can disable the network by setting the adapter to Not Connected, so that it is pretty much isolated and only Windows 7 can communicate with it via RPC.  That's probably as good as it will get unless others have a better idea.

If your legacy app depends on network connectivity, then obviously this method will not work.

disable integration featuresvirtual network settings
0
 
JeffBeallAuthor Commented:
I haven't run XP mode in a long time and forgot about the network bridging thing.
I totally agree, I would NOT have anything like flash, or java in the XP environment. Lucky for me, I think the legacy only needs to run software off a CD, and I think once the software is installed, it doesn't need access to anything like the internet or servers.
So I think I could really isolate XP mode.
Are there actually steps to isolate XP mode? Kind of a check list of things to do?
0
Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

 
JeffBeallAuthor Commented:
sorry bigeven2002, I was typing my response and when i uploaded it, I saw your response.
Thanks for the advise, I didn't know about the integration thing, That sounds promising.
0
 
dronethoughtCommented:
Thank you bigeven2002. I did not know this either.
J
0
 
John HurstBusiness Consultant (Owner)Commented:
I have an XP Machine on my Windows 8 box and I run anything in it that I want to. Since it is only used for a few things (which is your situation), I protect it with Microsoft Security Essentials. That works fine.
0
 
McKnifeCommented:
You need to consider the following: what is xp mode? XP mode is remoteApp technology. So turning off the network connection in xp will break it. Anyone suggesting that has not understood how xp mode works. RDP is used to communicate with the virtual xp***, so that port is open at least. What you can do is us the firewall on xp to limit access to port 3389 /RDP) to your host machine if that is not even done by default setting up xp mode.

You will need to think about how a computer (no matter if virtual or not) exposes itself to an attacker: if xp has no open ports but 3389 and that is only being accessable by your host, then where's the problem?
If however on xp you deal with potentially infected files or specially crafted files that trigger exploits on xp, then it can get infected and you cannot be safe anymore. So it depends on how you interact with it. If you use an application and you are sure that the contents you work with are only "home made", then I'd say you are safe to use xp mode.

***if used as Microsoft advertises it: seamless integration. If you use the xp vm interactively ("full vm session"), then RDP is not used and not network is required.
0
 
dronethoughtCommented:
Thank you McKnife. Every interesting!! I did not know.
J
0
 
bigeven2002Commented:
Sure thing.

@McKnife
I am not sure how you have XP mode setup, but I can run it on my Windows 7 box with the network adapters disabled just fine.  So there is no RDP or port 3389 dependency here.

As you can see from my screenshot, no network connection and no network adapters in device manager, and XP is running fine.
XP mode no network
0
 
McKnifeCommented:
Bigeven, please read the part with asterisks more carefully.
0
 
bigeven2002Commented:
Seems I misunderstood your post McKnife.  Thank you for the clarification.  Cheers.
0
 
JeffBeallAuthor Commented:
thank you for the help.
0
 
John HurstBusiness Consultant (Owner)Commented:
@JeffBeall - Thank you and I was happy to help.
0

Featured Post

Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

  • 3
  • 3
  • 3
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now