2013-How to Protect Windows XP
Content
Key Advantages
Extend protection to unsupported
legacy systems, such as Microsoft
Windows XP, Windows NT and
Windows 2000
Protect Windows XP by combining
whitelisting, blacklisting and Real-
Time technologies
No longer rely on signatures as the
sole means of protection
Use Whitelisting to solidify and
freeze systems in a known good
state
Improve zero-day protection by
combining Behavioral and
Whitelisting technologies
McAfee Real-Time will identify and
remediate attacks attempting to
exploit MS vulnerabilities
Author
Thomas Maxeiner, Team Lead
Solution Architects EMEA
(
Why don’t customers just migrate all their
Endpoints to Windows 7 or 8?
The majority of endpoints will be migrated to the
most current and supported OS’s, however there are
systems which cannot be migrated for various
reasons:
Purpose build systems running legacy
applications which only run on Windows XP
Legacy hardware which cannot run Windows 8,
e.g. PoS Systems, Process Control, etc.
High migration costs of new hardware and
software that produce no additional business
value
How can McAfee protect Windows XP
Systems?
McAfee will support McAfee VirusScan Enterprise
and McAfee Host Intrusion Prevention for Desktop
on Windows XP until December 2015 so customers
can continue to use these products and be fully
supported by McAfee.
However if we look at the current threat landscape,
security risk increases substantially with
unsupported operating systems such as XP,
combined with unwanted applications installed by
end-users or 3
rd
parties.
For this reason McAfee recommends customers
consider advanced and optimized protection
technologies such as whitelisting and real-time
visibility and reporting.
4 Security Steps to enhance your protection on
Windows XP systems
Until customers are ready to upgrade their desktop
environment to Windows 7 or Windows 8, McAfee
suggests the following 4 security tips to reduce the
risk introduced though unpatched XP Systems:
1. Remove ‘admin’ privileges from standard users
2. Enable memory and buffer overflow protection
3. Deploy dynamic whitelisting
4. Use Real-Time visibility to quickly identify and
remediate attacks
You can substantially mitigate potential security
issues by normalizing user privileges to be aligned
with their roles and responsibilities – for example,
users should not have ‘admin’ rights unless they are
part of your IT organization.
Unsupported operating systems such as XP become
a greater risk to zero-day threats. Customers should
continue to leverage the McAfee Host IPS (HIPS) for
memory and buffer overflow protection.
To better control unauthorized software from being
installed and executing on your legacy systems,
deploy dynamic whitelisting. Rather than trying to
detect the ‘unknown bad’, McAfee Application
Control uses whitelisting techniques to protect an
endpoint from zero-day attacks by only allowing
‘known good’ applications to execute. The approach
of whitelisting reduces the need to constantly chase
software updates and patches (including MS Patches
and security updates), to keep up with the ever
increasing tide of malicious software. Application
Control does not need to know, or even care about
malicious software – if an application is not on the
whitelist for whatever reason, it is prevented from
executing, is reported and the endpoint remains safe.
Application Control is a complementary technology
that provides visibility and reputation for installed
applications across the entire customer environment.
Crucially, it provides enhanced memory protection
How to protect Microsoft Windows XP
Systems beyond April 2014
Microsoft Windows XP is scheduled for an official End of Support (EOS) in April 2014, but at the
same time approximately 40% of worldwide enterprise systems still run XP. The consequence for
customers is that Microsoft will not only discontinue technical support but also security patches.
This will lead to a huge security risk and exposure for organizations when vulnerabilities are made
public but patches are no longer provided.
.
Solution Brief
2821 Mission College Boulevard
Santa Clara, CA 95054
888 847 8766
www.mcafee.com
McAfee and the McAfee logo [Insert <Relevant McAfee marks>] are registered trademarks or trademarks of McAfee, Inc. or its subsidiaries in the
United States and other countries. Other marks and brands may be claimed as the property of others. The product plans, specifications and
descriptions herein are provided for information only and subject to change without notice, and are provided without warranty of any kind, express or
implied. Copyright © 2013 McAfee, Inc. project code
with almost no noticeable performance impact,
extending the useful life of legacy platforms.
What makes McAfee Application Whitelisting
enterprise-ready?
One of the key design objectives for McAfee’s
Application Whitelisting technology was to ensure it
would operate successfully within complex enterprise
environments. This required not only that the
management technology would scale, but also allow
for easy whitelist creation, combined with flexible,
transparent and automated whitelist management.
Automatic whitelist creation. The product can
create a whitelist based on the existing
application set installed on each system. The
filename, path and fingerprint may be different
across systems, so this approach eliminates the
false positives found in centralized whitelisting
solutions.
Flexible change mechanisms. Trusted process,
location, certificate, user and time-window can all
be used to define how and when changes may
occur. In addition the administrator can override
the automated whitelist.
Assisted rule-set generation. A rule set can be
established to allow dynamic changes to the
whitelist. The solution monitors behavior in the
background and suggests rules required to allow
dynamic changes to occur.
Dynamic whitelist management. The existing
whitelist is adjusted automatically without the
need for any user or administrator intervention,
based on a defined flexible rule set.
Global Threat Intelligence (GTI) integration.
Cloud-based knowledge is used to determine the
reputation of applications across the enterprise.
Whitelisting Best Practice Guide
McAfee Application Control can be deployed in
various configurations to suit your specific needs.
The following highlights best practice approaches
to Basic, Medium and High levels of protection
and the benefits for each.
BASIC
This allows for changes to take place without
impacting the user, whilst providing memory
protection. The administrator has visibility of which
applications are being used where within the
environment (and can assist with license
management controls).
MEDIUM
Application Control is run in protected mode with
self-approval enabled. This provides greater control
of change management and memory protection, but
allows flexibility for the user to self-authorize
changes, whilst being audited.
HIGH
Fully locked down system with centralised change
control to authorize changes.
McAfee Real-Time to provide real-time
situational awareness around potential
vulnerabilities
McAfee Real-Time collects endpoint security status
instantly. This real-time visibility enables you to act
on current intelligence, not historical data, helping
you to immediately identify and remediate attacks
which are attempting to exploit Microsoft
vulnerabilities on an unpatched system. Now you
can enhance situational awareness and incident
response for frontline endpoint administrators using
an approach that scales to the largest organizations.
SUMMARY
1. Remove ‘admin’ privileges from standard users
to reduce the risk of unwanted applications on
unsupported legacy systems, like XP;
2. Enable McAfee Host IPS for behavioral,
memory and buffer overflow protection on XP
systems;
3. Deploy McAfee Application Control to greatly
enhance zero-day protection and longevity of
XP systems;
4. Use McAfee Real-Time to immediately identify
and remediate attacks on vulnerable systems
like XP
