As Windows XP begins to roll to the end of its life I think it’s worth stating something that may be a bit obvious to people – Windows XP is not secure. Furthermore, it can’t be secured, and once it’s out of support that will get far worse.
As I’ve stated multiple times, security belongs in the systems kernel. It’s the core component and when policy isn’t enforced by the kernel it’s weaker. The reason for this is simple – a policy enforced by one level of the system can be bypassed by an attacker who controls code at that level or higher. So if I have a sandbox working at Low Integrity any process low integrity or higher can escape. If I have a sandbox running as Admin any process Admin or higher can escape. And, as follows, if I have a sandbox running as Kernel, any process Kernel or higher (such as hardware) can escape.
So why is this so critical to understand? Because XP has an insecure kernel. No matter how much policy, how many programs, etc, you have protecting your XP machine if the attacker gets Remote Code Execution in a process they can bypass it all through kernel exploitation. An insecure kernel like XP’s can not be trusted to handle any policies. As there is no method on XP to limit kernel attack surface an attacker has, essentially, the entire kernel to exploit.
XP came at a time when Microsoft hadn’t implemented many security techniques. DEP still wasn’t prevalent throughout the system, even MS services, and ASLR is nonexistent. Remote code execution against a program that has no DEP, SEHOP, or ASLR isn’t difficult, and even with DEP a single vulnerability will likely be effective.
Beyond that there’s a very poor implementation of privilege control. A class of attacks known as ‘shatter attacks’ abused this, allowing trivial elevation from a limited user to administrator. Microsoft attempted a fix to this in an update but attacks can still take place.
For a program with administrative access getting a local kernel exploit in a kernel as insecure as the one powering XP should not be difficult. Attacks against Vista/7 have shown that, even with security techniques, local vulnerabilities are ripe in areas such as TrueType, which is in the kernel.
And without patches users have no way to protect themselves.
What I’m trying to get across is that no matter the strict policies, numerous programs, etc, that you use you can’t secure an XP system let alone one without frequent patching. I understand that new hardware costs money, but Windows 7/8 have fairly low minimum requirements considering the hardware out there right now and it’s truly time to move on. Attempting to implement overly-strict policies will only cripple your experience and provide the illusion of security.