Sunday, December 7, 2014

About PGP Signatures

My people have no tradition of proofreading.  —Ken White

I started attaching PGP digital signatures to my work email a few months ago.  That's kind-of an appropriate thing for me to do since I'm a teacher of computer security.  For many people, that signature is just a mysterious hunk of garbled letters either appended to the email message or sent as an attachment.  Such a signature looks like this:

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (MingW32)

iQEcBAEBAgAGBQJUhI42AAoJEDF1nN
o3X4aWzXYIAIYZwzleZljYhf6ZKseaxfBY
ORMAUWikdmkuzaLg25ngwtBYyjfTUMPfJpVSK4p1IgV6zWFDAbT0m0HZjmxuuWOl
JqEoWc/Qa4f1tWF7Oc0Mrb0qfIUEEckAkf43MCN8BQxzUz2tkbegsx+TWcsgiz4X
vUmdL2F5vfBoArvmi1SW8aqvEbJaMhIvfYAiD9LeX1RtKr8Z0a2RFO4/tkbS7Kh4
d5FTBkm2ddhzfp+Z2hgrU72T07dteO1u0JrCOLCDZT+jKEE7CJ7OowziVpL4oDwU
uie39l4VdkSPOqxrEaKIw2ehvrO/pP/mP0MnyHClnFSISxw8LhFT0G5+5+a0JEA=
=y4bG
-----END PGP SIGNATURE-----

Ewww... that's ugly! But why?

A PGP Digital Signature Authenticates the Message

When people get email, they naturally assume that the name on the From: line is the sender of the message, especially if it's someone they know and with whom they communicate frequently.  Unhappily, that doesn't have to be true; it is trivially easy to forge a sender's identity in email.  The PGP digital signature provides strong evidence that the message is actually from the purported sender and that it hasn't been tampered with in transit.

How Does it Work?

The PGP digital signature depends on two cryptographic technologies, cryptographic hash functions and public key cryptography.   A cryptographic hash function produces a "fingerprint" for a message.  The text of the message is input to a computer program that computes the hash code, called a "digest."  Every possible message probably has a unique digest, and even a tiny change in the message would change the computed digest dramatically.  Why is it called "hash?"  Look at the example above!

Public key cryptography uses two keys called public and private.  The public key is widely available, often published a key server like the OpenPGP key server.  If you know someone's email address and they have a PGP key pair, you can probably find their public key easily.  A very useful feature of PGP  keys is that they are cryptographic inverses of one another.  If you encrypt a message using my public key, it can only be decrypted with my private key.  If I've carefully kept my private key, um, private, only I will be able to decrypt the message.  It works the other way, too.  If I encrypt a message using my private key, which only I have, anyone can get my public key and decrypt the message, but I'm the only one who could have encrypted it because only I have the private key.  So, a message encrypted with my private key is digitally signed.

My email program generates a PGP signature by first computing a cryptographic hash digest from the message, then by encrypting the digest using my private key.  The recipient can use my public key to decrypt the digest.  If the rest of the process works, the message could only have come from me because only I have the corresponding private key.  The recipient then computes a new digest from the message using the same cryptographic hash algorithm.  The newly-computed digest is compared to the decrypted digest.  If they're the same, the decryption worked and the message hasn't been tampered with because tampering would have caused the newly-computed digest to be different.

I wrote that a valid PGP signature "provides strong evidence that the message is actually from the purported sender and that is hasn't been tampered with in transit."  How strong?  The main consideration is whether the sender has kept his private key truly private.  Anyone with a copy of my private key can sign a message that will appear to come from me.  You also have to trust that neither the cryptographic hash algorithm nor the public key algorithm has a flaw that can be exploited.  Modern cryptographic algorithms are strong enough to make the cryptographic safety of PGP signatures a good bet.

What is PGP, Anyway?

PGP stands for "Pretty Good Privacy," invented by Phil Zimmerman to allow exchange of secure (confidential) and authenticated messages.  Zimmerman's original PGP ran into patent problems and Zimmerman himself was the subject of a long criminal investigation for "exporting munitions," namely cryptographic algorithms.  (The FBI, CIA, NSA, TSA, DHS, DoJ and every other three-letter agency known to man hate encryption because it makes dragnet surveillance and casual snooping very difficult.  With that said, I cannot emphasize too strongly that, in the United States, there is nothing illegal about using encryption. )

I'm actually using the implementation of the OpenPGP standard built into the Thunderbird email client.

What About Snooping?

A digital signature doesn't do anything to protect the confidentiality of a message.  To do that, one must encrypt the message itself.  It's easy to do, and if you start sending me encrypted email, I'll be sure my replies are encrypted.  That way, even the NSA won't know what kind of pizza we're planning to have.  See the articles below for instructions.

Want to Know More?

I've written a series of three articles on using and understanding encryption:
There's also plenty of information in the links above. Knock your socks off!


Too Long; Didn't Read

The XKCD comic, which everyone who does anything with technology ought to read, explains PGP digital signatures this way.

You have to actually validate the digital signature, not just check that it's present to be certain.  But really, if the signature is there, odds are good that it will validate, and if you have any doubts, you can validate and be sure.  How?  Probably your email client will do it for you.  For details, see Using Encrypted Email.



Copyright © 2014 by Bob Brown

Creative Commons License
About PGP Signatures by Bob Brown is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.

Wednesday, August 27, 2014

A Note on Card Safety

My people have no tradition of proofreading.  —Ken White

There's been a lot in the news lately about malicious software invading stores' computer systems and stealing credit and debit card numbers.  A couple of people have asked me about how to be safe using credit and debit cards.  I wrote a big long piece about that.  After I read it, I decided it was mostly useless.  It can be boiled down to three rules:
  • Use your credit card sparingly,
  • Use your debit card almost not at all, and,
  • Check your accounts frequently.
Using your cards sparingly minimizes attack opportunity.  It is true that big, national organizations like Target and Neiman-Marcus have been compromised but it is also true that smaller organizations are often easier targets for the bad guys.  Each time you use that card, you potentially expose it to theft.  If you use a card for fast food or sundry purchases a dozen times a week, you've potentially exposed it a dozen times a week.  It really won't hurt you to carry some cash and make those small purchases with cash.  If you're worried about getting mugged, ask yourself how often that has happened and set the amount of cash accordingly.  Also, remember that not having cash won't keep you from getting mugged; it'll only limit your loss.  If you're worried about losing your wallet, remember where you keep those credit cards!

I carry about a hundred dollars and pay for nearly every small purchase with cash.

If you decide to use a card, and you have a choice, use a credit card, not a debit card.  If you use a credit card and become the victim of fraud, it's the card company's money that's tied up.  If you use a debit card, it's your money that is gone.  A $5,000 fraud on a credit card is bad because you'll have to wrangle with the card company about whether you have to pay that fraudulent charge.  A $5,000 fraud on your debit card is much worse because it's your money, not theirs, that's been stolen.  You will probably eventually get most of it back if the fraud is reported promptly, but while you are dealing with your bank, that money is not available to do things like buy food or pay your mortgage.

I use my debit card in exactly two places: my bank's teller machine and a store that gives me a discount for debit but not credit.  So, those are my only two potential exposures to fraud.

Speaking of teller machines, there's a threat other than malicious software.  It's the "skimmer," a device that attaches to a teller machine or credit card reader like those on gas pumps.  The card gets read twice, once by the skimmer and once by the real device.  So, your transaction works, but the bad guys now have the numbers, too.  You guard against skimmers by using the same teller machines, gas pumps, etc. as often as possible and noticing what they look like.  If something looks funny when you visit, go elsewhere and then check with your bank.

If your card number is used for fraud, the sooner it's reported, the sooner it can be stopped.  Early detection lets you limit the damage.  These days, we can check our accounts on line in seconds.  You should check every account at least weekly, and your debit card account daily.  It's especially important to keep an eye on that debit card.  Federal law limits your liability to $50 for fraud reported within two days.  After that, it's $500 until 60 days, then unlimited! (If you have so many cards that checking would be hard, you have too many cards!)

Reduce opportunity for fraud by minimizing your use of cards and reduce your personal exposure by using credit cards, not debit cards.If fraud occurs, find it early by checking your statements regularly.


Copyright © 2014 by Bob Brown

Creative Commons License
A Note on Card Safety by Bob Brown is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.

Monday, June 23, 2014

Hack Your WiFi Password? Easy!

My people have no tradition of proofreading.  —Ken White

Using free WiFi?  Here's something to watch for: If you have a wireless router, you know you can set it up to broadcast any name you want. (Mine is "emorycottage.")

If you have service from AT&T or Comcast you know they're promoting their free WiFi hotspots like crazy.

Well, the Bad Guys have discovered this, and place wireless routers that broadcast names of "attwifi" or "xfinitywifi" in likely places. If your phone is set up to associate with such a hotspot automagically, it will connect to the evil hotspot.  If the attackers spoof a login screen, you could transmit your AT&T or Comcast password to the operators of the evil hotspot.  Even if there's no login, you're on a network you think you can trust, but you can't.

What to do? Don't allow your gear to connect automatically. Consider where you are if your gear asks for permission to connect, and never, ever use your carrier's WiFi password for anything else. Especially not for your email account, because if the Bad Guys can take over your email, they can probably reset your passwords for other accounts... like your bank.



Copyright © 2014 by Bob Brown

Creative Commons License
Hack Your WiFi Password?  Easy! by Bob Brown is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.

Tuesday, May 6, 2014

The IBM Model M Keyboard and Modern Computers

My people have no tradition of proofreading.  —Ken White

I love my IBM Model M "clicky" keyboard.  It has pounded out everything I've written for a quarter-century, including a master's thesis, a doctoral dissertation, thousands of reports, budgets, email messages, and even a small book.  What's so great about it?  The click!  There's a nice, satisfying click sound at the instant the key makes contact.  There's good tactile feedback, too.  You can feel when the key has made contact.  You don't have to bottom out each key press, and that means less effort when typing.  The letters are molded into the key caps, not painted on; the keys on my keyboard look as good today as they did a quarter-century ago.
Have I made you want one?  You can buy a brand-new Model M keyboard, made from the original IBM design, and even using the original IBM molds.  They're made by Unicomp in Lexington, Kentucky, USA using the original IBM equipment.  There's one specifically for Mac computers, too. They cost $80 to $120 plus shipping.

Not convinced that you should pay a hundred bucks for a keyboard?  It will make your life and work easier, and it'll last forever.  Computers may come and computers may go, but your Model M keyboard will go on and on.  Read what NPR's Martin Kaste has to say about it.

Using an Older Model M

If you're lucky, as I am, you have an original Model M keyboard.  You also have a problem; the keyboard has a PS/2 type plug, and modern computers do not have PS/2 sockets!  (New Model Ms from Unicomp come with a USB interface.)

You will need a PS/2 Keyboard To USB Adapter.  Cheaply made "bulge in the cable" adapters do not work.  Use the link to get the right thing.  (Disclosure:  Amazon pays me a few cents if you buy using the link.  I'm almost up to a dollar a month in commissions.)  You will probably also need a short USB extension cable because the adapter is too fat to plug directly into many USB sockets.  Plug directly into the computer or into a powered USB hub; an unpowered hub will not work because of the power requirements of the keyboard.

Cleaning up that Model M, and USB Conversion

If you're like me, after a couple of decades enough glop has dropped into your keyboard to be truly disgusting.  The nice people at Unicomp will clean and thoroughly test your keyboard for $30 plus shipping.  Email them at support@pckeyboard.com for an RMA number.  When you have the RMA number, order a Class 1 keyboard repair and ship your keyboard off to them.  (They can do more extensive repairs in the unlikely event that you have a non-working keyboard, but it might be better just to buy a new one from them.)

For a little extra, Unicomp will make the USB conversion for you.  If you're going to send your keyboard in for cleanup, order the USB conversion, too.  That's far better, and possibly less expensive, than using an adapter.  (It was $10 when I had mine done; that's less than the price of the adapter.  Check with Unicomp for the current price.)

Converting the Keyboard to USB Yourself

Some people, handy with soldering irons, have installed the USB adapter inside the keyboard case.  The idea is attractive to me because the adapter hanging from a cable on my laptop dock is un-aesthetic.  I haven't tried it, but it might not be hard to do.  A little time with Google should find some help.

But really, just get Unicomp to do it for you.  They're the professionals.



Copyright © 2014 by Bob Brown

Creative Commons License
The IBM Model M Keyboard and Modern Computers by Bob Brown is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.

Friday, April 18, 2014

Virtualizing Windows XP

My people have no tradition of proofreading.  —Ken White

Well... this is revolting.  A slip of a finger erased a multi-page post.  I have tried to re-create it, but this is not the original post.



You followed my advice in The Four Choices of the Windows XPocalypse and you have a shiny new computer with a shiny new operating system.  It might be Windows 7, but it's more likely Windows 8.1.  It might even be Linux or MacOS.  Now you find out that one or more of your Windows XP applications won't run under your new operating system, and you really need it.  What to do?  What to do?

Well, you could haul out your old computer when you need it, and if it's a laptop, that might even be practical.  What you really want is all your stuff on one machine, where you can use it when you want to.

Windows 7's Virtual XP Mode

Windows 7 includes a virtual XP mode that will let you run your XP programs under Windows 7.  You will have to reinstall your XP applications and any files they might need.

There is no XP mode in Windows 8, nor in Linux or MacOS, so it's not a long-term solution, and may not even work for you now.  Even if you have Windows 7 and your install media, your Windows XP setup may be so complex that replicating it under Windows 7 isn't practical.

Virtualizing Windows XP

A "virtual machine" is a software package that simulates actual computer hardware.  For helping XP live on, the virtual  machine software runs on your new computer, and Windows XP runs on the virtual machine.   There is software that's free for personal use that'll do this.  The exception is MacOS, where you will need a $60 software package.

You will need your Windows XP computer, with it's disk intact.  You'll also need an external hard disk at least as big as the Windows XP disk and virtualization software, which is free for most personal applications.  You may also need a new license and product key for Windows XP.  There's more on that below.

Creating the Windows XP Virtual Image

 If you bought your Windows XP computer with XP pre-installed, please read About the Windows XP Product Key below before you start this process.  If you're not sure whether your XP system has one of those OEM keys, you can try this process and See What Happens™.  The worst that can happen is that you'll have to do it again after you change the product key.

You make a virtual machine from your running Windows XP computer  by running the VMWare vCenter Standalone Converter.  It's free from VMWare, but you have to register to get it.  The longer XP goes unpatched, the more dangerous it is to connect it to the Internet.  I downloaded the converter (and all the other software I used for this project) using my new system and moved it over with a flash drive.

Install the vCenter Converter on your running XP system and run it.  Direct the output to your external disk, which should be empty.  (If it's not, format it.  Use the "quick format" option.)  This will take several hours – mine took about four – so best to plan to run it over night.

When the converter has finished, shut XP down, move the external drive to your new system, and go to Running Your Virtual Machine below.

About the Windows XP Product Key

Microsoft sold licenses for Windows XP to computer manufacturers at a steep discount. The catch is that the license is "locked" to the specific configuration of your XP computer. Such a license is called an OEM (original equipment manufacturer) license, and it will not run under a virtual machine.  If you try it, you'll get an "activation required" screen during the startup process of the virtual machine.

There is no way I know of to get past the activation screen.  Putting in a new product key doesn't work, and calling the phone number on the screen connects you to a robot with no sympathy for your plight.  You have to change the product key before you virtualize the XP system.

Getting a New Product Key: You will (probably) need a product key that matches the version of XP you have.  So, if you have XP Home Edition, you'll need an XP Home product key; if you have XP Professional, you'll need an XP Pro product key.  There are two kinds of licenses and product keys that will work, retail licenses and volume licenses.  If you ever bought, but did not use, a copy of Windows XP, you own a retail license, and the package will have the product key you need.  If you can find it.  Retail licenses for XP are for sale on eBay at prices ranging from $20 to over $100.  Expect prices to go up as these become rarer.

You may be able to talk the I.T. people where you work into giving you a product key for a volume license of XP.  (Remember, though, the VMWare software is free only for personal use; if you're doing this for work, you'll need VMWare licenses.) Educational licenses for XP are not locked to particular hardware, so you can use an education license if you have one.

I am told that one can find product keys that will work through searching the web.  I haven't tried that.  You shouldn't, either, because it's probably illegal.  (In the words of the late Jay Rosenberg, I have been politic and you have been warned.)

Cloning the XP System:  This step is optional.  Because I am conservative and risk-averse, I used the free edition of Macrium Reflect to make a clone of my XP system disk.  I booted from the cloned disk and changed the product key there.  My thinking was that if I somehow rendered the working disk unbootable, I'd still have the original.  That step took several hours and turned out not to be necessary for me.  (Although the free edition will do everything you need to do for this step, the folks at Macrium Software have done everyone a service by making it available.  Consider buying the licensed edition if you can afford it.)

Changing the Product Key: To change the product key of a running XP system, you will need the Windows XP Product Key Tool, still available (so far) from Microsoft.  Download it, run it, and type in the new product key.  You will probably have to reboot your computer, but it either will not need activation, or will activate over the Internet without trouble.  (If it doesn't, you'll be glad you made that clone disk!)

Once your XP system has a retail or volume license product key, you can return to Creating the Windows XP Virtual Image.

Running Your Virtual Machine

You use the free VMWare Player to run your virtual machine on Windows or Linux.   For MacOS, you will need VMWare Fusion, which costs $60.  There's a free 30-day trial of VMWare Fusion, so you can be sure this works for you before you put your money down.  Download and install the correct virtual machine software for your computer.

Connect the disk with the XP virtual machine image on it and double-click the dot-vmx file; Windows XP will start and run in your virtual machine!  (If you get the dreaded "activation required" screen, you will need a different product key.  See About the Windows XP Product Key above.  As far as I know, there's no way to get past the activation screen.  You will need to rebuild the virtual machine image with a retail or volume license product key.)

After you have Windows XP running, you will want to install the VMWare tools into the virtual machine.   There will be a button below the virtual machine screen that will start the process for you.  It takes two or three minutes.

You also need to read what Byron Brewer has to say about very slow shutdowns of VMWare virtual machines. I added the four-line change suggested by Brewer directly to the dot-vmx file by editing it with Notepad.

Use "msconfig" and "Add/Remove Programs" to get rid of things that start automatically.  They will make opening your virtual machine very slow, and may engage in unwanted Internet access.

It is an increasingly bad idea to use your XP virtual machine for anything having to do with Internet access.  Most especially you should not use Internet Explorer.  XP is limited to IE 8, and web browsers are a primary vector for malicious software.  Also avoid Flash, Java, and Acrobat in web browsers.  Best advice: No Internet access from that virtual machine.  You might even want to delete IE 8, Flash, Java, and Acrobat.

If all you do is look at stuff on your virtual machine, you probably don't need to worry about the virtual disk, except to back it up from time to time.  If you are writing to the disk as well as reading, you will want to read what VMWare has to say about compacting virtual disks.  Make a backup before you compact.
  


Copyright © 2014 by Bob Brown

Creative Commons License
Virtualizing Windows XP by Bob Brown is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.

Saturday, April 12, 2014

The Four Choices of the Windows XPocalypse

My people have no tradition of proofreading.  —Ken White

It's April, 2014, and Windows XP is dead.  Although XP has its detractors, it has served us very well for a dozen years.  It's unfortunate that Windows Vista was, or was perceived to be, such a dud.  It was possible to upgrade in place from XP to Vista, and more people would have done it if Vista hadn't gotten such a bad rap.  It did, and they didn't.

Now what?

There are four possibilities:
I've fully tried the last three three of them, and am messing around with the "Keep on with XP" option.  I'll write a little bit about my experience with each one, but first a recommendation: Buy a new computer and get a new operating system.

There is actually a fifth choice: run Windows XP as a virtual machine on your new computer.  That's the subject of a separate blog post, Virtualizing Windows XP.


This article tells what to do, but not so much about how to do it.  None of this stuff is hard, but you might want to have a techie friend work with you through whichever option you choose.

One other thing: to accomplish either of the latter two possibilities, you will need an external disk drive, which will cost you $90 to $150.  You really need one of these anyway so you can back up your data.

Keep on With Windows XP

I can't really recommend this one.  Eventually, some bad guy will find a serious flaw in Windows XP and Microsoft won't fix it.  Do you care?  Yes, you do!  Operating system flaws put your data at risk.  Irreplaceable photographs could be deleted or corrupted.  If your web browser knows your banking password, or something equally important, the bad guys could get it.  They could send spam through your computer or mount attacks on others from your computer.

With that said, Windows XP did not turn into a pumpkin on April 8, and no hard drives exploded.  If you're a little careful, you could get several more years out of Windows XP.  How do you be careful?

Run Windows Update:  Microsoft released security patches for WinXP on April 8.  Be sure you've got them by running Windows update. If you had automatic updates turned on, you should already have the latest updates, but it won't hurt to check.  If you had automatic updates off, keep running the update process until it tells you there are no updates.  Do this now, in case Microsoft removes the XP updates from their servers.

Dump Internet Explorer:  The latest versions of Internet Explorer will not run on XP; we're stuck with IE 8, which is not being updated any more, and the web browser is the entry point for a lot of malicious software.  The most current versions of Firefox and Chrome work on XP.  Get one or both.  Do not use IE 8 for anything.  At all.

Don't be "Administrator:"  Many of us, myself included, were in the habit of using a login account with Administrator privileges. The trouble with that is, if malicious software finds its way into your computer, it will have administrative privileges, which means it can do great damage.  Make a new account, like "Bob Brown Adm" and give it administrative privileges.  Change your regular account to have limited privileges, and use that one unless you really need to administer something.

Disable Java and Flash in the Browser:  These are major entrances for malicious software, and if they're enabled, they will run automatically if you reach an infected site.  By the time you know there's a problem, it will be too late.

Run Anti Virus Software:  Although your operating system won't be updated when new security flaws are found, your anti-virus program may be able to defend you from some of them.  If you are already running Microsoft Security Essentials, Microsoft has promised updates through July, 2015.  If you don't already have an anti-virus product and need something free, try Avast! 2014.  My recommendations for paid products are those from Kaspersky or F-Secure.  Don't try to run more than one A-V product on the same computer.  They don't work or play well together.

Keep your other Applications Up to Date:  The operating system is not the only thing bad guys can attack.  If you are running other applications, keep them up to date.  Software makers may keep publishing updates, especially security updates, for their Windows XP applications for some time after Microsoft support has ended.  If there are updates, get them, regularly!  Secuinia PSI will help you find out what applications need updating and help you get the updates.

Have Good Backups:  You should be doing this anyway.  The most valuable part of your computer is generally your data.  You'll need an external drive and backup software, or one of the cloud backup services.  I like the external drive approach because it's under my control.  Power off that backup drive when you're not actually making backups, or malicious software could infect it, too. 

Stay Away from Public Networks:  If you are at home or at work, you're almost certainly connected to the Internet through a network address translation (NAT) device.  It's not really a firewall, but it does protect your computer from unsolicited network packets.  A public network could assign a registered address to your computer, which would expose it to the Internet with no protection at all.  It's not likely, but it could happen.  You have to worry about the network operator and whoever else may be on the same network, too.

Buy a New Computer, Get a New OS

This is the path of least resistance, although not the path of least money.  It's not as expensive as you might fear, though.  Buying Windows 8.1 will cost you over $100 unless you are eligible for an education discount, and you can buy a new computer with Windows 8.1 pre-installed for less than $400.  (That's a pretty minimalist computer, but you can get one that's highly capable and still be in the three-figure price range.)

You can save your data, most of it automagically, but you will have to re-install your apps.

Transfer Your Data:  With both computers connected to the same network, install the (free from Microsoft) PC Mover Express software on both computers.  If possible, use a wired network; this may take forever if you try to do it wirelessly.  Laplink has a special Ethernet cable for $10 if you don't have a wired network available.  (By the time you add shipping, it's $22, though.)  Order it when you order the new computer, and you'll have it when you need it.  (You might be able to use an Ethernet crossover cable if you have one around.  I haven't tried this.)

Follow the directions and PC Mover Express will migrate all your data, including most application settings, to your new PC.  Plan to do this over night as it could take many hours.  When I did this, it found everything except my Lotus Notes files and the profile for the Firefox web browser.  The free MozBackup program will save and restore your Firefox profile and those of other Mozilla products, like Thunderbird.

Buy and Install Start8:  The Start8 program ($5.00) restores the start button to Windows 8.1.  Microsoft has promised to put the start button back in a later release, so you may not need Start8.  Or, you may be happy with Microsoft's "start screen" and not need Start8.

Reinstall Your Applications: You will need to reinstall you applications from the original CDs or DVDs.  If you've downloaded free software for XP, you 'll have to download it again.  And, some old software may not work with Windows 8.1.

Put the Old PC in a Closet:  Once you have everything like you want it, put the old PC in a closet for six months or so.  If you find there's something you need from it, you can haul it out, fire it up, and copy what you need to a flash drive.  If you don't discover that you need anything in that six months, you probably got everything when you copied the data.

Finally, Nuke the Old Disk:  When you are confident that you no longer need anything from the old PC, destroy any data that may be on the disk.  This is a critical step, especially if you've saved passwords in your web browser, stored credit card numbers, or otherwise put sensitive data on there.  Darik's Boot and Nuke is a free program for secure erasure of disks.  Download the image file, burn it to a CD or DVD, and boot the old computer from the CD.  Be careful with this!  It will completely erase the disk(s) in any computer from which you boot it.

Once you've done the boot-and-nuke operation, there will be nothing on the disk of the old PC, including the operating system.  You can now recycle it, donate it, or (try to) sell it.  Do not have high hopes for selling it, though.  It might bring enough to buy a lunch.

Or, you could install Linux on the old PC and keep it as a spare or donate it to a church or school.  Installing Linux will effectively wipe any previous data.  If you want to be especially cautious, run boot-and-nuke first.

Back Up Everything and Upgrade the Operating System

You want to keep your own hardware, but run a newer operating system.  You first have to find out whether your hardware will support Windows 8.1 because you can't buy Windows 7 any more.  If you are unsure whether your system meets the specifications, you can download the "Upgrade Assistant" from that link and it'll tell you.  You will need to know whether your computer has an x86 or x64 CPU to know which flavor of Windows 8.1 to buy.  Do note that a copy of Windows 8.1 will cost you $100 or more unless you can get an education discount.  You will want to think about buying a new PC or dumping Windows in favor of Linux.

You will be able to back up and transfer your data files, but you'll have to reinstall your applications, and some of them may not work under Windows 8.1

OK... you've decided to go ahead...

Back Up Everything: You are going to blow your installation of Windows XP completely away when you install Windows 8.1.  If you have anything at all on your XP computer that you want to keep, copy those files to an external disk before you start to install Windows 8.1; otherwise, they'll be gone forever!  Remember, this applies to pictures, documents, movies, etc.  You cannot use your Windows XP applications under Windows 8.1.

Install the Operating System:  Install Windows 8.1 from the DVD you got when you bought the operating system.  When you're done, you will have a bootable computer with nothing on it except the OS and a few applications that came with it.

Buy and Install Start8:  The Start8 program ($5.00) restores the start button to Windows 8.1.  Microsoft has promised to put the start button back in a later release, so you may not need Start8.  Or, you may be happy with Microsoft's "start screen" and not need Start8.

Reinstall Your Applications: You will need to reinstall you applications from the original CDs or DVDs.  If you've downloaded free software for XP, you 'll have to download it again.  And, some old software may not work with Windows 8.1.

Restore Your Data Files:  Attach the external disk to the computer and copy the data files from your backup to their new home.  The structure of Windows 8.1 is different from that of XP.  You may want to explore around a bit before you start copying the files.

You will want to hang on to that external disk for a while before you write over it in case you missed getting something off of it.  (If you missed putting something on it, it's gone forever!)

Dump Windows and Use Linux

If your computer is not up to running Windows 8.1 and you mostly use it for surfing the web and using web-enabled email, you can run Linux and be happy.  You can even do a little word processing or maybe watch a DVD using Linux.  Your WinXP "apps" will be gone, though, along with WinXP.

Don't listen to people who tell you that Linux is only for techies.  You will find modern Linux distributions very similar to what you're used to.

Back Up Everything: You are going to blow your installation of Windows XP completely away when you do this.  If you have anything at all on your XP computer that you want to keep, copy those files to an external disk before you start to install Linux; otherwise, they'll be gone forever!  Remember, this applies to pictures, documents, movies, etc.  You cannot use your Windows XP applications under Linux.

Get Lubuntu Linux:  Lubuntu is a lightweight edition of the Ubuntu Linux distribution.  Download it using your Windows XP machine and make a bootable flash drive.  You will need to know whether you have an x86 processor or an x64 processor.  Once you have that bootable flash drive, you're done with XP!  Boot from the flash drive (you may have to play with the BIOS boot options to do that) and you will install Lubuntu Linux.

You will do the following steps after you are running Linux.  There is an enormous amount of software for Linux.  Some is for generic Linux distributions and some is specific to a particular distribution.  If you can't find a package specifically for Lubuntu, use the Ubuntu version or the generic version.

Install a Browser:  Lubuntu comes with Firefox pre-installed.  If you prefer, you can install Chrome.  When you have Lubuntu running, use Firefox to do a search for "Chrome Linux" and you'll be good to go.  (I didn't put a link in here because it won't do you any good until you're already running Lubuntu.)

Install Libre Office:  Libre Office is a cross-platform office suite with many of the features of Microsoft Office.  The best feature is that it's free!

Install VLC:  The VLC media player is also free and works with Linux.  If you have a suitable sound card, you can use VLC to listen to music.  You may even be able to watch DVDs, depending on your hardware.




Copyright © 2014 by Bob Brown

Creative Commons License
The Four Choices of the Windows XPocalypse by Bob Brown is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.