Time to Move On From Windows XP

Discussion in 'other security issues & news' started by SweX, Mar 26, 2014.

Thread Status:
Not open for further replies.
  1. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    The only "superiority" over Xp and earlier systems that I see in the current ones is that they're more resistant to the more advanced malware in current circulation. If that is the only criteria one uses to define security, that's your choice. If you consider privacy to be inseparable from security, the current operating systems are far superior at invading and compromising it. AFAIC, with a properly configured security package, "in the wild" malware isn't that much of a threat. protecting your privacy is much harder, especially when the current operating systems are completely hostile to the concept. For me, the shortcomings and hostile design of the current versions of Windows outweigh the benefits. I will not "upgrade" to more efficient and more thorough spyware.
     
  2. Gullible Jones

    Gullible Jones Registered Member

    Joined:
    May 16, 2013
    Posts:
    1,466
    Edit: @noone_particular, I certainly won't discount the privacy issues with modern OSes. I would point out though that modern hardware may be backdoored as well.

    I'd speculate (and please, please don't take this as a suggestion!) that a whistleblower might be best with current NetBSD on an old PowerPC Macintosh, or some other combination of modern OS and vintage hardware.

    You still have to apply updates from time to time with DeepFreeze, or it will be possible to circumvent.

    (And it probably doesn't "promise" anything, if you look at the EULA. :) )

    Now a disclaimer: what follows is probably a simplistic explanation, because my understanding of computer hardware isn't very good. But whatever, here goes:

    There are levels of privilege in a CPU - physically different states of the hardware, depending on what it's supposed to be doing. The CPU will always occupy just one of those states when running some operation.

    I'm not totally sure about Windows architecture as relates to that, but on UNIX the kernel and drivers run in ring 0 (the highest privilege level) and userspace software in ring 3. Alternatively the kernel and drivers may run in ring 1, if a hypervisor is occupying ring 0.

    At best, Windows drivers have to run at the same privilege level as the kernel. At worst (since Windows uses a weird hybrid kernel) they might run at a lower privilege level, and communicate with the rest of the kernel via the interprocess communication framework. But they never run at a privilege level above that of the kernel, because then they would be involved with some kind of hypervisor rather than the OS itself.

    The general rule is that a breach at any privilege level can beat security software running below that level, or even theoretically at that level. So if an XP system gets compromised using a kernel vulnerability a la Stuxnet, security software running at the kernel level may be bypassed, and software running in userspace has no chance at all once the exploit has happened. Since DeepFreeze (AFAIK) relies on a kernel driver, it should be considered unreliable for protecting from kernel exploits.

    This is not a fatal flaw of driver-based security software BTW, just a limitation. Normally it's mitigated by being able to patch kernel holes within a reasonable amount of time (since your OS is presumably supported by the manufacturer). But if your OS is not supported and there aren't any more updates, that goes out the window.
     
    Last edited: Apr 1, 2014
  3. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,146
    I think typically we call hypervisors ring -1, with kernel still being ring 0. At least, that's the convention I've seen most.

    I'm also not convinced by hypervisor security. It's not quite as clear cut as userspace <-> kernel. It's certainly interesting, but I don't think anyone will be utilizing it properly for quite a while, nor am I convinced that the overhead of maintaining two codebases (since hv support is on a per-cpu basis) is offset by the benefits.
     
  4. Veeshush

    Veeshush Registered Member

    Joined:
    Mar 16, 2014
    Posts:
    643
    When you look at the minimum requirements for XP it's about time:
    My only XP system is my old i586 AMD K6 III 550mhz rig. The article could gone a lot further in terms of what hardware was actually the norm then, but it surely wasn't the enthusiast "In 2001, my home PC had an Intel Pentium 4 processor that ran at 1.8GHz and a gigabyte of RAM" as he makes it out- it was a lot lower.

    Get a decent modern PCI video card these days though, and any system built from 2001+ can run a Linux distro.
     
  5. Gullible Jones

    Gullible Jones Registered Member

    Joined:
    May 16, 2013
    Posts:
    1,466
    @Veeshush: I think I'll play the devil's advocate here and ask "why?"

    Sure, a Pentium II can't handle streaming video in the browser. How many people actually need streaming video in the browser though? IMHO 90% of the useful stuff on the Internet is text, and could be rendered with a minimum of scripting. Why should that be off limits to people who don't need - or can't afford - a multimedia-capable computer?

    I do think this is a social privilege issue, too. Internet access now means, among other things, widely available access to higher education. But if the online classes require streaming video and Javascript stuff that doesn't work on old hardware, then that is a problem.

    Likewise online security and privacy as social privilege. There's a reason 90% of computer users in China pirate Windows XP, but that makes them vulnerable to getting their money stolen... Or getting in trouble with the government (if there are e.g. bugs in crypto libraries that can be exploited). etc. etc.

    And also issues of waste, and the environmental hazards, and the stupid economics driven by needless consumption...

    Sorry for the rant, this is a bit of a sore point with me. :( Point is, modern OSes are definitely more secure, enough so that a hardware upgrade is justified for those who can afford it. But the hardware upgrade being necessary just to run the OS... I'm not so sure that is justified.
     
  6. JRViejo

    JRViejo Super Moderator

    Joined:
    Jul 9, 2008
    Posts:
    97,454
    Location:
    U.S.A.
     
  7. siljaline

    siljaline Registered Member

    Joined:
    Jun 29, 2003
    Posts:
    6,618
    Windows XP still going strong despite looming end of support deadline
    http://www.pcworld.com/article/2138...-despite-looming-end-of-support-deadline.html
     
  8. Veeshush

    Veeshush Registered Member

    Joined:
    Mar 16, 2014
    Posts:
    643
    The minimum system requirements for a lot of OS are at least a i686 CPU, like a Pentium III. Vista/Win7 will run on a Pentium III rig, but you won't like it (runs slow). And yeah, you can easily get a lightweight Linux distro, like DSL or Tinycore and run https://en.wikipedia.org/wiki/Dillo all on an 486. So I'm not really getting your point here. Like you said in a post above, you can easily get legacy hardware and run something on it.

    You're acting as if they're requesting everyone have a gaming rig. The cost to get hardware that can do just that is pretty cheap (basically anything built in the last 10 years). But, for video, it can be a better learning tool to actually see and hear how something is done rather than read. Just a Pentium 4 with an decent videocard that can offload h.264 can stream video.

    Sure, I love legacy hardware to play around with, and I'll agree a lot of people would really be surprised at what a 86mhz cpu can do. Most store bought desktops I've worked on over the years are junk built to be disposed of rather than upgraded. But then these people are just moving to tablets now anyway- which are entirely built to be disposable.
     
  9. agoretsky

    agoretsky Eset Staff Account

    Joined:
    Apr 4, 2006
    Posts:
    4,033
    Location:
    California
    Hello,

    Author of the original articles in question here.

    The goal here was to provide some quick tips to people who might still need to remain on Microsoft Windows XP for a little bit past April 8, 2014.

    Neither was meant to provide comprehensive information, nor did they suggest staying on Windows XP ad-infinitum. The goal, as always, is for people use the strongest, most-secure tools possible, but sometimes they need a little help securing what they have right now, and that was the focus of the articles.

    Hope this clears things up.

    Regards,

    Aryeh Goretsky
     
  10. SweX

    SweX Registered Member

    Joined:
    Apr 21, 2007
    Posts:
    6,429
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.