Ten years later, Windows XP still dominates the Web

Very good points, Rmus, though just to pose a question for fun

Take any one of us security enthusiasts involved in this thread, and using an older O/S like XP Pro secured to the best of our knowlege and abilities, are we just as secured running it as compared to running the newer Windows 7 Pro secured to the best of our knowlege and abilities?

 

I have no idea! There are just too many human variables ("best of our knowledge and abilities") involved in that scenario.

For every argument in favor of what you propose is one similar to what ronjor just posted, so, take your pick!

----
rich

 

Lol, XP and U2 have a lot in common. Fantastic right out of the gate, but got crappier from that point on.

 

I disagree with this. I think XP was an excellent OS at the time of release and still continues to be so. Sure, Windows 7 is newer and better than XP, but this does not make XP a bad operating system, so I would be interested know how you consider that it "got crappier" over time.

 

Too give my answer honestly, and given my extent of knowlege and abilities on both O/S', I feel I have a better chance of avoiding threats using Win7 (though I'm using Utimate, I would feel the same using Pro), but in no way does that mean I can't run Xp securely, nor discourage anyone from using it if they know how to properly secure it.

As an aside, it's funny, and somewhat too bad, how so many seem to be judging the excellence of an O/S based on how well it can stand up to threats, as opposed to functionality and user experience. One can only imagine how differently Windows and other O/S' would have evolved if malware never existed.

 

Cause they still haven't found what they're looking for?

 

Owww... I see what you did there!

What would the world be like without evil...

 

He-he, yeah, I guess that's what it comes down to

 

♫ ♪ Imagine there's no malware, it's easy if you try. ♫ ♪
(Sorry, the musical references to U2 above made me do it.)

I agree with Rmus 100% on AE. For me, after an instant recovery program, it's the single most important piece of software and worth every penny.

XP is a good operating system like a well-cared-for classic car is still a good car. You might want to warehouse it, rarely (if ever) take the risk in driving it, but for everyday transportation you'll use a modern, safe, up-to-date car.

 

Not if you know how to secure it. I don't plan on dropping it anytime soon.

 

Hindsight is 20-20.

 

Absolutely nothing original in that article. Plus, I'm not sure that Vera Lynn can in any way be related to "rock".

I think there's a desperation to sell as much Win 7 as possible before Win 8 goes on sale. And then, gasp, articles will appear on why Win 8 is safer

 

And we will be hearing how insecure Windows 7 is.

 

In terms of security I don't think the differences are nearly as massive as the changes between XP and V/7.

Win8 adds smartscreen but otherwise it's all just improvements to the old systems - improved integrity levels, improved ASLR, some anti-ROP. Nothing really amazing.

The difference between XP and WinV7/7 is an entirely new integrity system, new token system, UAC, ASLR, SEHOP, and defender built in + an action center + a better updater.

Not exactly comparable situations. But, of course, yeah, Windows 8 does implement more security features. I still think we really need to watch XP die and see how that effects Vista and 7 and 8.

 

You forgot some Win8 new security features like USB Protection, Reset your PC, Refresh your PC, Secure Boot, built-in MSE instead of Defender, Picture password and Windows Store.

 

MSE over defender is just another improvement to what's there. I don't know what USB Protection is, can you elaborate?

Resetting/ Refreshing are nice but they're cleanup features, not protective methods. Secure boot is nice for those who have the hardware to use it but good point I forgot about it.

 

This:

 

Sounds like it just scans a USB when its plugged in.

 

@ Hungry Man

Of course a HIPS isn't a dedicated AE !

Sure, but some of us actually research the File/App etc before we run/install it/them. Furthermore, after X amount of years, some of us are able to use our instinct etc to make Much better decisions than we might have before. Otherwise we wouldn't run/install Anything ever !

But just trusting your OS with the latest patches etc, is NO guarantee of safety etc. And as most of us already realise, Vista & W7 comps get blasted Every day around the world. Up to 100,000 new nasties are released Every day & they are NOT only targetted at only XP or earlier OS's. If they didn't work, the baddies would have to find something else to do.

Glad you agree on something ! So there's No need to keep challenging us that use it, and/or other time tested Apps/Setups etc.

 

Funny, I've got 2 people who are running windows 98SE and XP,and both are running Deepfreeze and an AE,never been infected. Strange indeed.

 

My grandfather always taught me never to buy things for the sake of buying. If it does what you want it to do, and does it reliably, keep using it.

I have a Maytag from the 60's that still washes clothes. It might not have all the bells and whistles of the new washers but it still washes cloths well.

I have a 14 year old car. It' reliable and gets me from point A to point B without problems. May not have all the new things a new car has but it suits my purpose and does it well.

I have two computers with XP. One from 2002 and another I found on the curb ready to be thrown away. Both do what I want and efficiently. I have never been infected and that it just running an AV, Windows Firewall, and running in a LUA. I keep regular backups. If I should get infected, then it's just a matter of a reformat and reimage.

Like I said in a previous post, If the computer is running well and all I need is an OS to browse,write a note here and there, or view a PDF, I will probably switch to linux when security updates are no longer available. Or, keep going with XP and take my chances knowing I always have a backup available.

 

Right, that's all it seems to be, and as for safeguarding against attacks from infected sticks, afaik, disabling Autoplay/run does that anyway.

 

My OS is a platform to run my app.s. No more, no less.
Said app.s help me be productive, communicate, and keep me in business.
XP serves me just fine. Widows 7 may even cause some compatibility issues (more related to 64 bit).
My risk profile is low, so security is of secondary (even tertiary) concern.
At the moment, there is no incentive to upgrade.
My netbook is Windows 7, and, after a bit of a learning curve, I find I like it.
I will be replacing my desktop this year, and doubtless it will be running 7.
But until then...

 

By starting in a more permissive zone, part of the policies of reducing and isolating the attack surface app is already bypassed. Using java as the example, I consider java to be too dangerous of a target to allow it to be part of the default attack surface. Besides being a target, the browser is a direct path to other targets. When IE6 was the browser, it was almost a direct path to the system core. There was no realistic way to isolate it.

If a malicious site gets access to java, it probably doesn't need anything more from the browser save internet access, which it already has. That's another gripe I have with IE's zones. Everything is supposed to fit in just 3 zones. IMO too inflexible. Years ago when SeaMonkey was still the Mozilla Suite, I tried policy manager, an extension for Mozilla that allowed the user to create the equivalent of as many zones as they wanted. The idea behind it supported exactly what you wanted, building a separate zone or policy for allowing java (or any other permission or combination of them) but nothing else for a list of sites. The idea was excellent but the code was buggy as hell. Haven't looked to see if anything more was ever done with it.

If I were limited to IE and its 3 zones, I'd set up the default internet as completely restricted zone with the actual restricted zone being a bit more permissive for sites that need it. The trusted zone would be more permissive but would make heavy use of the "prompt" setting.