Defence finally ditches XP for Windows 10

Of course I will continue to use my XP safely as long as it is alive.
Period.

@Brummelchen

I know a lot of software developers who also use Pale Moon.

 

XP is dead since a while, you are just using a trick to get updates that are not even destined to home computers...

 

It is true that XP is dead.
But writing inaccuracies is something else.

What's the trick?
It is the beta version of Pale Moon adapted for Windows XP.

 

Not about Palemoon, I was talking about the reg trick to get PoS updates for XP.

I thought you used it when you said "as long it is alive"

 

Version 55 is obsolete.
Its branch is extinct in favor of version 52.

 

Never mind, this trick will end in April 2019.

https://msfn.org/board/topic/178202-end-of-posready-2009-patches-what-to-do/

 

i got my first computer in 2007 with XP Pro SP 3 installed on it. i had a few infections in the beginning because i didn't understand what i was doing well that was then. I'm still using the same set up only without any real time anti malware antivirus software. My security measures consist of private firewall and win patrol with on demand superantispyware. In the last 10 years it found 3 tracking cookies and that because i started IE 8 to see if it still worked..

Windows XP is an operating system that gives me the feeling that I'm in control of my machine..

 

Maybe they are not designed for home computers, but they still cause less problems than Windows 10 updates

 

Sorry Brummelchen but you are wrong and only spreading FUD.
For your enlightenment:

The derived and recommended product is Pale Moon, the flagship browser of the XUL platform.

 

Personally, I never had any issues with Win10 updates on 3 machines. Maybe because i keep my OS clean and lean.

 

Sure, as long as you don't mind being limited in browser choices, and running an Alpha version as well. I get it; you're obviously happy running XP and you have the ability to keep it (supposedly) secured from modern day threats, then that's all that really matters

 

I'm not defending XP. In fact I didn't even had XP installed, neither in the past nor now.
Fact is that the risks of running XP are overrated.
- no sane person will waste his time to discover Zero-day vulnerabilities for XP
- no sane person will waste his time to code new malware for an old OS, malware that won't run on modern devices
- even a mediocre AV should have signatures for old malware

So no wonder that the Defence Dep didn't fall into panic and are switching only now.

BTW, how about those tens of millions of unpatched Android on mobile devices?
Those are are a real threat for their owners and the media keeps mostly quiet about the issue.

 

I could also install the stable version, but its development is usually slower than the last Pale Moon build:

https://github.com/Feodor2/Mypal/releases


Other browsers that I could use with XP are:

3) Basilisk fork by Roytam1
4) K-Meleon fork by Roytam1
5) Borealis Navigator
6) Seamonkey 2.49.5 https://www.wg9s.com/comm-esr/
7) Maxthon

A good choice for a dead OS.

 

This mindset falls into the category of "security through obscurity". It's not real security, but I suppose it does have some merit.

 

Here's a listing of all XP vulnerabilities through 2017: https://www.cvedetails.com/product/739/Microsoft-Windows-Xp.html?vendor_id=26 .

From 2014 - 2017, 10 vulnerabilities were found. A few of these were patched via special Win Update creation; e.g. Wannacry SMB exploit. Does the low 2014 - 2017 detection imply that all WIN XP vulnerabilities have been found? No! What it does indicate that no one is actively performing pen-testing and the like with vulnerabilities being reported. You can bet your booties that malware developers were doing this activity during this time frame since there still are XP targets of interest out there as the posting article indicates. Assume there have been exploits during this period and to this day in fact. They are just not being reported since they won't be patched anyway except for extended support licenses.

 

Or use a firewall.

Mrk

 

IDK. EternalBlue apparently didn't work on Windows XP, but it did on Windows 7. Thread here: https://www.wilderssecurity.com/thr...ims-were-using-windows-7.394164/#post-2677813
I guess it all depends if exploit developer has incentive to target XP system and test if their creations work on it. Majority of users moved past XP so I don't think that this system is still interesting to create exploits for.

 

that ofc means in most cases people have an illegal patched (posready) windows xp and all of its side effects

statcounter tell me about 2 per cent of all are xp
http://gs.statcounter.com/os-version-market-share/windows/desktop/worldwide
2 per cent is more than enough to start attacks vs the rest. when xp fell out of support reversers search for unpatched holes, this will come also with windows 7. guess why MS patched some really critical flaws in xp!?

 

StatCounter confirms that XP is definitively a low target.
If you'd be offered to get paid $2000 or $40 which offer would tempt you more?
Keep in mind that Zero-day exploits are traded on the black market.
Besides, even if not all but many of those still on XP simply can't afford a new device no matter how cheap it might look to you.
By targeting such people your chances to make any profit are equal to zero. After all nowadays malware isn't written just for fun but for profit.

What strikes me most - people using XP are urged to update to WIN10 and thus to buy a new device since the old hardware is too old for Win10.
The switch to a light Linux distro instead wouldn't imply any costs. Neither would one need to buy a new device nor would one need to have Win10 which Microsoft should have named WINDOWS10-TM (TM = TeleMetrie).
Of course, such an advise would hurt business and Microsoft's market share - hence tech magazines and portals will beat the drum for Win10.

 

What would be the side effects?

In the MSFN community there will be at least 30 users working to find and correct any problems patches.
In February, only one patch was problematic.
And it was promptly withdrawn and replaced in un day.

 

I didn't encounter any problems so far on two VMs with Windows XP.
Since companies are paying to receive updates for this OS, I wouldn't be surprised if updates go through even more internal testing than let's say Windows 10.

 

and those are not resolved for xp, so the flaw is still present and usable. as i wrote xp is not different in its basics like windows 7/8/10, but the hurdle is raised with 7/7/10.

does it really? there are lots of illegal activated windows on the run and ms cares how much? from time to time they do, buts thats pointless.

i dont mind, i am running win7, win8 for work, win10 (3 different) for fun and testing.
2 per cent means 1 of 50, unfortunately i dont have a number in millions, 2017 was 7% and counted in millions.
i dont have a number of infected or zombie computers.

 

People that keep using XP are not much different from those using old vintage cars. Same mindset i guess.

 

I think you might be thinking along the lines of ransomware. And in that regard, corps are the primary targets regardless of OS ver. used.

But if a banking trojan or other credential stealing malware can be installed and, God forbid, these people use the Internet for financial activities, there is plenty of extortion money making opportunities.

Also of note is your primary protection against rootkits prior to Win 10 secure boot option is KPP which doesn't exist on XP. Since the whole purpose of rootkits are to remain as stealthy as possible, assume there are a lot of XP folks that have one or more of them.

 

What I observed so far:

People using XP seems to feel the need to Install one or more security products to fill the security holes. Some even struggles to do so because some softs have hard time to perform properly on. XP.

People using Windows10 doesn't need to do so.

I can't find any XP users going online with out-of-the-box XP.

So basically they confirm and acknowledge that XP is security crap but keep using it. If they were Average Joe I could understand but security forum members...