How to secure Windows XP after it Xpired?

Oh yeah well you started all this scaremongering and another thing..........only kidding , Hungry Man it sounds like your at the end of your tether.

You`ve done your best to warn/inform so have your self a well earned vacation away from us xp diehards and ponder not on our fate.

Seasons Greetings

 

Re: How to secure Windows XP April 2014?

And one day before EOL, there are ways you can secure it, right? But when the clock will reach midnight, all your security will magically vanish, and you will remain unprotected!

 

Re: How to secure Windows XP April 2014?

Oh come on... I was referring to exploitation of weaknesses in WinXP's kernel. Since the kernel's code is proprietary to Microsoft, only they can patch discovered/potential security 'holes' in the kernel. So when Microsoft declares the end of life for XP (i.e., no further support) it's 'game over' (security speaking)!

TS

 

Re: How to secure Windows XP April 2014?

That code has to either be contained in a file, be part of a webpage, or be sent to an app listening for incoming packets. It doesn't magically teleport in. If I have nothing listening for incoming connections and don't open a malicious file, the only thing left is web content, which can be filtered.

I'll enjoy XP on occasion, but I'm not holding my breath waiting for this doomsday code. I'm still waiting for the code that's supposed to own this 98 unit.

 

Re: How to secure Windows XP April 2014?

Agreed, and related to what you've stated, not sure if you've seen this already, but an interesting diagram posted in another thread by Gullible Jones...

http://0xdabbad00.com/2013/04/28/exploit-mitigation-kill-chain/

 

There's no real consensus defining what 'secure' means. So the disagreements go on and on ('my definition of security is better than your definition'), etc.

 

Yes, that has always been the issue.

 

Re: How to secure Windows XP April 2014?

In this case, you are perfectly right. WinXP kernel will not be patch anymore, so it will be impossible to secure the OS from this point of view. However, people should realize that right now, MS is patching their OS'es once a month, so there is plenty of time for a newly discovered (0-day) exploit to do some damage until Patch Tuesday. Because of this, relying only on a patched kernel to secure your OS is a bad idea; consequently, you need auxiliary measures (SRP, LUA, EMET, AV, Firewall, HIPS, etc.) to make your OS more secure. And so, we come to the XP EOL problem: after EOL, the only measures that can protect you are the auxiliary ones. And they will protect you exactly the same way they did after the 0-day was found and before the patch was released.

 

Microsoft's Patch Tuesday reinforces the value of software upgrades
http://www.computerworld.com/s/arti..._the_value_of_software_upgrades?taxonomyId=17

 

Wrong, Microsoft's Patch Tuesday reinforces the idea that new operating systems are vulnerable as well, no matter how hard MS tries to convince us of the contrary.

Even worse:

In other words, an OS that is still supported by MS doesn't have a known vulnerability patched. What is the difference between now and after April 2014?

 

It depends on one's point of view (everything thing is life is a point of view).

Many people like to think that the latest OS will be the panacea for security (a point of view). Even in the early days of Windows 7, this was shown to be fallacious.

Second Windows 7 beta UAC security flaw:
February 4, 2009
http://www.istartedsomething.com/20090204/second-windows-7-uac-flaw-malware-self-elevate/

Windows 7 vulnerable to 8 out of 10 viruses
November 3, 2009
http://nakedsecurity.sophos.com/2009/11/03/windows-7-vulnerable-8-10-viruses/

This is not to be an argument for not upgrading to a newer Operating System; rather, just to point out that one needs to keep things in perspective.


----
rich

 

Excellent comment.

 

Is the following a fact or a point of view?

* Wolfgang Kandek, chief technology officer for security firm Qualys

 

All of the statements are facts.


----
rich

 

Re: How to secure Windows XP April 2014?

Not right, cause you must make some specifications and distinctions here.
1) A patched kernel is the basis for all other security implementations
2) your time argument. Not all patched vulnerabilities are known before they are patched and thats why no exploits for them are alive and itw. (Some are detected by M$ researchers, many by independent researches that only report them to M$ etc.)

BUT on patch tuesday there are always descriptions and details available for all. So everybody can see WHAT weak points exist, how they work and so on. And try to use those points to attack unpatched (and unsupported) systems - like good old XP.

 

Re: How to secure Windows XP April 2014?

This is just theory. I'm not aware of a Windows kernel vulnerability that by itself sabotages the functionality of a security software. I'm not saying that they don't exist at all, but I'm not sure that they are such a big risk. (BTW, if you have such information, please share it, because I'm really interested about this subject. Thanks.)

I wouldn't base my security on the fact that some vulnerabilities are not known to the public...

 

Re: How to secure Windows XP April 2014?

It's not theory at all. Kernel exploits are becoming more common in in-the-wild attacks, we've seen two in just the last few months to get out of sandboxes. There's another topic about the recent Adobe Sandbox breach, which uses a kernel exploit.

People should probably start realizing that "theory" is what attackers pay attention to. You think they don't read research? They do. They're fairly academic, oftentimes. And theory typically begets practice when it comes to attacks.

Years before we saw ROP based attacks, there simply weren't any, but there was research on it. And, eventually, they became the standard. That's how it works. We live in an age of information leakage now, all about bypassing ASLR - every attack on a modern OS is paired with one. In the near future, as sandboxes cover the majority of vulnerable software, we will start seeing attacks paired with kernel exploits.

That's the way it has always worked, that's the way it will continue to work. The industry is so stuck on reaction that they find it impossible to get ahead. It's why security is a cat and mouse game when it has never had to be one.

 

Re: How to secure Windows XP April 2014?

It wouldn't by itself, but once one is operating in kernel space, most security software drivers can be unhooked.

Also, you're thinking about the kernel wrong. I used to think this way too, it's a common mistake.

Wrong: the kernel is the king of the OS, passing dictums from on high.

Right: the kernel is the courier, not the king. If a program writes to the disk, it goes through the kernel. If it allocates memory, it goes through the kernel. If it interacts with another program, it goes through the kernel. Anything done by a "system call" is done via kernel space; the kernel doesn't pass dictums, it enforces policies by deciding whose messages can go where.

Hope that clarifies things...

 

Microsoft bets on Windows XP disaster
12 Dec 2013
http://www.computerworld.com/s/article/9244757/Microsoft_bets_on_Windows_XP_disaster
-----------------
PREDICTION #6: Cybercrime that Leverages Unsupported Software will Increase
By Tim Rains, Director Trustworthy Computing
12 Dec 2013
http://blogs.technet.com/b/security...ssionals-top-threat-predictions-for-2014.aspx
------------------
New cybersecurity report details risk of running unsupported software
29 Oct 2013
http://blogs.technet.com/b/microsof...ils-risk-of-running-unsupported-software.aspx

 

@GJ,

It's true that all system calls and all handling of address space, etc, will always go through the kernel. I wouldn't so much call it the 'courier' though - it certainly is the king in many situations. The kernel can reject calls or decide what to do - you just get to *ask* it for permission, or to do something. The reality is that the kernel is in command in the end of it all.

 

@HM: well yes... Analogies only go so far.

 

That's why I dislike them so much

 

And I bet on Microsoft's disaster. Let's see who wins!

Later edit: Sometimes I get really upset when I see people believing misinformation and lies fed to them by companies or by other so called "experts". But because it becomes clear that their opinion about how secure XP will be after 2014 will never change, it seems like a good time for me to leave this thread

 

I'm not fed anything by anyone. I have a formal education in CS and computer security, I do security related work, this is legitimately *what I do*. When I say something it's not parroting some stupid Microsoft article, it's informed by a wide and often hands-on education that extends a lot further than just my coursework.

From my perspective it's always the opposite - people want to hold on to XP, and they won't listen to reason about it.

This is not the first conversation on wilders on this topic - a few people have changed their perspectives, that's it. At this point I don't think anyone can call it *particularly* productive, it's really more a way to kill time for everyone, I would hope.

 

Microsoft always predicts disaster for those using unsupported operating systems. Replying to an endless supply of doomsday rhetoric gets old got old long ago. When 98 was the target of all these doomsday predictions, I paid close attention to the new exploits and malicious code, including those that targeted XP. Over and over, the same story:
"This won't be patched on 98. Users need to upgrade."
Much of the time the exploit didn't function on 98 unless someone completely rewrote it, or it wasn't vulnerable to it at all. Most of the others were easily mitigated with common sense security decisions.

Every new OS they release looks more secure against what is known, for a while. After a while, the attackers find the vulnerabilities and exploit them. In the end, after a bunch of patches, service packs, etc, we end up right back where we started. Only the names and methods change to hide the fact that it's a perpetual rerun.