How to secure Windows XP after it Xpired?

Discussion in 'other anti-malware software' started by mattdocs12345, Nov 2, 2013.

Thread Status:
Not open for further replies.
  1. Behold Eck

    Behold Eck Registered Member

    Joined:
    Aug 23, 2013
    Posts:
    560
    Location:
    The Outer Limits
    Oh yeah well you started all this scaremongering and another thing..........only kidding:D , Hungry Man it sounds like your at the end of your tether.

    You`ve done your best to warn/inform so have your self a well earned vacation away from us xp diehards and ponder not on our fate.

    Seasons Greetings
     
  2. Nebulus

    Nebulus Registered Member

    Joined:
    Jan 20, 2007
    Posts:
    1,613
    Location:
    European Union
    Re: How to secure Windows XP April 2014?

    And one day before EOL, there are ways you can secure it, right? But when the clock will reach midnight, all your security will magically vanish, and you will remain unprotected! :rolleyes:
     
  3. The Shadow

    The Shadow Registered Member

    Joined:
    Jan 24, 2012
    Posts:
    814
    Location:
    USA
    Re: How to secure Windows XP April 2014?

    Oh come on... I was referring to exploitation of weaknesses in WinXP's kernel. Since the kernel's code is proprietary to Microsoft, only they can patch discovered/potential security 'holes' in the kernel. So when Microsoft declares the end of life for XP (i.e., no further support) it's 'game over' (security speaking)!

    TS
     
    Last edited: Dec 8, 2013
  4. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    Re: How to secure Windows XP April 2014?

    That code has to either be contained in a file, be part of a webpage, or be sent to an app listening for incoming packets. It doesn't magically teleport in. If I have nothing listening for incoming connections and don't open a malicious file, the only thing left is web content, which can be filtered.

    I'll enjoy XP on occasion, but I'm not holding my breath waiting for this doomsday code. I'm still waiting for the code that's supposed to own this 98 unit.
     
  5. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    3,282
    Location:
    Canada
    Re: How to secure Windows XP April 2014?

    Agreed, and related to what you've stated, not sure if you've seen this already, but an interesting diagram posted in another thread by Gullible Jones...

    http://0xdabbad00.com/2013/04/28/exploit-mitigation-kill-chain/
     
  6. Dogbiscuit

    Dogbiscuit Guest

    There's no real consensus defining what 'secure' means. So the disagreements go on and on ('my definition of security is better than your definition'), etc.
     
  7. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    Yes, that has always been the issue.
     
  8. Nebulus

    Nebulus Registered Member

    Joined:
    Jan 20, 2007
    Posts:
    1,613
    Location:
    European Union
    Re: How to secure Windows XP April 2014?

    In this case, you are perfectly right. WinXP kernel will not be patch anymore, so it will be impossible to secure the OS from this point of view. However, people should realize that right now, MS is patching their OS'es once a month, so there is plenty of time for a newly discovered (0-day) exploit to do some damage until Patch Tuesday. Because of this, relying only on a patched kernel to secure your OS is a bad idea; consequently, you need auxiliary measures (SRP, LUA, EMET, AV, Firewall, HIPS, etc.) to make your OS more secure. And so, we come to the XP EOL problem: after EOL, the only measures that can protect you are the auxiliary ones. And they will protect you exactly the same way they did after the 0-day was found and before the patch was released.
     
  9. anon

    anon Registered Member

    Joined:
    Dec 27, 2012
    Posts:
    6,748
    Microsoft's Patch Tuesday reinforces the value of software upgrades
    http://www.computerworld.com/s/arti..._the_value_of_software_upgrades?taxonomyId=17

     
  10. Nebulus

    Nebulus Registered Member

    Joined:
    Jan 20, 2007
    Posts:
    1,613
    Location:
    European Union
    Wrong, Microsoft's Patch Tuesday reinforces the idea that new operating systems are vulnerable as well, no matter how hard MS tries to convince us of the contrary.

    Even worse:
    In other words, an OS that is still supported by MS doesn't have a known vulnerability patched. What is the difference between now and after April 2014? :)
     
  11. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,994
    Location:
    California
    It depends on one's point of view (everything thing is life is a point of view).

    Many people like to think that the latest OS will be the panacea for security (a point of view). Even in the early days of Windows 7, this was shown to be fallacious.

    Second Windows 7 beta UAC security flaw:
    February 4, 2009
    http://www.istartedsomething.com/20090204/second-windows-7-uac-flaw-malware-self-elevate/
    Windows 7 vulnerable to 8 out of 10 viruses
    November 3, 2009
    http://nakedsecurity.sophos.com/2009/11/03/windows-7-vulnerable-8-10-viruses/
    This is not to be an argument for not upgrading to a newer Operating System; rather, just to point out that one needs to keep things in perspective.


    ----
    rich
     
  12. aztony

    aztony Registered Member

    Joined:
    Sep 9, 2012
    Posts:
    595
    Location:
    Phoenix, AZ
    Excellent comment.
     
  13. anon

    anon Registered Member

    Joined:
    Dec 27, 2012
    Posts:
    6,748
    Is the following a fact or a point of view?
    * Wolfgang Kandek, chief technology officer for security firm Qualys
     
  14. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,994
    Location:
    California
    All of the statements are facts.


    ----
    rich
     
  15. SLE

    SLE Registered Member

    Joined:
    Jun 30, 2011
    Posts:
    361
    Re: How to secure Windows XP April 2014?

    Not right, cause you must make some specifications and distinctions here.
    1) A patched kernel is the basis for all other security implementations
    2) your time argument. Not all patched vulnerabilities are known before they are patched and thats why no exploits for them are alive and itw. (Some are detected by M$ researchers, many by independent researches that only report them to M$ etc.)

    BUT on patch tuesday there are always descriptions and details available for all. So everybody can see WHAT weak points exist, how they work and so on. And try to use those points to attack unpatched (and unsupported) systems - like good old XP.
     
  16. Nebulus

    Nebulus Registered Member

    Joined:
    Jan 20, 2007
    Posts:
    1,613
    Location:
    European Union
    Re: How to secure Windows XP April 2014?

    This is just theory. I'm not aware of a Windows kernel vulnerability that by itself sabotages the functionality of a security software. I'm not saying that they don't exist at all, but I'm not sure that they are such a big risk. (BTW, if you have such information, please share it, because I'm really interested about this subject. Thanks.)

    I wouldn't base my security on the fact that some vulnerabilities are not known to the public...
     
  17. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    Re: How to secure Windows XP April 2014?

    It's not theory at all. Kernel exploits are becoming more common in in-the-wild attacks, we've seen two in just the last few months to get out of sandboxes. There's another topic about the recent Adobe Sandbox breach, which uses a kernel exploit.

    People should probably start realizing that "theory" is what attackers pay attention to. You think they don't read research? They do. They're fairly academic, oftentimes. And theory typically begets practice when it comes to attacks.

    Years before we saw ROP based attacks, there simply weren't any, but there was research on it. And, eventually, they became the standard. That's how it works. We live in an age of information leakage now, all about bypassing ASLR - every attack on a modern OS is paired with one. In the near future, as sandboxes cover the majority of vulnerable software, we will start seeing attacks paired with kernel exploits.

    That's the way it has always worked, that's the way it will continue to work. The industry is so stuck on reaction that they find it impossible to get ahead. It's why security is a cat and mouse game when it has never had to be one.
     
  18. Gullible Jones

    Gullible Jones Registered Member

    Joined:
    May 16, 2013
    Posts:
    1,466
    Re: How to secure Windows XP April 2014?

    It wouldn't by itself, but once one is operating in kernel space, most security software drivers can be unhooked.

    Also, you're thinking about the kernel wrong. I used to think this way too, it's a common mistake.

    Wrong: the kernel is the king of the OS, passing dictums from on high.

    Right: the kernel is the courier, not the king. If a program writes to the disk, it goes through the kernel. If it allocates memory, it goes through the kernel. If it interacts with another program, it goes through the kernel. Anything done by a "system call" is done via kernel space; the kernel doesn't pass dictums, it enforces policies by deciding whose messages can go where.

    Hope that clarifies things...
     
  19. anon

    anon Registered Member

    Joined:
    Dec 27, 2012
    Posts:
    6,748
    Microsoft bets on Windows XP disaster
    12 Dec 2013
    http://www.computerworld.com/s/article/9244757/Microsoft_bets_on_Windows_XP_disaster
    -----------------
    PREDICTION #6: Cybercrime that Leverages Unsupported Software will Increase
    By Tim Rains, Director Trustworthy Computing
    12 Dec 2013
    http://blogs.technet.com/b/security...ssionals-top-threat-predictions-for-2014.aspx
    ------------------
    New cybersecurity report details risk of running unsupported software
    29 Oct 2013
    http://blogs.technet.com/b/microsof...ils-risk-of-running-unsupported-software.aspx
     
  20. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    @GJ,

    It's true that all system calls and all handling of address space, etc, will always go through the kernel. I wouldn't so much call it the 'courier' though - it certainly is the king in many situations. The kernel can reject calls or decide what to do - you just get to *ask* it for permission, or to do something. The reality is that the kernel is in command in the end of it all.
     
  21. Gullible Jones

    Gullible Jones Registered Member

    Joined:
    May 16, 2013
    Posts:
    1,466
    @HM: well yes... Analogies only go so far.
     
  22. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    That's why I dislike them so much :p
     
  23. Nebulus

    Nebulus Registered Member

    Joined:
    Jan 20, 2007
    Posts:
    1,613
    Location:
    European Union
    And I bet on Microsoft's disaster. Let's see who wins! :D

    Later edit: Sometimes I get really upset when I see people believing misinformation and lies fed to them by companies or by other so called "experts". But because it becomes clear that their opinion about how secure XP will be after 2014 will never change, it seems like a good time for me to leave this thread :)
     
    Last edited: Dec 12, 2013
  24. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    I'm not fed anything by anyone. I have a formal education in CS and computer security, I do security related work, this is legitimately *what I do*. When I say something it's not parroting some stupid Microsoft article, it's informed by a wide and often hands-on education that extends a lot further than just my coursework.

    From my perspective it's always the opposite - people want to hold on to XP, and they won't listen to reason about it.

    This is not the first conversation on wilders on this topic - a few people have changed their perspectives, that's it. At this point I don't think anyone can call it *particularly* productive, it's really more a way to kill time for everyone, I would hope.
     
  25. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    Microsoft always predicts disaster for those using unsupported operating systems. Replying to an endless supply of doomsday rhetoric gets old got old long ago. When 98 was the target of all these doomsday predictions, I paid close attention to the new exploits and malicious code, including those that targeted XP. Over and over, the same story:
    "This won't be patched on 98. Users need to upgrade."
    Much of the time the exploit didn't function on 98 unless someone completely rewrote it, or it wasn't vulnerable to it at all. Most of the others were easily mitigated with common sense security decisions.

    Every new OS they release looks more secure against what is known, for a while. After a while, the attackers find the vulnerabilities and exploit them. In the end, after a bunch of patches, service packs, etc, we end up right back where we started. Only the names and methods change to hide the fact that it's a perpetual rerun.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.