Microsoft warns of lapsing Windows support

Discussion in 'other software & services' started by JRViejo, Feb 9, 2010.

Thread Status:
Not open for further replies.
  1. JRViejo

    JRViejo Global Moderator

    Joined:
    Jul 9, 2008
    Posts:
    20,926
    Location:
    U.S.A.
    Computerworld Article By Gregg Keizer.​
     
  2. captainron

    captainron Registered Member

    Joined:
    Oct 22, 2009
    Posts:
    77
    I could have sworn I saw something on microsofts site that said support would go until 2012, at least for critical updates
     
  3. MikeBCda

    MikeBCda Registered Member

    Joined:
    Jan 5, 2004
    Posts:
    1,627
    Location:
    southern Ont. Canada
    If I remember correctly (dubious, of course, as usual), XP SP3 is supposed to go until 2014. But you might be right about 2012 -- certainly it's no earlier than that.
     
  4. captainron

    captainron Registered Member

    Joined:
    Oct 22, 2009
    Posts:
    77
  5. JRViejo

    JRViejo Global Moderator

    Joined:
    Jul 9, 2008
    Posts:
    20,926
    Location:
    U.S.A.
  6. Nebulus

    Nebulus Registered Member

    Joined:
    Jan 20, 2007
    Posts:
    1,582
    Location:
    European Union
    I run vanilla XP SP2 (no updates) and I never got infected (at least not yet) :D
     
  7. acuariano

    acuariano Registered Member

    Joined:
    Nov 4, 2005
    Posts:
    786
    sounds like microsoft is advertising win8...
     
  8. captainron

    captainron Registered Member

    Joined:
    Oct 22, 2009
    Posts:
    77
    unpatched windows is waaaay easier to infect than a fully patched system, for ex

    http://www.youtube.com/watch?v=1roTgk_SrMw
     
  9. jonyjoe81

    jonyjoe81 Registered Member

    Joined:
    May 1, 2007
    Posts:
    829
    As long as you have your firewall/antivirus why do you even need to update windows? Some updates will actually make it run worst. If you run your computer without a firewall/antivirus then you will have more problems then waiting for the next update. It took me over a year to update to sp3, didn't encounter any problems in the interim.

    The old motto applies "if it's not broken why fix it" , XP has proven very solid and is as good as it's going to get.

    Windows seven is the one that needs updates, maybe someday they will get it to run as good as XP.
     
  10. captainron

    captainron Registered Member

    Joined:
    Oct 22, 2009
    Posts:
    77
    I'm shocked to read this on a security forum honestly. Anyway here's my explanation & I'm sure someone could do better - In 2007 I tested by reformatting with a very old Windows XP disk (think the one I originally bought) and it was infected faster than I could even get the browser online to download an Anti-Virus because it had so many critical vulnerabilities. I literally installed windows, hooked it up to my router, went online, downloaded avast and spybot, both scans showed hundreds of infections after about 15 minutes online.

    Your not in deep water with SP2 immediately like you are with an ancient XP disk, but so many remote execution exploits have been fixed since then no way would I feel safe with it personally. A lot of patches since then are for exploits than could easily disable your firewall, AV, and basically do whatever they want with your pc. Updating windows is in the top 3 of any security guide I've seen for Windows for this reason.

    here is a link about this weeks updates (these aren't minor fixes, a lot of critical security updates) - http://www.computerworld.com/s/arti..._of_likely_attacks_against_Windows_PowerPoint
     
    Last edited: Feb 10, 2010
  11. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    Well, that was a silly thing to do! The Windows firewall wasn't enabled by default until SP2, as Microsoft's Michael Howard mentioned in a blog shortly after the the emergence of the vulnerability which led to the Conficker exploit:

    http://blogs.msdn.com/sdl/archive/2008/10/22/ms08-067.aspx
    Surely, no one today would connect to the internet without making sure a firewall was enabled and properly configured.

    Old saying:
    Now, jonyjoe81 does have a firewall enabled, so your experience cannot pertain to him.

    regards,

    -rich
     
  12. captainron

    captainron Registered Member

    Joined:
    Oct 22, 2009
    Posts:
    77
    used a hardware firewall and just did it to test the the security of old versions of windows so I didn't plan on using it permanently. I'm not sure if you guys are trolling but leaving vulnerabilities open in windows is not a good idea, regardless of firewall/AV.
     
  13. Chuck57

    Chuck57 Registered Member

    Joined:
    Sep 2, 2002
    Posts:
    1,422
    Location:
    New Mexico, USA
    I'll vouch for that. I have Vista on my laptop. It downloaded sp2 and no problems. One of the next security updates completely screwed up my wireless connection and Vista wouldn't boot on top of it. Fortunately I managed to get into SAFE mode but the only solution was System Restore. I went back to the SP2 installation and turned off auto updates.

    With Defensewall and Sandboxie, I think I'm protected enough.
     
  14. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    Sorry, I missed that. I would be interested in what some of your 100 infections were!

    -rich
     
    Last edited: Feb 12, 2010
  15. theblade

    theblade Registered Member

    Joined:
    Feb 12, 2010
    Posts:
    29
    some forward thinking users may be advanced enough to keep an outdated OS relatively secure but IMO if the goal is security the system should be updated, and windows should be kept updated.

    Even if you don't use ms paint if its on your system it could still be exploited. I know for sure that outdated versions of IE can be exploited even if you aren't browsing with IE, just by being on your system according to a few Microsoft Technet Articles I've read.
     
  16. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    This sounds reasonable, but each person will have to make that decision when arriving at the point that the OS is no longer supported with updates.

    I've not seen any exploits for MSPaint, so I can't challenge your assertion. Meanwhile, in the absence of exploits, I'll defer to Microsoft's scenario:

    Microsoft Security Bulletin MS10-005
    http://www.microsoft.com/technet/security/Bulletin/MS10-005.mspx
    Can you provide links to the articles?

    thanks,

    ----
    rich
     
Loading...
Thread Status:
Not open for further replies.