Ten years later, Windows XP still dominates the Web

With it? Any today examples?

Even when "your way" is probably wrong?

New fixed code replacing old incorrect code. Is this necessarily "extra bloat"?

Still, you are probably missing other fixes for non-security issues that could improve stability and performance of your system. Plus, if one defeats your third-party tools/policies, your OS will be a very easy target.

Nice, because they definitely shouldn't.

 

Can't remeber specifics.

In what way is it wrong for me ?

= More Mb's of disk space used up by code i don't NEED. XP2 works fine here. No BSOD's etc

If it wasn't as stable as it is, i'd change it. Don't NEED to though !

Who or what is going to do that, & how Exactly ?

How Exactly ?

.

Fine by me

 

Just wondering, if I use a pc with clean install of XP (sp2), not updated flash, not updated java, no security software, and I go a few years without infection

would you call that setup secure?

Serious question. This is something I've noticed - different people have different definitions for what's secure.

 

While I definately would not call that a secure setup, I think as long you are not getting infected - that it is irrelevent. I use Windows 7 with nothing an the way of real time security software (I have even has disabled Windows Defender), but I do use the standard Windows firewall. Definately a most insecure setup, but, I also never get infected. What is much more important than having a very secure setup anhd trying to catch or block any possible infection, IMO it is much more important to know how to avoid getting infected in the first place.

 

No.

Okay, but what if they were to rephrase their statements along the lines of:

"I'm running XP SP2 with outdated Flash, Java, and no security software, and even though it's less secure than those using Windows 7 fully patched, I can remain exploit free just as likely as them"

?

In the right hands, like Cloneranger's for example, this is indisputably possible. The outdated XP SP2 scenario you describe is not secure, but it doesn't mean it can't be kept free of exploits and malware.

 

This is assuming any computer is just as likely as any other to be targeted regardless of OS/ running software.

Something worth debating.

Cloneranger has a very different setup (from my example, which uses no security software) since he supplements patching with 3rd party security software. It's kind of like disabling ASLR, DEP, and SEHOP and using EMETto force just the programs you want to use it imo.

Not saying it's "wrong" that's just an analogy I think is apt.

 

Yes it's different. I just used his example because he's getting heat for his approach Your example, if run by a security concious person such as many of those found here at Wilders, including yourself could probably also run malware free for a few years. It doesn't mean it's a secure setup - it isn't - but it's the individual running it who can, with the right abilities, keep it exploit free.

 

A couple of points:

• Just because Java is updated is no guarantee to be immune from possible infection:

Who is Exploiting the Java 0-day?
http://blog.fireeye.com/research/2010/04/who-is-exploiting-the-java-0day.html

• Just because Java is not updated doesn't necessarily mean the user is not secure, if the user has Java enabled for trusted sites (white listed).

Here, using a site with a Blackhole kit with Java enabled gobally, the exploit starts to run:



Disabling Java globally, and the JRE will not load:

I wouldn't do that, because then nothing can intercept the Java exploit if encountered in any of the situations above. Best to have something in place:

I would not judge from a distance any person's approach, and question it only if the person was advocating that every one do the same!

regards,

-rich

 

Yeah, my problem is that while these two things seem related they really aren't. One is saying that 0days exist and one is saying that you can prevent exploits in old software.

There is really very little reason for the user not to be doing both.

Me either except on a board where I like to discuss computer security =p

 

Clone Ranger, I have to say it's a strange decision to not install AT LEAST the security updates for Windows especially when you're a security conscious person. But as long as you're not preaching it to new or unsophisticated users, then you can not update whatever you want as far as I'm concerned.

I'm interested to know how not updating an OS affects it performance. Your argument is that it adds bloat and MBs to your system. But all those patches change the OS. And for an OS that's as old as XP, that's (getting my calculator) a crapload of changes. So let's forget security for a second. On a basic level, how different is a completely virgin, non-updated XP from a 2012 fully patched XP? Is it different enough to affect the performance of software? networking? peripherals?

 

The argument is "I don't need better performance so why risk it" iirc.

Updating XP would add a few MB of "bloat" and likely improve performance considering that that's what performance updates do.

If someone is happy with their relatively (though adequate) poor performance it doesn't really benefit them.

 

As far as updates affecting performance goes, if you have an old XP non-service pack disk lying around, and you feel like experimenting try loading it up in a spare machine or vm, behind a router or unplugged from the 'net is a good idea no patches or SP's added, and navigate thoroughout, open some apps, and behold it's blazing speed as comparred to even a SP1 or especially SP install The comparison is like night and day.

 

Some are satisfied with "fast enough."

 

Are you kidding?
Some are satisfied with "not slow".

 

Some, not me. I believe in progress.

 

Yep, just where I thought this would go. All the "get with the times" and "newer is better" puppets are coming out. The thread has become pointless.

 

The thread was pointless from the start....

 

Yes, god forbid discussion on new technology as it pertains to security.

 

Fastness today depends from the net, servers, etc., not from OS.

 

Except for the vast multitude of functions not dependent on the internet that are provided in Windows.

Or rendering pages in the browser.

 

Hi Kerodo,

Well, we've said that in the past about some firewall threads!

Actually, it's been "kinda fun" as long as the rhetoric doesn't degenerate into personal attacks!

It's highlighted for me one of my feelings for *many* years, that security is first and foremost a state of mind, a point of view. The important factor in security of any kind is that the person have a peace of mind that the security setup is adequate. Whether securing a computer, or one's home: it's all the same.

In computing, we've seen in this thread that some run no extra security other than Windows 7 + a firewall, and others who have quite a setup in support of an older OS.

In home security, some have heavy mesh doors on the outside, bars on their windows; their neighbor may have none of these. They justify their approach based on their own point of view and perception of vulnerability.

(In both cases, does it really matter what the approach is, if the person hasn't had any security breaches and remains confident?)

"Point of view" has been recognized for generations. Note this by the Spanish writer, Ortega y Gasset:

----
rich

 

I agree. I don't think any of us are personally attached to our security methods are we?

 

Or personally attached to progress, right?

Security means different things to different people, and each person then might have a different set of priorities. That right there makes for an awful lot of disparity.

 

This is what I was asking abuot before. I'm honestly curious asto how people view security.

 

My view on security hasn't changed much with different Operating Systems. But this is not the thread to expound on this.


----
rich