Users Still Not Willing to Abandon Windows XP

Discussion in 'other software & services' started by hogndog, Apr 8, 2013.

Thread Status:
Not open for further replies.
  1. Wild Hunter

    Wild Hunter Former Poster

    Joined:
    Oct 13, 2012
    Posts:
    1,375
    Support comes in lots of ways. Fixing new critical security issues/vulnerabilities as they are reported/discovered and distributing the updates for free is part of support, for example. After 2014, this won't happen with Windows XP - XP wil hit "EOL" and its code won't be modified by Microsoft anymore AFAIK.
     
  2. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    8,013
    That's how I interpreted your comment. Even after EOL though, there are many XP users who probably just won't care about the updates, some because they don't know any better, and others because their security setup/features render it a non-issue....
     
  3. Wild Hunter

    Wild Hunter Former Poster

    Joined:
    Oct 13, 2012
    Posts:
    1,375
    Very different.

    Vista piracy rate was half that of XP, for example - http://news.cnet.com/8301-13860_3-9828305-56.html
     
  4. Wild Hunter

    Wild Hunter Former Poster

    Joined:
    Oct 13, 2012
    Posts:
    1,375
    I think we will see such "security" being dismounted in the wild (because in theory and in target attacks, such "security" was already dismounted several times) by many critical XP "zero-days" secured by the fact that MS won't patch XP anymore. 2014/2015 will be interesting.
     
  5. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    8,013
    Perhaps... Yep, the upcoming few years will be interesting in many ways.
     
  6. NGRhodes

    NGRhodes Registered Member

    Joined:
    Jun 23, 2003
    Posts:
    2,381
    Location:
    West Yorkshire, UK
  7. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    10,207
    Using old versions of this or that operating system has nothing to do with security. It's just what you need, and that's it.
    Mrk
     
  8. Wild Hunter

    Wild Hunter Former Poster

    Joined:
    Oct 13, 2012
    Posts:
    1,375
    Security in this context is about risks.
     
  9. allizomeniz

    allizomeniz Registered Member

    Joined:
    Aug 23, 2009
    Posts:
    943
    I would abandon XP if I thought I could use whatever I upgrade to for more than a few years. That's my main objection, not because XP is that much better than Vista or 7, it's not in a lot of ways. I've had it with technology being obsolete almost as soon as ya buy it. I'll just make due with what I've got, I may not have the latest bells and whistles but who cares. :)
     
  10. Wild Hunter

    Wild Hunter Former Poster

    Joined:
    Oct 13, 2012
    Posts:
    1,375
    That's easy to answer, see:
    - http://windows.microsoft.com/en-us/windows/products/lifecycle
    - http://support.microsoft.com/lifecycle/search/default.aspx
    - http://support.microsoft.com/gp/lifepolicy

    Windows 8:
    Lifecycle Start Date: 10/30/2012
    Mainstream Support End Date: 1/9/2018
    Extended Support End Date: 1/10/2023

    Windows 7:
    Lifecycle Start Date: 10/22/2009
    Mainstream Support End Date: 1/13/2015
    Extended Support End Date: January 14, 2020

    Mainstream support—Microsoft will offer mainstream support for a minimum of 5 years from the date of a product's general availability, or for 2 years after the successor product is released, whichever is longer. For example, if you buy a new version of Windows and five years later another version is released, you will still have two years of support left for the previous version.

    Extended support—Microsoft will offer extended support for either a minimum of 5 years from the date of a product's general availability, or for 2 years after the second successor product (two versions later) is released, whichever is longer. Please note: Extended support is only available for commercial customers.
     
  11. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    10,207
    Exactly, and since there are none, it's all good.
    XP is as risky as the rest of them, or none at all.
    Mrk
     
  12. Wild Hunter

    Wild Hunter Former Poster

    Joined:
    Oct 13, 2012
    Posts:
    1,375
    Are you serious? The millions of infected computers and giant botnets are all illusions for you?

    But maybe these are better questions:

    Aren't you living in Earth?

    Don't you know average Humans?
     
  13. acr1965

    acr1965 Registered Member

    Joined:
    Oct 12, 2006
    Posts:
    4,995
    From a security standpoint, aren't there enough 3rd party apps that can make XP as safe (or more so) than Windows 7 or 8 in their 32 bit formats?
     
  14. Wild Hunter

    Wild Hunter Former Poster

    Joined:
    Oct 13, 2012
    Posts:
    1,375
    Nope - especially true after XP EOL.
     
  15. Noob

    Noob Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    6,491
    Time to move on guys . . . :D
    Just kidding.
     
  16. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    4,020
    Location:
    California
    In testing dozens of exploits in the wild, I will say yes.

    But first, XP has its own built-in protection against such exploits:

    http://msdn.microsoft.com/en-us/library/ms974604.aspx
    October 8, 2001
    Here is one, MS06-014, the infamous MDAC exploit caught by Wilders member SpikeyB five years ago on an XP system w/o the patch for that vulnerability:

    [​IMG]

    SRP_2.gif

    Wilders member and tester par excellence aigle tested 6 3rd-party products successfully against that exploit.

    Businesses are vulnerable to targeted social engineering exploits, where a person may be enticed to open a booby-trapped MSOffice document.
    Here is one that was caught by a 3rd-party product -- the exploit attempts to use the Windows Packager, packager.exe, to launch it:

    [​IMG]

    rtf-3.gif

    I looked through the WinXP Vulnerabilities List at

    http://www.securiteam.com/products/W/Windows_XP.html

    and found some that I had been able to test last year. This one is interesting:

    Microsoft Windows Help and Support Center Code Execution Vulnerability
    Interesting, because it demonstrates that for the home user, a firewall qualifies as a security product, for the exploit attempts to use the Windows helphost.exe to call out for the malware:

    [​IMG]

    So, there are many ways that a user can help the OS protect against exploitation.

    DISCLAIMER: The above is solely in answer to your question, and is not intended to influence anyone from upgrading to a newer OS version.


    ----
    rich
     
    Last edited: Apr 9, 2013
  17. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    162,650
    Location:
    Texas
    https://blogs.technet.com/b/securit...-xp-ends-on-april-8-2014.aspx?Redirected=true
     
  18. To be fair, there's a Windows 2000 box in my house that hasn't been updated in years, and has yet to be compromised. (Unless my router is also compromised, which I consider unlikely at the moment.) The security stuff is handled mostly by Outpost Free 6.5.1, which I configured to silently restrict internet-facing programs, and to notify on stuff like driver loading and keylogging attempts.

    This is security by statistics, i.e not really security. But even so: several years of fairly heavy (albeit cautious) use, and no compromises.

    OTOH, I would never trust such a system to:
    - communicate with an untrusted public network
    - interface with untested peripherals
    - host any content whatsoever

    tl;dr Legacy systems can be made pretty resistant to ITW malware. That should not be taken to mean that they're secure.
     
  19. Boost

    Boost Registered Member

    Joined:
    Feb 2, 2007
    Posts:
    1,294
    I used my Windows 98 SE for a long time after updates were discontinued,so it'll be no different using XP for as long as I want - need to before upgrading to windows 7.
     
  20. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    10,207
    What's that got to do with XP?
    Take any OS, take millions of people, and you will have your botnets.
    Mrk
     
  21. Wild Hunter

    Wild Hunter Former Poster

    Joined:
    Oct 13, 2012
    Posts:
    1,375
    That's the problem of some of your statements.

    They are too simplistic, and appear to lack knowledge of stats (for example, machines running Windows 7/8 are less likely to be found infected than machines running Windows XP - by a far margin, under same conditions of usage on similar periods of times).

    Again, stats and experiments are needed to understand the big picture.

    You can't base everything with pure logic and expect to stay correct.
     
    Last edited: Apr 10, 2013
  22. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    10,207
    If you want stats, I can provide them.
    I sure can base everything on pure logic, that's the beauty of it.

    The simple truth is - technology is IRRELEVANT to security. The only thing that matter are users. XP is no more or less secure than Windows 7/8 or any other operating system, especially if you go beyond the default configurations. If you REALLY want to go over the top, you can use software restriction policies, surun, emet, limited account, and a ton of other stuff that can make XP just as dandy as anything else.

    Everything else is sales advertising, playing on fear.
    Seems to be working.

    Mrk
     
  23. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    Its easy for most of us to see this at work in every day life.

    You or some advanced user you know use win9x through win7, with no issues at all. They tweak the system and install different applications designed to enhance security (or whatever). The OS does not matter, but rather what they do to and with it.

    Conversely friends and family use win9x through win7, and all of them, thats 100% (based on my experience anyway, yours might be 95% lol ), get some problem - virus/trojan/botnet - whatever. They may even have a few security applications installed or use the latest incarnation of UAC. It doesn't matter, because its not version dependent or even really security software dependent. Its knowledge dependent.

    I would rather be me, and use windows millenium edition, than an average user relying on the "default" security of the latest version of windows ;)

    Sul.
     
  24. Daveski17

    Daveski17 Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    10,239
    Location:
    Lloegyr
    I tend to agree. Even the best most up-to-date AV can miss something. If you are aware that nothing is perfect & have at least a layered approach or are just careful where you surf, you should be relatively safe even with an older OS such as XP.

    Microsoft are good at marketing, many never question their ultimate motives.


    There's one born every minute, apparently. ;)
     
  25. Wild Hunter

    Wild Hunter Former Poster

    Joined:
    Oct 13, 2012
    Posts:
    1,375
    What are you expecting? That regular users will handle these things? LOL.

    Let's assume that Windows 7/8 are significantly less likely to end infected in the hands of regular users than XP - it's a fact, according to legitimate research.

    You love logic, so find a logical and plausible reason for that. The only one IMO is that these latest Windows version are smarter and more secure than XP.

    Here is why:

    The users didn't change.

    Their behavior didn't change.

    The popularity of the target didn't change (actually 7 is more widely used than XP).

    But the OS technology changed.

    And when you investigate the technology, what you find? Several improvements, several new features, several new techniques, related to security.
     
    Last edited: Apr 10, 2013
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.