Users Still Not Willing to Abandon Windows XP

Discussion in 'other software & services' started by hogndog, Apr 8, 2013.

Thread Status:
Not open for further replies.
  1. acr1965

    acr1965 Registered Member

    Joined:
    Oct 12, 2006
    Posts:
    4,995
  2. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    4,020
    Location:
    California
    Hi Mrk,

    This is something that isn't discussed much because

    • it's difficult to compile accurate statistics

    • it throws a wrench into the wheel of a lot of current, accepted thinking
    Five years ago, Marco at Prevx offered this comment in his blog, based on his own experience:

    December 16th, 2008
    Posted by: Marco Giuliani
    Ironically, in that month/year was detected the infamous "Koobface." From Wikipedia:

    And so:

    [​IMG]

    These tricks aren't platform dependent. Here, a DNS trojan exploit against MAC systems (image from isc.sans.edu):

    mac1.gif

    Without interviewing each owner of an infected computer, we can never have reliable statistics on how infections worldwide are triggered.

    About five years ago I spoke with a technician at a local computer shop. He told me that more than 90% of computers he has cleaned up were caused by "user error." ( I like that expression!)

    regards,


    ----
    rich
     
  3. Brian K

    Brian K Imaging Specialist

    Joined:
    Jan 28, 2005
    Posts:
    12,111
    Location:
    NSW, Australia
    Mrk,

    Can you quote a study that refutes the findings of the Microsoft study? We need more than opinions in this situation.
     
  4. Keatah

    Keatah Registered Member

    Joined:
    Jan 13, 2011
    Posts:
    1,029
    We've had 10+ years to learn the ins and outs of XP. We're pretty capable on our own without canned tech support.
     
  5. chrome_sturmen

    chrome_sturmen Registered Member

    Joined:
    Apr 29, 2006
    Posts:
    875
    Location:
    Sverige
    wouldn't sandboxie, a firewall, a light realtime av and an on-demand scanner or 2, unnecessary services disabled, pretty much cover things?

    if more was needed maybe somethin like online armor or appguard?
     
  6. LoneWolf

    LoneWolf Registered Member

    Joined:
    Jan 2, 2006
    Posts:
    3,782
    I would have to think so.
    Xp here still and I have no plans on upgrading to w7 or 8 unless my current pc takes a dump and am forced to or I have enough cash to pick up a nice high end new pc.
    Personally I've been running DefenseWall with Shadow Defender along with some unneeded services disabled plus a few other things to help cover privacy/security issues such as AdMuncher and Seconfig Xp and I have faired pretty well over the last few years.
     
  7. In theory, no, since all it takes is any two of

    a) arbitrary code execution vulnerability in any application
    b) privilege elevation vulnerability in the kernel

    Both of which categories will fill up rapidly after the OS stops being patched.

    In practice I'm not sure I'm convinced. To put it bluntly, there are enough badly configured systems out there that having a better configured (but still insecure) system may be a viable option for a long time. That doesn't make it a particularly smart thing to do though.
     
  8. roger_m

    roger_m Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    8,627
    Not an issue for me, I have only ever contacted Microsoft support once.

    I have XP on just one of my machines. I really think it is a good idea if you can afford it to upgrade to Windows 7 or 8 - not due to upcoming lack of support for XP, but because Win 7 and 8 work a lot better than XP.
     
  9. Wild Hunter

    Wild Hunter Former Poster

    Joined:
    Oct 13, 2012
    Posts:
    1,375
    Many are reading my first statement and interpreting it wrong. MS Support via telephone or mail or whatever (lol) is what matters less.

    The relevant point is that after 2014, non-security hotfix support will end. No new security updates will be released for XP.
     
  10. Wild Hunter

    Wild Hunter Former Poster

    Joined:
    Oct 13, 2012
    Posts:
    1,375
    He doesn't even consider the Microsoft study a study, lol. He seems to be one of those that classifies everything as marketing lies, stats manipulation, etc, without further analysis. IMO, this is almost trolling (especially considering the dangerous implications) - but I'm not calling for any censorship, lol.
     
  11. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    8,013
    Not a big deal IMO. Life goes on pretty much as usual for all XP users.. some may be more vulnerable than others, but the risk is very small, practically speaking... as has been mentioned, all depends on the user.
     
  12. Wild Hunter

    Wild Hunter Former Poster

    Joined:
    Oct 13, 2012
    Posts:
    1,375
    The risk isn't very small "practically speaking" - as already pointed out before. The risks are big and relevant.

    And I disagree that all depends on the user. Sure, users have their freedoms, etc, but technology should adapt to them. Especially to the mainstream users.

    Security shouldn't depend on the user, ideally.
     
  13. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    8,013
    Security depends almost completely on the user. What world are you living in?

    I could run a clean install of XP, no SP's and no updates, without any problems or any risks whatsoever, because I know how to do it.
     
  14. Wild Hunter

    Wild Hunter Former Poster

    Joined:
    Oct 13, 2012
    Posts:
    1,375
    You may know how to do it. Majority of mainstream users don't.

    If OS security is going to be planned from the perspective that mainstream users should educate themselves, you will have to wait some thousands of years before everyone can handle these things by themselves.

    That's why it's increasingly being planned from the perspective that users usually take wrong decisions - which is a fact.
     
  15. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    8,013
    So do you think that when MS stops updates and hotfixes to XP that all XP users' machines will come crashing down in pieces due to rampant exploits of hordes of vulnerabilities?
     
  16. Wild Hunter

    Wild Hunter Former Poster

    Joined:
    Oct 13, 2012
    Posts:
    1,375
    All I think is that XP infection rates will hit a new record soon after that.

    And the less affected, the better.

    Think about the Java security problems, but multiply by orders of magnitude the effects.
     
  17. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    8,013
    There may be a slight rise over time, but I don't think it will be anything too dramatic. But we will see soon enough....
     
  18. chrome_sturmen

    chrome_sturmen Registered Member

    Joined:
    Apr 29, 2006
    Posts:
    875
    Location:
    Sverige
    a,haha!

    if they surf in a sandbox, use common sense, run a realtime av, they should be ok.. only when software requires that they upgrade, will there be a push for that- but the developers know where their bread's buttered and hence will probably continue for some length of time, to support xp.. unless microsoft strong-arms them?
     
  19. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    10,208
    That's a tricky one, because there are few security researches/statistics about the lack of necessity for security software and such. Who would have interest in compiling a report that tells people: hey, don't worry.

    What you end up with is numbers that show only one half of the picture.
    But the fact you do not see the other half does not mean it's nor there.

    MS study is fine - it is just incomplete. And therefore meaningless.
    If it answered all the questions I ask, then sure why not. But it does not.

    Sadly, money is the big motivator here, and whenever that happens, I take a step back and watch the people trip.

    However, I'll try to find a report about attack vectors.
    This will tell you how much the OS plays a part.

    For example, social engineering is version agnostic.
    So is the phishing.
    Drive-bys are not - they do depend on the OS mechanisms.
    And so forth.


    Cheers,
    Mrk
     
  20. Boost

    Boost Registered Member

    Joined:
    Feb 2, 2007
    Posts:
    1,294
    ROFL :argh:

    I could run my old Windows 98SE machine and not have issues like I said beforehand.Some of you must be the type,"if it's not new it's gonna break down crowd".
     
  21. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    Its the same thing on both sides of the coin. Some here are looking at the heads, some at the tails.

    I often run installs with no updates, or only slipstream in service packs. I am probably one of the most "un-updated" people out there lol. From looking at my side of the coin (and many look at the same side) it really doesn't matter at all which OS or if it has support or not.

    But the other side of the coin, which I tend to forget about, is that those who are not like me could easily be affected by the lack of "fixes" for an older OS.

    Neither side is wrong IMO, its just different ways of looking at it. For my part, I ignore things like this because while it could effect millions, it won't effect me. I don't do most updates/fixes anyway. And besides that, those millions it will effect are always going to have problems, so I don't really see why this is that big of a deal. If you want your system to be safe-n-secure, you have to do it yourself. If you are waiting for microsoft to do it, you're in for a long wait. Granted, they get better, but its the user, not the version that makes it or breaks it.

    Sul.
     
  22. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    10,208
    Brian, I have it.

    It goes like this:

    Microsoft claims Win 7/8 are more secure - approx 2x less infections per host.
    Win 7/8 have approx. 30% market, Win XP is down from 90 to 50%.
    Let's call these facts. OK.

    Now, security companies claim this:

    Exponential growth in malware - pick any recent report.

    The law of large numbers tells us:
    Based on Microsoft claims, we should a reduction in malware (~50%). This is based on the weighs of XP (2/3) vs 7/8 (1/3), with infection rate of 7/8 being 50% of that of XP. Hence reducing the XP install base to about 50% its installation from 3-4 years back should reduce the infections globally by approx. 50% x 50% = 25% total.

    But the security companies seem to disagree with this.
    They claim that malware is ON THE RISE.

    http://downloadsquad.switched.com/2...d-report-shows-exponential-growth-of-malware/

    Take a look at this nonsense:
    http://www.computerworld.com/s/article/9216654/Windows_7_s_malware_infection_rate_climbs_XP_s_falls

    First sentence of that article reads:
    "Computerworld - Data released today by Microsoft showed that Windows 7's malware infection rate climbed by more than 30% during the second half of 2010, even as the infection rate of the 10-year-old Windows XP fell by more than 20%."

    And then:
    "For the second half of 2010, 32-bit Windows 7 machines were infected at an average rate of over 4 PCs per 1,000, a 33% increase over the approximately 3-per-1,000 infection rate during the first half of the year."

    Oh, really?

    Another MS report with more nonsense:
    http://www.informationweek.com/secu...dows-7-malware-infection-rates-soar/240008738

    So someone is not telling the truth.
    Or not presenting the whole of it.
    Or something.

    QED.


    Cheers,
    Mrk
     
  23. Wild Hunter

    Wild Hunter Former Poster

    Joined:
    Oct 13, 2012
    Posts:
    1,375
    And that one is Mrkvonic. Let's see:

    Let's not call these facts. They aren't.

    These are the facts:

    http://www.netmarketshare.com/operating-system-market-share.aspx?qprid=10&qpcustomd=0

    Market Share of Windows 7 = 44.73%
    Market Share of Windows XP = 38.73%
    Market Share of Windows Vista = 4.99%
    Market Share of Windows 8 = 3.17%

    Totally wrong weighs.

    And that one, again, is Mrkvonic.

    You should be reading the actual reports (see the links I gave before), not media "articles" about them.
     
  24. Wild Hunter

    Wild Hunter Former Poster

    Joined:
    Oct 13, 2012
    Posts:
    1,375
    And you are confusing data about infection rates with data about numbers of variants of malware as well.. just wow.
     
  25. chrome_sturmen

    chrome_sturmen Registered Member

    Joined:
    Apr 29, 2006
    Posts:
    875
    Location:
    Sverige

    your name, wouldn't happen to be a derivative of 'the wild hunt' would it?
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.