Users Still Not Willing to Abandon Windows XP

No, what he says just implies an alternative view.. one which you don't seem to be able to see...

 

Some people have a different approach to things, they think outside the box with a calm, reflective viewpoint. Based on their acquired knowledge and skill set, they actually do some thinking on their own rather than follow the mainstream or fashionable group where keeping up to date with the latest patches and OS' and running an updated AV is considered "industry standard mandatory", which of course makes up the majority. They tend not to fall for the hype. It doesn't necessarily mean their approach is wrong. They have enough years experience, they understand how things work, and they know very well they can do things differently, maybe far differently, than others, and still keep fully productive and successfully infection-free, and in many cases even better than the mainstream crowd.

I used to be one who mocked this approach in these forums, (something I still see happening from others here, and that's just how it is), almost taking offense to it, but soon discovered not only is there nothing wrong with it, it can actually be a more efficient way, for myself at least - just as it is for them, of doing things. It takes a willingness to open one's mind, I guess, to see the other side's viewpoint

 

For me its all about the "why". Why do I have to be patched and "up to date". What happens if I don't? Is it possible to be problem free without patches?

All those "whys" and my insatiable curiosity have lead me to do a crap-load of learning about computers. For a guy who only completed high school and never took a computer class (other than high school, back when modems were things you actually set the phone into lol) I seem to have more computer knowledge than I need. Of course it helps that my dad was an old-school programmer and I have had computers since I could walk

WildHunter, computers are not absolute. You might be a "black and white" guy, and there is nothing wrong with that. But every system is different, from the software installed and used to the way the user configures the OS (tweaks etc) to what they do and where they go. That is what you are being exposed to here IMO, the vast differences that each unique person has experienced. You can still maintain that black and white outlook - you know, if my machine is not patched then I have an open exploit - and you are right, I do. But, that doesn't mean I will actually get exploited, only that I could. Being online since the internet was basically a bulletin board of text, I don't doubt for a minute that these days there is a website waiting for me to visit. But the real question, is WILL I visit it, and if I do, WILL it really affect me?

So far it has not. It goes against what "they" say will happen, but its just how it is.

Now if I knew nothing, I would say you would have a strong case that I should listen to reason. But in here there are so many guys like myself who just don't fit that mold of needing to be updated or needing the latest OS to be secure. Why would I really "need" to change what works already?

Sul.

 

I think it's OK to "personally not want".

However, to extrapolate this "personal preference" and start recommending it to others may be problematic.

Nobody here objectively knows how others (not only members, as guests visit this forum frequently) really make use of their computers.

The degree of "computer knowledge" varies and sometimes people think of themselves as experienced or even experts when they definitely aren't.

Also, when posting what the rules of this forum allows, there is no objective way to really know if systems are infected or not.

 

WH, I don't think anyone here is recommending their preferences to others.. We are merely saying there is more than one way to skin a cat.

Let me ask you this question: How do you know you're not infected right now, even with your fully patched Win 8, or whatever you're using?

 

wat0114: I don't think people are annoyed by your approach to desktop security, so much as by your refusal to understand its weaknesses.

Sully: as an experienced desktop user, chances are high that you'll never have to deal with serious malware problems. If you can assure, within reasonable doubt, that your computer doesn't become part of a botnet... Fine. OTOH, please realize that a) you're putting yourself at elevated risk and b) you could cause problems for other people if you're not careful.

(Though to a certain extent we're in the same boat. I use a vanilla Linux desktop, and most vanilla distros are pretty insecure. My Linux systems have yet to be compromised, but IMO that's mostly because no one can be bothered to do so, not because of any intrinsic security vs. current Windows versions.)

And to everyone: please understand that being able to get away with something on your desktop at home doesn't mean that it's good security policy. Running Win2k is doable at home, with a lot of caution and behind a decent firewall. But in a production environment (or on a public wifi network!) it is completely untenable.

 

Acknowledging them without mentioning the risks (or even ignoring/negating them) is the same IMO.

Incompletely.

A number of precautions and measures, including what's described here.

 

Well, rather than argue on and on without end, I would just suggest that even an older OS like XP, and even without patches, in the hands of an experienced and knowledgeable user, is just as safe, and quite possibly safer, than a brand new OS, fully patched, in the hands of an inexperienced or average user. You may choose not to believe this, but many of us here, with years of experience doing it, know it's true.

 

No.

First, there is the problem of defining "experienced and knowledgeable" user.

Second, the habits of the experienced user may be safer at many given moments - not the older OS.

Third, even the most tech savvy can be tricked, as long as they are targeted, unprepared and unlucky in a given moment. Examples.

 

I won't argue on with it... There is no "problem".. only the ones you are creating.. It can be done, and it is done daily by many here at Wilders.

 

No verification was/can be done regarding these statements.

And as I mentioned before, I'm a skeptic.

I don't simply read what people post in a board and blindly believe without verification.

 

Okie Dokie...

 

All of those infected people wanted it. Nice, might be the most backwards thing you've stated so far. Can't be sure though, there are so many to choose from.

 

I like xp,i like windows 7 also.

I use both i have to test some things in older versions of IE.
The laptop has windows 7 and avira premium.

I will use xp as long as my favorite software will run on it.
Some users here are too serious to say at least..

On my PC machine(xp pro sp3) i ran without infection since when i start visiting wilders and get more knowledge regarding pc security...

I only have sandboxie and shadow defender both as on demand now, no av. Browsers run normal unsandboxed, sandboxie steps in only if i plug in an usb and when something is launched from the shared folders between computers.

I check once a month with an av that can be installed in shadow defender my xp system..In case something happen i have disk images on hdd and on external hdd.

Last month i think i visited about a hundred xxx sites..Benefits of the job as i had to create one and wanted to check competition ..lol..
Some javascript annoyances but no infection..

That's the only thing i do for some years now and i never got infected (i used CIS firewall only, for a while but dropped it as i don't like version 6)

I really, really don't think i am lucky that i haven't got an infection for so long, but yes i am religulous when coming to updates..All applications (os, browsers,flash, java, office, ftp clients, adobe are always up to date since day1)..I don't install software for test and i only have about 20 programs that i use most of them digitaly signed.

I belive patching is the most important thing to do..i will use xp as long as the software that i use works but if i get more that 2 malicious cookies after MS stops updates i'm on to 7

 

Fair enough, I see your point. But I guess, likewise, one could be annoyed with those who put too much focus on weaknesses

With no infection on my systems since 2002, both of which were my fault (although the blaster worm I didn't know about at the time and I was not behind a router when I installed XP), it's hard to focus on weaknesses, let alone understand them, when I have never seen any evidence whatsoever, just as in Sully's case, where any of my security measures have blocked anything malicious. IOW, I could drastically weaken my setup further and I'm fairly confident I would still not incur system infection. Maybe it's being overly confident that blinds me to the weaknesses? I guess I need to experience it first-hand, an infection not caused by my own doing, before I can fully appreciate and take seriously, weaknesses that are inherent in my security measures, O/S and software. I know they exist, because there are articles all over the web explaining them, albeit in a great deal of highly techinical language, much of which is over my head, which is another reason why I don't understand them much, but I realize they exist.

 

We go through this same nonsense every time support ends on a version of Windows.

 

I think you will find precious few comments here saying "don't update your system". You will however find "I don't update my system".

Maybe you are extrapolating something that isn't there, I don't know.

You are correct, each user is different, as is thier machine and their habits. I think its odd that anyone would expect what works for them to 100% work for someone else. As I would assume everyone here knows, you take insight from others, and learn what, if anything, you can apply to your own situation. Visitors should do likewise. Of course we all know that some beginners will fall for everything until they eventually begin to understand they don't know what they are doing and start actually learning rather than copying. It is unfortunately a process one has to go through most of the time - its called experience.

I guess I don't understand why you will not believe others claims. Its not like any of us are claiming some title, or winning some prize. We're here because we are into computers and security, and like to learn and share. What would it profit me to lie about whether my system is infected or not? So that you will follow my advice? I don't even give exact advice usually, more like an overview of how you could do it, because what works for me might not work for you. Besides, if someone claims something that just doesn't add up, there is usually a lot of posts disputing it. In this case we have a good number saying one thing, and a good number disputing it. Certainly you don't think everyone who is looking at it differently from you are conspiring to trick you, do you ?

I understand exactly what you are implying. And yes, I would say it does take the ability to actually KNOW whether or not you have been compromised. And yes, being one of the problem instead of one of the cure is a real possibility. But, I hardly think that if I were compromised, a week of being a bot on the net would really amount to much, considering a great many go for weeks or months or years with such things going on.

The real question is, how DO you know if you are compromised? Rely on an AV or HIPS? What if they don't detect/react? Rely on a patch to your OS or browser? How do you tell if you don't already have an issue? Isn't that what it really boils down to? Patched or not, firewall/av/hips/whatever or not, just how do you tell? Not only how do you (metaphorically meaning wilders members in general) but how does the average joe know? I've seen a great many computers that are infested with nasties with a fully up to date OS and browser as well as AV. The only reason the user even knows something is up is because it gets slow or popups or other "visual" signs. They have no idea about what processes should be running, or what processes are, let alone what the processes are for. And what about them detecting network traffic that should not exist? How would they do that?

Of course there are ways, but you have to know. So yes, I could be a danger to cyber-society because I have an unpatched system. But wouldn't you rather have someone like myself who can spot things and fix them?

Of course, I won't PROVE I can do all this nor that I am free from problems, I'm just saying maybe thats some food for thought IF it seems truthful (sorry, couldn't resist)

Sul.

 

As I said before, when one takes the effort to publicly post something along the lines of "I don't apply security patches" without mentioning the risks or even ignoring or blatantly negating them, for all practical purposes such statements have the same "social" effects of recommending.

Unfortunately some statements I see here absolutely don't help people at all and may even indirectly contribute to the security problems.

Not as much as I think they may be tricking themselves.

 

It's funny to come late to the party.

For me, based on my "experience" the weakest link in the system is the guy with his hand on the mouse/keyboard.

Sort of like a car with no seat belts, no air bags in the hands of a real expereinced good driver is safer than a modern safe car with ABS, air bags and safety belts in the hands of a maniac.

Of course the better choice is a safe car and a safe driver.

But the driver is more important.

 

I guess you must be right. I will refrain from mentioning anything that is not empirically proven, as I would not want anyone taking my experiences as anything more than my own experiences.

I would recommend people to only visit microsoft then, as the vast majority of things written come from peoples experiences, which is not emperical at all. Sadly.

I guess the proof is in the pudding as they say.

Bye bye