Everything you are describing is about protecting the average user, the "Sheeple" as they are affectionately known to so many. I'll be the first one to agree that they are hopeless, I see their handiwork everyday.
However, if I do not invite you in from the inside, and you cannot hack your way in from the outside, the computer will not be compromised
, period. This includes any version of Windows including Windows XP, unpatched, running as administrator, bare naked with no antivirus.
I think there are two kinds of people in the world nowadays, in large part thanks to Microsoft, Apple and others. There are those with situational awareness, and those without. In the former case the people are not connecting everything they own to the Internet, especially anything important, and obviously not clicking on everything in sight. In the latter case, well, they go online with everything they own and click on it all. And they don't really care. If it means digging into a menu to change a setting they won't even bother. Strong passwords and passphrases, forget it. Many times they don't have any clue that they are even online, and again we can thank Microsoft and others, but especially Microsoft for blurring the distinction between online and offline. It has been their obsession since Windows 98. These are natural born victims. It's positively Darwinian. Microsoft and all their patching cannot save them.
Any remote kernel exploit will quite obviously bypass everything other than hardware based security. Any local kernel exploit combined with RCE in a program such as a browser will bypass your NAT/ network Firewalls, and provide full system control regardless of sandboxing.
That's one way of saying that the sheeple invited the malware into the computer and executed it. And that wouldn't really be "bypassing" a NAT router, it would be normal use of communications by design. It did not break in, it did not bypass anything. All the discussion above about 8/8.1 and its countless patches and ductape to numerous files compared to earlier versions of Windows come into play after
the sheeple invited the malware into the computer and executed it. You are describing an OS that is built for the worst case scenario, and I agree, it is. It is reduced to the lowest common denominator, the sheeple that operate in this environment. And that's fine. It keeps many of us in business cleaning up after them, despite all the exploit patching.
Since you named "8/8.1" and used the phrase "considerably more secure", can you explain how its security is increased over say 7 or 7(sp1) ? It will have to be mega-gigantically more secure to even make a dent in the flourishing infection rate on those Windows 7 systems. Note that the inclusion of MSE out of the box does not count as a security boost because it still needs to get the latest signature update anyway as soon as 8/8.1 is installed. The only thing it saves is the initial download of the engine and this is a tiny download every tech keeps on a stick anyway.
I can name quite a number of things, though it may get somewhat technical, and I don't know what level you'd understand. MSE makes no difference to me, since bypassing AV isn't difficult, and it also isn't a technology that makes 8 any harder to hack than XP.
One major difference over XP is a proper implementation of ASLR. XP lacks all ASLR, making remote code execution trivial. Windows 8 ASLR is the first proper implementation on Windows, with multiple information leaks removed, and the ability to have all memory maps randomized. There is significantly more entropy as well.
Vista+ are immune to shatter attacks. On XP the difference between Admin and restricted user is not enforced properly, making escalation attacks incredibly easy. Microsoft released a patch to solve this, and it does somewhat, but it's not as well implemented.
Privileges in general are improved, as system services run with lower rights on Vista+, and areas of the kernel have been moved to userland, where an exploit won't be so critical.
/GS is used further in 8+ for system services.
I could go on.
These changes are considerable.
Okay fine, I can accept all that as fact. But nothing you said there was about Windows 8.x
versus Windows 7
. We're well aware of where Windows XP sits in the evolutionary tree ( ironically it's a benefit to XP in many ways that is not weighed down by a hundred services and tasks, and yes this was correctly said about Win9x compared to XP ). But I asked about 8 versus 7 specifically because unless there is a giganto-humongous increase in real security over Windows 7 ( and I highly doubt it ) then the never ending stream of infected Windows 7
systems will simply evolve into never ending streams of Windows 8.x
systems. All the bullet lists of patchwork and ductape from version to version has made no difference in over a decade when those systems are owned and operated by sheeple. Please note that none of what I am saying here is aimed at you in any way, it is aimed at the security treadmill industry whose chief product is bullet lists full of theoretical vulnerabilities.
Wait, "not really relevant" ? Sorry, but this is incorrect. Hardware firewalls are everything when talking about home PC's on broadband. And history backs this conclusion as the proliferation of NAT routers ( thanks mostly to so many people getting laptops ) served to lock down many homes from port scanning attacks that were popular in the dawn of the broadband era before Windows shipped with any software firewall. Throwing away most incoming packets is the first line of defense because they never even arrive at the computer in the first place. It is why my software firewall logs are always empty.
No one attacks a users laptop anymore in any way that a network Firewall will matter much. Worms like conficker are remnants of the past, anyone on a modern system is far more likely to be attacked through a service that already is taking in input.
This is where I disagree. You can't even use remote assistance without opening ports on the NAT router. You cannot torrent. P2p comm programs and other utilities will not work. Even Xbox requires a change. Everything is opt-in, and it really can't get much more secure than that, can it? Many common pathways are slammed shut by default, arriving packets tossed and no CPU wasted in the process.
Maybe I was unclear in that phrasing above. When Windows XP came out useful broadband was just arriving for the average home consumer ( speeds above ISDN ) and this meant they now used a modem from the ISP. People just shoved their ethernet wire from their single home PC into it and were off to the races. Thus began the download era, the worm era and also the near instantaneous computer virus infection era when a typical user clicked on those attachments and those "click me" links in email or on pictures of Pamela Anderson ( or was it Anna Kournikova? ). Then when laptops arrived in quantity and demanded either another ethernet jack or a wireless access point now a local router was added. Thankfully these routers mostly came with NAT ( lucky too, this was long before IPv6 was talked about much ) and thus home computers and networks suddenly became relatively secure overnight. Well, until the geek in the home started reconfiguring for torrents and other stuff.
It's not at all about how a laptop is attacked because there are so many methods. The victim clicks a link or opens an attachment or autoruns a local file with a malware payload that quickly infects the PC with malware that uses port 3389 ( or any other ) which are now blocked. It's what happens after that. At today's CPU speeds malware can quickly change the registry settings for a software firewall to open all those ports or disable it completely ( even on a reduced user account tricking them into "OK" a prompted change, or I suspect simply using SetACL silently because I have a few unexplained cases with customers that swear they never clicked anything in Windows 7 ). Anyway, the point is that none of this ( opening up the firewall ) is possible with hardware security without intentionally entering the configuration interface for the router.
The hardware based security therefore is immune to unintentional alterations, and reduces CPU load at the same time. So I'm trying, but failing to understand why you keep saying that a hardware firewall in a router is somehow inconsequential. It really is anything but that.
MSIE has little to do with it, as other browsers will be just as useless on XP, especially without patches. Do you think Chrome's sandbox will save you? It won't. NoScript? Nope. We've already seen in this topic an attack that would bypass both of those things, attacking font rendering in the kernel via truetype.
In terms of money, you're missing the point. All attacks, virtually, are about money. If I hack you it's not to trick you into giving me money, it's to hook you up to my botnet so I can sell your system off to someoen for a couple hundred thousand dollars a year. And I'll likely sell off whatever accounts I access as well just for a couple hundred dollars extra.
A point of agreement in that Windows XP will likely run out of usable browsers. This is not something Microsoft should ever brag about though because they are the malevolent force behind this by obsoleting a working operating system, and spreading FUD daily about the cut-off date Armageddon and no doubt whispering into the ears of the other browser makers to get them to stop developing for XP because it will somehow save them money or something. They should get crucified again over this issue because even though their strategy is different this time ( obsoleting their own browser and operating system ), the end result is till the same, thwarting development and use of 3rd party browsers on a working perfectly operating system. This goes double for device drivers for new hardware. Microsoft is trying to force people to upgrade to a new operating system. Has anyone ever asked them why? Yes, Opera and Mozilla and Google are also to blame, but they are merely being stoopid while Microsoft is being reckless and yes, evil. No company that really cares about security would stop making their super duper secure browser for their own working operating system, which runs at least one third of all computers on the planet.
Now about MSIE, Internet Explorer has always been the single biggest Achilles heel for Windows users on the Internet. Sure it's getting better ( could it get worse? ) but I have screenshots from last year of the FBI trap on Windows 7 ( non-administrator, MSE running, etc ). Dialogs painted by Internet Explorer can look exactly like the operating system itself because Microsoft jammed MSIE it into the operating system itself. The social traps love to simulate official looking boxes which MSIE happily accommodates and is yet another fabulous reason to use try to third party browser software that does not mimic the Windows native look ( personally I use Opera with a custom skin I made but on Vista/7 you can always just kill the Aero glass look on an ad hoc basis in a shortcut's properties ). This means the potency of the trap bait is reduced because the phony dialog will stand out differently. But this problem is actually getting worse now - MSIE is actually getting more problematic because as Windows itself drifts more towards a web look the difference between what is "official OS business" and what is online garbage and what is a phony dialog all converges into a mess.
Worst of all, MSIE is often quite stoopid. Just unplug your ethernet wire and then click something in MSIE. It still serves up a "cannot display ...
" page with that "Diagnose" option to scramble your network settings because the plug is out! That's just plain dumb. And dangerous because it trains the sheeple to accept that very low-quality web page as "official OS business" and later when that same user is confronted with a much more "official looking" but fake dialog they will understandably click it. The operating system looks like a web page so web pages easily look like the operating system. What I am trying to say is that by blurring the difference between online and off, and by not distinguishing the "official" interface from crappy webpages they are hurting the users because they no longer can discern what something is and where they are. IMHO, Microsoft isn't even trying to protect the user. They simply are not thinking these things through properly. And we're not even mentioning ActiveX yet. How can anyone take seriously a browser that allows something like this
Oh, Botnets. Well I do agree that they are an evolving form of threat and I wasn't even thinking of them because I have seen so few so far. But point taken. Just don't underestimate the social traps like FBI and FixMeUp or PC Antivirus 2011 or whatever else. These I see all the time. And some of these folks have already paid cash ( the AV traps ) by the time I got their PC and then they had to undergo the whole credit card canceling and everything else. I don't believe those numbers though ( "hundred thousand dollars
" ) but I'm not saying it's not a threat. Like above, they will have an easy go of it if the sucker hosting the botnet client is connected straight into the ISP modem, I doubt that will be the same for a hardware firewall.
Microsoft has stated that they consider 8 to be the most secure Windows operating system. They are correct. Again, NAT isn't important or relevant to modern attacks for desktop users.
They are correct with respect to protecting the hapless sheep. That's as far as I'll go though.
8/8.1 are not magic. You can get far more secure using Linux, and MS has more work to do. But attacking 8/8.1 is considerably more difficult than attacking XP.
Windows 8 would be far far far more secure in this case. But I'm not sure why you can't just... you know... have Windows 8 behind a router.
Well you can definitely put it behind a router also, but it sounds like you really don't think it's necessary. Here are two scenarios again ...(1) Windows 8
system plugged directly into ISP modem ( NO Router ), standard user account, Windows firewall and the full CPU hogging disk thrashing MSE antivirus running. Using MSIE.(2) Windows XP
system plugged into NAT router, administrator account, no antivirus, bare nude naked. Anything but MSIE.
The answer depends largely on one's situational awareness and competency. I would think that someone such as yourself that used the phrase "it may get somewhat technical, and I don't know what level you'd understand
" would be comfortable in either scenario. But there is a very good reason to select #2 and it addresses something you said in another comment: "But, of course, performance is not the question here. Security is
.". Life is full of choices, we are constantly mapping out plus-minus decision matrices in our heads and this is a good case of that. Sure XP has some disadvantages thanks to planned obsolescence from Microsoft. But it has advantages that for many trump all the new potholes built-in to later versions. It is fast. There are less events occurring per millisecond because there is less housekeeping and disk indexing ( none in my case ). Also, of ever increasing importance is the fact that while Windows XP is less secure to all those theoretical exploits, it is quite reasonable to conclude that it is more secure with respect to government intrusion. The Windows 6.x kernel was entirely developed post 9/11 and then scrapped and re-written again - Longhorn to Vista. Windows XP has been service packed three times since 9/11 but so far I see no indication of a major Microsoft sanctioned spyware injection, but I could be wrong. We'll see.
Therefore I'll gladly go with scenario #2. And in fact I have been going with #2 for several years now. Why not? In the never-seen-yet scenario of some malware or infection I would just swap in a backup HDD or just drop the HDD in another computer and scrub it. It's not rocket science. ... Benefits? ... You gain back in the full power of your CPU which in scenario #1 is already taxed by numerous standard operating system tasks in Windows 6.x, but then what is left over is spent servicing the realtime antivirus, not to mention running the software firewall which is going to be busy rejecting all those packets that will never make it past the router in scenario #2 in the first place.
Scenario #1 simply repulses me. It does not fit my personality. I do not need hand-holding, or a browser that screens websites or an AV that downloads stuff to scan for threats ( and I forgot to mention scans folders clicked on in Explorer, and scrubs inserted flashdrives for what it thinks are threats wiping out my Nirsoft files, etc ). Nothing about this makes me want to do anything except vomit. There are far, far too many negatives in this scenario. It is simply unacceptable.
BTW, I'm not in this thread evangelizing scenario #2 over #1 for the average person out there. Let me be clear. Both scenarios have perfectly logical applications in the real world. #1 for the average user out there. If it was 5 and 10 years ago these Sheeple would be Apple users. But Microsoft has been busy grooming them, somewhat successfully and now they have their own flock to tend to. I get that. So for them, scenario #1 it is. For the rest of us who have been in this game since Microsoft was a hyphenated word, we'll just have to muddle along, taking our chances.