my memory is quickly fading, but I seem to remember that usually whenever a vulnerability has been found (and a related patch is issued by MS) the patch is most of the times for ALL of the above OS versions (or more loosely "supported OS versions of the NT family"), I don't remember as "common" that a patch is ONLY for the oldish XP (or ONLY for a given system) and NOT for a later OS.
Yes, a vulnerability in XP code that's used in vista, 7, and 8, would work on all of them potentially. So they all have to be patched. But exploiting that vulnerability is a whole other story on newer operating systems thanks to the mitigation techniques I've mentioned.
So while all of them could have the same number of vulnerabilities (or newer ones could even have more) exploitation of those vulnerabilities can range from significantly more difficult to impossible - stack overflows, for example, are going to be much more difficult to exploit on 8.
From what I read, both that site and the one at PC Gamer never mentioned any driveby attacks, just compromised stored data and credentials. I'll try to read more about it when I get a chance but it sounds like you are putting it forward as evidence for your security opinions. I don't recall browsers, or Windows itself for that matter being part of the story. Are you asserting that some people browsed to the site and got hosed? Were they attacked successfully without any affirmative user acceptance clicking? If this actually happened, what Browsers, OS, AntiVirus and Router were the victims using? These are significant details I have not heard. You wanna bet that they were much closer to the earlier mentioned scenario #1 than scenario #2?
I wasn't clear, I'm not saying that a driveby attack was used. I'm saying that a legitimate website was compromised and an attacker had control of the website for 6 days. In that time the attacker could easily have put up an exploit page, and any person who visited would have been subjected to it - router or not. That is how typical attacks work, they don't care about routers.
And of course not all packets are tossed. ~sigh~ You must know what ports are open, so I just can't understand this strange statement: "You're reading this webpage right now, aren't you?".
I'm sayin this because the router isn't relevant to security anymore. If you're running a browser that's all the attack surface necessary.
In terms of performance stuff, I'm not really interested in discussing it. It's not what I came here to talk about, and it's not important to security.
I'm sorry but that is pure evidence-free, wishful thinking.
Except I've posted multiple times now about mitigation techniques that make attacks harder.
You can google for more information on the effectiveness of these techniques.
nd there's that magic patch again. What is it that Windows update does to Windows XP that makes it secure instead of "trivial" to get in to? I think I know why you are not specifying that, it's because the likely answer is probably some of the MSIE buffer overflow and HTML flaws, and ActiveX registry shims. Sheeple food.
It's very simple.
I'm an attacker. I want into a system. I see two XP boxes. One of them has an unpatched service running, the other has a patched service running.
I can attack the patched service, but it requires a 0day attack. Or, I can just modify the latest Metasploit for the unpatched service and cut my work by 90%.
That's why patching is important.
Of course, if I see a Windows 8 box on there, I know I need a 0day, and I need an information leak, and I potentially need a local kernel exploit that itself will potentially require an information leak.
It's just math. Vuln + Vuln + Vuln + Vuln > Vuln
In the case of Windows update, there are exposed services, media players, linkers, etc. The entire operating system is attack surface, especially the kernel. If you have a local kernel vulnerability and you don't patch it it becomes a matter of googling to get into your system.
MSIE is nothing. It's not important - it's a couple million lines of code and you've got hundreds more within the operating system. You can run Google Chrome and it will make little difference, because it's just one kernel exploit to get out of the sandbox. You can look at the latest MWR Labs attack on Chrome to see evidence of this (and that the attack had to be modified for 8 to become reliable).
Anyway, this is way off topic for this thread but I have to believe that between this comment about performance and some of the router comments that you are not particularly concerned with details, scientifically controlled experiments, and accurate comparisons.
What I'm concerned with is principals of security, operating system security, network security, how attacks work, and how we defend against them. It's what I do at school as a computer science and security major, it's what I've been hired to do by defense contractors, it's what I do at competitions where we hack into systems for points, and defend from actual hackers to win. I'm not going to try arguing from authority on the internet, no one has to take me at my word, but if you think that a systems security is defined by menial details of a router I think your perception is way off.
Edited by enxz, 02 August 2013 - 03:13 PM.