Jump to content

XP Apocalypse: One Year Review

MrMaguire

By MrMaguire
in Windows XP

 Share

Recommended Posts

Jody Thornton

Jody Thornton

Posted
Posted

As always I may be wrong, but IF in any way Windows XP was in practice "not secure anymore" or "less secure" than 7 or 8/8.1, now, one full year after the end of support deadline we would have had between 15% and 25% of all the internet connected PC's :w00t: compromised one way or the other :ph34r:, and since this has not happened yet the "not secure anymore" or "less secure than" appears like nothing more than an unverified  theory or of some wishful thinking.

 

jaclaz

 

----------------------------------------------------------------------------------------------------

 

I don't think that neccessarily there would have been attacks if XP were that insecure.  I always took the secuirty issues as Microsoft trying to mitigate security problems and be ready by getting users off the OS.

 

As for Moonchild, he simply wants Pale Moon to support current dekstop OSs.  The is an XP build for Pale Moon (not the Atom one) and that is for x86 and x64 builds, maintained by Matt Tobin.  The link is here:

 

http://binaryoutcast.com/projects/pm4xp/

 

Support will expire in July 2015 though for this build.  As for Firefox supporting XP, but not Pale Moon, all I can say is that Moonchild says he is forking Pale Moon in a different direction thatn Firefox, so it's no longer considered a clone or custom build, but rather a separate browser originally based on Firefox.  Pale Moon dispensed with Australis and uses it's own identifier for add ons and what not.  We'll see, though for now I'm a happy user of the x64 build.

Link to comment
Share on other sites

jaclaz

jaclaz

Posted
Posted

 

I don't think that neccessarily there would have been attacks if XP were that insecure. 

Well, if not necessarily, it would be at least "logically".

 

Let's say (hypothetical), that I am a prince of Evil :w00t:, and I remotely hack PC's (for fun and profit) :ph34r:.

 

I have before me (fiction):

  1. 25% of all PC's in the world connected to the internet insecure windows XP systems <- please read as "easy to hack/intrude"
  2. 50% of all PC's in the world connected to the internet impenetrable (I told you it was a fiction, didn't I?) Windows 7 systems <- please read as "very difficult to hack/intrude"
  3. 12.5% of all PC's in the world connected to the internet even more impenetrable (I told you twice it was a fiction, didn't I?) Windows 8/8.1 systems <- please read as "very, very, really very difficult to hack/intrude"
  4. 12.5% (the rest) fractioned in a myriad of less common OS's (that independently from them being more or less secure do not provide a vast enough target)

What would I start with? :unsure:

 

Let me think .... :whistle:

 

So the logical conclusion is that either XP systems are not so much less secure than later OS's or that Evil princes of hacking do not exist (and they were invented by security firms), of the two possibilities I choose the first one as more probable.

 

There is a third possibility, the Evil princes of hacking do exist, but the security firms are so d@mn good at their work that they succeed in blocking all (or the largest part of) their evil actions before and outside any security measure the OS may provide (which all in all gives the same net result in practice of being not such a difference in security between XP and later MS OS).

 

jaclaz

Link to comment
Share on other sites
JorgeA

JorgeA

Posted
Posted

The discussion of Pale Moon and Firefox supporting (or not) XP, got me thinking that a more serious issue for XP, from a security standpoint, would be if browsers (and companies that provide important browser functionality such as Java and Adobe Flash) stop making versions that work at all on XP. While no doubt older versions would keep working, they would also remain with the security holes that got patched up in newer versions.

 

All in all this might add up to more -- and more serious -- security threats than those that affect Windows itself. XP users would need to become more proactive in terms of applying supplementary protection such as that given by "anti-exploit" applications like MBAE or HitmanPro.Alert

 

Thoughts?

 

--JorgeA

Link to comment
Share on other sites
dencorso

dencorso

Posted
Posted

Yes. But while XP still holds between 20 and 25% of the marketshare, that's still not too much of a worry.

In any case, herbalist discussed at lenght how to set up a default-deny policy for 9x/ME (in that forum, of course). Reread his posts about it, but have in mind it's actually easier to implement that on XP than on 9x/ME (and lot's of people will disagree with me, of course).

Link to comment
Share on other sites
JorgeA

JorgeA

Posted
Posted

^^ That's a GREAT idea: port herbalist's concept from 98 over to XP (and then ultimately to Vista and finally to 7, when their times come). :thumbup

 

Maybe a mod (hint, hint ;) ) could create a Sticky in the XP subforum, referring readers to herbalist's method. Could be called something like, "How to keep XP secure despite the end of Windows updates and vendor support."

 

--JorgeA

 

Link to comment
Share on other sites
  • 2 weeks later...
CamTron

CamTron

Posted
Posted

This information may be relevant/useful for anybody who might be concerned about their XP system's security:

 

Removing admin rights would ease 97 percent of critical Microsoft flaws

 

Amen to that!  :yes:

 

If anyone is using XP (or any Windows version) with an administrator account, they're doing it wrong. One of our projects in my assembly language class this semester was to implement a virus (well, more like a crude piece of malware) for Windows. After installing XP, the user has admin rights by default. We were able to make a program that when double-clicked (with the default admin rights), it transparently wiped out the first sector of the hard disk (using standard Windows APIs) and made absolutely no indication that it was running. All the user sees is an hourglass cursor for a split second, and wonders why their hard disk is no longer readable after they reboot.

 

I've been using XP on my laptop regularly since the end of support and can honestly say I haven't found any malware on the machine since then. I just scan every week by running AVG from a Linux pendrive. Almost all of the security of a computer depends on the user's activities. Setting your account to limited and only visiting safe websites is the best security measure out there. Antivirus programs should just be a safety net for the rare occasion that something slips through.

Link to comment
Share on other sites
j7n

j7n

Posted
Posted

But as we get into Core i7 times, and even from the Core 2 times, computer replacement really isn't always a necessity because most computers truly could last a decade now unless of course the web finds new ways to spam up websites to bring your computer down which is happening to a lot of Pentium 3 and early Pentium 4 computers now. Offline, they can be awesome, but the web slows it right down.

That's an absolute truth. For some mysterious reason people are in love with web UIs which work at the speed of a 10 year old computer or slower on the latest system. They usually display only a small amount of data on 1 screen (like 25 emails instead of a thousand or more) and when I interact with the web UI the entire page gets slowly redrawn. Or an empty page with a few words and one big button, which uses 100% cpu. I'm feeling the slowness on a Conroe CPU as well because I use Opera which has a slower engine.

But "the web UI is ubiquitous" and it's the "cloudy" future. And every manufacturer has to produce a bloated web UI or they'll face criticism that they don't look modern enough.

I'm typing from my old WinXP Service Pack 1 system right now using the Administrator account. If I was to use Seven, I'd still do it from Administrator with all the account control disabled as much as possible. I can't believe the dance with the TrustedInstaller that people have to go through to get things done.

Link to comment
Share on other sites
jaclaz

jaclaz

Posted
Posted
I'm typing from my old WinXP Service Pack 1 system right now using the Administrator account. If I was to use Seven, I'd still do it from Administrator with all the account control disabled as much as possible. 

Well, then, according to CamTron's post just above yours, you are doing it wrong :w00t::ph34r:, which allows me to introduce (actually for no apparent reason ;)) this nice image:

Mpost2538-177727415_633f506580_o.jpg

 

:lol:

 

jaclaz

Link to comment
Share on other sites
bluebolt

bluebolt

Posted
Posted

I realize that avoiding administrator mode is considered standard security practice, the big, basic “first step” toward safeguarding your computer, something everyone should do, etc., and I don’t doubt that it’s imminently sensible in many scenarios.

 

I only run in administrator mode, because the functionality is so limited when I don’t.  I’m not willing to spend half my time switching from one mode to another.  I may as well go from 97% secure to 100% secure by leaving the thing unplugged.

Link to comment
Share on other sites
LoneCrusader

LoneCrusader

Posted
Posted

I realize that avoiding administrator mode is considered standard security practice, the big, basic “first step” toward safeguarding your computer, something everyone should do, etc., and I don’t doubt that it’s imminently sensible in many scenarios.

 

I only run in administrator mode, because the functionality is so limited when I don’t.  I’m not willing to spend half my time switching from one mode to another.  I may as well go from 97% secure to 100% secure by leaving the thing unplugged.

 

Amen. To hell with running my computer in a limited mode!

 

And off-topic but just for good measure - to hell with all of the Linux people who act like its some kind of sin to enable the root account or run a system as root!  :realmad:  I can't express how annoyed I get by this...

1
Link to comment
Share on other sites
Jody Thornton

Jody Thornton

Posted
Posted

I've run as Administrator since Windows 2000 Professional (what I prefer to replicate is a single user box ala Win9x).  I always install as Administrator.  Then I create a new Administrator account with an alternate name, log in and remove the original Administrator account from the system.

 

I'm using Puppy Linux on an old Dell D610 notebook, and it only runs as root.  It's been fine.  I'm not saying there is no threat whatsoever.  I just backup my data regularly before the worst happens.

Link to comment
Share on other sites
MrMaguire

MrMaguire

Posted
  • Author
Posted

I've run as Administrator since Windows 2000 Professional (what I prefer to replicate is a single user box ala Win9x).  I always install as Administrator.  Then I create a new Administrator account with an alternate name, log in and remove the original Administrator account from the system.

 

I'm using Puppy Linux on an old Dell D610 notebook, and it only runs as root.  It's been fine.  I'm not saying there is no threat whatsoever.  I just backup my data regularly before the worst happens.

 

What's all this I hear about not using Linux as the root user. Isn't it supposed to be secure because it's obscure?

 

Funny you should mention the Dell Latitude D610. I just replaced the 10 year old CMOS battery in mine, and I'm using it to post this.

 

I use Windows with a full administrator account, and I mostly always have. The only times I've used anything with less than full administrative privileges was at school, and also when I was first getting to know active directory and group policy. I wouldn't recommend using the actual Administrator account for your own personal use. User accounts are free, ya know. :P

Link to comment
Share on other sites
jaclaz

jaclaz

Posted
Posted

Just for the record, there are some notable differences between "root" in Linux and Administrator in Windows NT.

 

Generically they are all "superusers":

http://en.wikipedia.org/wiki/Superuser

 

but "root"  is more like being at the same time Administrator and System on NT (and also TrustedInstaller in later versions).

 

If you prefer, you can drill BIG holes in a NT system while being Administrator, but the holes you can drill in Linux as root can be BIGGER.

 

jaclaz

Link to comment
Share on other sites
CamTron

CamTron

Posted
Posted

I only run in administrator mode, because the functionality is so limited when I don’t.  I’m not willing to spend half my time switching from one mode to another.  I may as well go from 97% secure to 100% secure by leaving the thing unplugged.

 

I don't find XP to be that limited with a non-administrator account. My standard procedure on any Windows installation is to create an administrator account, which I usually call Admin, and then a standard user account which is the one I use most of the time. You can just right click any executable (or msc, cpl, batch file, whatever...) and click "Run As..." to run it as an administrator. Even desktop shortcuts can be configured to always run under a certain account and they simply ask for a password when run. In the command-line, there's the "runas" command, but I find it so clunky and verbose that I just made a shortcut on the Desktop for an administrator command prompt, which works fine. (and Microsoft, please add a sudo-like command to Windows! :whistle:) It can be a bit annoying to type a password to run stuff as admin, but it's not something that one should need to do often.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...