Molgrips – thanks , I really appreciate that. Was reading this thread in complete bemusement!!

Oh yeah, Vista 🙂

If you’re in either London or Cardiff I can help with your PC if you like.

We long ago stopped the Microsoft updates as they just hammered the hard drive

Also updates are important, this is really what this thread is about, there will be no more updates or fixes.

Like any bit of software there are mistakes, bugs, errors and security holes. Some of these only become apparent many years down the line. These are the ways people use to exploit you and to get into your PC. When vulnerabilities are found MS has worked to fix them and releases updates/patches/fixes through windows update. This is what they have stopped doing.

So after upgrading run Windows update and set it to install updates.

Thanks again molgrips. Am in the chilterns, so a bit outside London. Good riding, but we are carrot crunchers a but wit all this new technology!!

ooo, i’d recommend win7 based on my experience ( see above ).
i’m sure ‘a’ version of linux would be fine for a non-techie, probably, as would win 8.1, but 7 is similar enough to xp to make it feel familiar coming from xp, is very stable, and is modern enough that it’ll be supported for a goodly while yet. it’s a decent, reliable operating system IMO.

So I’ve just updated from Xp to windows 7 using a disc I got off amazon for 49 quid.

It all seems to have gone smooth enough although now when viewing this forum all the thread titles are underlined ??

Any ideas ?

browser?

Phew – I was thinking of giving that advice, but wondering if I was missing something.

Question for those who might know more about this than I do – given a firewall in my router and taking a lot of care in what I download and install, are there actually any real vulnerabilities which can be exploited? I’m coming from the perspective of having never had a virus detected on a computer I’ve owned (I’ve had Windows PCs for almost 20 years). Is it possible for a hole in the TCP/IP stack to be exploited by malformed packets which get past the firewall, and does that actually ever happen? I’m assuming that the vast majority of attacks exploit some human vulnerability, but not sure if that’s naive.

The other thing which occurs to me is that if there is such a vulnerability open to attack, it’s not beyond the wit of the community to provide some protection for it if Microsoft won’t.

FWIW I no longer run XP since my print server died (now using a RPi for that), but we have XP on VMs at the local school – was discussing this today and we’re happy that given how heavily firewalled it is and that the VM is dynamic (ie it is loaded from a gold image which only the admins have access to, and can be restored from backup in <5 minutes) we are pretty safe. Though we will probably be moving to W7 in the next few months – all sorts of issues with compatibility there though, given some of the school software is from last century.

Surely antivirus software should be protecting a computer? Whether it’s MSE or another provider?

Aracer, you are broadly right. I surfed for a year or more on a computer with no AV (but a firewall and up to date software and OS) and got nothing. However I did get the malware attack that was on a page in an STW post on a different computer, I think it was not detected though because it was a script on a website.

Well, it’s as aracer says. Where is the threat?

A fully patched Windows XP installation is a mature piece of software. It’s had twelve years of iterative patching to prevent exploits such as hostile websites.

Third-party software exploits are patched by their respective vendors. This is down to them to continue to support independently of Microsoft. By a long way, out-of-date Flash and Java installs are the biggest source of exploited code in the Windows environment, and uninstalling /patching these will make a big difference to your security. Whether they continue to be patched once MS drop XP remains to be seen.

A hardware firewall (to wit, your Internet router) will stop the bulk of ‘drive-by’ Internet threats.

Safe computing practices (ie, not clicking on stupid shit and reading the text of software installations properly) will stop most user-initiated malware.

What’s left? Not a lot. “Should” AV be installed? Well, yes, it should, but with the caveats above the practical risks in not doing so are probably lower than you think. When was the last time anyone actually got a virus that couldn’t be attributed to user error or a poor patching regime (which is, hey, user error)? What we’re really talking about then is new threats, zero day exploits, that sort of thing. These should be few and far between, but as we’ve seen today with Heartbleed problems can still surface even in established software.

Plus, AV vendors may continue to support XP even if MSE doesn’t. There’s a big market out there for the one that does.

I bet there won’t be (m)any that do it for free, mind.

Ah well, I’m still worried about those – I’m far from convinced they will be non-existent (as pointed out in various articles, any sensible hacker will have been saving them up waiting for support to end). The question is what the attack vector is, and whether you’re only at risk if you download dodgy stuff.

Presumably the malware attack on a page here was a javascript attack, so relies on that being patched rather than Windows, and if not then it’s the browser which is an issue. I’d be a lot more worried when there is no longer a supported browser available for XP.

Though thanks for the general reassurance – being an IT person who should know about stuff like this (I have even worked on internet security, though not directly on this sort of thing) I was wondering whether I was missing something.

I can’t see any reason why they’d stop now – if it was worth doing before it’s still worth doing – maybe when the user base is a lot smaller, but that’s going to be a while yet. I’d expect browsers to become unsupported sooner.

Presumably the malware attack on a page here was a javascript attack

I’d love to know how it worked. What it actually did was to install a proxy server on my machine and set my proxy settings in my browsers to localhost. The dodgy proxy then redirected everything to a site that asked me to click here to do something.. forget what – something like clean my machine of viruses maybe (ironic). Crude, but I do wonder how it managed to do that.

I can’t see any reason why they’d stop now

I can’t see any reason why they’d continue.

OTOH, with the departure of MSE I can see why they might all decide to start charging for support for a dead OS.

my browser is chrome.

The same reason they do now, and the same reason they continue with free support for other OSes.

Amazingly there are still websites tun by Windows 2000 and NT!

http://www.zdnet.com/xp-servers-still-powering-6000-websites-7000028238/

Not really – I’m disappointed they didn’t have figures for NT3.51 and earlier (I’m making the naive assumption that nobody hosts websites on 95 or 98!)

you’d have to go via Vista

If I had an elderly, not particularly powerful or fast, netbook that I wanted to keep running at minimal cost for a bit longer, and if possible avoid as much MS bloat as I can while still being kept safe, someone tell me why I don’t just get Vista for a few quid and stick that on it?

Your money would almost certainly be better spent on a 1Gb > 2Gb upgrade and Linux. However, I’ll stand up in front of the STW Masseeve and say that Vista is a decent OS if you set it up sensibly.

I’m sitting here typing on a Vista machine, so with you on that one, Cougar (it works well enough that I feel no need to upgrade to 7). My understanding is that a lot of the reported problems were due to running it on machines with too low a spec. as it needs more oomph than XP, but fine with a powerful enough machine – the big advantage of 7 being that it is better optimised for low end machines.

That and the first incarnation of UAC was immensely irritating, but that’s (safely) fixable.

W7 is probably the first version of Windows LESS resource hungry than its predecessor.

Afraid I took the easy option…CLICK 😀

For £100 its hardly worth the hassle in trying to upgrade our old Optiplex. The 4gb of RAM is the same type & 250gb HDD I put in this machine can go in a caddy as a back-up drive.

Happy to use Open Office or Google Docs for software.

Yes it is, and I hadn’t realised it was fixable – any tips or links?

I’ve a registry hack I crufted which fixes UAC without breaking it, in direct defiance of The Internet. Email me.

Ed, I’m running 7 on a samsung n110 with 2gb of ram. gets a bit laggy trying to run videos in HD, but aside from that runs very happily. far better than xp, which is what it shipped with. given the number of issues colleagues had with vista, and given it probably requires similar resources, i’d just jump to 7 if you’re upgrading from xp.

Vista UAC fix.

Copy the following text into Notepad, save is with a .reg extension (you’ll need to change “Save as type” to read “All Files” or you’ll end up with filename.reg.txt) and then run it. It’ll amend the behaviour of UAC so that it still works but is much less chatty and annoying.

There’s plenty of people on the Internet advising to disable UAC. This is a Really Bad Idea as doing so also quietly disables a lot of other security measures and safeguards.

---


Windows Registry Editor Version 5.00
[code]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=dword:00000000
"ConsentPromptBehaviorUser"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval"=dword:00000001
"UacDisableNotify"=dword:00000001
[/code]

Thanks – nothing there which looks at all risky (though I might as well do it in regedit [Windows needs your permission to continue 🙄 ] and save current values whilst I’m at it).

Indeed, which is why I still have it on despite it being intensely annoying.

Not any more 🙂

yeah nothing like removing the sandbox protection to increase security.

You’re absolutely right. It’s nothing like that.

There is, of course, a slightly increased risk in that Windows is no longer asking “are you sure?” every five minutes and just getting on with it. However, this is almost certainly mitigated by the fact that most Vista users will by now have developed an involuntary twitch which unquestioningly agrees to the UAC dialogue every time it appears, rendering it pointless anyway.

All other UAE-underpinned features remain intact. Applications will run in a non-elevated state by default, file and registry shadowing / virtualisation will continue to work, and you still have Protected Mode available in IE (which I’m assuming is what you’re referring to with your ‘sandbox’ comment).

Disabling UAC breaks all these things. But we’re not doing that, we’re just telling it not to ask so many questions. In so far as we can with Vista, we’re telling it to behave more like Windows 7.

/me fails to see how the uac features stay intact if you’ve told it not to prompt for elevation. means all those drive by downloads that try to write to %SystemRoot% no longer trigger a warning and it’s trivial to escape any user protection once you have elevated privileges. but then i’m not a windows daily user so can’t comment on the announce of uac against it’s protection offerings

Because a theoretical drive-by cannot write to %systemroot%, it’ll get redirected to a virtual copy of it in the user’s profile directory. This is still the behaviour if UAC is in quiet mode, but not if UAC is completely disabled.

In theory, at any rate. (-:

I have read and understand this thread and spoken to my dad who is more tech savvy than me but more scared of the internets.

I have an older desktop, not quite as old as Harry’s but probably similar spec. I have also fitted what was an external hd, inside as the mounting failed. Can I copy everything important onto this hd then protect it in some way for the short term until I update to W7?