Windows XP. Will I die?

Home Forum Chat Forum Windows XP. Will I die?

Viewing 32 posts - 46 through 77 (of 77 total)
  • Windows XP. Will I die?
  • renton
    Member

    So I’ve just updated from Xp to windows 7 using a disc I got off amazon for 49 quid.

    It all seems to have gone smooth enough although now when viewing this forum all the thread titles are underlined ??

    Any ideas ?

    Premier Icon Del
    Subscriber
    Premier Icon aracer
    Subscriber

    molgrips wrote:

    You are still *pretty much* safe, as long as you follow common online sense.

    Phew – I was thinking of giving that advice, but wondering if I was missing something.

    Question for those who might know more about this than I do – given a firewall in my router and taking a lot of care in what I download and install, are there actually any real vulnerabilities which can be exploited? I’m coming from the perspective of having never had a virus detected on a computer I’ve owned (I’ve had Windows PCs for almost 20 years). Is it possible for a hole in the TCP/IP stack to be exploited by malformed packets which get past the firewall, and does that actually ever happen? I’m assuming that the vast majority of attacks exploit some human vulnerability, but not sure if that’s naive.

    The other thing which occurs to me is that if there is such a vulnerability open to attack, it’s not beyond the wit of the community to provide some protection for it if Microsoft won’t.

    FWIW I no longer run XP since my print server died (now using a RPi for that), but we have XP on VMs at the local school – was discussing this today and we’re happy that given how heavily firewalled it is and that the VM is dynamic (ie it is loaded from a gold image which only the admins have access to, and can be restored from backup in <5 minutes) we are pretty safe. Though we will probably be moving to W7 in the next few months – all sorts of issues with compatibility there though, given some of the school software is from last century.

    mk1fan
    Member

    Surely antivirus software should be protecting a computer? Whether it’s MSE or another provider?

    Premier Icon molgrips
    Subscriber

    Aracer, you are broadly right. I surfed for a year or more on a computer with no AV (but a firewall and up to date software and OS) and got nothing. However I did get the malware attack that was on a page in an STW post on a different computer, I think it was not detected though because it was a script on a website.

    Premier Icon Cougar
    Subscriber

    Well, it’s as aracer says. Where is the threat?

    A fully patched Windows XP installation is a mature piece of software. It’s had twelve years of iterative patching to prevent exploits such as hostile websites.

    Third-party software exploits are patched by their respective vendors. This is down to them to continue to support independently of Microsoft. By a long way, out-of-date Flash and Java installs are the biggest source of exploited code in the Windows environment, and uninstalling /patching these will make a big difference to your security. Whether they continue to be patched once MS drop XP remains to be seen.

    A hardware firewall (to wit, your Internet router) will stop the bulk of ‘drive-by’ Internet threats.

    Safe computing practices (ie, not clicking on stupid shit and reading the text of software installations properly) will stop most user-initiated malware.

    What’s left? Not a lot. “Should” AV be installed? Well, yes, it should, but with the caveats above the practical risks in not doing so are probably lower than you think. When was the last time anyone actually got a virus that couldn’t be attributed to user error or a poor patching regime (which is, hey, user error)? What we’re really talking about then is new threats, zero day exploits, that sort of thing. These should be few and far between, but as we’ve seen today with Heartbleed problems can still surface even in established software.

    Premier Icon molgrips
    Subscriber

    Plus, AV vendors may continue to support XP even if MSE doesn’t. There’s a big market out there for the one that does.

    Premier Icon Cougar
    Subscriber

    I bet there won’t be (m)any that do it for free, mind.

    Premier Icon aracer
    Subscriber

    Cougar wrote:

    What we’re really talking about then is new threats, zero day exploits, that sort of thing. These should be few and far between, but as we’ve seen today with Heartbleed problems can still surface even in established software.

    Ah well, I’m still worried about those – I’m far from convinced they will be non-existent (as pointed out in various articles, any sensible hacker will have been saving them up waiting for support to end). The question is what the attack vector is, and whether you’re only at risk if you download dodgy stuff.

    Presumably the malware attack on a page here was a javascript attack, so relies on that being patched rather than Windows, and if not then it’s the browser which is an issue. I’d be a lot more worried when there is no longer a supported browser available for XP.

    Though thanks for the general reassurance – being an IT person who should know about stuff like this (I have even worked on internet security, though not directly on this sort of thing) I was wondering whether I was missing something.

    Cougar wrote:

    I bet there won’t be (m)any that do it for free, mind.

    I can’t see any reason why they’d stop now – if it was worth doing before it’s still worth doing – maybe when the user base is a lot smaller, but that’s going to be a while yet. I’d expect browsers to become unsupported sooner.

    Premier Icon molgrips
    Subscriber

    Presumably the malware attack on a page here was a javascript attack

    I’d love to know how it worked. What it actually did was to install a proxy server on my machine and set my proxy settings in my browsers to localhost. The dodgy proxy then redirected everything to a site that asked me to click here to do something.. forget what – something like clean my machine of viruses maybe (ironic). Crude, but I do wonder how it managed to do that.

    Premier Icon Cougar
    Subscriber

    I can’t see any reason why they’d stop now

    I can’t see any reason why they’d continue.

    OTOH, with the departure of MSE I can see why they might all decide to start charging for support for a dead OS.

    renton
    Member

    my browser is chrome.

    Premier Icon aracer
    Subscriber

    Cougar wrote:

    I can’t see any reason why they’d continue.

    The same reason they do now, and the same reason they continue with free support for other OSes.

    Premier Icon footflaps
    Subscriber

    Amazingly there are still websites tun by Windows 2000 and NT!

    http://www.zdnet.com/xp-servers-still-powering-6000-websites-7000028238/

    Premier Icon aracer
    Subscriber

    footflaps wrote:

    Amazingly

    Not really – I’m disappointed they didn’t have figures for NT3.51 and earlier (I’m making the naive assumption that nobody hosts websites on 95 or 98!)

    edlong
    Member

    you’d have to go via Vista

    If I had an elderly, not particularly powerful or fast, netbook that I wanted to keep running at minimal cost for a bit longer, and if possible avoid as much MS bloat as I can while still being kept safe, someone tell me why I don’t just get Vista for a few quid and stick that on it?

    Premier Icon Cougar
    Subscriber

    Your money would almost certainly be better spent on a 1Gb > 2Gb upgrade and Linux. However, I’ll stand up in front of the STW Masseeve and say that Vista is a decent OS if you set it up sensibly.

    Premier Icon aracer
    Subscriber

    I’m sitting here typing on a Vista machine, so with you on that one, Cougar (it works well enough that I feel no need to upgrade to 7). My understanding is that a lot of the reported problems were due to running it on machines with too low a spec. as it needs more oomph than XP, but fine with a powerful enough machine – the big advantage of 7 being that it is better optimised for low end machines.

    Premier Icon Cougar
    Subscriber

    That and the first incarnation of UAC was immensely irritating, but that’s (safely) fixable.

    Premier Icon molgrips
    Subscriber

    W7 is probably the first version of Windows LESS resource hungry than its predecessor.

    Premier Icon takisawa2
    Subscriber

    Afraid I took the easy option…CLICK 😀

    For £100 its hardly worth the hassle in trying to upgrade our old Optiplex. The 4gb of RAM is the same type & 250gb HDD I put in this machine can go in a caddy as a back-up drive.

    Happy to use Open Office or Google Docs for software.

    Premier Icon aracer
    Subscriber

    Cougar wrote:

    That and the first incarnation of UAC was immensely irritating, but that’s (safely) fixable.

    Yes it is, and I hadn’t realised it was fixable – any tips or links?

    Premier Icon Cougar
    Subscriber

    I’ve a registry hack I crufted which fixes UAC without breaking it, in direct defiance of The Internet. Email me.

    Premier Icon Del
    Subscriber

    Ed, I’m running 7 on a samsung n110 with 2gb of ram. gets a bit laggy trying to run videos in HD, but aside from that runs very happily. far better than xp, which is what it shipped with. given the number of issues colleagues had with vista, and given it probably requires similar resources, i’d just jump to 7 if you’re upgrading from xp.

    Premier Icon Cougar
    Subscriber

    Vista UAC fix.

    Copy the following text into Notepad, save is with a .reg extension (you’ll need to change “Save as type” to read “All Files” or you’ll end up with filename.reg.txt) and then run it. It’ll amend the behaviour of UAC so that it still works but is much less chatty and annoying.

    There’s plenty of people on the Internet advising to disable UAC. This is a Really Bad Idea as doing so also quietly disables a lot of other security measures and safeguards.



    Windows Registry Editor Version 5.00
    [code]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System]
    "ConsentPromptBehaviorAdmin"=dword:00000000
    "ConsentPromptBehaviorUser"=dword:00000001

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval"=dword:00000001
    "UacDisableNotify"=dword:00000001
    [/code]

    Premier Icon aracer
    Subscriber

    Thanks – nothing there which looks at all risky (though I might as well do it in regedit [Windows needs your permission to continue 🙄 ] and save current values whilst I’m at it).

    Cougar wrote:

    There’s plenty of people on the Internet advising to disable UAC. This is a Really Bad Idea as doing so also quietly disables a lot of other security measures and safeguards.

    Indeed, which is why I still have it on despite it being intensely annoying.

    Premier Icon aracer
    Subscriber

    aracer wrote:

    regedit [Windows needs your permission to continue ]

    Not any more 🙂

    purpleyeti
    Member

    yeah nothing like removing the sandbox protection to increase security.

    Premier Icon Cougar
    Subscriber

    You’re absolutely right. It’s nothing like that.

    There is, of course, a slightly increased risk in that Windows is no longer asking “are you sure?” every five minutes and just getting on with it. However, this is almost certainly mitigated by the fact that most Vista users will by now have developed an involuntary twitch which unquestioningly agrees to the UAC dialogue every time it appears, rendering it pointless anyway.

    All other UAE-underpinned features remain intact. Applications will run in a non-elevated state by default, file and registry shadowing / virtualisation will continue to work, and you still have Protected Mode available in IE (which I’m assuming is what you’re referring to with your ‘sandbox’ comment).

    Disabling UAC breaks all these things. But we’re not doing that, we’re just telling it not to ask so many questions. In so far as we can with Vista, we’re telling it to behave more like Windows 7.

    purpleyeti
    Member

    /me fails to see how the uac features stay intact if you’ve told it not to prompt for elevation. means all those drive by downloads that try to write to %SystemRoot% no longer trigger a warning and it’s trivial to escape any user protection once you have elevated privileges. but then i’m not a windows daily user so can’t comment on the announce of uac against it’s protection offerings

    Premier Icon Cougar
    Subscriber

    Because a theoretical drive-by cannot write to %systemroot%, it’ll get redirected to a virtual copy of it in the user’s profile directory. This is still the behaviour if UAC is in quiet mode, but not if UAC is completely disabled.

    In theory, at any rate. (-:

    Premier Icon paul4stones
    Subscriber

    I have read and understand this thread and spoken to my dad who is more tech savvy than me but more scared of the internets.

    I have an older desktop, not quite as old as Harry’s but probably similar spec. I have also fitted what was an external hd, inside as the mounting failed. Can I copy everything important onto this hd then protect it in some way for the short term until I update to W7?

Viewing 32 posts - 46 through 77 (of 77 total)

The topic ‘Windows XP. Will I die?’ is closed to new replies.