zdnet: How to extend XP forever and stay secure

[simplezz]

My dislike for XP wouldn't be so bad if it wasn't wholly insecure, rotten trash.

 

 

It had a good run, now it's time to quit adding insult to injury.

It isn't any less secure than Windows 7/8. Most malware comes from allowing the execution of random executables. And that I'm afraid is a user behaviour and software source issue. It really has very little to do with the OS security per se.

 

I have a machine running an XP / Xubuntu dual boot, and it's rock solid. Software compatibility wise, you can't beat XP.

[Steven P. Administrators]

A tech news blog advising on how to stay on an OS that is no longer supported by the company that made it: gg zdnet /s

 

[satysin]

That "article" is just an advert.

[Dot Matrix]

It isn't any less secure than Windows 7/8. Most malware comes from allowing the execution of random executables. And that I'm afraid is a user behaviour and software source issue. It really has very little to do with the OS security per se.

 

I have a machine running an XP / Xubuntu dual boot, and it's rock solid. Software compatibility wise, you can't beat XP.

It is less secure than 7/8.1. XP has next to no modern security features, and by default runs administrator profiles.

 

Windows 7/8.1 all have lower infection rates than XP does. -> https://www.neowin.net/news/microsoft-windows-xp-malware-infection-rate-nearly-six-times-higher-than-windows-8

[TPreston]

So do tell how an alternative shell is going to make xp secure :rofl: Oh its just sad tech sites have gone down the *******. it seems in an age where all you need to be a "poweruser" is run "Advanced SystemCare" or "Advanced System Optimizer" the quality of tech sites has plummeted.

 

The only ones you can trust to be run by something more than a teenager with an ECDL are SQL Herold, Technet and a few others

[simplezz]

It is less secure than 7/8.1. XP has next to no modern security features

Like I said, most malware is the result of the user running an executable from an unknown source. Sometimes you'll get drive-by IE exploits, but that's probably a lot less these days. Modern security features won't help you if you're looking for an app on the internet, download it, and then run it.

 

and by default runs administrator profiles.

I have mine set up as a non-admin profile. But again that means little on 7/8 if the user just automatically clicks yes on UAC (which most people do without question) or disable it completely.

 

Windows 7/8.1 all have lower infection rates than XP does. -> https://www.neowin.net/news/microsoft-windows-xp-malware-infection-rate-nearly-six-times-higher-than-windows-8

A report from Microsoft says XP is bad and Windows 8 is the best. Why am I not surprised lol. I'm sure they'd release a report stating the sky was purple if they thought it would convince XP users to buy a new Windows version.

[Dot Matrix]

Like I said, most malware is the result of the user running an executable from an unknown source. Sometimes you'll get drive-by IE exploits, but that's probably a lot less these days. Modern security features won't help you if you're looking for an app on the internet, download it, and then run it.

You say "probably," but drive bys are still very common. SQL Injections, and ransomware still propagate through the Internet. On Windows 8, "random apps" are scanned by SmartScreen, which is built into the OS. If it's not commonly downloaded, it'll flag you. IE 11 on Win 8.1 is much more secure than IE 8 on Windows XP. IE 8 does not have the modern security features of IE 11, and it is on the front lines in protecting your system.

I have mine set up as a non-admin profile. But again that means little on 7/8 if the user just automatically clicks yes on UAC (which most people do without question) or disable it completely.

You are not every XP user out there. As I said above, Windows 8.1 has built in security that flags potentially dangerous applications. "Joe user" is less inclined to click through on things when they have to jump through multiple hoops that say "infect your PC." Again, Windows 7/8.1 better protect the user, which is shown by lower infection rates.

Also, in Windows 8.1 you cannot turn off UAC.

A report from Microsoft says XP is bad and Windows 8 is the best. Why am I not surprised lol. I'm sure they'd release a report stating the sky was purple if they thought it would convince XP users to buy a new Windows version.

So, you don't trust Microsoft AT ALL to have that kind of data? They're the ones that will know best what is happening to their operating systems. It's how Windows 7/8.1 have come to be in terms of security.

[Hussam Al-tayeb]

All this does is replace the explorer shell?

[Max Norris]

Also, in Windows 8.1 you cannot turn off UAC.

Wellllll you can, need to do a few extra steps to do it, but yea, it's a seriously stupid idea.. running everything as root/admin on any OS is just begging for trouble. The OS will also block you from running and Modern software with it disabled too, it'll just refuse to run until you re-enable it again.

That said.. unless you absolutely postively need to stay with a dead OS for that one odd program that doesn't work in anything current or upgrading your shiny new machine from 1998 isn't appealing, it's just a bad idea in general. Don't care for 8, fine, 7's still supported until 2020. I wouldn't stay with an old version of OSX or *Nix either. There's more to your OS than just the browser to worry about.

[Rippleman]

running everything as root/admin on any OS is just begging for trouble. The OS will also block you from running and Modern software with it disabled too, it'll just refuse to run until you re-enable it again.

This is untrue for almost anyone. Adblock, chrome, good AV, a bit of common sense and you are good to go. And disabling UAC it WILL NOT block any software i have ever come across.

[Dick Montage]

Give it up already. It's NOT a good idea to stick with XP under any circumstances.

 

ANY circumstances?

 

Such as one of my DJ laptops that runs some very specialist software that cannot run sumilarly due to too manychanges to the audio stack and desktop managers within Vista and 7?  A laptop that never ever has been online and never will be?

[Max Norris]

This is untrue.

Which part, being a dumbass and running everything as root 100% of the time? (Nothing like trashing your entire OS versus just your user files eh? Rootkit? Yes please.) Or the part where Modern apps wont run? Like this random search image below?

 

AdBlock, chrome, good AV, a bit of common sense and you are good to go.

Ah.. hoping your safety net catches you, I'm sure that'll work 100% of the time. Thank god Chrome never has any vulnerabilities, everybody has common sense and nobody actually downloads software. /facepalm Doable if you're comfortable with this setup and you make frequent images and are willing to face the consequences if you make a mistake, do it myself. Would I recommend that for everyone? Hell no. I wouldn't do this on my *Nix boxes either where it's so easy to clobber your system with a silly mistake, resident security software won't save you from yourself.

[simplezz]

You say "probably," but drive bys are still very common. SQL Injections, and ransomware still propagate through the Internet. On Windows 8, "random apps" are scanned by SmartScreen, which is built into the OS. If it's not commonly downloaded, it'll flag you. IE 11 on Win 8.1 is much more secure than IE 8 on Windows XP. IE 8 does not have the modern security features of IE 11, and it is on the front lines in protecting your system.

Let's say hypothetically that from Windows 9 onwards, the only software that can be installed must be from the Microsoft app store. That alone would eliminate 90% of all malware getting on people's Windows PC's. That's my point.

If you look at Android. While it may have 97% of all mobile malware, only 0.1% of the play store contains any, and even then it's quickly removed. The point being, the weakest point in the chain is the user. And even if you have ten confirmation dialogs, if they want to run / install something, they're going to do it, regardless what new fangled security features the OS has. Microsoft knows that, and that's why it's pushing people in the direction of its curated app store. Curated app stores and peer reviewed repositories are the best defense against malware infections.

Obviously avoiding IE is a good idea as well because of all the zero day exploits, activex, drive-bys, and other risks associated with it.

 

"Joe user" is less inclined to click through on things when they have to jump through multiple hoops that say "infect your PC." Again,

Let's be realistic here. By hoops you're talking about one UAC modal window. Hardly a deterrent, especially when most people automatically click it without thinking. It's user behaviour and attitudes which need to change. And when people become used to getting apps from curated stores / repos, they're less likely to go hunting around for random apps on the net.

 

Windows 7/8.1 better protect the user, which is shown by lower infection rates.

According to Microsoft. But that's not what's interesting. Look at the encounter rates. They're almost the same. It could just be the only thing preventing the malware from infecting Vista/7/8 systems is the fact that it was designed for XP. You can see in the graph, it has a step trend which is synchronised with the release date of the OS. The longer a system is around, the more malware will accumulate for it.

Vista has an almost identical security model to 7 and 8, yet it has a higher infection rate. Why? Because it's been out longer?

 

Also, in Windows 8.1 you cannot turn off UAC.

Still only on 8.0 at the moment so I can't honestly comment on that.

 

So, you don't trust Microsoft AT ALL to have that kind of data?

I trust Microsoft to source and present the data in such a way as to show its latest OS' in the best possible light. As any statistician will tell you, you can do anything if you cherry pick your source.

 

They're the ones that will know best what is happening to their operating systems. It's how Windows 7/8.1 have come to be in terms of security.

Microsoft is a PR machine. Any advert, report, etc that makes the competition look bad and their latest products look good is the objective.

[Rippleman]

Which part, being a dumbass and running everything as root 100% of the time? (Nothing like trashing your entire OS versus just your user files eh? Rootkit? Yes please.) Or the part where Modern apps wont run? Like this random search image below?

 

Ah.. hoping your safety net catches you, I'm sure that'll work 100% of the time. Thank god Chrome never has any vulnerabilities, everybody has common sense and nobody actually downloads software. /facepalm Doable if you're comfortable with this setup and you make frequent images and are willing to face the consequences if you make a mistake, do it myself. Would I recommend that for everyone? Hell no. I wouldn't do this on my *Nix boxes either where it's so easy to clobber your system with a silly mistake, resident security software won't save you from yourself.

been running 5 years straight with no UAC... NEVER a problem aside from small malware in temp folders, and this even WITH surfing porn, movie sites, warez sites, key gens, cracks, etc etc...sorry to disappoint you. I don't use windows app store, I was wrong there.

[tuckeratlarge]

I want to gouge my eyes out and wash them with bleach.

 

Give it up already. It's NOT a good idea to stick with XP under any circumstances.

Except for the fact the software I use to do my job doesn't work in Vista, 7, or 8

[sinetheo]

So do tell how an alternative shell is going to make xp secure :rofl: Oh its just sad tech sites have gone down the *******. it seems in an age where all you need to be a "poweruser" is run "Advanced SystemCare" or "Advanced System Optimizer" the quality of tech sites has plummeted.

 

The only ones you can trust to be run by something more than a teenager with an ECDL are SQL Herold, Technet and a few others

 

ZDNET is filled with 40 something year olds from a previous generation due to the tech magazines they used to sell back in the day.

 

They HATE CHANGE due to their age. Even in slashdot.org I got modded down for telling peope you should be fired and are stupid by saing things like XP is secure if you do not click on anything etc. Or how unfair it is for corporations to have to upgrade every 11 years XP BEST OS EVER!!...

 

I agree with Dot Matrix on this. People are really ignorant and makes me cringe slashdot.org are filled with ignorant old people who feel XP is secure because it has ACL therefore no reason to ever change etc.

[Max Norris]

sorry to disappoint you.

Cute, but you'd be surprised how little I actually care what other people do. Also missed the part where I said I do something similar myself, except not resident AV. Also been malware free for ~10 years. And again, I certainly wouldn't recommend that for everybody.. just because I do it doesn't mean your average clueless user should. You != everyone. And like I also said, disabling UAC also blocks Modern applications from running, so if you're looking to the Store to run any apps (or, you know, get the latest OS update), you're SOL.

 

Let's be realistic here. By hoops you're talking about one UAC modal window. Hardly a deterrent, especially when most people automatically click it without thinking. It's user behaviour and attitudes which need to change. And when people become used to getting apps from curated stores / repos, they're less likely to go hunting around for random apps on the net.

Not downplaying that as having a central store/repo does limit the attack surface quite a bit. But that's also a double-edged sword when you're allowed to add other repositories to your package manager, which does come up rather frequently in Linux, never mind not every device is oriented around the Play store, there's a good number of devices that aren't. Piracy also tends to be a big motivator here, be it Windows or Android. Just for example, lets say Steam on Linux takes off and it starts to get a good number of users. You're going to see a big influx of Linux based malware as pirated software starts to become attractive on the OS.. it's a sad reality to gaming regardless of the platform, it's already a big issue on Android. Whether it's clicking a UAC prompt or entering your password to get elevation via sudo, people become desensitized to it and just run what they're told and assume it's safe because the nice pirate said so.

[Lord Method Man]

I have two MAME arcade cabinets running Windows XP and they always will. They are both phone-activated and not once ever connected to a network.

[Anibal P]

Except for the fact the software I use to do my job doesn't work in Vista, 7, or 8

 

 

Time for an update or new software, and it can be done, I work for one of the biggest international health insurance companies and the transition is on the software side was completed last year and the few remaining XP installs are being upgraded or replaced with 7/8, there are no corporate advantages to not update your software, especially in light of all the known and countless unknown data breaches at companies likely still running XP and crap ancient software 

[sinetheo]

Like I said, most malware is the result of the user running an executable from an unknown source. Sometimes you'll get drive-by IE exploits, but that's probably a lot less these days. Modern security features won't help you if you're looking for an app on the internet, download it, and then run it.

 

I have mine set up as a non-admin profile. But again that means little on 7/8 if the user just automatically clicks yes on UAC (which most people do without question) or disable it completely.

 

A report from Microsoft says XP is bad and Windows 8 is the best. Why am I not surprised lol. I'm sure they'd release a report stating the sky was purple if they thought it would convince XP users to buy a new Windows version.

 

WOW

 

If you do not work in IT please do not say things like this. If you do work in IT I have to say you need to brush your knowledge base.

 

WRONG infections come from buffer overflows, stack smashing, poor exception handling, no sanboxes from flash ads on websites. NO user interaction required. Log in with a limited user on a webpage with a question infected flash ad from a compromised advertsing network and you are OWNED. 

 

ACL, groups and permissions? They only work if you do a win32 call to the NT kernel. Assembly code inserts code into a ram address of a .dll file. THe .dll file and is run as the system user. 

 

Windows 7 has ASLR, kernel sandboxing, privilege separation, full DEP,signed boot loaders, and other technologies that XP does not have. Shoot there is an api and service called ImpersonateAdmin! No I am not making this up. Any limited user can do an impersonateAdministrator gee no security risk in that at all ... slaps hand on face.

 

Windows 7 has cut infection rates down to corporate customers in half and saved money.

[simplezz]

But that's also a double-edged sword when you're allowed to add other repositories to your package manager, which does come up rather frequently in Linux

It mostly depends on the distro. On arch for instance, you have the main repos and the AUR. I never go outside of them unless I'm building a program from source. I think your probably talking more about *Buntu PPA's etc. Sure, but generally they're hosted on reputable sites like launchpad.net. And take a degree of knowledge / expertise to setup. There's still the possibility someone could copy&paste a apt-add-repository && apt-get install line on the terminal from a website, but it's not that likely and certainly not on a large scale.

Just for example, lets say Steam on Linux takes off and it starts to get a good number of users. You're going to see a big influx of Linux based malware as pirated software starts to become attractive on the OS.. it's a sad reality to gaming regardless of the platform, it's already a big issue on Android.

It's possible, but we're only talking about one app category on traditional linux distros here - games. Virtually all other software on Linux is already free, including a lot of games. Even proprietary ones on Steam are starting to become F2P, not that I particularly like that model, but it's a reality.

Whether it's clicking a UAC prompt or entering your password to get elevation via sudo, people become desensitized to it and just run what they're told and assume it's safe because the nice pirate said so.

I agree with that. Just because a user has to enter a password doesn't make them any more safe. We all need to be vigilant when running programs from unvetted sources.

[xWhiplash]

Worst tech advice ever.  Look if something is no longer supported by the manufacturer, UPGRADE!  Honestly, what is so DAMN GOOD about XP?  If you have software that only supports XP, run it in a virtual machine and leave your base OS in a supported, more secure version.

 

I have used 95, 98, 2000, ME, XP, Vista, 7, 8.x.  Not ONE version made me think "I am going to stick with this forever".  Name one that that is SOOOOO damn good about XP that is not better in later OSes?

[simplezz]

WRONG infections come from buffer overflows, stack smashing, poor exception handling, no sanboxes from flash ads on websites.

I never said they didn't. But I'm really talking about consumer Windows PC's, and the most prevalent attack vector is a user running an executable. If you have evidence to the contrary, I'll be more than willing to listen.

NO user interaction required. Log in with a limited user on a webpage with a question infected flash ad from a compromised advertsing network and you are OWNED.

And be running a specific browser, version, etc. Those attacks are much harder when they rely on specific versions of software being installed. 

ACL, groups and permissions? They only work if you do a win32 call to the NT kernel. Assembly code inserts code into a ram address of a .dll file. THe .dll file and is run as the system user.

Again, that relies on a lot of variables like static memory addresses and specific OS or software versions. Not easy to pull off on a large scale.

Windows 7 has ASLR, kernel sandboxing, privilege separation, full DEP,signed boot loaders, and other technologies that XP does not have.

And it still doesn't stop zero day exploits from happening. But again, from my experience, the majority of the malware comes from the user executing / installing software, not from memory hacking and exploits.

Shoot there is an api and service called ImpersonateAdmin! No I am not making this up. Any limited user can do an impersonateAdministrator gee no security risk in that at all ... slaps hand on face.

lol. Never heard of that, but it doesn't sound good.

Windows 7 has cut infection rates down to corporate customers in half and saved money.

I couldn't say and I'm not talking about corporates, and never have been. Nor am I talking about servers getting attacked by SQL injection exploits. I'm talking about consumers and how the majority of malware gets on their systems.

[xWhiplash]

I never said they didn't. But I'm really talking about consumer Windows PC's, and the most prevalent attack vector is a user running an executable. If you have evidence to the contrary, I'll be more than willing to listen.

And be running a specific browser, version, etc. Those attacks are much harder when they rely on specific versions of software being installed. 

Again, that relies on a lot of variables like static memory addresses and specific OS or software versions. Not easy to pull off on a large scale.

And it still doesn't stop zero day exploits from happening. But again, from my experience, the majority of the malware comes from the user executing / installing software, not from memory hacking and exploits.

lol. Never heard of that, but it doesn't sound good.

I couldn't say and I'm not talking about corporates, and never have been. Nor am I talking about servers getting attacked by SQL injection exploits. I'm talking about consumers and how the majority of malware gets on their systems.

 

It doesn't matter.  Windows 7 and Windows 8 (even Windows 9, 10, 11, ...) will ALL have vulnerability issues.  The only way to stop the general user from infecting their own machine is to only allow programs to be installed from the app store.  Even then it is not 100% protected.  The software is coded by humans, it cannot be 100% perfect.  There will always be security issues in ANY version.  This does not make it right suggesting and giving advice on how to stick with XP instead of upgrading.  It is NO LONGER supported by the manufacturer.  The best advice is UPGRADE if you can.  XP is not the best OS ever made, I do not see why so many people are suggesting this.  It had NUMEROUS problems before SP2.  I fail to see ONE good thing about XP that would keep me back from the new OSes.  As much as my dislike for the new style of Windows 8, the desktop changes are worth it.

[Dot Matrix]

Worst tech advice ever.  Look if something is no longer supported by the manufacturer, UPGRADE!  Honestly, what is so DAMN GOOD about XP?  If you have software that only supports XP, run it in a virtual machine and leave your base OS in a supported, more secure version.

 

I have used 95, 98, 2000, ME, XP, Vista, 7, 8.x.  Not ONE version made me think "I am going to stick with this forever".  Name one that that is SOOOOO damn good about XP that is not better in later OSes?

I can't believe I am agreeing with Whiplash, but this statement, right here. If you need XP for whatever old application, virtualization is cheap and effective. Windows 8 even comes with it built right in. Heck, even Windows 7 has "XP Mode," but with XP not supported, it's better to have it in a more secure virtualized environment.

 

Installing third party junk to try and keep XP 'supported" just isn't sound advice. At the end of the day, you're still using Windows XP, and it's still unsupported by Microsoft.