The NSA wants you to drop Windows XP

It is not every day that we see a Government agency telling us what platform we should use for our business and personal computing needs. While it is known that Vista and Windows 7 provide better security enhancements than Windows XP, the NSA is now calling it a best practice to upgrade from XP to a newer OS.

The NSA (via winbeta.org) is not typically known for providing software recommendations to the general public. It is also a bit curious for the NSA (who is known for its domestic spying) to offer up ways to better protect yourself considering the entire organization is based around information gathering. Besides the conspiracy theories around this document, it does have value. The NSA states:

Both Windows 7 and Vista provide substantial security enhancements over earlier Windows workstation operating systems such as XP. Many of these security features are enabled by default and help prevent many common attack vectors. In addition, implementing the 64-bit mode of the OS on a 64-bit hardware platform substantially increases the effort of an adversary to attain a system or root compromise. For any Windows-based OS, verify that Windows Update is configured to provide updates automatically.

The document also talks about OS X and that users should keep their OS updated, but falls short of making a specific version recommendation.

If you can overcome the idea of the NSA telling you how to best protect your data and identity, then the pdf (link) provides a resource that can be utilized by many, from the basic user to advanced IT professionals. At the end of the day, it is about informing the end user who needs to understand that security is a revolving policy, what worked five years ago, may not be sufficient today.

Report a problem with article
Previous Story

Blackberry Bold 9900/9300 announced, OS 7 revealed

Next Story

AT&T begins broadband data cap policy today

72 Comments

Commenting is disabled on this article.

Its strange to think that back in the day we thought Windows 2000 was a very secure operating system. I'm sure years from now we'll be saying that about Windows 7, but lets give it a few more years.
Some of you might think that statement sounds very Bill Gates '95 ...
(During the Windows 95 launch Bill Gates stated that Windows 3.1 was a crummy operating system and that in the future we would feel the same way about 95)

netsendjoe said,
Its strange to think that back in the day we thought Windows 2000 was a very secure operating system. I'm sure years from now we'll be saying that about Windows 7, but lets give it a few more years

Heh shoot, was reinstalling XP in a VM for testing purposes the other day.. don't forget the little blurbs it shows you during the installation. "Windows XP includes the most secure version of Internet Explorer to date yadda yadda enjoy IE6."

netsendjoe said,
Its strange to think that back in the day we thought Windows 2000 was a very secure operating system. I'm sure years from now we'll be saying that about Windows 7, but lets give it a few more years.
Some of you might think that statement sounds very Bill Gates '95 ...
(During the Windows 95 launch Bill Gates stated that Windows 3.1 was a crummy operating system and that in the future we would feel the same way about 95)

Why give it a few years to say Windows 7 is secure? This isn't black magic, the defenses have been designed and tested for years and are the same as you find in Vista, which is still secure, so why not call Windows 7 secure? Waiting years seems very arbitrary to me...

With XP mode and other virtualization options, there is no reason to be running XP on a capable computer anymore. Even the sheer costs of supporting and maintaining such an old OS is more than the initial upgrade to 7.

Chrono951 said,
With XP mode and other virtualization options, there is no reason to be running XP on a capable computer anymore. Even the sheer costs of supporting and maintaining such an old OS is more than the initial upgrade to 7.

Correct. Altough people will be quick to point out absurd exceptions ("I have no money, you expect me to starve to upgrade to Win 7!!!") to try to guilt trip someone. In general you are 100% spot on.

Chrono951 said,
With XP mode and other virtualization options, there is no reason to be running XP on a capable computer anymore. Even the sheer costs of supporting and maintaining such an old OS is more than the initial upgrade to 7.

The costs of upgrading to Windows 7 and rewriting their apps far outweigh the maintenance costs of XP.Why do you think most businesses are sticking with it? Clearly your claims don't reflect reality.

You can bet that prob 80% of the NSA's computers are still running Win98 let alone XP cause they can't get funding to upgrade. We would rather spend the money on bombing libya rather than upgrade our own countries software to enhance security at home.

sava700 said,
You can bet that prob 80% of the NSA's computers are still running Win98 let alone XP cause they can't get funding to upgrade. We would rather spend the money on bombing libya rather than upgrade our own countries software to enhance security at home.

Na, the NSA run a hardened GNU/Linux. They aren't stupid. They know that Windows is like swiss cheese when it comes to security. In addition, because Linux is FOSS, they can audit the code and customise it.

Flawed said,
Na, the NSA run a hardened GNU/Linux. They aren't stupid. They know that Windows is like swiss cheese when it comes to security.

Yes, I'm sure the NSA is running an OS that has serious security issues of it's own. Just for example, how many years was Debian/Ubuntu using predictable SSL/SSH keys again?

Max Norris said,

Quick, might want to send that link to all those Linux run servers that keep getting hacked.

Except that those are dictionary/brute force attacks. Take a look at the statistics.

Flawed said,
Except that those are dictionary/brute force attacks. Take a look at the statistics.

Do you think the victim is really going to find any consolation? Hacked is hacked. Throw in the "joys" of SELinux's configuration and instabilities (look at those statistics.. it's crash happy and has quite a few unhappy users) well, pot, meet kettle.

Flawed said,

Except that those are dictionary/brute force attacks. Take a look at the statistics.

Ah, so we're quick to point how that those were dictionary attacks, but ignore that Windows get infected from dumb users who get socially engineered? Interesting, your hipocracy is.

Windsinger said,
Guess they're a little concerned that more people trust XP than W7 (i.e. a reworked VISTA).

What rock have you been living under? W7 is far more trusted. The problem for businesses that havent upgraded yet isnt trust, its the move itself. It took me months of planning and I only admin about 600 desktops. Scripts no longer work, etc etc is the bigger problem.

Maybe if they really wanted XP users to upgrade, they should offer a trade in for win xp COA stickers and substantial discount/ or free Win7 starter edition or something.

As it is right now, most of the WinXP machines just aren't worth the cost of upgrading the OS, but at the same time, why upgrade a PC that does what you want it to do. At least, thats the mentality of most customers who I have to deal with.

[quote=sagum said,]Maybe if they really wanted XP users to upgrade, they should offer a trade in for win xp COA stickers and substantial discount/ or free Win7 starter edition or something. /quote]
Sorry i mave have misunderstood this , but do the NSA own Microsoft now ....ya know to give away stuff for free/at a discount ?

sagum said,
Maybe if they really wanted XP users to upgrade, they should offer a trade in for win xp COA stickers and substantial discount/ or free Win7 starter edition or something.

As it is right now, most of the WinXP machines just aren't worth the cost of upgrading the OS, but at the same time, why upgrade a PC that does what you want it to do. At least, thats the mentality of most customers who I have to deal with.

Yeah, and Ford should give me a new car because new cars are safer than older ones...And why should a government agency recommending you protect yourself give you the product(they don't make) for free?

Reading the linked PDF it seems like a plain vanilla PSA, likely produced at huge costs (that's the government way)... most any student could have copy/pasted better during a quick session with Google. OTOH just saying the NSA wants you to dump XP might be good for an laugh or three whenever there's one of *those* conversations re: XP vs. 7... you know the ones I'm talking about. ;?P

No worse than neowin using: "The NSA wants you to drop Windows XP" for the title BTW... :-)

Tell that to my boss please? LOL I even offered to give him my old Vista Business that i won and will never use. He got Windows 7 for his PC and there's 1 other PC here with Vista (think it came with it) but all the others (about 10) all use XP. I'd glady install Vista on this sytem, more than capable - 64bit too even!

ApuBo said,
no brainer, want secure os? get newest one (and have up to date updates).

And you trust the NSA? Hehe. They want you to upgrade to their newest backdoor

Flawed said,

And you trust the NSA? Hehe. They want you to upgrade to their newest backdoor

Provide proof (as asked many times now) that Windows has a backdoor or retract. Ok, I know you're not man enough to retract when wrong, just go away if you don't have proof then.

Malicious Software Removal Tool is a backdoor because it cleans malware and reports statistics so the feds can bust the malware makers? That doesn't qualify as a backdoor, that's an AV. A backdoor is something anyone can use to login to my system without my permission, you do not have to run MSRT or updates, the user chooses to do so.

TL;DR: Worpress blog calls MSRT backdoor, designed for greys apparently.

Flawed said,

And you trust the NSA? Hehe. They want you to upgrade to their newest backdoor

Ever see that one Mel Gibson movie? ...what was it called... Conspiracy Theories?

before people get all tinfoil hat on this, the NSA always writes security guidelines and procedures..... every year they make recommendations for the government and businesses... thats all this is, they have some pretty smart teams doing security checks on OS's

neufuse said,
before people get all tinfoil hat on this, the NSA always writes security guidelines and procedures..... every year they make recommendations for the government and businesses... thats all this is, they have some pretty smart teams doing security checks on OS's

NSA also operates the National Computer Security Center (co-located with NSA HQ in their supersized Ft. George G. Meade Headquarters/Operations complex), which authors the National Computer Security Guidebook (AKA the Orange Book) which is the basic guide for securing any computer (originally aimed at the military and its contractors, it's now used both in and out of government and by corporations having no military contracts).

The PDF being referenced is a pretty vanilla document - but it's one of those public documents the NCSC (thus NSA) actually puts out there for general consumption. So many of you are all worried about what NSA does on one side (the information-gathering side) that you forget all about the other side of NSA (or GCHQ, for that matter) - the information-protection side.

Forests and trees, people.

Teh NSA owns ur Windows! If you like government agencies spying on you, go right ahead and continue using Windows.

Flawed said,
Teh NSA owns ur Windows! If you like government agencies spying on you, go right ahead and continue using Windows.

Your comments really make me laugh, like they would even need a back door with the kit at their disposal (and that goes for any OS).

Flawed said,
Teh NSA owns ur Windows! If you like government agencies spying on you, go right ahead and continue using Windows.

Provide proof only Windows is 'owned' (whatever the hell that means) by the NSA. I'd venture a guess that all the modern OSes are as easy (or hard) as any other to break into.

Flawed said,
Teh NSA owns ur Windows! If you like government agencies spying on you, go right ahead and continue using Windows.

Your name describes your logic.

Rooster69 said,
Of course, they do not have back doors in XP, only in Win7

I'm pretty sure GAs require that software have NO backdoors. That's why Microsoft got rid of easter eggs and other "undocumented features." An NSA backdoor could be used by someone else to infiltrate the NSA.

GreyWolf said,
...
An NSA backdoor could be used by someone else to infiltrate the NSA.

Yep, a backdoor for the NSA could just as easily let the Chinese or Russians in.

Rooster69 said,
Of course, they do not have back doors in XP, only in Win7

Nobody needs a backdoor into XP, as the front door is wide open.

J_R_G said,

Nobody needs a backdoor into XP, as the front door is wide open.

XP is just as secure as W7 provided you have the ability to string two brain cells together and get decent security measures that do not come SHIPPED with the disc. At any rate, continue to use W7 (Steve Ballmer's baby) if you think it makes you more secure. You'll do the NSA very proud.

Windsinger said,

XP is just as secure as W7 provided you have the ability to string two brain cells together and get decent security measures that do not come SHIPPED with the disc. At any rate, continue to use W7 (Steve Ballmer's baby) if you think it makes you more secure. You'll do the NSA very proud.

Completely untrue. XP doesn't have a solid 0-day defense, XP doesn't have IE9 with it's malware filter that was found to be 99% effective. XP doesn't support Intergity levels, so it doesn't allow IE to be sandboxed. XP doesn't have features like file and registry virtualization, so that many apps can be ran as standard user despite accessing secured locations. And what security you can add to XP typically requires much more than 2 brain cells, average users have many trillions of brain cells and still get infected all the time in XP.

And what's wrong with doing the NSA proud in this regard? They are interested in defending America, and part of that is to have Americans be secure on the internet, you should read books about the NSA instead of digg and slashdot stories about them, you might learn something.

Windsinger said,

XP is just as secure as W7 provided you have the ability to string two brain cells together and get decent security measures that do not come SHIPPED with the disc. At any rate, continue to use W7 (Steve Ballmer's baby) if you think it makes you more secure. You'll do the NSA very proud.


You just contradicted yourself and made yourself look foolish. In one breath you say XP is just as secure as W7, then in the next breath say that you need to install additional software into XP to have that security. Translation, XP is not as secure as W7.

TCLN Ryster said,

Translation, XP is not as secure as W7.

If you create a user account instead of using the default root account, then there is very little difference. Besides, you gain much better performance by staying with XP.

Rooster69 said,
Of course, they do not have back doors in XP, only in Win7

NSA has a backdoor in XP, it's just not as good as Windows 7's version. All courtesy of Microsoft of course. The NSA could put anything they like in Windows 7, and all the users crowing about it would be none the wiser lol.

J_R_G said,

Nobody needs a backdoor into XP, as the front door is wide open.

QFT. XP has 0 security built in security, and it doesn't take much to bypass the tacked on crap.

GreyWolf said,

I'm pretty sure GAs require that software have NO backdoors. That's why Microsoft got rid of easter eggs and other "undocumented features." An NSA backdoor could be used by someone else to infiltrate the NSA.

Yeah, I've heard people claiming that the government required Microsoft to build backdoors into Vista and 7 for them, but I'm not sure I believe that. It seems too cloak and daggerish... I mean, I'm sure "Coffee" may work better with 7 and Vista, but that needs physical access...

M_Lyons10 said,
Yeah, I've heard people claiming that the government required Microsoft to build backdoors into Vista and 7 for them, but I'm not sure I believe that.

I'd be more worried about the fluoridated water and mind control. People tend to claim all sorts of ridiculous things.

Flawed said,

http://www.malwarecity.com/com...logid=23&showentry=1610

Zero day exploit that affected Visa and 7, but not XP. It bypassed the UAC using a security hole in the registry. Just one of many. But nice try.

As usual your information is 'flawed'. It was not a security hole in the registry, it was in a kernel file that processes the registry. Also, nobody said there were no security bugs in Vista and 7, what has been said is that Vista and 7 have appropiate 0 day defenses so these bugs are often impossible or else much more difficult to exploit. Much more difficult means, fewer people writing exploits, and the exploits being much less reliable (they may for instance crash the machine 99% of the time, which would alert the user something was going on.)

XP bugs are trivial to exploit due to lack of ASLR, once you bypass ASLR which is often impossible, but no always, you have to bypass Protected Mode sand boxing (assuming IE is the target), again often but not always impossible to do. Together these Windows 7 and Vista security features make you much safer than you would be in XP, but not 100% safe forever. Windows Vista/7 also has rootkit protection (for x64 varients) and better malware link protection in IE9, in addition to many other things. But apparently you are a 'bug counter' or something, you really make no sense, since XP and Mac OS X and Linux have many more bugs than Windows 7 and Vista. So nice try to you, but fail.


NSA has a backdoor in XP, it's just not as good as Windows 7's version. All courtesy of Microsoft of course. The NSA could put anything they like in Windows 7, and all the users crowing about it would be none the wiser lol.

Proof of this back door? Witness? Like the guy the witnessed the openbsd backdoor, perhaps? LOL @ U spreading fud with no evidence.

Edited by J_R_G, May 2 2011, 8:22pm :

Udedenkz said,
Windows XP is just as secure as Windows 7.

LOL. Very Funny ! I'm sure W7 firewall has same efficency as XP's
Common guys !

Oh and your pc will be a lot faster with XP ! If you have an i7 with 8gb of ram quite sure XP will use all performance available !!! LOL

Flawed said,

If you create a user account instead of using the default root account, then there is very little difference. Besides, you gain much better performance by staying with XP.
Might as well stick with Windows 1.01, then, and get the maximum amount of performance.