Windows 7 Will Kill XP Ahead of Windows 8, It

[pezzonovante]

Windows 7 is the most secure OS on the planet. UAC, DEP and ASLR are incredible security features, which have made Windows 7 more secure than Mac OS X and Linux - let alone the pathetic and insecure XP. Protected Mode and SmartScreen filter on IE8/IE9 have made it the most secure browser. I am yet to see a SINGLE user who has been compromised despite using the DEFAULT Windows 7 security features, i.e, UAC, Protected Mode, IE8, Automatic Updates, Firewall etc. Only those self-proclaimed "power users" (who are clueless about computers) often turn off UAC, disable Automatic updates and switch to the less secure Firefox (because it has no Protected Mode), have the risk of getting infected.

Bottom line is -- moving aside all other improvements (e.g. beautiful UI, search, increased productivity etc), security and security alone is a good enough reason why every sane person on the planet should upgrade to Windows 7 from the pathetic XP OS.

[hdood]

UAC, DEP and ASLR are incredible security features, which have made Windows 7 more secure than Mac OS X and Linux - let alone the pathetic and insecure XP.

DEP and ASLR exist on other platforms, and while they are useful, they don't remove all vulnerabilities. UAC is not a security feature. In fact, it reduces security in the name of user friendliness. The only thing it's preferable to is running as administrator/root (which only Windows was ever stupid enough to do by default.)

Protected Mode and SmartScreen filter on IE8/IE9 have made it the most secure browser.

I'm sure Google would like a word with you. Chrome is the most architecturally secure browser, followed by IE as #2. Also, what use is Protected Mode when all it takes for malware to escape it is trick the user into clicking a single button on a dialog that can say anything? Not a lot.

I am yet to see a SINGLE user who has been compromised despite using the DEFAULT Windows 7 security features, i.e, UAC, Protected Mode, IE8, Automatic Updates, Firewall etc. Only those self-proclaimed "power users" (who are clueless about computers) often turn off UAC, disable Automatic updates and switch to the less secure Firefox (because it has no Protected Mode), have the risk of getting infected.

I have, both from exploits and from social engineering. Tons and tons and tons of Windows 7 users are infected, mostly through the latter which is where the real security challenge is.

As XP systems become increasingly more rare, we will see more and more malware that specifically targets Windows 7. It does require a greater investment, but the malware writers aren't going to go "oh well" and call it a day. It's a profitable industry, and it will hit Windows 7 hard. Educating users is the most important part of security.

[GayWolf]

Windows 7 is the most secure OS on the planet. UAC, DEP and ASLR are incredible security features, which have made Windows 7 more secure than Mac OS X and Linux - let alone the pathetic and insecure XP. Protected Mode and SmartScreen filter on IE8/IE9 have made it the most secure browser. I am yet to see a SINGLE user who has been compromised despite using the DEFAULT Windows 7 security features, i.e, UAC, Protected Mode, IE8, Automatic Updates, Firewall etc. Only those self-proclaimed "power users" (who are clueless about computers) often turn off UAC, disable Automatic updates and switch to the less secure Firefox (because it has no Protected Mode), have the risk of getting infected.

Bottom line is -- moving aside all other improvements (e.g. beautiful UI, search, increased productivity etc), security and security alone is a good enough reason why every sane person on the planet should upgrade to Windows 7 from the pathetic XP OS.

And if there were any questions about it, there's MS slide #10 to get rid of any fears, uncertainties or doubts. :laugh:

[J_R_G]

They make exploits more difficult, but both can be defeated. Becoming complacent because you believe that 7 will keep you safe is dangerous.

Well I have yet to see anything get on my Vista or Windows 7 boxes, and I surf shady sites all the time. I've actually seen sites try to infect my computer (Video .exe download attempts) but nothing has.

Protected mode IE is easy to circumvent.

Not if you press 'esc' to any unexpected dialogs. Also I've never heard of malware even trying, and it is unreliable and flimsy vector, so nobody is really going to bother trying that fake dialog attack anyway. It would give the malware away to anybody with a brain, no matter what the dialog said since dialogs are not common and people know the dialog can be faked. And if fake dialog exploit attempts become common, MS can always put those dialogs on the secure desktop, at the expense of annoying the user a little more. Security is about doing the right thing, at the right time. Annoying the user before there are credible threats is just going to get users to avoid your software.

Running XP as a standard user is a much more secure setup than using UAC (which sacrifices security in the name of user friendliness.) That is of course ignoring the fact that administrator rights don't really matter, since malware can do everything it wants without them.

Malware can't do everything it wants without admin. It can't install rootkits and hide it's presence from anti-virus programs (or users who know how to manually clean up an infection) nor can it spread to other user accounts, so it's easy enough to clean by just deleting the infected user and using another account. If you think malware prefers to do that you should not comment on malware. And you really don't see the big picture, UAC is better than XP admin because users are probably infinitely less likely to turn off UAC, since pressing OK or Cancel is a helluva lot easier on people than entering a password. If you think people like to whine about UAC, just try to make them enter a 14 character (min. safe size) password every time they want to change system settings. So in a way, UAC is more secure, if you look at the over all picture.

What you're missing though, is that it's actually not exploits that are the greatest threat. Most of the things people get infected with actually rely on social engineering, not exploits. They just trick the user. Switching to Windows 7 doesn't reduce the risk much, especially not as more and more threats target it. Windows 7 machines are infected all the time, even those belonging to seemingly technical minded people on Neowin.

So? If I'm a smart user, and I am, I want an OS that does not get automatically infected, I'll worry about the rest of the stuff, but the OS needs to do its part or there's no use in educating the user. Most malware (assuming that's true, you provide no proof) probably exploits the user because it's easier, if users got educated and stopped downloading everything the malware could switch to OS/software exploits, unless people moved to more secure OSes like Windows 7 where exploiting the OS and apps (assuming they opt in to security features) is not going to be a viable vector.

What you don't understand is that Windows and computers cost money. A lot of money. It's not necessarily that people wouldn't like a Windows 7 machine, it's that the marginally improved security is not a good enough reason for them to invest and have to learn something new (all the shiny new features you like are actually scary to other people.)

I wouldn't call it marginally better security, but that sounds cute so I can see why you said it. Windows 7 x64 had 1.4 computers cleaned per 1,000 with MSRT according to the latest MS security inteliigence report, where as XP was at 7+. Older versions of Vista (SP1) had very few infections as well, compared to very many for XP SP2 and SP1. The only thing I can see that would account for that is OS 0-days that XP has no protection for.

And I know Win 7 cost money, but there are still people who believe they should downgrade to XP, and people who have plenty of money but think XP "does everything." Thanks to people who know just enough to be dangerous, XP WILL do everything, like send viagra spam to everyone on the internet until it is physically reinstalled, and the process repeated.

DEP and ASLR exist on other platforms, and while they are useful, they don't remove all vulnerabilities. UAC is not a security feature. In fact, it reduces security in the name of user friendliness. The only thing it's preferable to is running as administrator/root (which only Windows was ever stupid enough to do by default.)

Sure it's easy to say MS was stupid for that, but they did not choose the CPU that had no security features that Windows had to remain compatible with. IBM, the darling of the linux community, did that particular stupidness. Additionally, after this concept was established it was difficult to change (when the x86 arch. finally got security features) because users and developers did not see it as necessary and did not want to be bothered. You are an example of what is wrong here, you call MS stupid for this, yet defend XP which is the only MS OS in common use, that does run the user as admin by default, and attack people who try to get MS users to upgrade to an OS that does not do that. Imagine the reaction from people who do not think it's stupid to run as Admin, back before security became a real problem in 2003-2004 with those XP targeting worms, which is probably most all users.

[notuptome2004]

Both taken 1600x1200 Windows 7 version much less clutter in the UI much easier for the user to understand ( computer Noob or experience IT Professional )

and dont forget windows resource monitor .

[J_R_G]

And if there were any questions about it, there's MS slide #10 to get rid of any fears, uncertainties or doubts. :laugh:

What's even funnier is people who think any unix based OS is magically more secure than Windows. (magically, in that they can't point to any real security feature or something like MS' secure development life cycle, to account for their belief.)

[seta-san]

Here is how to fix Windows XP if you are a programmer

#ifdef WINVER<=0x501
MessageBox("Unsupport O.S.", "Error", MB_ICONERROR | MB_OK);
ExitApp();
#endif

[hdood]

Well I have yet to see anything get on my Vista or Windows 7 boxes, and I surf shady sites all the time. I've actually seen sites try to infect my computer (Video .exe download attempts) but nothing has.

I haven't either. Not on my 7 systems, not on my XP systems. The .exe downloads are just plain trojans and don't rely on vulnerabilities.

Not if you press 'esc' to any unexpected dialogs. Also I've never heard of malware even trying, and it is unreliable and flimsy vector, so nobody is really going to bother trying that fake dialog attack anyway.

It's true that this isn't common at all at the moment, but that doesn't mean it won't be in the future as malware has to adapt and find new ways to trick users. I don't know why you think it would be "unreliable and flimsy" though. It's simple, and should be solid enough.

It would give the malware away to anybody with a brain, no matter what the dialog said since dialogs are not common and people know the dialog can be faked.

I am willing to bet that at least half of Neowin would fall for a dialog that faked a javascript error or something like that. I also think you are wrong in the belief that people know dialogs can be faked. I don't think most people actually understand that. They don't understand that a dialog that seems harmless can be dangerous. I don't know of anyone normal users who close dialogs with escape either.

MS can always put those dialogs on the secure desktop, at the expense of annoying the user a little more. Security is about doing the right thing, at the right time. Annoying the user before there are credible threats is just going to get users to avoid your software.

They could, although I'm not sure if they could get away with that without also opening the API for third parties.

Malware can't do everything it wants without admin. It can't install rootkits and hide it's presence from anti-virus programs (or users who know how to manually clean up an infection)

True, however these are just bonuses that let it hide better. It doesn't actually need it to do all the bad stuff, steal your data, make you part of a botnet, and so on. I'm not saying that it doesn't matter at all, but it's very important that users understand that they can't run everything they come across even with UAC. Antivirus software (and those who think they can manually clean up) can also only stop what it recognizes.

nor can it spread to other user accounts, so it's easy enough to clean by just deleting the infected user and using another account.

True, however most users only have one user, and infecting that is bad enough. You're right about the cleanup part though. At least sort of, because most people use UAC elevations, which means that you have no real way of knowing whether the malware that was running in standard user rode along to administrator at some point. That means that if you are serious about security, the whole system has to be considered compromised and has to be reinstalled even though it only ran as standard user.

If you think malware prefers to do that you should not comment on malware.

It's not about what malware "prefers" to do. It's about what malware must start doing to adapt to a new world, and they will. They won't just give up.

And you really don't see the big picture, UAC is better than XP admin because users are probably infinitely less likely to turn off UAC, since pressing OK or Cancel is a helluva lot easier on people than entering a password. If you think people like to whine about UAC, just try to make them enter a 14 character (min. safe size) password every time they want to change system settings. So in a way, UAC is more secure, if you look at the over all picture.

I said that it's less secure than running XP as a standard user, not an administrator. This is a fact. Obviously the reason standard users aren't the default in 7 is as you say because it would annoy users. So Microsoft chooses to intentionally make the default configuration less secure in the name of user friendliness. A necessary compromise.

Also, when I said standard user, I meant without elevations. In other words logging on as a separate admin user. That is the most secure Windows configuration, followed second by elevations with the credentials prompt on the secure desktop (which is not the default setting, and is hidden away in a policy that "no one" can find.) When I do this in XP, it's as secure as 7 would be in the same configuration, and more secure than 7 in its default configuration.

So? If I'm a smart user, and I am, I want an OS that does not get automatically infected, I'll worry about the rest of the stuff, but the OS needs to do its part or there's no use in educating the user.

Both are important. You are greatly exaggerating though, and making it sound like XP is full of holes that means it's pretty much a given that you will be automatically infected. That's just not true.

Most malware (assuming that's true, you provide no proof) probably exploits the user because it's easier, if users got educated and stopped downloading everything the malware could switch to OS/software exploits, unless people moved to more secure OSes like Windows 7 where exploiting the OS and apps (assuming they opt in to security features) is not going to be a viable vector.

Yes, they do it because it's easier (which benefits those of us who are more skilled, since we don't fall for it), and the more users are educated, the more they would have to rely on vulnerabilities instead. Claiming that vulnerabilities are not a viable vector in 7 is just nonsense though. It has a few measures that makes it more difficult, but in no way impossible. The malware industry isn't going to just give up, and with all attention focused on 7, it would still be a problem.

[Knife Party]

i don't understand whats going on...

[pezzonovante]

Most of hdood's arguments on Windows 7 security are rubbish, as they are based on "What might be the case a few years down the line" as opposed to what the real world scenario is at this very moment. Saying that malware writers "will start targetting Windows 7 in the future - hence it will be less secure", or "IE8/9's Protected Mode can be easily faked" while there has never been such an incident in the last 4 years, are pointless arguments. Fact is, in 2010 Windows 7 is the most secure OS in the planet - infinitely more secure than Windows XP.

And a thing about Windows 7 and XP's market share. It's a completely wrong perception that XP has about 60% market share, while almost 90% sources claim it has around 45% market share. Only NetApplication puts XP on a 59% markets share, because it puts too much weight on millions of pirated Chinese users. I have recently seen a stat that in China more than 50% users still use IE6. I think they live in a completely different universe as compared to the rest of the world. So, what these users use on their pirated systems, in my opinion, simply do not count.

[hdood]

(You have posted more than the allowed number of quoted blocks of text)

I wouldn't call it marginally better security, but that sounds cute so I can see why you said it. Windows 7 x64 had 1.4 computers cleaned per 1,000 with MSRT according to the latest MS security inteliigence report, where as XP was at 7+.

These statistics mean nothing the way you're presenting them. They just reflect which platform is most targetted. You also picked 64-bit, but the statistic doesn't mean that it's inherently more secure (although it is to some degree, since unlike 32-bit, it actually has functioning ASLR), it just means it isn't targetted.

This is apparent when you look at the malware as well. It's designed to run as administrator on 32-bit systems, not because it can't work as standard user on 64-bit, but because it's the most appealing target.

Older XP systems are also less likely to be up to date (even though it's perfectly possible to update XP), and you can even find people on unpatched IE6 systems. People with old systems and no interest in upgrading can also be less interested in technology, meaning they're less skilled, which makes them a bigger target.

Now, don't get me wrong here, 7 is a more secure OS, but these statistics don't show that malware and vulnerabilities won't continue to be a major problem even on 7.

And I know Win 7 cost money, but there are still people who believe they should downgrade to XP, and people who have plenty of money but think XP "does everything." Thanks to people who know just enough to be dangerous, XP WILL do everything, like send viagra spam to everyone on the internet until it is physically reinstalled, and the process repeated.

The number of idiots who do this is so miniscule that it's irrelevant. They don't contribute to the XP statistic.

Both taken 1600x1200 Windows 7 version much less clutter in the UI much easier for the user to understand ( computer Noob or experience IT Professional )

and dont forget windows resource monitor .

Of all the reasons to upgrade to 7, I think the minor changes to the task manager are pretty far down on the list? It's not really easy to understand for a noob in either of them, but hey, at least they got rid of the incorrect "page file" labels that caused confusion and myths.

^ Sorry about the last post.

Sure it's easy to say MS was stupid for that, but they did not choose the CPU that had no security features that Windows had to remain compatible with. IBM, the darling of the linux community, did that particular stupidness.

What?

You are an example of what is wrong here, you call MS stupid for this, yet defend XP which is the only MS OS in common use, that does run the user as admin by default, and attack people who try to get MS users to upgrade to an OS that does not do that.

Uh, no. I'm not advocating XP over 7, I'm just trying to make the militant anti-XP gang understand that the world is more complicated than they believe. I think people should upgrade to 7, but I fully understand why many can't justify it. I have a couple of XP machines that I use in addition to 7, and I can't justify buying new Windows 7 computers just because someone on the internet thinks I should. I have several times requested that they send me new systems or $1500, but they just go quiet.

Most of hdood's arguments on Windows 7 security are rubbish, as they are based on "What might be the case a few years down the line" as opposed to what the real world scenario is at this very moment.

Based on your argument, both OS X and Linux are infinitely more secure than Windows 7. After all, the real world scenario at the moment is that it's virtually impossible to get infected with anything if you use Linux. You should be advocating Linux.

[Orange Battery]

Reading these arguments back and forth has made me realise a few things.

1) Some people here will fight for new products just because it is newer and look different, when they are challenged to back up their claims they will produce very little and ignore questions given to them.

2) We are all idiots for spending our time fighting over a product which we have no stake in. If some people like XP and don't need to upgrade then whats the problem? If you needed the features of Win 7, well now you have them, if you didn't then maybe Win 8 will offer you something suited to your requirements.

Who cares what a Fan boy says from either side, you not going to change and neither are they.

[pezzonovante]

Based on your argument, both OS X and Linux are infinitely more secure than Windows 7. After all, the real world scenario at the moment is that it's virtually impossible to get infected with anything if you use Linux. You should be advocating Linux.

Yes, I agree that at the moment there are less malwares out in the wild for Linux and Mac OS X than Windows 7 (though the difference won't be as much as in the case between XP and Windows 7). So, based purely on security, at the moment it will be safer to use Mac or Linux than Windows 7 (although architecturily Windows 7 is more secure than both). However, security is only one factor in choosing which OS to use. Windows 7 is by far the greatest desktop OS in the world in terms of usability, UI and support for great software, like Office 2010 and Visual Studio 2010. That's why I can't advocate anyone to use any OS other than Windows 7.

[J_R_G]

I haven't either. Not on my 7 systems, not on my XP systems. The .exe downloads are just plain trojans and don't rely on vulnerabilities.

I realize that, that's why I said that, the only stuff I see on Win 7 is trojan attempts, and those of course fail since I have common sense.

It's true that this isn't common at all at the moment, but that doesn't mean it won't be in the future as malware has to adapt and find new ways to trick users. I don't know why you think it would be "unreliable and flimsy" though. It's simple, and should be solid enough.

It's flimsy and unreliable, because it requires the user to fall for a dialog prompt. If this ever became common, users would be educated proportionally more, and would be more likely to reject any dialog. It's never going to be a reliable, predictable infection vector.

I am willing to bet that at least half of Neowin would fall for a dialog that faked a javascript error or something like that. I also think you are wrong in the belief that people know dialogs can be faked. I don't think most people actually understand that. They don't understand that a dialog that seems harmless can be dangerous. I don't know of anyone normal users who close dialogs with escape either.

Probably so, but you're not thinking 4-dimensionally. If this were ever to become common, at THAT time, most users would realize what the minority of smart users know now. Assuming MS didn't nip it in the bud first.

True, however these are just bonuses that let it hide better. It doesn't actually need it to do all the bad stuff, steal your data, make you part of a botnet, and so on. I'm not saying that it doesn't matter at all, but it's very important that users understand that they can't run everything they come across even with UAC. Antivirus software (and those who think they can manually clean up) can also only stop what it recognizes.

Much more than a bonus. Assuming you get some new malware varient your AV does not recognize, and that your AV closes the Window in a reasonable amount of time, a stealth rootkit type malware would have much greater chances of cleaning out your account and stealing data, than some piece of malware running as standard user which would probably get caught pretty fast, relatively. But no of course you should not run everything, UAC or not.

True, however most users only have one user, and infecting that is bad enough. You're right about the cleanup part though. At least sort of, because most people use UAC elevations, which means that you have no real way of knowing whether the malware that was running in standard user rode along to administrator at some point. That means that if you are serious about security, the whole system has to be considered compromised and has to be reinstalled even though it only ran as standard user.

Depends I guess, I rarely ever elevate on my Windows 7 machines. Probably not even once a week. And when I do, I check for the signed executable dialog. Since most all software/drivers I use are signed.

It's not about what malware "prefers" to do. It's about what malware must start doing to adapt to a new world, and they will. They won't just give up.

No malware writers won't give up, but at least I, as a user, can take steps to protect myself, and it's possible to more or less completely protect myself if I educate myself enough, which I have. And everyone has that option. Of course not everyone will exercise it, but at least it's an option.

I said that it's less secure than running XP as a [i]standard user[/i], not an administrator. This is a fact. Obviously the reason standard users aren't the default in 7 is as you say because it would annoy users. So Microsoft chooses to intentionally make the default configuration less secure in the name of user friendliness. A necessary compromise.

I meant XP standard user, not XP admin. But continually pointing out it's not as secure is misleading. The attack against UAC is highly theoretical, and not pratical for wide-scale infections.

Also, when I said standard user, I meant without elevations. In other words logging on as a separate admin user. That is the most secure Windows configuration, followed second by elevations with the credentials prompt on the secure desktop (which is not the default setting, and is hidden away in a policy that "no one" can find.) When I do this in XP, it's as secure as 7 would be in the same configuration, and more secure than 7 in its default configuration.

Both are important. You are greatly exaggerating though, and making it sound like XP is full of holes that means it's pretty much a given that you will be automatically infected. That's just not true.

Depends on which SP level of XP we're talking about. Plug XP RTM or XP SP1 into the internet in its default configuration and you will be wrong. Anyways, it's just much easier to infect XP (any SP level) through a malicious web page, just not sure what else to say on this.

Yes, they do it because it's easier (which benefits those of us who are more skilled, since we don't fall for it), and the more users are educated, the more they would have to rely on vulnerabilities instead. Claiming that vulnerabilities are not a viable vector in 7 is just nonsense though. It has a few measures that makes it more difficult, but in no way impossible. The malware industry isn't going to just give up, and with all attention focused on 7, it would still be a problem.

I didn't say it was impossible, but I highly doubt the malware industry would be any where near as large as it is if it had to rely on exploiting Windows 7 0 days.

These statistics mean nothing the way you're presenting them. They just reflect which platform is most targetted. You also picked 64-bit, but the statistic doesn't mean that it's inherently more secure (although it is to some degree, since unlike 32-bit, it actually has functioning ASLR), it just means it isn't targetted.

Sure, but with Vista being out for 3 years and having 400 million users, you'd think the old versions would be getting exploited pretty heavily, but that's not the case.

This is apparent when you look at the malware as well. It's designed to run as administrator on 32-bit systems, not because it can't work as standard user on 64-bit, but because it's the most appealing target.

Sure but Win 7 32-bit is not much worse than 64bit, like 2.5 vs 1.4 per 1000.

Older XP systems are also less likely to be up to date (even though it's perfectly possible to update XP), and you can even find people on unpatched IE6 systems. People with old systems and no interest in upgrading can also be less interested in technology, meaning they're less skilled, which makes them a bigger target.

That's why I compared old versions of XP to old versions of Vista, XP SP2 had like 15 per 1,000 cleanings, Vista SP1 was 5 or less. (have to dig up the report again, don't have time right now.)

[briangw]

Windows XP does the job just fine, Windows 7 is just better looking.

Depends on the "job." For our business of data recovery, Win 7 copies out data and images much faster than XP which increases the amount of work and money we can bring in as a business. Otherwise, I agree with you.

[Frylock86]

If it were up to me, any and all XP machines not capable of running a modern OS would be retired and any that can would be upgraded. ANYTHING is better than running that malware magnet.

But the single thing about this XP love fest that ****es me off the most is the dweebs who sit there and moan and complain to Microsoft that they're not getting the latest and greatest for XP and think that because they have the power to upgrade, but choose not to, that Microsoft HAS to support them no matter what.

I also can't help but LOL at the IT folks who I've seen say they plan to use XP past 2014, just because they're afraid to re-train their users, or from some personal grudge against Microsoft changing around Office and Explorer. Pffft...

XP is the worst OS I have ever used in my entire life. It was nothing but Swiss cheese once high speed internet came around, and despite SP1 and SP2, still is. I was so afraid of malware, that I ran dial-up until I was done evaluating Vista's security, and was assured that it was up to the task of protecting itself against malware. Supporting it too, was also a pain in the ass. God forbid, it found any drivers after a clean install.

[J_R_G]

(You have posted more than the allowed number of quoted blocks of text)

These statistics mean nothing the way you're presenting them. They just reflect which platform is most targetted. You also picked 64-bit, but the statistic doesn't mean that it's inherently more secure (although it is to some degree, since unlike 32-bit, it actually has functioning ASLR), it just means it isn't targetted.

This is apparent when you look at the malware as well. It's designed to run as administrator on 32-bit systems, not because it can't work as standard user on 64-bit, but because it's the most appealing target.

Older XP systems are also less likely to be up to date (even though it's perfectly possible to update XP), and you can even find people on unpatched IE6 systems. People with old systems and no interest in upgrading can also be less interested in technology, meaning they're less skilled, which makes them a bigger target.

Now, don't get me wrong here, 7 is a more secure OS, but these statistics don't show that malware and vulnerabilities won't continue to be a major problem even on 7.

The number of idiots who do this is so miniscule that it's irrelevant. They don't contribute to the XP statistic.

Of all the reasons to upgrade to 7, I think the minor changes to the task manager are pretty far down on the list? It's not really easy to understand for a noob in either of them, but hey, at least they got rid of the incorrect "page file" labels that caused confusion and myths.

^ Sorry about the last post.

What?

IBM chose the 8086 processor in the IBM PC that MS had to write it's OSes for. This is why MS-DOS was stuck at 640K and had no security features. Eventually users got to expect that (no security) and would not have tolerated a major Vista-esque security make over without good reason, which came in 2003-2004, after XP was released.

Uh, no. I'm not advocating XP over 7, I'm just trying to make the militant anti-XP gang understand that the world is more complicated than they believe. I think people should upgrade to 7, but I fully understand why many can't justify it. I have a couple of XP machines that I use in addition to 7, and I can't justify buying new Windows 7 computers just because someone on the internet thinks I should. I have several times requested that they send me new systems or $1500, but they just go quiet.

Oh please, we are just giving our opinion. Has anyone put a gun to your head and made you upgrade? I reply to forceful statements (XP does everything, win 7 is pretty and that's all) with forceful statements. Win 7 users are not molesting you or anyone else, so let's not play the victim here. XP users are giving it pretty good, with what little they have.

Based on your argument, both OS X and Linux are infinitely more secure than Windows 7. After all, the real world scenario at the moment is that it's virtually impossible to get infected with anything if you use Linux. You should be advocating Linux.

Flawed argument. OS X and Linux are only safe BECAUSE they have no market share. Windows 7 is safer than XP regardless of market share, so advocating OS X and Linux over Win 7 makes no sense, since that will increase their market share and make them less safe and eventually no more safe than Win 7. But advocating Win 7 over XP makes sense because increasing Win 7 market share will not make it as insecure as XP.

[hdood]

It's flimsy and unreliable, because it requires the user to fall for a dialog prompt. If this ever became common, users would be educated proportionally more, and would be more likely to reject any dialog. It's never going to be a reliable, predictable infection vector.

Well, it's a fair point, but I don't know. People still fall for freeporn.exe.

Much more than a bonus. Assuming you get some new malware varient your AV does not recognize, and that your AV closes the Window in a reasonable amount of time, a stealth rootkit type malware would have much greater chances of cleaning out your account and stealing data, than some piece of malware running as standard user which would probably get caught pretty fast, relatively. But no of course you should not run everything, UAC or not.

True enough, if you actually run up to date anti-malware software, it will have a reasonably small window to do its thing (and try to trick you into elevating it.)

I meant XP standard user, not XP admin. But continually pointing out it's not as secure is misleading. The attack against UAC is highly theoretical, and not pratical for wide-scale infections.

Well, it could be, but the point I was making to whoever it was, was really just that running XP doesn't mean you have to be less secure than 7 in the user/admin context.

Depends on which SP level of XP we're talking about. Plug XP RTM or XP SP1 into the internet in its default configuration and you will be wrong.

Sure, because of vulnerabilities that have since been patched.

Anyways, it's just much easier to infect XP (any SP level) through a malicious web page, just not sure what else to say on this.

Well, the exploit code would be simpler, but it still requires an unpatched browser bug. It's not like me going on the web with Firefox in XP means I'm almost certainly going to end up being exploited.

[rajputwarrior]

If it were up to me, any and all XP machines not capable of running a modern OS would be retired and any that can would be upgraded. ANYTHING is better than running that malware magnet.

But the single thing about this XP love fest that ****es me off the most is the dweebs who sit there and moan and complain to Microsoft that they're not getting the latest and greatest for XP and think that because they have the power to upgrade, but choose not to, that Microsoft HAS to support them no matter what.

XP is the worst OS I have ever used in my entire life. It was nothing but Swiss cheese once high speed internet came around, and despite SP1 and SP2, still is. I was so afraid of malware, that I ran dial-up until I was done evaluating Vista's security, and was assured that it was up to the task of protecting itself against malware. Supporting it too, was also a pain in the ass. God forbid, it found any drivers after a clean install.

if you layed off the porn i'm sure running XP with high speed would be fine ;) I ran xp for a long time with an AV and it worked fine, nothing happened to me. Security comes down more down to the user and his/her habits, the OS itself is secondary.

[pezzonovante]

XP is the worst OS I have ever used in my entire life. It was nothing but Swiss cheese once high speed internet came around, and despite SP1 and SP2, still is. I was so afraid of malware, that I ran dial-up until I was done evaluating Vista's security, and was assured that it was up to the task of protecting itself against malware. Supporting it too, was also a pain in the ass. God forbid, it found any drivers after a clean install.

Couldn't agree with you more. I had a very similar experience with XP -- one of the reasons why I've always hated this pathetic OS so much.

[farmeunit]

The fact is that you can't stop ID10T errors from occurring when you have REAL people in front of computer. I've seen MANY infected Vista and Windows 7 machines. Sure, you don't see as many "drive-by" infections, but they're nearly as prevalent as Windows XP malware infections because MOST people don't know how to protect themselves.

And to the people that say Windows 7 is more secure than Linux, you can think that all you want. Doesn't make it true. Even vulnerabilities you do find generally require very specific conditions to be in place. Most vulnerabilities come from extra applications that aren't an integral part of the OS anyway. It's just like any other system. If you keep it patched, it makes it harder to attack it. Most Linux distros have had UAC-like stuff in place for YEARS, so don't act like that's a new thing that Microsoft came up with.

[Frylock86]

if you layed off the porn i'm sure running XP with high speed would be fine ;) I ran xp for a long time with an AV and it worked fine, nothing happened to me. Security comes down more down to the user and his/her habits, the OS itself is secondary.

I don't have any bad habits, but I have been attacked multiple times on client's machines after a clean install while using IE6 for the brief second to go get Firefox. Even on XP Mode, I was attacked after clicking the IE icon. I was online for no more than 10 seconds when the browser was hijacked.

But every time I was ask by somebody to look at their computer this is what I found:

Needless to say, I became very frustrated, very fast ;) XP's security is non-existant if you ask me. Despite the firewall, and the additions that came with SP2, XP's "tacked-on" security doesn't work. And since security is number one in my book, is the primary reason I want it gone from our networks.

[hdood]

IBM chose the 8086 processor in the IBM PC that MS had to write it's OSes for. This is why MS-DOS was stuck at 640K and had no security features. Eventually users got to expect that (no security) and would not have tolerated a major Vista-esque security make over without good reason, which came in 2003-2004, after XP was released.

Well, the primary reason older OSes had few security features is because the focus was on performance. Simple single user systems made sense. I think Microsoft made a mistake when they decide to continue down this road from the 386 and on, when you actually had protected mode and MMUs. In fact, they knew that this made for a poor OS, which is why NT was developed as a true multiuser OS alongside it, with all the security measures from day one, but with moronic defaults to maintain compatibility with the other OS line. I don't think this should have happened (in fact, I don't think the non-NT line of 32-bit Windows should have existed at all), but they were too scared to make a clean break, and we're all still paying for it.

Oh please, we are just giving our opinion. Has anyone put a gun to your head and made you upgrade? I reply to forceful statements (XP does everything, win 7 is pretty and that's all) with forceful statements. Win 7 users are not molesting you or anyone else, so let's not play the victim here. XP users are giving it pretty good, with what little they have.

I don't think you have that I can recall, but there are some extremely militant ones here that go around essentially attacking and calling people drooling retards with no right to live for running XP.

Flawed argument. OS X and Linux are only safe BECAUSE they have no market share. Windows 7 is safer than XP regardless of market share, so advocating OS X and Linux over Win 7 makes no sense, since that will increase their market share and make them less safe and eventually no more safe than Win 7. But advocating Win 7 over XP makes sense because increasing Win 7 market share will not make it as insecure as XP.

Yes, it's a flawed argument. I was responding to his conclusion that you can extrapolate how architecturally secure 7 is based on "what the real world scenario is at this very moment." Of course you can't. Yes, 7 is more secure than XP, but at the moment the different might seem greater than it actually technically is.

[J_R_G]

The fact is that you can't stop ID10T errors from occurring when you have REAL people in front of computer. I've seen MANY infected Vista and Windows 7 machines. Sure, you don't see as many "drive-by" infections, but they're nearly as prevalent as Windows XP malware infections because MOST people don't know how to protect themselves.

And to the people that say Windows 7 is more secure than Linux, you can think that all you want. Doesn't make it true. Even vulnerabilities you do find generally require very specific conditions to be in place. Most vulnerabilities come from extra applications that aren't an integral part of the OS anyway. It's just like any other system. If you keep it patched, it makes it harder to attack it. Most Linux distros have had UAC-like stuff in place for YEARS, so don't act like that's a new thing that Microsoft came up with.

Well I'd love to know what security feature in Linux makes it more secure than Windows 7. Does Linux have an anti-kernel modification routine and require signed drivers to keep out rootkits? Does it sandbox the browser? By default? Because Windows 7 x64 does. People just keep saying Linux is more secure, they can never tell me what security feature Linux has, by default, that would cause that.

[hdood]

I don't have any bad habits, but I have been attacked multiple times on client's machines after a clean install while using IE6 for the brief second to go get Firefox. Even on XP Mode, I was attacked after clicking the IE icon. I was online for no more than 10 seconds when the browser was hijacked.

The browser is not hijacked there unless you actually download that exe though. It's just a spoof website. I see these all the time on 7, because I love questionable sites.

Well I'd love to know what security feature in Linux makes it more secure than Windows 7. Does Linux have an anti-kernel modification routine and require signed drivers to keep out rootkits? Does it sandbox the browser? By default? Because Windows 7 x64 does. People just keep saying Linux is more secure, they can never tell me what security feature Linux has, by default, that causes this.

To be fair, if malware has admin rights, it can just disable KPP. All it does is prevent legitimate (mostly security) software from messing with code in memory. The goal being to increase reliability and get vendors of legitimate software to not rely on internal OS workings (because then Microsoft can't change them.)

As for Windows being more secure than Linux. It seems at least likely that Windows has fewer serious bugs, simply because it's so widely targetted.