Page 1 of 2 12 LastLast
Results 1 to 15 of 27
  1. #1
    5 Star Lounger
    Join Date
    Jan 2011
    Location
    Seattle, WA
    Posts
    1,070
    Thanks
    42
    Thanked 132 Times in 86 Posts

    PC security after XP's official end of life




    LANGALIST PLUS


    PC security after XP's official end of life



    By Fred Langa

    A reader wonders whether XP can be kept safe to use after April 2014, when Microsoft ends support. Plus: Finding and analyzing Win8's crash reports, rethinking cache-sizing guidelines for browsers, and more on enhancing Wi-Fi–router security.


    The full text of this column is posted at windowssecrets.com/langalist-plus/pc-security-after-xps-official-end-of-life/ (paid content, opens in a new window/tab).

    Columnists typically cannot reply to comments here, but do incorporate the best tips into future columns.

  2. #2
    5 Star Lounger
    Join Date
    Nov 2010
    Posts
    665
    Thanks
    1
    Thanked 26 Times in 24 Posts
    Yes, there's a way to keep even XP safe; any OS for that matter. Virtualize. Programs like Deep Freeze which virtualizes the entire OS is a good start. Most libraries and many schools use such programs (it saves a lot of headaches). The only issue is, if you need to install a program, you have to take it out of virtual mode until the program is installed. That goes for OS patches too of course. Also, you have to have a way to save desired data (and change information) that's outside the virtual environment (as I do). Still, this is more then a viable solution. Other then keystroke viruses, it's pretty much fool proof. I use a VM for the same effect and typing this right now in XP which I double-sandbox (run Sandboxie inside the VM). I literally laugh at virus attacks since so far, the 2 times I got hit by a drive-by, I just recovered my VM from a prestige golden save state which took all of around 10 seconds to do. Indeed, I can argue doing what I do is even safer then native Win7 and that's why I do it since, indeed, my main Host OS is Win7.

    Think outside the box.
    Last edited by lylejk; 2013-09-19 at 08:17.

  3. #3
    WS Lounge VIP mrjimphelps's Avatar
    Join Date
    Dec 2009
    Location
    USA
    Posts
    3,411
    Thanks
    447
    Thanked 405 Times in 377 Posts
    You can also stay off-line. There won't be much of a chance of anything hitting you if you are off-line.

  4. #4
    5 Star Lounger
    Join Date
    Nov 2010
    Posts
    665
    Thanks
    1
    Thanked 26 Times in 24 Posts
    True, but there's not much use for a computer if you don't go online except for some office work and maybe some games. Come to think of it, that is probably all that most folk need a computer for. lol


  5. #5
    WS Lounge VIP mrjimphelps's Avatar
    Join Date
    Dec 2009
    Location
    USA
    Posts
    3,411
    Thanks
    447
    Thanked 405 Times in 377 Posts
    My wife used AutoCAD with Windows 2000 for a very long time, updating to XP a few years ago. She stayed off line, so there was no reason even to do Windows updates, which weren't available anyway since Windows 2000 is so old.

    Windows 2000 was rock-solid, and that's why we stayed with it for so long. But the problem was, she had AGP video, and it got to be impossible to find a decent AGP video card for Windows 2000. So we moved to XP, with PCI-Express. No more problems with finding good video cards. But still off of the internet.

    She had an internal, peer-to-peer network for her AutoCAD resources -- computers, printers, plotters.

    The only time she needed to be on the internet for her work was to email drawings to and from other people. She had a separate computer for that, and she used a flash drive to move stuff back and forth.

    Several years ago she got hit with some viruses and lost a bunch of data, so I set up her AutoCAD network as a separate network, off of the internet.

  6. #6
    Lounge VIP bobprimak's Avatar
    Join Date
    Feb 2009
    Location
    Hinsdale, IL, USA
    Posts
    2,483
    Thanks
    176
    Thanked 152 Times in 129 Posts
    I know of very few applications which have never been upgraded from Windows 2000 or Windows XP versions to more modern Windows versions. Although some businesses have this issue, I think for the Home User, this is a Red Herring.

    The main monetary obstacle to upgrading is that many Windows XP capable computers are not hardware capable of being upgraded to Windows 7 or Windows 8. The cost of the new OS version is significant, but the hardware investment seems to be a greater concern for folks who would need new hardware to upgrade.

    Software availability or relicensing costs are relatively minor for most Home Users.
    -- Bob Primak --

  7. #7
    WS Lounge VIP mrjimphelps's Avatar
    Join Date
    Dec 2009
    Location
    USA
    Posts
    3,411
    Thanks
    447
    Thanked 405 Times in 377 Posts
    We saw no reason to upgrade, and that's why we stayed with what we had for so long.

  8. #8
    4 Star Lounger
    Join Date
    Dec 2009
    Location
    New Hampshire USA
    Posts
    431
    Thanks
    12
    Thanked 37 Times in 34 Posts
    Dear me - yet another scaremongering article about the perils of continuing to use XP. Let's examine its specifics:

    Your statement

    even with all those precautions, XP still won't be safe
    is, while somewhat misleading, technically correct - because NO system (not Vista, Windows 7, Windows 8, or - soon - Windows 8.1) with any direct or indirect exposure to the Internet can really be considered 'safe'. So the real question is JUST HOW MUCH less safe continuing to run XP will be compared with running a newer Windows version whose updates will continue, and you have presented no information (let alone actual data) whatsoever to support your contention that it will be 'far less safe' (interestingly, while Microsoft has attempted to interpret some actual data in a manner that suggests this that data is in fact very reasonably interpretable to suggest the exact opposite).

    Your statement

    Using good third-party apps and tools, such as fully current browsers and anti-malware software, will help keep you safe — but only up to a point. They'll do little or nothing to correct fundamental vulnerabilities in the base operating system.
    comes a lot closer to the truth, but is still misleading - because while such ancillary tools indeed do not CORRECT those 'fundamental vulnerabilities in the base operating system' they DO make them largely irrelevant because they prevent most of the nasties you might encounter out in the Internet from ever getting close enough to exploit them.

    My own personal experience continuing to run Windows 2000 for more than three years (and still counting) after Microsoft support for it ceased bears this out (there are, in fact, many continuing updates available that third parties have back-ported from XP which I could have installed had I wished to, and the same will doubtless be true for XP after next April). My anti-malware application of choice still provides signature updates and uses an engine which, while now a couple of years out of date, supports HIPS capabilities, my firewall of choice (now over 4 years out of date) includes a 'run safer' sandboxing facility in which I run Internet-facing applications, my browser version has had minimal security updates since the April, 2012, version (the last to support Win2K, though third-party tweaks do allow later versions to be run on Win2K should I wish to). I also run behind a hardware router/firewall which filters out ALL unsolicited external probes and highly recommend doing this regardless of what operating system one may be using. The result has been zero infections (in fact, even zero ATTEMPTED infections) over the 3+ years since I stopped getting any Microsoft Win2K updates.

    So while I certainly wouldn't discourage anyone who is happy with the post-XP Windows versions from moving to them I'm happy to reassure people who don't want to move that they can remain reasonably safe on XP for the foreseeable future if they exercise the kinds of reasonable security precautions that I just described for Win2K (and note that they did NOT include being "careful about the websites we visit", though I would advise using a browser other than Internet Explorer - which I have actually disabled from running in my firewall - plus something like NoScript to keep scripting from executing by default until you've checked things out). There may come a time when I will no longer be able to use an excellent anti-malware application on Win2K, which will likely be the point at which I upgrade to XP to enjoy another few years of the kind of computing which I prefer to that available on Vista and its successors.

  9. #9
    WS Lounge VIP access-mdb's Avatar
    Join Date
    Dec 2009
    Location
    Oxfordshire, UK
    Posts
    1,726
    Thanks
    147
    Thanked 156 Times in 149 Posts
    I wonder if your reasoning re win2k and XP is correct. Just looked at http://www.w3schools.com/browsers/browsers_os.asp and win2k last appeared in 2010 with 0.2% of users. XP still has over 14%. This means the bad guys have probably stopped attacking win2k (not enough users to justify the work) but XP still has a lot of users, so it's more worthwhile. So the fact you've had zero infections isn't really relevant to XP. Which is not to say that any of your other points are wrong, just that I think your comparison isn't valid.

  10. #10
    4 Star Lounger
    Join Date
    Dec 2009
    Location
    New Hampshire USA
    Posts
    431
    Thanks
    12
    Thanked 37 Times in 34 Posts
    Quote Originally Posted by access-mdb View Post
    I wonder if your reasoning re win2k and XP is correct. Just looked at http://www.w3schools.com/browsers/browsers_os.asp and win2k last appeared in 2010 with 0.2% of users. XP still has over 14%. This means the bad guys have probably stopped attacking win2k (not enough users to justify the work) but XP still has a lot of users, so it's more worthwhile. So the fact you've had zero infections isn't really relevant to XP. Which is not to say that any of your other points are wrong, just that I think your comparison isn't valid.
    My impression is that the bad guys usually target specific vulnerabilities much more than they target specific operating systems, especially when the systems are as similar as Windows 2000 and Windows XP are. This impression gets support from examining Microsoft's patch articles, where very, very often the same vulnerability is present in an entire range of systems (e.g., before support ceased it was extremely common for a specific fix to apply to every Windows version from Win2K through Win 7 - edit: save of course for WinME - even though minor code differences existed that required separate patch files for each variant). In any event, it's certainly true that the set of vulnerabilities which Win2K and XP share is far, far larger than the sets which they do not, so unless the baddies specifically except Win2K systems from attack any general attack crafted with XP in mind will very probably hit Win2K as well.

    Now, if we were discussing Win9x vs. XP the situation would likely be significantly different, since the basic structure of the Win9x operating systems is nothing like the basic structure of the NT/2K/XP and later Windows variants and thus attacks targeting one group will often simply slide off the other without effect unless they target shared applications (e.g., the versions of Outlook Express and Internet Explorer that ran in both environments).

  11. #11
    WS Lounge VIP access-mdb's Avatar
    Join Date
    Dec 2009
    Location
    Oxfordshire, UK
    Posts
    1,726
    Thanks
    147
    Thanked 156 Times in 149 Posts
    OK, thanks for that explanation, that seems quite reasonable. However, I suspect that many XP users might not have the other layers of defence that you (- bill) have (and recommended). Win2k users are probably all experts, unlike many XP users!

    I was quite surprised that Vista had such a low usage on that W3C page (though I appreciate it's reflecting usage on its own site not the world in general).
    Last edited by access-mdb; 2013-09-23 at 05:36. Reason: Didn't spot I was replying to - bill!

  12. #12
    Super Moderator CLiNT's Avatar
    Join Date
    Dec 2009
    Location
    California & Arizona
    Posts
    6,121
    Thanks
    160
    Thanked 609 Times in 557 Posts
    The only people who stand a reasonable chance at safely continuing Windows XP usage are ADVANCED users with specific knowledge.
    ...And they are a minority.
    DRIVE IMAGING
    Invest a little time and energy in a well thought out BACKUP regimen and you will have minimal down time, and headache.

    Build your own system; get everything you want and nothing you don't.
    Latest Build:
    ASUS X99 Deluxe, Core i7-5960X, Corsair Hydro H100i, Plextor M6e 256GB M.2 SSD, Corsair DOMINATOR Platinum 32GB DDR4@2666, W8.1 64 bit,
    EVGA GTX980, Seasonic PLATINUM-1000W PSU, MountainMods U2-UFO Case, and 7 other internal drives.

  13. #13
    4 Star Lounger
    Join Date
    Dec 2009
    Location
    New Hampshire USA
    Posts
    431
    Thanks
    12
    Thanked 37 Times in 34 Posts
    Quote Originally Posted by CLiNT View Post
    The only people who stand a reasonable chance at safely continuing Windows XP usage are ADVANCED users with specific knowledge.
    That is, of course, only your personal opinion, which you have offered nothing in the way of evidence to substantiate. By contrast, I'll suggest that someone need not be 'advanced' as long as they have good advice about what protective software (and perhaps policies as well) to run on XP after Microsoft support ceases.

    One thing you might contemplate is that Microsoft usually offers security updates only once a month, which means that on ALL their systems there's up to a month-long window when a new exploit can hose your computer before the patches you seem to feel are so critical kick in (and that's assuming that Microsoft gets a patch out at the earliest patch release after an exploit becomes known). Anti-malware vendors, however, usually update their signatures every day (sometimes more often) AND provide additional heuristics to help catch new malware activity which they don't yet have signatures for. Furthermore, the additional protection offered by a firewall which alerts you to unexpected outbound activity can also be significant, though in that case it does require SOME ability for the user to differentiate between expected and unexpected behavior, at least the first time it occurs, or the willingness to prohibit anything they don't find familiar until they've checked it out - whether that's 'advanced' or not depends on one's personal definition, I guess.

    Thus people are already depending upon protective applications to some significant degree ALL THE TIME and ON ALL MICROSOFT SYSTEMS to catch exploits which Microsoft has not yet gotten around to releasing patches for. Exactly how important cessation of patches for XP will be in increasing infections will depend upon the degree to which malware successfully evades those protective applications so that it can reach vulnerable portions of the system plus the degree to which XP users fail to take advantage of existing XP features (such as running in a non-administrator account) which can help foil malware: I've suggested elsewhere that Microsoft COULD, if it really wanted to provide credible evidence of the degree of such additional claimed exposure, provide real data indicating just how important its current patches are in the presence of such additional protection, but I'm not holding my breath for that to happen.

  14. #14
    WS Lounge VIP mrjimphelps's Avatar
    Join Date
    Dec 2009
    Location
    USA
    Posts
    3,411
    Thanks
    447
    Thanked 405 Times in 377 Posts
    I share Clint's personal opinion about safely continuing to use XP after it is no longer supported.

    You will be more and more vulnerable to attack, the longer you use XP, because it will become less and less patched; there will be more and more vulnerabilities exploited in XP the longer it is not patched. Therefore, unless you know how to avoid pitfalls (i.e. advanced technical knowledge in these sorts of things), you will be more susceptible to attack. That is, unless you stay off-line.

    In my experience, most people don't have a clue about internet safety. I shudder to think about how much of their personal info (credit card numbers, bank account info, etc) has already been harvested. The evidence I offer is the PCs I have actually worked on or used, and on which I discovered spyware and malware of all sorts. And I observed the places that these people went when they were on line.

    Clint is right; most people need to abandon XP when it is no longer supported.
    Last edited by mrjimphelps; 2013-09-25 at 19:03.

  15. #15
    4 Star Lounger
    Join Date
    Dec 2009
    Location
    New Hampshire USA
    Posts
    431
    Thanks
    12
    Thanked 37 Times in 34 Posts
    Quote Originally Posted by mrjimphelps View Post
    You will be more and more vulnerable to attack, the longer you use XP, because it will become less and less patched; there will be more and more vulnerabilities exploited in XP the longer it is not patched.
    People keep parroting this mantra without ever addressing the very real question of just how much more secure Microsoft's patches have actually made XP in the presence of decent third-party protection applications. Rather, you just implicitly assume that XP is executing bare-naked to the world (in which case your argument would at least make some sense even without evidence) - and note that the original question to Fred explicitly asked whether continuing to run XP would be reasonable in the PRESENCE of such additional protection.

    In my experience, most people don't have a clue about internet safety.
    In mine as well. That's why I try to make sure that people I care about are protected with the best third-party applications I'm aware of (plus a hardware router/firewall).

    The evidence I offer is the PCs I have actually worked on or used, and on which I discovered spyware and malware of all sorts.
    And these were machines to which patches weren't applied AND which were running decent third-party protection applications? Because if either of those is not true, then they're not applicable to this discussion: if patches WERE applied then they obviously didn't keep the malware out (hence the lack of them after next April very possibly wouldn't matter much), or if they were not running decent third-party protection applications you have no way to know whether they'd have acquired the malware in the presence of such applications.

    Clint is right; most people need to abandon XP when it is no longer supported.
    You are, of course, welcome to that opinion, just as Clint is. Just be aware that in the absence of real substantiating evidence (see questions above) an opinion is ALL that it is.

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •