Results 1 to 13 of 13
  1. #1
    New Lounger
    Join Date
    May 2010
    Location
    Escondido, CA, USA
    Posts
    4
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Putting up a force-field around XP?

    With MS dropping the updates and making XP more vulnerable, wouldn't blanketing XP with antivirus, anti-malware (Malwarebytes), and 3rd party firewall (ZoneAlarm) provide as good protection or even better?

  2. #2
    Super Moderator RetiredGeek's Avatar
    Join Date
    Mar 2004
    Location
    Manning, South Carolina
    Posts
    9,434
    Thanks
    372
    Thanked 1,457 Times in 1,326 Posts
    JC,

    If you add a hardware firewall (router) and a good link scanner (WOT) and avoid the nether regions of the web you should be fine IMHO. HTH
    May the Forces of good computing be with you!

    RG

    PowerShell & VBA Rule!

    My Systems: Desktop Specs
    Laptop Specs

  3. #3
    5 Star Lounger
    Join Date
    Nov 2010
    Posts
    665
    Thanks
    1
    Thanked 26 Times in 24 Posts
    Look for virtualization programs like Deep Freeze (used a lot in schools and libraries). Zone Alarm's Force-Field is yet another program that virtualizes the OS. Basically, anything that you do under such a session gets erased as soon as the computer reboots. Nothing actually gets changed on the harddrive itself.

  4. The Following User Says Thank You to lylejk For This Useful Post:

    speedball (2014-04-03)

  5. #4
    5 Star Lounger
    Join Date
    Nov 2010
    Posts
    665
    Thanks
    1
    Thanked 26 Times in 24 Posts
    Oh yeah; forgot about Steady-State which Microsoft put out. They don't support this program though so I would be cautious about using it despite being free.

  6. #5
    4 Star Lounger
    Join Date
    Feb 2010
    Location
    Fairfax County, Virginia
    Posts
    584
    Thanks
    11
    Thanked 61 Times in 49 Posts
    This is my opinion, but I think the real test of fire will be a several month period after April 8th. I have seen reports that the hackers have zero day exploits that they are holding in reserve for the end of support. When they have used them all, and the malware scanners can find and clean them, I don't think the hackers will be putting a lot of effort into finding more. Then they will move on to Android and Windows 8, because that's where the real money is.

    So make a special effort to be safe after April 8th, which means not being connected to the internet when you are not actually using a browser or other application that has to be connected, not going to any site that is not safe, backing up a lot, including making images, etc.

    Then, in a few months, after the firestorm has passed, you will probably be safer than you are now.

  7. #6
    Administrator
    Join Date
    Jun 2010
    Location
    Portugal
    Posts
    12,519
    Thanks
    152
    Thanked 1,398 Times in 1,221 Posts
    Quote Originally Posted by JC Hoit View Post
    With MS dropping the updates and making XP more vulnerable, wouldn't blanketing XP with antivirus, anti-malware (Malwarebytes), and 3rd party firewall (ZoneAlarm) provide as good protection or even better?
    It's been sometime since I used ZA, which used to be a good HIPS and supported whitelisting. Whitelisting, meaning allowing only explicitly authorized programs will go a long way towards ensuring your computer's safety, but I would also look at the virtualization solution described a few posts above. You can't be too sure.
    Rui
    -------
    R4

  8. #7
    Star Lounger
    Join Date
    Dec 2009
    Posts
    65
    Thanks
    12
    Thanked 1 Time in 1 Post
    Quote Originally Posted by JC Hoit View Post
    With MS dropping the updates and making XP more vulnerable, wouldn't blanketing XP with antivirus, anti-malware (Malwarebytes), and 3rd party firewall (ZoneAlarm) provide as good protection or even better?
    According to industry lore, Microsoft's Bill Gates once observed, "It's software. It's buggy-- get over it!" Meaning, moving to another verison of Windows does not assure safety. Likewise, remaining with an older, preferred version of Windows does not assure safety, either.

    The paradox is new code introduces a host of new problems and security holes, and old code still hides old holes, despite years of effort by good and bad guys to find the vulnerabilities.

    As poster RG observes on this thread, risk of malware infection is constant. All you can do is stay behind your router firewall, don't wander too far off the beaten path, and run something like Web of Trust to alert you of "red light districts" where safety is more of an issue.

    Since (1) not all Windows vulnerabilities are ever known and (2) new holes are discovered in all versions, all the time and (3) detection and repair of these security holes is always behind schedule and (4) some known holes probably never will be fixed (buffer overflow), the question you raise depends on how much Microsoft contributes to your overall security on the web.

    You might be surprised that over 63 percent of all malware infection is based on user error-- downloading infected files from the web. That statistic from security firm Trend Micro implies either Microsoft does such a good job, the only danger left is risky user downloads or (2) Microsoft is such a small part of typical security exposure on the web, patching Windows no longer matters nearly as much.

    For its part, count on Microsoft never to admit its patches do not matter-- they want you to keep buying a newer, and "more secure" version of Windows. But listen, once again, to Bill Gates explain why no patch will be issued before its time-- "There are no significant bugs in our released software that any significant number of users want fixed."
    Last edited by alphaa10; 2014-04-15 at 07:28.

  9. #8
    Silver Lounger
    Join Date
    Oct 2012
    Posts
    2,335
    Thanks
    13
    Thanked 267 Times in 260 Posts
    Quote Originally Posted by alphaa10 View Post
    You might be surprised that over 63 percent of all malware infection is based on user error-- downloading infected files from the web. That statistic from security firm Trend Micro implies either Microsoft does such a good job, the only danger left is risky user downloads or (2) Microsoft is such a small part of typical security exposure on the web, patching Windows no longer matters nearly as much.
    Intuition and experience tells me it has to be higher than that, much higher, like 99.3%, as long as the user is behind a hardware firewall (nat router) and a good browser. Just being a limited or standard user stops more than 90% of actual attacks according to what Steve Gibson has sourced. That 63% sounds like a statistic just high enough to make a user think, goodness, I need something for that 1/3 that can still get through on it's own...I'm not buying that for a second; real infection rates (not PUP-level stuff) would be astounding if that were true. In fact, 350 thousand "driverless" computer infections per 500 million still sounds a bit high to me!

  10. #9
    Super Moderator
    Join Date
    Jun 2011
    Location
    New England
    Posts
    4,746
    Thanks
    171
    Thanked 649 Times in 572 Posts
    Quote Originally Posted by alphaa10 View Post
    But listen, once again, to Bill Gates explain why no patch will be issued before its time-- "There are no significant bugs in our released software that any significant number of users want fixed."
    That was more than 18 years ago, when about 1% of the world was using the internet; and was referring to new versions, not security patches.

    Bruce

  11. #10
    Super Moderator CLiNT's Avatar
    Join Date
    Dec 2009
    Location
    California & Arizona
    Posts
    6,121
    Thanks
    160
    Thanked 609 Times in 557 Posts
    Quote Originally Posted by JC Hoit View Post
    With MS dropping the updates and making XP more vulnerable, wouldn't blanketing XP with antivirus, anti-malware (Malwarebytes), and 3rd party firewall (ZoneAlarm) provide as good protection or even better?
    YES it will provide decent but temporary protection for now.
    NO it will never be sufficient for the long run as new exploits become apparent.

    I suspect most users will migrate away from XP thereby taking most of the hackers intent on exploiting it away as well.
    It's just the stupid businesses still running XP that is of prime concern here.

    Having millions of ATMs run XP is just plain stupid, and that alone could perpetuate an ongoing attack vector above that of the average shrub user.
    DRIVE IMAGING
    Invest a little time and energy in a well thought out BACKUP regimen and you will have minimal down time, and headache.

    Build your own system; get everything you want and nothing you don't.
    Latest Build:
    ASUS X99 Deluxe, Core i7-5960X, Corsair Hydro H100i, Plextor M6e 256GB M.2 SSD, Corsair DOMINATOR Platinum 32GB DDR4@2666, W8.1 64 bit,
    EVGA GTX980, Seasonic PLATINUM-1000W PSU, MountainMods U2-UFO Case, and 7 other internal drives.

  12. #11
    Administrator
    Join Date
    Jun 2010
    Location
    Portugal
    Posts
    12,519
    Thanks
    152
    Thanked 1,398 Times in 1,221 Posts
    Quote Originally Posted by CLiNT View Post
    Having millions of ATMs run XP is just plain stupid, and that alone could perpetuate an ongoing attack vector above that of the average shrub user.
    Those ATMs will be patched, as banks will pay handsomely for continued support.
    Rui
    -------
    R4

  13. #12
    New Lounger
    Join Date
    Feb 2014
    Posts
    15
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by ruirib View Post
    Those ATMs will be patched, as banks will pay handsomely for continued support.
    Yes, and they will continue to pass that cost along to the customer that they already overcharge for non-service.

  14. #13
    New Lounger
    Join Date
    Dec 2009
    Location
    Tucson, AZ, USA
    Posts
    16
    Thanks
    0
    Thanked 2 Times in 2 Posts
    Quote Originally Posted by jimmie jam View Post
    Yes, and they will continue to pass that cost along to the customer that they already overcharge for non-service.
    Or they will pass on the cost of the upgrades. So pick your poison. Eventually, someone has to pay for that cost.
    It may be more cost effective to pay for support than to upgrade not only your OS but also your hardware because the new OS will not run on the older hardware. So it is not only the cost of the OS upgrade that organizations have to take in to account. It is everything else that goes along with it.
    Last edited by johngaz; 2014-04-17 at 16:52.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •