Page 1 of 2 12 LastLast
Results 1 to 15 of 26
  1. #1
    2 Star Lounger
    Join Date
    Nov 2010
    Posts
    123
    Thanks
    0
    Thanked 8 Times in 8 Posts

    A black market for patches?

    Thought this article would be cool enough to share and discuss here. Your thoughts?

    http://news.yahoo.com/want-quick-buc...003035337.html

  2. Subscribe to our Windows Secrets Newsletter - It's Free!

    Get our unique weekly Newsletter with tips and techniques, how to's and critical updates on Windows 7, Windows 8, Windows XP, Firefox, Internet Explorer, Google, etc. Join our 480,000 subscribers!

    Excel 2013: The Missing Manual

    + Get this BONUS — free!

    Get the most of Excel! Learn about new features, basics of creating a new spreadsheet and using the infamous Ribbon in the first chapter of Excel 2013: The Missing Manual - Subscribe and download Chapter 1 for free!

  3. #2
    Super Moderator RetiredGeek's Avatar
    Join Date
    Mar 2004
    Location
    Manning, South Carolina
    Posts
    6,051
    Thanks
    195
    Thanked 758 Times in 694 Posts
    I barely trust patches from MS NO WAY I'm going to trust them from someone who hacked the code...get it HACKED!
    May the Forces of good computing be with you!

    RG

    VBA Rules!

    My Systems: Desktop Specs
    Laptop Specs


  4. #3
    Administrator
    Join Date
    Jun 2010
    Location
    Portugal
    Posts
    10,172
    Thanks
    129
    Thanked 1,139 Times in 1,050 Posts
    I have to second RG's opinion.
    Rui
    -------
    R4

  5. #4
    4 Star Lounger
    Join Date
    Feb 2010
    Location
    Fairfax County, Virginia
    Posts
    435
    Thanks
    8
    Thanked 41 Times in 33 Posts
    I started to say that no one is going to download and install patches from sources that they don't know, but actually, people already do that. That would be the black market, and people should, but probably won't stay away from it.

    On the other hand, if a source that you do know, such as the companies that make the menu software for Windows 8, (StartisBack, Classic Shell, Stardock Start8) or any of the anti-virus companies create a grey market, and if it's not too expensive, or if an anti-virus company includes it in the annual cost of updating their stuff, then yes, I would be glad to get patches from someone else.
    Last edited by Prescott; 2014-04-26 at 13:41. Reason: Change to to too

  6. #5
    2 Star Lounger
    Join Date
    Nov 2010
    Posts
    123
    Thanks
    0
    Thanked 8 Times in 8 Posts
    Maybe, if Microsoft would opensource XP, then the Opensource community would continue to keep XP from being an onlline threat, but I suppose that would mean XP would be competition for Win8 (not; lolol).

  7. #6
    4 Star Lounger
    Join Date
    Feb 2010
    Location
    Fairfax County, Virginia
    Posts
    435
    Thanks
    8
    Thanked 41 Times in 33 Posts
    I have been watching ReactOS for some time. They want to be an XP replacement, but they don't seem to be getting it done. They are currently number 127 on DistroWatch and are described as:

    ReactOS is a free and open-source operating system based on the best design principles found in the Windows NT architecture. Written completely from scratch, ReactOS is not a Linux-based system and it shares none of the UNIX architecture. The main goal of the ReactOS project is to provide an operating system which is binary compatible with Windows. This will allow Windows applications and drivers to run as they would on a Windows system. Additionally, the look and feel of the Windows operating system is used, such that people accustomed to the familiar user interface of Windows would find using ReactOS straightforward. The ultimate goal of ReactOS is to allow people to use it as an alternative to Windows without the need to change software they are used to.
    The last update was Thursday 6 February 2014 and you can download it from http://www.reactos.org/downloads

    The installation has a strong resemblance to the look and feel of Windows XP, and so does the desktop, but it's still Alpha code, and at this time when you try to install software, it crashes a lot.

    When the next release - Beta? - is available, I'm definitely going to look at it again.

  8. #7
    Super Moderator CLiNT's Avatar
    Join Date
    Dec 2009
    Location
    California & Arizona
    Posts
    5,384
    Thanks
    127
    Thanked 482 Times in 443 Posts
    A black market for XP patches would be far more detrimental than MS could ever come up with. [stupid on stupid]
    XP is dying, accept and get over it, or move to Linux or MAC.
    DRIVE IMAGING
    Invest a little time and energy in a well thought out BACKUP regimen and you will have minimal down time, and headache.

    Windows 8.1, 64 bit
    Motherboard: DX58SO2*Chipset: X58 Express/Intel ICH10*BIOS: SOX5820J.86A.0888.2012.0129.2203*Processor: Intel Core i7 CPU X 990
    GPU: Nvidia GTX 580*Memory: Corsair 12 GB, 4x3@1600*PSU: Corsair HX1000*Hard drives: REVO X2 160GB*OCZ VERT X3 120GB*5 mechanical storage drives (12 TB) total.

  9. #8
    New Lounger
    Join Date
    Apr 2014
    Posts
    7
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Sadly, Microsoft has always managed to punish and disappoint their most loyal customers. They have also managed to kill any good product that they made.

    MS Office 95, 97, 2000, 2003 made people comfortable and familiar with the product. No retraining was necessary from one version to the other.
    Next came Office 2007 with its ribbon. Users from all walks of life had to be retrained all over again. Most of them hated the ribbons. Many people decided to switch to open-source packages and dump Microsoft Office altogether.

    Windows XP was a fine product. People liked it. That didn't make MS happy. They came up with the Vista disaster.
    Windows 7 came out to fix Vista's nightmare. People started to like it. That didn't make MS happy, so they came up with the Windows 8 blunder!

    Even software that is critical to people's life and their finances, i.e. MS-Money, got dumped with no more support. Shame on you, Microsoft! How can anyone trust you anymore!!!

    This is aside from dumping people who were using the Windows phone, suddenly stopping support after version 6.x, and coming up with Windows phone 7, which wasn't compatible with these phones. MS wanted to force you to buy their new phone. No way, not for me. I cannot trust or rely on MS at all.

    Amazingly MS seems to not understand why Android phones are so dominant. Simply put, not many can trust Microsoft when they have proven again and again their disloyalty and disregard to their customers.

    Although I have Windows 7 64 Ultimate on one of my drives, and I occasionally boot to Windows 7 (mostly for updates), I use Windows XP 99% of the time.
    I love XP and its interface.

    If you use a good firewall, a good virus scanner, update your java and Adobe plug-ins frequently, FireFox with the "No Scripts" add-on, and some common sense (stay away from porn and shady sites), then XP should be fine for quite sometime to come (as long as firewalls and virus scanners continue to be updated).

    It would be a dangerous gamble to download and install patches from the black market. I would not touch these patches with a ten foot pole!


  10. #9
    4 Star Lounger
    Join Date
    Feb 2010
    Location
    Fairfax County, Virginia
    Posts
    435
    Thanks
    8
    Thanked 41 Times in 33 Posts
    People kept saying that the hackers had zero day exploits that they were keeping in reserve, and that they were going to unleash the hounds of hell as soon as the last Microsoft patches had been released, and XP was unsupported, but that doesn't seem to be happening. And if they don't have exploits now, are they working on them?

    I would think that the hackers would move on from XP under the assumption that they could steal more from people who had more money, which on average people with newer machines would be. The Chinese may have a lot of XPs, but you probably can't steal as much from them as you can from Americans or Europeans with new Windows 8 machines.
    Last edited by Prescott; 2014-04-26 at 15:33. Reason: pluralize hound, change them to exploits

  11. #10
    New Lounger Chrisso's Avatar
    Join Date
    Apr 2014
    Posts
    10
    Thanks
    0
    Thanked 1 Time in 1 Post
    MS-Money is not dead completely and there is a rather large user community helping one another.

    Have a look here ....

    http://microsoftmoneyoffline.wordpre...ates/#comments

  12. #11
    Administrator
    Join Date
    Jun 2010
    Location
    Portugal
    Posts
    10,172
    Thanks
    129
    Thanked 1,139 Times in 1,050 Posts
    Quote Originally Posted by Prescott View Post
    People kept saying that the hackers had zero day exploits that they were keeping in reserve, and that they were going to unleash the hounds of hell as soon as the last Microsoft patches had been released, and XP was unsupported, but that doesn't seem to be happening. And if they don't have exploits now, are they working on them?

    I would think that the hackers would move on from XP under the assumption that they could steal more from people who had more money, which on average people with newer machines would be. The Chinese may have a lot of XPs, but you probably can't steal as much from them as you can from Americans or Europeans with new Windows 8 machines.
    I don't know where you read that. What I read and actually wrote about was flaws patched in the other OSes that could be exploited on XP, where they would not be patched. Seems there is a serious first one:

    http://www.theverge.com/2014/4/27/56...s-all-versions

    No matter how people put it, XP is old. It simply is. OS technology has evolved in the 13 years since XP was initially released. I find it funny that some threaten to go Mac OS and don't realize that Apple's support policy is much worse than Microsoft's, in what regards operating systems.
    Rui
    -------
    R4

  13. #12
    Super Moderator satrow's Avatar
    Join Date
    Dec 2009
    Location
    Cardiff, UK
    Posts
    2,138
    Thanks
    102
    Thanked 207 Times in 181 Posts
    Rui, that exploit is currently being exploited on IE 9-11 where Flash ActiveX is enabled, it's a targeted at a specific group of users, as far as I can tell; no reports of it having hit XP users has yet emerged.

  14. #13
    Administrator
    Join Date
    Mar 2001
    Location
    St Louis, Missouri, USA
    Posts
    20,376
    Thanks
    1
    Thanked 595 Times in 532 Posts
    The Microsoft Security Advisory 2963983 says that IE 6 through IE 11 are affected. From the FAQ in the article:

    "I am running Internet Explorer for Windows Server 2003, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, or Windows Server 2012 R2. Does this mitigate this vulnerability?
    Yes. By default, Internet Explorer on Windows Server 2003, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2 runs in a restricted mode that is known as Enhanced Security Configuration. Enhanced Security Configuration is a group of preconfigured settings in Internet Explorer that can reduce the likelihood of a user or administrator downloading and running specially crafted web content on a server. This is a mitigating factor for websites that you have not added to the Internet Explorer Trusted sites zone.

    Does EMET help mitigate attacks that try to exploit this vulnerability?
    Yes. The Enhanced Mitigation Experience Toolkit (EMET) enables users to manage security mitigation technologies that help make it more difficult for attackers to exploit vulnerabilities in a given piece of software. EMET helps to mitigate this vulnerability in Internet Explorer on systems where EMET is installed and configured to work with Internet Explorer.

    For more information about EMET, see The Enhanced Mitigation Experience Toolkit."

    Joe

  15. #14
    Super Moderator satrow's Avatar
    Join Date
    Dec 2009
    Location
    Cardiff, UK
    Posts
    2,138
    Thanks
    102
    Thanked 207 Times in 181 Posts
    Only attacks on IE 9-11 have been reported publicly so far, Joe.

    Disabling or uninstalling the Flash ActiveX plugin is reported to foil/break the exploit.

  16. #15
    4 Star Lounger
    Join Date
    Feb 2010
    Location
    Fairfax County, Virginia
    Posts
    435
    Thanks
    8
    Thanked 41 Times in 33 Posts
    If it really is the IE browser that has the problem, then the answer would seem to be install another browser, and don't use IE on XP.

    But IE is deeply embedded and integrated into XP, so depending on exactly what the vulnerability is, then even if you don't use IE, you could be hacked while using some other part of XP, particularly Outlook Express.

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •