enxz

No, if the port is open it will respond. You don't 'stealth' open ports. ex: You can't stealth port 80 with your apache service. You can't stealth port 80 with your Chrome service. The OS does not make the distinction. Any security in terms of isolating traffic is at the application layer. And then you get to DNS and DHCP etc, various listening ports that also defeat this purpose. Either way, this is mostly for LAN attacks where the attacker is attempting to acclimate themselves to the local network. Even if stealthed ports worked the way people believe they do (and they don't). That's the whole "hide me from attackers" thing. Attacks like these only exist on corporate networks for the most part. You gain LAN access and then query the local domain for other hosts using nmap scans. Knowledge of IPs is irrelevant, the gateway has them (of course) and you're scanning that. I've done this to map a network, it's very helpful. For users your attack is far far far more likely to occur at a compromised webpage, where stealth ports will very obviously have literally no effect whatsoever, even if they *did* work the way people believe they do. This is wayyyy off topic though lol I mostly just wanted to point out this issue as a side note to the real problem - that people think XP can be secure. That said, I mostly was killing time on a long and very boring bus ride. It's been very nice talking, but I think we can all just agree to disagree, as always . See you next time I stumble across here with some time on my hands, perhaps.

You still don't get it. You need an open port, inbound, to connect. That means you aren't invisible. If you care enough, just google around for "stealth port marketing gimmick" and you'll see that some firewalls no longer support stealth mode even. But cases like this, where users are following marketing without understanding how a port works, are perfect examples of why advice should always be given very very carefully.

submix, I obviously know that stealth is for incoming and you still don't get what it does. All a stealth port is is a closed port that doesn't send a signal back or sends an ICMP timeout signal back. It's just a closed port in the end. So either all of your ports are closed and you are "invisible" or all of your ports are closed except for some and you are no longer invisible, whether 99% of them are 'stealthed' or not. It's very simple. You can google for more. tl;dr: The only way stealth ports keep you invisible is if you close every single port. If you close every single port you're going to have a fun time trying to connect to the internet, as you've already seen since when you stealthed your 80 you ended up blocking traffic. So now you're left with a system that has all ports 'stealthed' (closed with a lack of response) and one port (more, in reality) open, completely defeating any 'hidden' attribute it may have given you. Your screenshots will show exactly what I'm saying. You've just misinterpreted the results. @bphipt, Multiple users have argued that XP is more secure than 8, or at least that' show it's come off. But even still, a 'locked down' XP is just a misunderstanding of how programs are secured. ex: You can say "Oh, I've sandboxed program Y" but unless you understand the sandbox, it's meaningless. Sandboxing is enforced by the kernel, at best, which means that weakness in the kernel means weakness in the sandbox. Without understanding how those weaknesses manifest one can not simply say "I'm more secure because I used a sandbox" - you need to know quite a lot more. I am not a fan on Windows 8 or really MS as a company. At no point have I said that they aren't profit driven. I've said that they will make less money if they are not secure, and that their security team has done solid work. So let me put it this way: XP users can not be safe. XP users can be lucky. @jaclaz, People should be very careful about stating opinions in ways that seem like they're stating facts. Yes, this conversation is truly more of the same. No doubt about it, that last topic is quite similar.

submix, You've misunderstood stealth ports. If you had to enable those ports, is your computer invisible right now or not? It's that simple - right now, with you taking inbound connections, is your computer invisible? The answer is no - a stealth port is a closed port, and if your ports were closed you would not be seeing this text right now. I have no interest in discussing stealthed ports, it was debunked years ago and there's plenty on that. My dog in this fight is that users can come to forums looking for advice, as was done here, and what they'll receive is "oh you're secure". That endangers them. People can have their finances crippled by advice like that. I also don't even run Windows outside of for development so I find it funny I'm being called a fanboy. As for whether I'm a self appointed expert, whatever, doesn't matter. What I know is that I have education and experience. What I know is that I've hacked systems (legally, I don't do anything blackhat), defended systems, broken complex software, written complex programs, etc. I'd say that doesn't make me a novice, whether I'm an expert or not, and I'm certainly quite qualified to discuss these things. And if you truly hate my posts so much, that's a shame, but you should try to ignore them if they bother you. @Dencorso, Hello again. I would never deprive a user of access to a system. I don't believe in locking users out of their systems - to me that only means they'll find some way around it, leaving the security gained from such a technique totally lost. I do believe there is a software solution to most security problems, though. Nothing so far is very close, unfortunately. While users can certainly cause infections right now, and we can all agree this is a problem, I don't believe it's the users fault. That's the only difference here. That said - if a user visits a website on Windows XP compared to 7 or 8, an attack has to be considerably more complex on 8 than on previous versions. If you look at exploit development guides (like on corelan.be) you'll see how simple basic attacks are. Then they add DEP, and it gets a bit harder. Then they add ASLR and suddenly the tutorials have to get a lot more theoretical, because there's no consistent way around ASLR when implemented properly - the tutorials will only show against improper implementations because only those can be attacked without further vulnerabilities. But I think all I really wanted to get across is that I stumbled onto msfn again and saw advice that I consider dangerous. I consider it dangerous, and I think maybe others should question whether they should be giving advice on these matters. I personally would not want to feel responsible when someone got infected due to my advice.

Well, that's certainly an interesting theory if you attribute it to the NSA. I've wondered if they do that myself, and I hope to one day figure it out if I ever do move to MS's security team.

Flasche, sorry, that first post was meant for submix, not you. The Linux kernel is a free open source piece of software. Yet decade old vulnerabilities are still found once in a while. It happens. It is not their number one priority. But they have poured millions into it. I know Microsoft security developers and they're very good, they do their best, and that's what they're paid to do.

Flasche, Flash modules may be loaded in Word, I don't know about that. But Word also has EPM as I recall. I also doubt it's particularly hard to disable it, and also consider that almost every user has Flash installed anyways, regardless of XP or Windows 7/8. This is a single program on the system, it does not remove all security from the system. Your theory on why they push new OS's is incorrect. Yes, they like money. But they don't make money by having an insecure OS, it has hurt them for years, especially on the server end of things. There is no one saying "Hey how do we get really secure but still be exploitable?" Literally no one ever has said this, because the idea of being 100% secure is just inane to begin with. P.S. I apologize for the formatting. I am on an incredibly slow and wavering connection, certain features aren't working great for me right now.

Hey, I have no real reason to cite my statements. I don't care if people question whether I've gone to school for CS or not, or what work I've done. You can choose not to believe me. In terms of other experts, I know of no certification that teaches anything important in this context. I've only seen one ever that has you exploit a service using homegrown exploits. If anyone wants to come in here and say they know more than me and discuss things, by all means. Stealth mode is useless. A port must be closed to be stealthed. A closed port is still secure. Any open port means you are no longer invisible. So either every port is closed, and stealth does nothing. Or one or more ports are open, and stealth does nothing. It is a marketing gimmick and is very easy to dismantle logically. While I may choose to move to MS at some point, as I admire their security team, I have no interest in NSA work (I am ethically opposed to that type of work). I work for a private company with absolutely no dog in this fight.

I'm well aware of what PEBCAK is. It only exists due to software flaws. Flash is not a huge gaping hole. It is software. It is exposed through Internet Explorer. Not using Internet Explorer means Flash will not be exploitable. The irony of calling Flash a gaping hole and then using XP should not be lost on anyone. Whereas Flash makes use of modern mitigation techniques and sandboxing XP has virtually no mitigation techniques (DEP is not even fully implemented across all binaries) and no sandboxing and terrible privilege control and a horribly insecure kernel base etc etc etc. I think people here have been talking about some nonexistent 'FUD campaign' by Microsoft. I can not tell you how wrong you are to believe such a thing. People want other people to be secure. We are trying to tell you "This product is not secure" not because we want to tell you what to do with your lives, but because we are experts and you are not, and because of this we feel the responsibility to inform. To me, it's like you have a bunch of doctors telling you not to smoke cigarettes, but people don't like being told what to do, so they call it FUD and smoke because no one's going to tell them how to live their lives. Run XP just understand that people with serious backgrounds in this field and educations and experience are telling you you aren't inseucre, and you should be humble enough to accept that you probably don't know more than they do about it. And the 'you' is not any single person here. And it's not even limited to this forum. It's incredibly wide spread, all this "I'll run it as long as I Want, they don't control me" - no one cares about controlling you, they want to help.

PEBCAK is a failure of software. If a user downloads a malicious binary and executes it it is a failure of the security of the system for not protecting them. Just because a software solution that does this is not in existence right now does not change where the responsibility lies. Yes, if Flash is not on XP and Flash is on 8 then 8 is vulnerable to what Flash is vulnerable to, assuming the user uses IE. If Flash is installed on both, it is far more secure on 8, where ASLR exists (and flash uses high entropy ASLR and force ASLR) among many other techniques.

PEBCAK only exists because software is currently not good enough to handle security for users. The data being normalized is fine. That changes nothing - what' simportant is that Windows 7 is more popular, and therefor something like IE 9 is more popular. Look at the most recent attacks on IE, they ignore older versions even though the older versions are vulnerable. Even if the percentage of users is normalized it's critical to understand that certain things will be attacked on Windows 7 becuase it's more popular. Flash is attack surface, there is no denying that. It's also heavily sandboxed. With EPM it can't write to the system or read it, it can't attack the user through Word I'm not sure what you mean by that. The sandbox is not perfect. It's just helpful. Flash on Windows 8 is far more secure than Flash on XP.

Security is much more than PEBCAK. That is something people think, but it's not true. Security is a software problem and there is/ will be a software solution. In terms of infection rates, they're also not super relevant. Consider that I could create an operating system with absolutely 0 security methods, only a root user, no firewall, nothing but exposed services - but no one would attack it because it would be a single system and no one would know about it. Windows 7 outnumbers XP by quite a bit and attackers are slowly moving towards more targeted watering hole attacks, often on IE since they attack industries. That does not make 7 less secure than XP, not by a longshot. It makes it more often targeted. A botnet is certainly hacking - you can get remote code execution in an process and drop your rootkit. AV can sometimes remove them, but only if they know of them first. Some botnets go years without being detected. Am I *the* authority? No. But I have a background in computer science and computer security. I have developed actual real world exploits, and I have a pretty significant understanding of how an attack works on a very technical level. So I'm qualified to talk about this and explain these things. Flash on Windows 8 does not make it less secure. That only applies to IE, and it's heavily sandboxed if you enable EPM. Regardless, Flash does not undo all of the security techniques implemented in 8. Yes, if you want true security you will run Linux and not Windows. But users here are telling others that they can be secure on XP. The best they can be is lucky, not secure.

This is an incredibly simplistic view of how attacks work as well as an attackers motivations. And the idea that attackers don't care about someone because they aren't rich or whatever is flat out incorrect, what they do is collect computers for botnets. The more computers the more they make. Every system helps. There is millions in this. I don't see why people here are giving security advice when they think every security researcher saying "get off XP" is just some Microsoft shill. You're endangering users who don't know better... stop. I've read a couple other posts on here today with people flat out not understanding things like ASLR and then going "Hey, they're saying we need ASLR but they're just spreading FUD". I'm not looking to start some big convo like last time, but really, this is security, and advice should not be given when you don't have any authority in the matter. That goes for way more users than just you or even just this forum. The short story is that if you are giving security advice when you don't know anything about computer security you are harming other people. I don't care if your system is vulnerable, don't tell someone else how to keep theirs vulnerable too when they come to you for help. P.S. Stealth mode is a gimmick and literally irrelevant in every way to security.