Jump to content

XP OS vulnerabilities after April 8, 2014


vipejc

Recommended Posts

Let's put it this other way (anecdotal :w00t:), I have never seen in my whole life an actual vulnerability actually being taken advantage of by a "hacker" on a non-business installment.

Anything I ever came across was introduced in the affected machine(s):

  1. by senselessly clicking on a link on a received e-mail (or with Outlook/Outlook Express just opening a received e-mail)
  2. by getting a virus/malware as "strings attached" to a downloaded file, usually "border line" with legality or beyond it (warez, pirated movies, etc.)
  3. by browsing on a malicious site (often connected with the above)
  4. by physical insertion in the machine of a USB stick (previously and separately affected because of one of the reasons above)

The whole point is that someone that writes a malware/virus etc. would do this mainly for one of these three reasons:

  1. sheer fun/show off/brag about how clever he/she is <- no profit
  2. create havoc on large scale <- no profit
  3. get money (lots of it) <- profit

Now:

  1. the first one is just a "kid" and has no interest in targeting specifically you, as it wouldn't produce the kind of publicity wished for.
  2. the second one is someone that is against all humanity (or technology or MS or all of them) and also has no interest in targeting you.
  3. the third one is someone that wants money and since you have not enough of it and it would cost him/her much more time and effort to target individuals (to get only a little money) than trying to collect money by infecting the largest possible number of machines, also has no particular interest on you.

What remains are just two possibilities:

  1. you have (personally) offended the "hacker" or however made the "hacker" willing to take a personal revenge against you
  2. you have (personally) offended someone and this someone has enough money (and the capabilities) to find and hire a "hacker" to have him/her take the revenge

All in all, if you behave nicely enough with all people :), you should be safe from these.

You are however a target, but just one target in the mass of other targets, there is nothing particularly "safe" to do, but you will have to adopt a strategy similar to the one in the old bear joke:

http://www.forensicfocus.com/Forums/viewtopic/p=6567580/#6567580

you don't have to be "better than the hacker is", you need to be "better than a large enough number of possible victims".

jaclaz

Jaclaz, you should hear this tool named Eli the Computer Guy. Watch his stupid videos on YouTube about the end of support for XP. Here's my impression of him. OMGZ! You must kill XP now! All XP machines are sitting ducks and will be shot on site. It is essential that you buy Windows 7 or 8, now. If you don't, your computer will blow up, or a hacker will take over it and turn it into a zombie bot and destroy the worldz! The funniest thing he said was XP wasn't built for broadband or security, and that XP systems should be disconnected from the Internet and put on their own little private island. Well, Eli, my XP loves broadband. It's so fast and I get so much work done. Love the thing. LOL

Edited by vipejc
Link to comment
Share on other sites


Yeah, just scare tactics to try and sell one crappy 8. :P

But one thing does worry me, and I'd like for you to answer it. A popular computer guy named Eli the Computer Guy, who is very arrogant and makes very little sense, said that any XP system with an OS vulnerability can be hacked, even if it's just used as a server, cash register, or ATM, because any device connected to the Internet, whether wired or wireless, that uses broadband and is always connected to the Internet is a target for hackers. [...]

In principle, anything directely connected to the WAN is more at risk than anything behind a common, garden-variety, router (or wireless router), which firewall (the proverbial hardware firewall) is activated and correctly configured. If there is a router firewall between your machine and the WAN, then its the router firewall (in ROM, linux or proprietary OS) that is seen from the outside. Now tell me please, how can a hacker attack a XP machine that is always on, but which that hacker cannot even see? I say: FUD!!! icon33.gif

And I say more: long live XP! :yes:

Link to comment
Share on other sites

Also XP has had 13 years of fixes and improvements under its belt.

Hackers nowadays are focusing on windows 7 ++++ why would the give a sh*t about someone who can't afford or care to upgrade from XP?

Yes, 13 years or so of patches and improvements UP TO April 8, 2014. Don't think for a second that the elite hackers won't research Windows 7 or 8 security holes and then reverse-engineer them, test them in XP, and if they work, put them on the black market to the highest bidder or just use them themselves to exploit XP systems. That was my real concern, and it was a legitmate one, not some newbie nonsense rant.

Link to comment
Share on other sites

Let's put it this other way (anecdotal :w00t:), I have never seen in my whole life an actual vulnerability actually being taken advantage of by a "hacker" on a non-business installment.

Anything I ever came across was introduced in the affected machine(s):

  1. by senselessly clicking on a link on a received e-mail (or with Outlook/Outlook Express just opening a received e-mail)
  2. by getting a virus/malware as "strings attached" to a downloaded file, usually "border line" with legality or beyond it (warez, pirated movies, etc.)
  3. by browsing on a malicious site (often connected with the above)
  4. by physical insertion in the machine of a USB stick (previously and separately affected because of one of the reasons above)

The whole point is that someone that writes a malware/virus etc. would do this mainly for one of these three reasons:

  1. sheer fun/show off/brag about how clever he/she is <- no profit
  2. create havoc on large scale <- no profit
  3. get money (lots of it) <- profit

Now:

  1. the first one is just a "kid" and has no interest in targeting specifically you, as it wouldn't produce the kind of publicity wished for.
  2. the second one is someone that is against all humanity (or technology or MS or all of them) and also has no interest in targeting you.
  3. the third one is someone that wants money and since you have not enough of it and it would cost him/her much more time and effort to target individuals (to get only a little money) than trying to collect money by infecting the largest possible number of machines, also has no particular interest on you.

What remains are just two possibilities:

  1. you have (personally) offended the "hacker" or however made the "hacker" willing to take a personal revenge against you
  2. you have (personally) offended someone and this someone has enough money (and the capabilities) to find and hire a "hacker" to have him/her take the revenge

All in all, if you behave nicely enough with all people :), you should be safe from these.

You are however a target, but just one target in the mass of other targets, there is nothing particularly "safe" to do, but you will have to adopt a strategy similar to the one in the old bear joke:

http://www.forensicfocus.com/Forums/viewtopic/p=6567580/#6567580

you don't have to be "better than the hacker is", you need to be "better than a large enough number of possible victims".

jaclaz

Jaclaz, you should hear this tool named Eli the Computer Guy. Watch his stupid videos on YouTube about the end of support for XP. Here's my impression of him. OMGZ! You must kill XP now! All XP machines are sitting ducks and will be shot on site. It is essential that you buy Windows 7 or 8, now. If you don't, your computer will blow up, or a hacker will take over it and turn it into a zombie bot and destroy the worldz! The funniest thing he said was XP wasn't built for broadband or security, and that XP systems should be disconnected from the Internet and put on their own little private island. Well, Eli, my XP loves broadband. It's so fast and I get so much work done. Love the thing. LOL

I wouldn't be surprised if he's sponsored or gotten incentives to say that stuff.

Most of the vulnerabilities also come in the basic "IE-related" category too. Knowing that and since XP cannot go above ie8 (Which we know has fallen way behind now) It's highly unlikely that a ie11+ exploit can even be managed to back port.

That also goes for the other few. The system is fundamentally different now. I'm not saying it won't happen, just if you don't use ie or wmp then your chances go from slim to minuscule...

Edited by Kelsenellenelvian
Link to comment
Share on other sites

Yeah, just scare tactics to try and sell one crappy 8. :P

But one thing does worry me, and I'd like for you to answer it. A popular computer guy named Eli the Computer Guy, who is very arrogant and makes very little sense, said that any XP system with an OS vulnerability can be hacked, even if it's just used as a server, cash register, or ATM, because any device connected to the Internet, whether wired or wireless, that uses broadband and is always connected to the Internet is a target for hackers. [...]

In principle, anything directely connected to the WAN is more at risk than anything behind a common, garden-variety, router (or wireless router), which firewall (the proverbial hardware firewall) is activated and correctly configured. If there is a router firewall between your machine and the WAN, then its the router firewall (in ROM, linux or proprietary OS) that is seen from the outside. Now tell me please, how can a hacker attack a XP machine that is always on, but which that hacker cannot even see? I say: FUD!!! icon33.gif

And I say more: long live XP! :yes:

Sounds like it can't. Well, thanks for clearing this up. All these replies just confirm that XP is completely safe for a home user now and forever.

Link to comment
Share on other sites

Also XP has had 13 years of fixes and improvements under its belt.

Hackers nowadays are focusing on windows 7 ++++ why would the give a sh*t about someone who can't afford or care to upgrade from XP?

Yes, 13 years or so of patches and improvements UP TO April 8, 2014. Don't think for a second that the elite hackers won't research Windows 7 or 8 security holes and then reverse-engineer them, test them in XP, and if they work, put them on the black market to the highest bidder or just use them themselves to exploit XP systems. That was my real concern, and it was a legitmate one, not some newbie nonsense rant.

Please note I wasn't in any way saying you are just noob ranting.

Link to comment
Share on other sites

Yes, 13 years or so of patches and improvements UP TO April 8, 2014. Don't think for a second that the elite hackers won't research Windows 7 or 8 security holes and then reverse-engineer them, test them in XP, and if they work, put them on the black market to the highest bidder or just use them themselves to exploit XP systems. That was my real concern, and it was a legitmate one, not some newbie nonsense rant.

Again as I said for the third time its like beating a dead horse. What possible can they do to xp now. Its been around for such a long time, which accounts for many years of patches for vulnerabilities. It would be hard to find one now.

In fact this topic is beating a dead horse.

Whatever... in fact I mean 8.1+, because, no matter how many updates or upgrades one does to it, crappy 8 remains crappy! :yes:

Self evident

Link to comment
Share on other sites

Also XP has had 13 years of fixes and improvements under its belt.

Hackers nowadays are focusing on windows 7 ++++ why would the give a sh*t about someone who can't afford or care to upgrade from XP?

Yes, 13 years or so of patches and improvements UP TO April 8, 2014. Don't think for a second that the elite hackers won't research Windows 7 or 8 security holes and then reverse-engineer them, test them in XP, and if they work, put them on the black market to the highest bidder or just use them themselves to exploit XP systems. That was my real concern, and it was a legitmate one, not some newbie nonsense rant.

Please note I wasn't in any way saying you are just noob ranting.

It's cool. I don't know everything. Nobody does. We computer users need to always share our knowledge so together we can stop all these sales pitches and make the best personal decisions for our computers. MS is not half as smart as all of us and our collective knowledge.

Link to comment
Share on other sites

I am also an XP fan but you can't fight the progress....

even if you can't be attacked by hackers: new manufacturers don't offer support for XP (they don't bother to create drivers anymore).

it's already happening if you look at Intel's chipsets for Haswell... also ATI Radeon is not releasing drivers for it.

I feel sorry too but there is nothing we can do I think.

Link to comment
Share on other sites

And, before the war is lost, supposing it's fated to be lost (which is not necessarily obvious at this time), they'll have to win each battle, that'll always be fought to the bitter end... so, many many years may pass, with the war still raging on and on and on... :w00t:

Link to comment
Share on other sites

I just learned my gateway uses NAT only and has the hardware firewall disabled. I can enable it, but I know it's disabled by default to prevent connection issues. I know NAT isn't a firewall, but it is a form of security. Am I safe with the NAT-only gateway and the built-in Windows software firewall? I think so, but I want to hear your thoughts. NAT takes my real IP address and translates it into a fake IP address when making external connections to the Internet, and the Windows firewall offers solid protection from inbound traffic, which is fine, as the hacker would never get on my system to send outbound traffic.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...