XP OS vulnerabilities after April 8, 2014

[vipejc]

NO! Stealth Mode is NOT a Block, It's a TOTAL IGNORE! AGAIN, you are TESTING the ROUTER (External) IP (did you not note the IP GRC gave you?) and NOT The COMPUTER (Internal) IP (LOCAL assigned IP by the Router's DHCP Service). AGAIN, you do NOT have STEALTH on XP - READ THE TECHNET LINK!

HTH

Oh, I get it now. You're saying the Windows XP Firewall is blocking incoming echo requests through my computer's internal IP address, but it doesn't have the ability to block them through the gateway's external IP, and the gateway is what's responding to GRC's ping requests? Is that a hardware limitation or OS limitation that I don't have stealth mode? Sorry, your wording is a little confusing.

[submix8c]

Technet - XP does not have the ADDITIONAL "Stealth Mode" functionality - just the BASE Firewall.

Router - It's apparently INHERENT in the ADDITIONAL "Stealth Mode" functionality.

Routers have their OWN OS (usually some flavor of Linux) "embedded" ("firmware") in the Chips (similar to a VERY large BIOS). It's as I said about being able to "make your own" Router (see above post). That "OS" is BETWEEN the WWW (your ISP) and your "Computer OS".

Again, read those links and THINK about it. I don't see any reason to explain what's already explained in them.

FYI, my ATT Gateway's NAT/Router/Firewall DOES have both "Stealth Mode" and an ADDITIONAL check-box SPECIFICALLY to add "PING" underneath the "Stealth" (thus ALSO preventing THAT even WITHIN it). As to the PING being "needed" by the ISP, I could be very wrong !

HTH

[enxz]

It's fud cooked up by MS and people who want you to upgrade to Win8 and other browsers.

Think of this:

I am a hacker and I see your name on some randomm net site, now I decide I hate you and have to do the following:

Hack that site to get your ip

or

Send you a email in hopes you respond so I can get your ip

then

I have to spend all the time tracking your ip to get to your pc

then I have to try the couple of backdoors I know to get into your pc

then I have to crack your pass word to get to anything in your pc.

OR:

I am a hacker and I am going to spend my time hacking into some place that gives me a guaranteed payoff, like sony playstation network or xbox live.

Not waste my time on you when I know i'll likely have no payoff.

This is an incredibly simplistic view of how attacks work as well as an attackers motivations.

And the idea that attackers don't care about someone because they aren't rich or whatever is flat out incorrect, what they do is collect computers for botnets. The more computers the more they make. Every system helps. There is millions in this.

I don't see why people here are giving security advice when they think every security researcher saying "get off XP" is just some Microsoft shill. You're endangering users who don't know better... stop.

I've read a couple other posts on here today with people flat out not understanding things like ASLR and then going "Hey, they're saying we need ASLR but they're just spreading FUD".

I'm not looking to start some big convo like last time, but really, this is security, and advice should not be given when you don't have any authority in the matter. That goes for way more users than just you or even just this forum. The short story is that if you are giving security advice when you don't know anything about computer security you are harming other people. I don't care if your system is vulnerable, don't tell someone else how to keep theirs vulnerable too when they come to you for help.

P.S. Stealth mode is a gimmick and literally irrelevant in every way to security.

[Flasche]

You're endangering users who don't know better... stop.

 

The thing is you cant really help someone, because security goes down to pebcak and people dont like to change.

 

 

I don't see why people here are giving security advice when they think every security researcher saying "get off XP" is just some Microsoft shill.

 

http://www.msfn.org/board/topic/171799-your-windows-7-pc-is-more-likely-to-have-malware-than-your-xp-one/?p=1077597 

 

 

This is an incredibly simplistic view of how attacks work as well as an attackers motivations.

And the idea that attackers don't care about someone because they aren't rich or whatever is flat out incorrect, what they do is collect computers for botnets. The more computers the more they make. Every system helps. There is millions in this.

 

 

Botnets can be removed with an AV/AS. Also a botnet IMO is not hacking since it gain access to your computer through Malware and not someone physically attacking your computer [unless you count the spam that is sent to another computer (AV can prevent this, and it's generally not controlled by a person, which is why they are called bots) or the DDoS attacks on servers (which isn't hacking either)].

 

 

I'm not looking to start some big convo like last time, but really, this is security, and advice should not be given when you don't have any authority in the matter.

 

And who has this authority you... I think not. Honestly how dare you say something so rude. This is a forum, and anyone has the right to post and give their OPINIONS on the matter.

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

An other thing to note about XP is that since it so old, and been patched for years most of its if not all (a stretch) comes from software, and not the OS its self.

 

PS if you really want security for windows you should get off of 8 since it has Flash rebuilt into it making it more vulnerable to attacks than XP.

 

PSS if someone wanted true security then they would not use Windows (at least as a physical machine) and instead use these wonderful OS's http://www.openbsd.org/  ,  https://www.whonix.org/ (if anonymity = secure in your book which it does in mine)

[enxz]

Security is much more than PEBCAK. That is something people think, but it's not true. Security is a software problem and there is/ will be a software solution.

In terms of infection rates, they're also not super relevant. Consider that I could create an operating system with absolutely 0 security methods, only a root user, no firewall, nothing but exposed services - but no one would attack it because it would be a single system and no one would know about it.

Windows 7 outnumbers XP by quite a bit and attackers are slowly moving towards more targeted watering hole attacks, often on IE since they attack industries. That does not make 7 less secure than XP, not by a longshot. It makes it more often targeted.

A botnet is certainly hacking - you can get remote code execution in an process and drop your rootkit. AV can sometimes remove them, but only if they know of them first. Some botnets go years without being detected.

Am I *the* authority? No. But I have a background in computer science and computer security. I have developed actual real world exploits, and I have a pretty significant understanding of how an attack works on a very technical level. So I'm qualified to talk about this and explain these things.

Flash on Windows 8 does not make it less secure. That only applies to IE, and it's heavily sandboxed if you enable EPM. Regardless, Flash does not undo all of the security techniques implemented in 8.

Yes, if you want true security you will run Linux and not Windows. But users here are telling others that they can be secure on XP. The best they can be is lucky, not secure.

Edited May 18, 2014 by enxz

[Flasche]

Security is much more than PEBCAK. That is something people think, but it's not true. Security is a software problem and there is/ will be a software solution.

 

But pebcak is the most important part of security. I can be on a supported system like windows 8, and still get malware. While another user can be on windows 95 and never get malware.

 

In terms of infection rates, they're also not super relevant. Consider that I could create an operating system with absolutely 0 security methods, only a root user, no firewall, nothing but exposed services - but no one would attack it because it would be a single system and no one would know about it

 

And a quote from the article

 

And before you think that the stats are telling a skewed story because of the different number of users of the different operating systems, these numbers have been normalised by Microsoft.

 

"This data is normalized; that is, the infection rate for each version of Windows is calculated by comparing an equal number of computers per version (for example, 1,000 Windows XP SP3 computers to 1,000 Windows 8 RTM computers)."

 

EDIT: Another thing to note, is that XP is the second most common OS. So with theoretically then it should have more vulnerabilities than windows 8 lets say right.

 

Flash on Windows 8 does not make it less secure. That only applies to IE, and it's heavily sandboxed if you enable EPM. Regardless, Flash does not undo all of the security techniques implemented in 8.

 

Every vulnerability to flash is one for windows 8. In fact Flash makes windows 8 less secure http://www.neowin.net/news/windows-8-is-the-most-vulnerable-windows-os-you-can-thank-flash-for-that . (this coming from neowin yuck) http://nakedsecurity.sophos.com/2012/09/24/microsoft-flash-ie-10-windows-8/

 

a quote that I liked

 

It concerns security vulnerabilities in - you guessed it - Adobe's Flash Player running in IE 10 on Windows 8.

According to the Advisory, which was published on Friday, Microsoft said that Flash drivers for Internet Explorer 10 contained vulnerabilities that could allow a remote attacker to use a malicious website that compromised the vulnerabilities, allowing them run malware on the at-risk system.

Even Windows 8 users who don't use IE 10 could still be vulnerable to attack, because Microsoft Office applications invoke Flash Player in IE when users click links embedded in documents, email and other mediums, Microsoft said.

 

It doesn't matter if IE sandboxes it, since it can still attack the user if the have MS office. (The most commonly used office suite)

Edited May 18, 2014 by Flasche

[enxz]

PEBCAK only exists because software is currently not good enough to handle security for users.

The data being normalized is fine. That changes nothing - what' simportant is that Windows 7 is more popular, and therefor something like IE 9 is more popular. Look at the most recent attacks on IE, they ignore older versions even though the older versions are vulnerable. Even if the percentage of users is normalized it's critical to understand that certain things will be attacked on Windows 7 becuase it's more popular.

Flash is attack surface, there is no denying that. It's also heavily sandboxed. With EPM it can't write to the system or read it, it can't attack the user through Word I'm not sure what you mean by that.

The sandbox is not perfect. It's just helpful. Flash on Windows 8 is far more secure than Flash on XP.

[Flasche]

PEBCAK only exists because software is currently not good enough to handle security for users.

 

That simply isn't true, and never will be. pebcak is user error, and has nothing to do with how insecure the software they are using is.

 

 

 Flash on Windows 8 is far more secure than Flash on XP.

 

Since flash is integrated into Windows 8 it would make it more vulnerable to flash vulnerabilities then XP even with EPM. (Its like a handicap)

 

[enxz]

PEBCAK is a failure of software. If a user downloads a malicious binary and executes it it is a failure of the security of the system for not protecting them. Just because a software solution that does this is not in existence right now does not change where the responsibility lies.

Yes, if Flash is not on XP and Flash is on 8 then 8 is vulnerable to what Flash is vulnerable to, assuming the user uses IE. If Flash is installed on both, it is far more secure on 8, where ASLR exists (and flash uses high entropy ASLR and force ASLR) among many other techniques.

[Flasche]

PEBCAK is a failure of software.

 

pebcak is a user error, not a failure of the software. (Problem Exists Between Keyboard And Chair)

 

 

Yes, if Flash is not on XP and Flash is on 8 then 8 is vulnerable to what Flash is vulnerable to, assuming the user uses IE. If Flash is installed on both, it is far more secure on 8, where ASLR exists (and flash uses high entropy ASLR and force ASLR) among many other techniques.

 

That still doesn't deny the fact that flash is integrated. It leaves a huge gaping hole in the security. You can apply as many bandaides as you want to an open wound, but eventually, it will all ooze out.

[enxz]

I'm well aware of what PEBCAK is. It only exists due to software flaws.

Flash is not a huge gaping hole. It is software. It is exposed through Internet Explorer. Not using Internet Explorer means Flash will not be exploitable.

The irony of calling Flash a gaping hole and then using XP should not be lost on anyone. Whereas Flash makes use of modern mitigation techniques and sandboxing XP has virtually no mitigation techniques (DEP is not even fully implemented across all binaries) and no sandboxing and terrible privilege control and a horribly insecure kernel base etc etc etc.

I think people here have been talking about some nonexistent 'FUD campaign' by Microsoft. I can not tell you how wrong you are to believe such a thing. People want other people to be secure. We are trying to tell you "This product is not secure" not because we want to tell you what to do with your lives, but because we are experts and you are not, and because of this we feel the responsibility to inform.

To me, it's like you have a bunch of doctors telling you not to smoke cigarettes, but people don't like being told what to do, so they call it FUD and smoke because no one's going to tell them how to live their lives.

Run XP just understand that people with serious backgrounds in this field and educations and experience are telling you you aren't inseucre, and you should be humble enough to accept that you probably don't know more than they do about it.

And the 'you' is not any single person here. And it's not even limited to this forum. It's incredibly wide spread, all this "I'll run it as long as I Want, they don't control me" - no one cares about controlling you, they want to help.

Edited May 18, 2014 by enxz

[submix8c]

Am I *the* authority? No. But I have a background (1) in computer science and computer security. I have developed actual real world exploits (2), and I have a pretty significant understanding of how an attack works on a very technical level. So I'm qualified to talk about this and explain these things.

At the risk of being reprimanded...

Such an expert to come to MSFN and argue both on this Topic and this one as well -

http://www.msfn.org/board/topic/163539-are-ms-updates-for-xp-really-necessary/

And no other topics!

BTW, you ARE aware there are many "experts" (you may remove the quotes if you wish) on MSFN (most certainly Certified (1) and actively working in the field) that just might disagree with you.

 

P.S. "Stealth Mode" makes your PC (literally) "invisible" to the outside world, or is that a big lie, too? Maybe I just want to be "anonymous" and not allow anyone "outside" know I exist thus not giving them a "future opportunity" to "attack" my "now known IP address", knowing there ARE Port Scans by hackers using these methods? Useless "feature" by YOUR standards, correct (2)? (Must work for MS or NSA... )

Edited May 18, 2014 by submix8c

[Flasche]

I'm well aware of what PEBCAK is. It only exists due to software flaws. Flash is not a huge gaping hole. It is software. It is exposed through Internet Explorer. Not using Internet Explorer means Flash will not be exploitable.

 

pebcak exists because of the user not understanding the software they are using not the software flaw

 

Also...

 

MS stated that it doesn't matter if you use IE or not Flash vulnerabilities will still effect you if you use MS OFFICE, or let alone any program that uses flash. That to me seems like a big gaping hole. Yet proving my open wound theory

 

 

I think people here have been talking about some nonexistent 'FUD campaign' by Microsoft. I can not tell you how wrong you are to believe such a thing. People want other people to be secure.

 

Not true you know the only reason why M$ pushes the new OSes is so they can make money, not really about security. Also if this was the case there would be no need for updates or patches, but is simply not true. Sure they will help you, but no business based on IT wants to have their users be 100% secure, there will be no profit. Sadly its all about the money, and if that means purposely allowing exploits to happen then so be it.

Edited May 18, 2014 by Flasche

[enxz]

Hey,

I have no real reason to cite my statements. I don't care if people question whether I've gone to school for CS or not, or what work I've done. You can choose not to believe me.

In terms of other experts, I know of no certification that teaches anything important in this context. I've only seen one ever that has you exploit a service using homegrown exploits. If anyone wants to come in here and say they know more than me and discuss things, by all means.

Stealth mode is useless. A port must be closed to be stealthed. A closed port is still secure. Any open port means you are no longer invisible.

So either every port is closed, and stealth does nothing. Or one or more ports are open, and stealth does nothing. It is a marketing gimmick and is very easy to dismantle logically.

While I may choose to move to MS at some point, as I admire their security team, I have no interest in NSA work (I am ethically opposed to that type of work). I work for a private company with absolutely no dog in this fight.

Edited May 18, 2014 by enxz

[enxz]

Flasche,

Flash modules may be loaded in Word, I don't know about that. But Word also has EPM as I recall. I also doubt it's particularly hard to disable it, and also consider that almost every user has Flash installed anyways, regardless of XP or Windows 7/8. This is a single program on the system, it does not remove all security from the system.

Your theory on why they push new OS's is incorrect. Yes, they like money. But they don't make money by having an insecure OS, it has hurt them for years, especially on the server end of things. There is no one saying "Hey how do we get really secure but still be exploitable?" Literally no one ever has said this, because the idea of being 100% secure is just inane to begin with.

P.S. I apologize for the formatting. I am on an incredibly slow and wavering connection, certain features aren't working great for me right now.

Edited May 18, 2014 by enxz