Mass hysteria on the interwebs!

[JorgeA]

So, where are all the countless XP exploits that insiders and experts told us were getting stockpiled by the bad guys for release on April 9 ? 

 

--JorgeA

[jaclaz]

@submix8c

@dencorso

Sure, the difference is that the average user (considered demented by MS)  is FORCED to have UAC in Vista and later.

About DEP, there are some differences in XP/2003 when compared to VIsta and later, but more than that, on XP the default is "optin" (which implies a less wide use of the feature).

 

But here we have to go back to the differences in concept between:

• vulnerability
• protection
• security

As an example, the SAM (and Windows password) is of difficult (though possible) access.

As such it is not (easily) vulnerable, and it is (relatively well) protected, but it provides NO security, as has been demonstrated by the use of very simple tools like (shameless plug ) PassPass or the whole generation of previous programs/tools to the same effect.

This is (mainly) because the "security specialists" did their best to prevent access to the existing Windows password, and "forgot" (or implemented poorly) the protection for accessing to the system.

If you prefer, they mistook the method with which they presumed the "hacker" will use (accessing/reading the existing password) with the actual goal of the "hacker" (accessing the system).

If the hacker has physical access to the keyboard (but not to the actual machine) the only thing that can prevent him/her form accessing a Windows system is the BIOS password, not much different (for the practical purpose of accessing a system of which you know not the password) from having the password written in plain text in a .ini file .

 

jaclaz

[submix8c]

The comments were not to disagree with your analyses, but with the FUD related to the Article implying that they don't even EXIST in XP, which is a flat-out lie!

 

Patching XP won’t provide the security tools introduced with Windows Vista and enhanced with Windows 7 and Windows 8.

specifically DEP and UAC. It appears to blatantly attempt to convince the Common User that those facilities don't exist. Remember, OEM's by DEFAULT set a First User up as Administrator and (as you stated) DEP is an OptIn, even in the BIOS (hardware DEP).

Edited May 4, 2014 by submix8c

[jaclaz]

Sure , but that was exactly the reason why I posted about the article, the "recognized technology expert" 

Tony Bradley is the founder and principal analyst of Bradley Strategy Group. A recognized technology expert, Bradley has authored several books and writes for leading technology publications.

 

 

seems like knowing actually nothing about the OS's he is so wisely commenting about (if not what MS marketing - not technical - department provided him with).

 

He insists on the (flawed) argument (DEP, ASLR and UAC) that he mis-represents:

Patching XP won’t provide the security tools introduced with Windows Vista and enhanced with Windows 7 and Windows 8. Security features such as Data Execution Prevention (DEP) and Address Space Layout Randomization (ASLR) can’t be backported to XP without an extraordinary amount of coding effort. (DEP and ASLR aren’t invulnerable, but they do provide additional layers of defense that significantly raise the time and effort an attacker must invest to develop a successful exploit.)

 

and for which there is no rational, practical confirmation.

 

However what I like the most is this part:

 

Tripwire security research manager Tyler Reguly recently told me, “No mainstream consumer OS has ever been supported as long as Windows XP. Look at server platforms; even Solaris 8 and AIX 5 [both released after XP] are past their end-of-life dates. Apple released OS X 10.6 [snow Leopard] in 2009 and dropped support for the OS less than five years later — less than half of the 12 years Microsoft has supported XP.”

So our cost equation isn’t limited just to Microsoft. Adding in the many hardware and software vendors tied to a PC makes the math far more complicated. If you factor in the entire Windows XP ecosystem, that $4 billion of revenue for Microsoft could be offset by many more billions spent by other vendors.

 

The reported statement by Mr. Tyler Reguly, which is - I believe - accurate in itself carries to NO consequence whatsoever, and the "So" in the following sentence makes no sense whatsoever .

 

I will make the SAME statement as Mr.Tyler Reguly, transposed to cars (instead of the usual Carpenter/Layman one).

No other car has ever been produced for as long as the Volkswagen Beetle, which has been produced substantially unchanged (and/or with minor upgrades) from 1938 until 2003. Look at trucks ^[1], the Scania 3-series and the Volvo F16 [which both started being manufactured after the VW Beetle] were replaced by newer models - respectively - in 1997 and 1993, after only 10 and 6 years of production. Ford started producing the Pinto in 1971 and production ended in 1980^[2], less than ten years, much less (roughly one 1/7th) of the 65 years of production of the VW Beetle^[3].

 

The above statement seems to me like leading (set aside the trucks off-topic) to the fact that the Beetle as a product was somehow "better" than the Pinto .

And I presume that the manufacturers producing spares and accessories for the Volkswagen Beetle had also (and BTW still have ), all in all, a "better" experience than those producing parts for the Pinto. 

 

jaclaz

 

 

^[1] Of course this makes no sense, we are talking of cars and not of trucks (or of "mainstream consumer" Operating Systems, not "server" ones)

^[2] the total amount of Pinto produced is 3,173,491

^[3] the total amount of VW Beetle produced is over 21,000,000, keeping the same, rough 1/7 ratio.

Edited May 4, 2014 by jaclaz

[Guest]

We have a winner! Someone's not aware that MS digitally signs their updates. 

[woolie]

Even though  Microsoft ended its support for Windows XP,

I suspect the intentional release of this information coinciding with headlines to

put MSFT in a kindlier and gentler posture in the public's eyes after all the events

surrounding the 'HORRORS" of the internet revealed publicly...

 

Simply put, XP users can Thank Bill Gates, el alia, for an early Christmas; or,

in the alternative, a Happy Thanksgiving... Maybe they want to make us happy and just

give back a little...

After all, They are pretty rich...

 

HAPPY HOLIDAYS...