Jump to content

Windows XP security after POS Ready 2009 updates cease


sparty411

Recommended Posts

So, aside from presumably having a an actively maintained web browser, us XP users will be left out in the cold, come April of 2019. How dangerous will it be to continue using this aging operating system online? Will a router firewall, and up to date web browser be enough?

Link to comment
Share on other sites


Depends on how you configure firewall, how you use your system and with who you share it.

I personally hope that rumours of post-POSReady EOL XP updates will be real and there will be a way to lay my hands on them :w00t:

Link to comment
Share on other sites

Well, it won't become less secure ... the risk, as always, is that someone will discover and exploit a vulnerability that was always there.

So I'd keep an eye on security fixes for the nearest supported OS (probably Server 2008). Any vulnerabilities discovered in that are probably in XP also. Usually M$ gives an assessment of what it would take for an attacker to successfully exploit a new vulnerability. A lot of times it turns out to require physical access to the PC; most of us needn't worry about those (unless we're using XP machines at work!)

If an over-the-network vulnerability is discovered, we could probably just block the affected port with Windows Firewall, unless it's something we really need.

Link to comment
Share on other sites

42 minutes ago, Mathwiz said:

Well, it won't become less secure ... the risk, as always, is that someone will discover and exploit a vulnerability that was always there.

So I'd keep an eye on security fixes for the nearest supported OS (probably Server 2008). Any vulnerabilities discovered in that are probably in XP also. Usually M$ gives an assessment of what it would take for an attacker to successfully exploit a new vulnerability. A lot of times it turns out to require physical access to the PC; most of us needn't worry about those (unless we're using XP machines at work!)

If an over-the-network vulnerability is discovered, we could probably just block the affected port with Windows Firewall, unless it's something we really need.

Interesting. I don't understand why so much FUD is projected, in regards to XP's security. It's almost like some people get off on it. Truly perplexing. Considering the amount of software that is available for the Windows XP platform, I see little reason to upgrade in the near future. GNU/Linux is a viable alternative to XP, but even abandoned proprietary software is often times objectively better than whatever GNU has to offer.

Link to comment
Share on other sites

3 hours ago, Mcinwwl said:

Depends on how you configure firewall...

I wasn't aware of much in the way of settings other than default configuration for the XP firewall. Maybe restore defaults; untick exceptions; and 'don't allow exceptions'. Are there ways to beef up the existing one, or do you recommend using a 3rd party firewall solution to replace (and disable) the existing one completely?

Edited by sal here
edit
Link to comment
Share on other sites

The OS has nothing to do with browsing the web securely, that is the job of the browser you are using.  Unless you are using internet explorer which is integrated into the Operating system.  Your best bet is to use a prgram like Sandboxie and then sanbox your webbrowser inside a sandbox so it has no integration with the operating system at all.  Then any other security problems are on the user yourself.

 

That means if you download something and run it like an id*** than that is your fault not the operating systems,

Link to comment
Share on other sites

8 hours ago, caliber said:

That's why M$ bought Github. I'm waiting for the remastered open source XP. :w00t:

You mean ReactOS? You can try it, but it's nowhere close to a proper fully functional and updated OS, as its compatibility is Windows 2000/Windows XP, while it should really be at least Win7 to be considered functional these days. Anyway, I do understand that it's really difficult for developers to develop ReactOS without infringing any copyright, that's why it's very much based on Linux implementations like Mono and Wine that have been developed for years, but are still far from being perfect.

12 hours ago, sparty411 said:

So, aside from presumably having a an actively maintained web browser, us XP users will be left out in the cold, come April of 2019. How dangerous will it be to continue using this aging operating system online? Will a router firewall, and up to date web browser be enough?

An antivirus software that does its job is required as well. Whenever other people connect to your computer for any kind of reasons (like p2p) or whenever you visit a new website that you don't know or whenever one of your friends/coworker/family members/existing human being plugs in a USB Stick/Hard Drive there's a chance you can get infected. I strongly suggest you Avast, which will cover up any eventual new security issue, but keep in mind that an antivirus is not a cure for security vulnerabilities: if a new vulnerability is found and support is over, it will never be patched, which means that the Antivirus will try to block any threat that tries to use that vulnerability, but if it doesn't, the threat will successfully exploit it.

11 hours ago, Mcinwwl said:

Depends on how you configure firewall, how you use your system and with who you share it.

I personally hope that rumours of post-POSReady EOL XP updates will be real and there will be a way to lay my hands on them :w00t:

There are rumours about the Microsoft Premium Support program. This type of support is aimed to keep businesses secure with constant support from Microsoft engineers and updates for the products used (to a certain extent). Will it include Windows XP and Server 2003 machines? It's likely Microsoft will continue to support XP and its derivatives as they are already supporting it (remember that businesses using XP weren't able to apply the POSReady registry entry and they are paying Microsoft for the Premium Support). 

In a nutshell:

- Will Microsoft still support XP?

Yes, it's very likely they will via their Premium Support program.

- How much will it cost?

You can ask Microsoft yourself by requesting a price quotation for your business at Microsoft, but it seems that it's going to be around $15000 per year.

- Can a private and not a business apply?

I have no idea, ask Microsoft.

- Is it worth it?

For private people who don't own a company like us, I think it's not.

- Are there going to be exceptions?

There might be exceptions if the security vulnerability found is really important and they might release an update for us all for free as they did for WannaCry. (But this is my assumption, so there's no guarantee they will).

- Is there a chance that updates will be leaked by a hero wearing a cape?

Very unlikely, as it would mean the immediate loss of support by Microsoft, a significant fee and prosecution. Nobody would be so stupid to risk it and even if some miracle patch appears by someone unknown, would you trust it? (I wouldn't).

 

 

Last but not least, the main problem for XP users will be the compatibility with newer protocols like TLS 1.3, certificate handling like ECC, the new version of the .NET Framework, the .NET Core and so on. These are highly unlikely they'll ever be ported on XP, despite the fact that Microsoft said that they were working on supporting ECC months ago, but they kept it quiet and they didn't really talk about it, which makes me think that something went wrong down the road. I'm an encoder and a developer myself and I find incredibly difficult to support XP nowadays unless you are using C++ or using old version of a programming language like C#. For instance, I generally develop Windows programmes in C# using Windows Form and targeting .NET Framework 4, which is XP compatible, but not only new features of C# and SQL don't support XP, Microsoft doesn't even encourage to develop using it anymore as it wants you to use UWP with C# and XAML, using the .NET Core and Blend (for design) for cross platform compatibility at the expense of breaking compatibility with old version of Windows 10 (Legacy Windows like Win8.1 and lower are not supported). I've been recently asked to develop a programme this way so that they were able to distribute it as an App for tablets and phones. What about XP? Well, it will die a slow death as you will still be able to use it up to a point in which it will become unusable as nothing will work on it and even opening a simple internet page will almost be impossible.

Edited by FranceBB
Link to comment
Share on other sites

15 hours ago, sparty411 said:

So, aside from presumably having a an actively maintained web browser, us XP users will be left out in the cold, come April of 2019. How dangerous will it be to continue using this aging operating system online? Will a router firewall, and up to date web browser be enough?

 

Probably yes but why risk it?

With my PC with XP I want to be able to use my bank online in security.

My Security Setup:

Windows XP Home
Windows Firewall
AdGuard DNS 1°- CloudFlare DNS 2°
PsExec
DEP Always ON
Trick POSReady 2009
Black Viper's List
No NET Installed
SMB Protocol Disabled
MBAE Premium v. 90
OSArmor v.1.4

New Moon (Pale Moon fork for XP) - Custom Setting About:Config
UBO
UBO Updater
NoScript
HTTPS Always 
Self-Destructing Cookie
Decentraleyes
No Resource URI Leak
Super Start Speed Dial
 

Link to comment
Share on other sites

On 1/3/2019 at 7:07 PM, sparty411 said:

GNU/Linux is a viable alternative to XP, but even abandoned proprietary software is often times objectively better than whatever GNU has to offer.

That's why I recommend using both. I haven't used any version of Windows as my main OS since December 2005. I have Windows 2000, Windows XP, and Windows 8.1 all running in VMs (I use VirtualBox). One of the advantages of doing this is that I don't have to use Windows 8.1 any more than necessary, which is good because I don't like using it. I'd much rather use Windows XP. I also don't have to worry about looking for newer hardware that is still compatible with Windows XP since I'm not trying to run it on "bare metal".

Phil

 

Link to comment
Share on other sites

2 hours ago, pcalvert said:

That's why I recommend using both. I haven't used any version of Windows as my main OS since December 2005. I have Windows 2000, Windows XP, and Windows 8.1 all running in VMs (I use VirtualBox). One of the advantages of doing this is that I don't have to use Windows 8.1 any more than necessary, which is good because I don't like using it. I'd much rather use Windows XP. I also don't have to worry about looking for newer hardware that is still compatible with Windows XP since I'm not trying to run it on "bare metal".

Phil

 

 That's a good solution. I run Arch as my main system, but if I was still on XP or needed to use it, I could very well do that. I have an old machine I might turning into an XP machine just for fun as a side project and see where it leads me.

Link to comment
Share on other sites

Even if april 9th will come i wont be worried.Why? Because i have a fully up to date antivirus, up to date browser programs and mainly XP might be more secure then 10 since 10 has more holes then Windows XP ;). Like they patched  39 holes on december? or november? in windows 10! Even XP doesnt had that much holes!

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...