NotHereToPlayGames Posted August 14, 2023 Author Posted August 14, 2023 I have not tried the Plus edition. I assumed constant "nag screens" for the Plus versus the Free. But it also falls under one of those things I will "experiment" with but not keep. The LESS running in the background the BETTER.
AstroSkipper Posted August 14, 2023 Posted August 14, 2023 (edited) 33 minutes ago, NotHereToPlayGames said: I have not tried the Plus edition. I assumed constant "nag screens" for the Plus versus the Free. Good things sometimes cost something. Only death is free. And to be honest, not even that one. Edited August 14, 2023 by AstroSkipper 2
NotHereToPlayGames Posted August 14, 2023 Author Posted August 14, 2023 Agreed. But... um... I'm not going to pay for something that I know up front is just an "experiment". 1
tekkaman Posted August 14, 2023 Posted August 14, 2023 I was using Eset 5 with firewall. With a hack I was able to update definitions after XP support ended. It was updating until april 2022. I will try Kaspersky free with Outpost firewall soon because I don't like Avast. Avast makes computers slow and it can cripple the computer when you remove it. 1
AstroSkipper Posted August 14, 2023 Posted August 14, 2023 1 hour ago, NotHereToPlayGames said: Agreed. But... um... I'm not going to pay for something that I know up front is just an "experiment". No problem! What can I say more than this? 2
FranceBB Posted August 14, 2023 Posted August 14, 2023 (edited) Quote Am I blind or none of these anti-virus threads discuss actual threats? This is actually true, so I'm gonna try to change the trend a bit here with what we know. Essentially, there are threats out there and they can definitely affect XP. Unfortunately, Windows XP doesn't receive updates any longer and the threats out there can either come from a third party program installed or from a known vulnerability. Let's start with the latter. One of the most common examples is with SMB shares. Unfortunately, Windows XP is limited to SMBv1, as we all know, and given that this is still supported by modern version of Windows (including Windows Server in companies) as a fallback, this is generally targeted by threat actors as a way to breach a system. As result, SMB has had lots of CVE in the past and luckily they've been patched, not for the "good heart of Microsoft towards XP users", but rather 'cause they were affecting Windows Server as well, which is why Microsoft is still pushing and pushing for administrators to disable them and I feel like one day they'll just stop allowing people to enable SMBv1 altogether and force the use of SMBv3. The second most common target is, of course, RDP. Now, the RDP implementation inside XP is quite old to say the least and not only it doesn't support features like the new codecs and high frame rate (like H.264 4:4:4 encoding) etc but it also has known open CVE that will never be patched by Microsoft. Those, of course, can (and will) be exploited by threat actors. Another security vulnerability comes from the very limited support by Windows XP in terms of encryption ciphers. As we all know, XP does support kerberos and XP Professional workstations can be added to a domain and talk to a domain controller. During the handshake XP will expose the list of the ciphers it supports and the server will "agree" on one, but the problem here is that XP only supports DES CBC and RC4 HMAC, both of which are not only outdated but have very well known security vulnerabilities. In other words, it doesn't support AES and by forcing DES or RC4 the communication with the ticket granting server and the domain controller along with the other machines connected to the network isn't really safe and threat actors can exploit those to pretend to be the user in the domain. Last but not least, there are known vulnerabilities coming from the use of old programs and one of the main focus is on browsers. As you guys are probably aware, pretty much everything is based on Chromium and therefore this is the most attacked browser. As result, there are lots of 0 day vulnerabilities and CVE open that are generally quickly patched by the community, however, given that XP doesn't receive official updates, we're left with the risk of using browsers with known security vulnerabilities. If we add this to the fact that older, backported, version of Chromium like M92 and M108 also run with the sandbox disabled (as it was never ported by anyone), this leads to the perfect recipe to a good disaster. This, of course, isn't limited to Chromium, but it also involves other programs, for instance, there are known vulnerabilities for Adobe Acrobat Reader XI, there are known vulnerabilities for the last version of Java running on XP and so on and so forth. This leads us to the question: what can you do to mitigate this? To which, the answer is: be careful on what you do and keep an eye on the processes running. Personally, on top of that, I like to rely on two main things: 1) Avast 2) 0Patch The benefit of both have been vastly discussed on other topics, so I won't extend those any further, but just to recap very quickly, Avast is not just an antivirus but it plays the role of a firewall and a sandbox as well among other things, while 0patch can be used to address known vulnerabilities as a remedy for the lack of security updates. Last but not least, to the question "is the Windows XP user base actually 0?" the answer is: "it depends on how that statistic is counted/interpreted". I think that for the overwhelming majority of the people in this forum the answer would be: "Do you have XP installed and do you use it regularly?" -> Yes "Is XP your only system?" -> No Edited August 14, 2023 by FranceBB 3
jaclaz Posted August 14, 2023 Posted August 14, 2023 Sure, the threats you listed are very dangerous, and it is very common to be exposed to them, as an example I have all the PC's at home running XP connected to my domain server to which I often RDP into from my office computer to download (from a set of NAS accessed via Samba) samples of my collection of lolcats. The only good thing is that I don't use Acrobat Reader XL. jaclaz
Milkinis Posted August 14, 2023 Posted August 14, 2023 2 hours ago, FranceBB said: Essentially, there are threats out there and they can definitely affect XP. XP hardware with official drivers support is not affected by this threat https://downfall.page/
Milkinis Posted August 14, 2023 Posted August 14, 2023 2 hours ago, FranceBB said: there are known vulnerabilities for the last version of Java running on XP and so on and so forth. I don't bother with programs that require Java to be installed, there are good enough alternatives out there 1
AstroSkipper Posted August 14, 2023 Posted August 14, 2023 2 hours ago, FranceBB said: Personally, on top of that, I like to rely on two main things: ... 2) 0Patch Here is a quotation from 0patch support page: Quote Does 0patch add value on older Windows versions such as Windows XP or Server 2003? mitja.kolsek - June 23, 2023 11:01 While 0patch Agent works on Windows XP and Server 2003, we issue very few patches for these older versions. For example, we've only issued 3 micropatches for Windows Server 2003: BlueKeep, EsteemAudit and CVE-2017-7269, all of which were 0days at the time and it seemed they'd remain unpatched as 2003 was long out of official support. Microsoft subsequently issued fixes for all three issues. That said, if another critical 0day comes out for an older Windows version, we'll certainly try to make a micropatch for it. Aside from that, if you're using some Windows application that we issue a micropatch for (like for instance here, here, here, here, or here) on older Windows systems, such micropatch will be applied there too. Cheers, AstroSkipper 3
FranceBB Posted August 14, 2023 Posted August 14, 2023 (edited) @AstroSkipper yep and as they said although the three 0 day vulnerabilities were then patched by Microsoft too, if a new 0 day vulnerability comes out they will try to patch it and I'm pretty damn sure that Microsoft won't release a patch this time around given that support ended in summer 2019. Besides, as they said, they also address vulnerabilities in other software which wouldn't necessarily be possible to update while retaining XP compatibility. This is an example of the patches that have been actively applied to my system as I opened some programs or did some other things that required them: Quote ZP-97 VULN-2 CVE-2013-2465 Oracle Java storeImageArray function heap buffer overflow awt.dll ZP-98 VULN-3 CVE-2013-2473 Oracle Java Blit function heap buffer overflow awt.dll ZP-122 VULN-1 CVE-2013-2470 Oracle Java lookupByteBI function heap buffer overflow awt.dll ZP-162 VULN-10 CVE-2013-2471 Oracle Java IntegerInterleavedRaster.verify() Signed Integer Overflow awt.dll ZP-195 VULN-9 CVE-2013-2472 Oracle Java ShortComponentRaster.verify() Memory Corruption awt.dll ZP-228 VULN-8 CVE-2013-2463 Oracle Java BytePackedRaster.verify() Signed Integer Overflow awt.dll ZP-353 VULN-4852 CVE-2018-20250 RARLAB WinRAR ACE Path Traversal Remote Code Execution UNACEV2.DLL ZP-370 VULN-2622 CVE-2017-0176 Microsoft Windows RDP Remote Code Execution (EsteemAudit) gpkcsp.dll ZP-372 VULN-5058 CVE-2019-0708 Microsoft Remote Desktop Services Remote Code Execution - "BlueKeep" rdpwsx.dll As you can see, it kept me safe from known CVE in Java, WinRAR and RDP. There are other patches there which have never been applied, but still, it's nice to have and although I'm using the Pro version you can safely use the free version too which is a very valid alternative. 6 hours ago, jaclaz said: Sure, the threats you listed are very dangerous, and it is very common to be exposed to them Well, although a home user won't probably be exposed to some of them, we gotta keep in mind that Windows XP derived OS are still widespread everywhere mostly 'cause they were tied to hardware in embedded systems and also 'cause they were running software that would otherwise be incompatible with newer version of Windows. As result, it's not really uncommon for companies to still have Windows XP / Windows Embedded or Windows Server machines still up and running, either on bare metal or on VMs. In a business context those can be very valid points. Edited August 14, 2023 by FranceBB 1
jaclaz Posted August 15, 2023 Posted August 15, 2023 11 hours ago, FranceBB said: Well, although a home user won't probably be exposed to some of them, we gotta keep in mind that Windows XP derived OS are still widespread everywhere mostly 'cause they were tied to hardware in embedded systems and also 'cause they were running software that would otherwise be incompatible with newer version of Windows. As result, it's not really uncommon for companies to still have Windows XP / Windows Embedded or Windows Server machines still up and running, either on bare metal or on VMs. In a business context those can be very valid points. Sure, but those businesses should (in theory) have experts capable of mitigating them, no need to (further) scare to death common users about vulnerabiliities they won't ever experience (simply because they don't use the affected services/programs). If we want to scare them, as general advice, we have the (evergreen) opinion by Armand Gracious : https://www.dedoimedo.com/computers/experts.html jaclaz 4
AstroSkipper Posted August 15, 2023 Posted August 15, 2023 9 minutes ago, jaclaz said: If we want to scare them, as general advice, we have the (evergreen) opinion by Armand Gracious : https://www.dedoimedo.com/computers/experts.html Did he speak to us from the future? Quote Experts say ... Posted by Armand Gracious: August 18, 2027, 13:33 1
NotHereToPlayGames Posted August 15, 2023 Author Posted August 15, 2023 (edited) 2 minutes ago, AstroSkipper said: Did he speak to us from the future? Long-standing joke. You're not an insider if you don't understand. Edited August 15, 2023 by NotHereToPlayGames
AstroSkipper Posted August 15, 2023 Posted August 15, 2023 32 minutes ago, NotHereToPlayGames said: Long-standing joke. You're not an insider if you don't understand. Obviously not! Enlighten me! 1
Recommended Posts
Please sign in to comment
You will be able to leave a comment after signing in
Sign In Now