Jump to content

XP antivirus/firewall

NotHereToPlayGames

By NotHereToPlayGames
in Windows XP

 Share

Recommended Posts


AstroSkipper

AstroSkipper

Posted
Posted (edited)
33 minutes ago, NotHereToPlayGames said:

I have not tried the Plus edition.  I assumed constant "nag screens" for the Plus versus the Free.

Good things sometimes cost something. Only death is free. And to be honest, not even that one. :buehehe:

Edited by AstroSkipper
2
Link to comment
Share on other sites
tekkaman

tekkaman

Posted
Posted

I was using Eset 5 with firewall. With a hack I was able to update definitions after XP support ended. It was updating until april 2022. I will try Kaspersky free with Outpost firewall soon because I don't like Avast. Avast makes computers slow and it can cripple the computer when you remove it.

1
Link to comment
Share on other sites
FranceBB

FranceBB

Posted
Posted (edited)
Quote

Am I blind or none of these anti-virus threads discuss actual threats? 

This is actually true, so I'm gonna try to change the trend a bit here with what we know.

Essentially, there are threats out there and they can definitely affect XP.

Unfortunately, Windows XP doesn't receive updates any longer and the threats out there can either come from a third party program installed or from a known vulnerability. Let's start with the latter.

One of the most common examples is with SMB shares. Unfortunately, Windows XP is limited to SMBv1, as we all know, and given that this is still supported by modern version of Windows (including Windows Server in companies) as a fallback, this is generally targeted by threat actors as a way to breach a system. As result, SMB has had lots of CVE in the past and luckily they've been patched, not for the "good heart of Microsoft towards XP users", but rather 'cause they were affecting Windows Server as well, which is why Microsoft is still pushing and pushing for administrators to disable them and I feel like one day they'll just stop allowing people to enable SMBv1 altogether and force the use of SMBv3.

The second most common target is, of course, RDP. Now, the RDP implementation inside XP is quite old to say the least and not only it doesn't support features like the new codecs and high frame rate (like H.264 4:4:4 encoding) etc but it also has known open CVE that will never be patched by Microsoft. Those, of course, can (and will) be exploited by threat actors.

Another security vulnerability comes from the very limited support by Windows XP in terms of encryption ciphers. As we all know, XP does support kerberos and XP Professional workstations can be added to a domain and talk to a domain controller. During the handshake XP will expose the list of the ciphers it supports and the server will "agree" on one, but the problem here is that XP only supports DES CBC and RC4 HMAC, both of which are not only outdated but have very well known security vulnerabilities. In other words, it doesn't support AES and by forcing DES or RC4 the communication with the ticket granting server and the domain controller along with the other machines connected to the network isn't really safe and threat actors can exploit those to pretend to be the user in the domain.

Last but not least, there are known vulnerabilities coming from the use of old programs and one of the main focus is on browsers. As you guys are probably aware, pretty much everything is based on Chromium and therefore this is the most attacked browser. As result, there are lots of 0 day vulnerabilities and CVE open that are generally quickly patched by the community, however, given that XP doesn't receive official updates, we're left with the risk of using browsers with known security vulnerabilities. If we add this to the fact that older, backported, version of Chromium like M92 and M108 also run with the sandbox disabled (as it was never ported by anyone), this leads to the perfect recipe to a good disaster. This, of course, isn't limited to Chromium, but it also involves other programs, for instance, there are known vulnerabilities for Adobe Acrobat Reader XI, there are known vulnerabilities for the last version of Java running on XP and so on and so forth.

 

This leads us to the question: what can you do to mitigate this?

To which, the answer is: be careful on what you do and keep an eye on the processes running.

Personally, on top of that, I like to rely on two main things:

1) Avast

2) 0Patch

The benefit of both have been vastly discussed on other topics, so I won't extend those any further, but just to recap very quickly, Avast is not just an antivirus but it plays the role of a firewall and a sandbox as well among other things, while 0patch can be used to address known vulnerabilities as a remedy for the lack of security updates.

 

Last but not least, to the question "is the Windows XP user base actually 0?" the answer is: "it depends on how that statistic is counted/interpreted".

I think that for the overwhelming majority of the people in this forum the answer would be:

"Do you have XP installed and do you use it regularly?" -> Yes

"Is XP your only system?" -> No

Edited by FranceBB
3
Link to comment
Share on other sites
jaclaz

jaclaz

Posted
Posted

Sure, the threats you listed are very dangerous, and it is very common to be exposed to them, as an example I have all the PC's at home running XP connected to my domain server to which I often RDP into from my office computer to download (from a set of NAS accessed via Samba) samples of my collection of lolcats.

The only good thing is that I don't use Acrobat Reader XL.

:whistle:

jaclaz

Link to comment
Share on other sites
Milkinis

Milkinis

Posted
Posted
2 hours ago, FranceBB said:

there are known vulnerabilities for the last version of Java running on XP and so on and so forth.

I don't bother with programs that require Java to be installed, there are good enough alternatives out there

1
Link to comment
Share on other sites
AstroSkipper

AstroSkipper

Posted
Posted
2 hours ago, FranceBB said:

Personally, on top of that, I like to rely on two main things:

...

2) 0Patch

Here is a quotation from 0patch support page:

Quote

Does 0patch add value on older Windows versions such as Windows XP or Server 2003?

mitja.kolsek - June 23, 2023 11:01

While 0patch Agent works on Windows XP and Server 2003, we issue very few patches for these older versions. For example, we've only issued 3 micropatches for Windows Server 2003: BlueKeep, EsteemAudit and CVE-2017-7269, all of which were 0days at the time and it seemed they'd remain unpatched as 2003 was long out of official support. Microsoft subsequently issued fixes for all three issues. That said, if another critical 0day comes out for an older Windows version, we'll certainly try to make a micropatch for it.

Aside from that, if you're using some Windows application that we issue a micropatch for (like for instance here, here, here, here, or here) on older Windows systems, such micropatch will be applied there too.

Cheers, AstroSkipper matrix.gif

3
Link to comment
Share on other sites
FranceBB

FranceBB

Posted
Posted (edited)

@AstroSkipper yep and as they said although the three 0 day vulnerabilities were then patched by Microsoft too, if a new 0 day vulnerability comes out they will try to patch it and I'm pretty damn sure that Microsoft won't release a patch this time around given that support ended in summer 2019. Besides, as they said, they also address vulnerabilities in other software which wouldn't necessarily be possible to update while retaining XP compatibility.

This is an example of the patches that have been actively applied to my system as I opened some programs or did some other things that required them:

Quote

 

ZP-97 VULN-2 CVE-2013-2465

Oracle Java storeImageArray function heap buffer overflow

awt.dll

ZP-98 VULN-3 CVE-2013-2473

Oracle Java Blit function heap buffer overflow

awt.dll

ZP-122 VULN-1 CVE-2013-2470

Oracle Java lookupByteBI function heap buffer overflow

awt.dll

ZP-162 VULN-10 CVE-2013-2471

Oracle Java IntegerInterleavedRaster.verify() Signed Integer Overflow

awt.dll

ZP-195 VULN-9 CVE-2013-2472

Oracle Java ShortComponentRaster.verify() Memory Corruption

awt.dll

ZP-228 VULN-8 CVE-2013-2463

Oracle Java BytePackedRaster.verify() Signed Integer Overflow

awt.dll

ZP-353 VULN-4852 CVE-2018-20250

RARLAB WinRAR ACE Path Traversal Remote Code Execution

UNACEV2.DLL

ZP-370 VULN-2622 CVE-2017-0176

Microsoft Windows RDP Remote Code Execution (EsteemAudit)

gpkcsp.dll

ZP-372 VULN-5058 CVE-2019-0708

Microsoft Remote Desktop Services Remote Code Execution - "BlueKeep"

rdpwsx.dll

 

 

As you can see, it kept me safe from known CVE in Java, WinRAR and RDP. There are other patches there which have never been applied, but still, it's nice to have and although I'm using the Pro version you can safely use the free version too which is a very valid alternative.

6 hours ago, jaclaz said:

Sure, the threats you listed are very dangerous, and it is very common to be exposed to them

Well, although a home user won't probably be exposed to some of them, we gotta keep in mind that Windows XP derived OS are still widespread everywhere mostly 'cause they were tied to hardware in embedded systems and also 'cause they were running software that would otherwise be incompatible with newer version of Windows. As result, it's not really uncommon for companies to still have Windows XP / Windows Embedded or Windows Server machines still up and running, either on bare metal or on VMs. In a business context those can be very valid points.

Edited by FranceBB
1
Link to comment
Share on other sites
jaclaz

jaclaz

Posted
Posted
11 hours ago, FranceBB said:

Well, although a home user won't probably be exposed to some of them, we gotta keep in mind that Windows XP derived OS are still widespread everywhere mostly 'cause they were tied to hardware in embedded systems and also 'cause they were running software that would otherwise be incompatible with newer version of Windows. As result, it's not really uncommon for companies to still have Windows XP / Windows Embedded or Windows Server machines still up and running, either on bare metal or on VMs. In a business context those can be very valid points.

Sure, but those businesses should (in theory) have experts capable of mitigating them, no need to (further) scare to death common users about vulnerabiliities they won't ever experience (simply because they don't use the affected services/programs).

If we want to scare them, as general advice, we have the  (evergreen) opinion by Armand Gracious ;):

https://www.dedoimedo.com/computers/experts.html

jaclaz

4
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...