Welcome to the Invelos forums. Please read the forum rules before posting.

Read access to our public forums is open to everyone. To post messages, a free registration is required.

If you have an Invelos account, sign in to post.

    Invelos Forums->General: General Discussion Page: 1 2  Previous   Next
how many of us are still using MIcrosoft Windows XP?
Author Message
DVD Profiler Unlimited RegistrantStar Contributorrdodolak
Registered: March 18, 2007
Reputation: Superior Rating
United States Posts: 1,637
Posted:
PM this userView this user's DVD collectionDirect link to this postReply with quote
Quoting Kulju:
Quote:
If you are using Windows 8 there's no need for 3dr party VMware or Oracle virtualization tools since Win8 includes Hyper-V. You can use Free MS tool Disk2vhd for Physical to Virtual conversion.


Apparently it also runs on the following operating systems:

Client: Windows XP SP2 and higher.
Server: Windows Server 2003 and higher.
DVD Profiler Unlimited RegistrantStar ContributorKulju
Registered: March 14, 2007
Finland Posts: 2,337
Posted:
PM this userView this user's DVD collectionDirect link to this postReply with quote
Quoting Grendell:
Quote:
Quoting Kulju:
Quote:
If you wan't to keep it running without problems you should disconnect it from network today. Crackers have been waiting for this day for a long time and they have a list of security vulnerabilities not known by MS and tools for exploiting them ready. They have been prepairing at least for a year for this day.


lmao


So you don't think it's true? That's your problem.
DVD Profiler Unlimited RegistrantStar ContributorKulju
Registered: March 14, 2007
Finland Posts: 2,337
Posted:
PM this userView this user's DVD collectionDirect link to this postReply with quote
Quoting rdodolak:
Quote:
Quoting Kulju:
Quote:
If you are using Windows 8 there's no need for 3dr party VMware or Oracle virtualization tools since Win8 includes Hyper-V. You can use Free MS tool Disk2vhd for Physical to Virtual conversion.


Apparently it also runs on the following operating systems:

Client: Windows XP SP2 and higher.
Server: Windows Server 2003 and higher.


What do you mean? Neather of those OS' have Hyper-V feature. Yes, you can install RSAT tools in them which includes Hyper-V manager, but that's a different component.
DVD Profiler Unlimited RegistrantStar ContributorKulju
Registered: March 14, 2007
Finland Posts: 2,337
Posted:
PM this userView this user's DVD collectionDirect link to this postReply with quote
Quoting Lewis_Prothero:
Quote:
but this is scaremongering, nothing more.

No, it's not.
Quote:
Granted, XP (like any other software) has vulnerabilities that the manufacturer isn't even aware of, which are nevertheless well known to hackers and crackers.

Yes, and during last few moths, maybe a year if you have found one and would like to exploit it, it has been smarter to wait untill XP support has ended than show your hand right away. Same principle as in hacker contests. They don't start searching possible vulnerabilities when the competition start. They have done their homework beforehand and just exploit the vulnerability they have discover earlier. That's how it's possible to crack browser/OS in seconds in these competitions and that's a reason why, for example Google have started to pay a fee for each found vulnerability brought to their attention. No need to wait a "payday" untill next competition or sell it for illegal purposes. They get paid by Google right away.

Quote:
But assuming that a hoard of crackers will now go on the hunt for XP-systems, just because M$ isn't releasing updates anymore is ... (for want of a better word) unrealistic.
The hunt was on the day the first public beta was released, but this is true for any OS, and the more users a software has the more interesting it becomes for hackers.
That's why OSs like Linux, MacOS, etc are considered to be "safe", which in this case doesn't mean "without vulnerabilities", but only "uninteresting for criminal exploits" due to a too low market-share
.

There are still more XP-systems than Vista, Win8 and Win8.1 combined together. That's market-share enough.

Quote:
Taking into consideration that M$ needs (at an average) about two months from finding a leak to releasing the fix


Source?

Quote:
there is/was no reason to wait until EoL.


Of course there is, unless your stupid. (general cracker you )

Quote:
It's not as if M$ found that many leaks on their own, and when the knowledge finally struck them those leaks (incl. exploits) were quite known to interested circles for a long time.


Umm, that's kind of my point. Keep every one in dark untill no support. Better you keep your mouth shut, better the profit.

Quote:
All in All online-life has many similarities to real-life: There are areas that when visited have an elevated risk-level, other areas are quite safe, NOWHERE is totally safe.
Or in other words:
There is only one way for your computer to be entirely safe: Pull the CPU from the socket.


Yes, but  using a supported OS is like wearing a helmet. It doesn't make you immortal, but much less vulnerable.

Quote:
I dare to predict that in about 3 years WinXP will be among the "safest" OSs.

And the time between present and that 3 years it's the most unsafe. Your point (if there is one) is ridiculous.
DVD Profiler Unlimited RegistrantStar ContributorKulju
Registered: March 14, 2007
Finland Posts: 2,337
Posted:
PM this userView this user's DVD collectionDirect link to this postReply with quote
Quoting scotthm:
Quote:

On the other hand, the best way to make it relatively safe is to stop using XP.

It's safe to use XP. Just don't connect it to network. As told earlier in this thread if you must have  XP, just virtualize it under modern OS and disable network adapter.
DVD Profiler Unlimited RegistrantStar ContributorKulju
Registered: March 14, 2007
Finland Posts: 2,337
Posted:
PM this userView this user's DVD collectionDirect link to this postReply with quote
Quoting widescreenforever:
Quote:
We all have heard about the dreaded April 8th date for a year now .. and this Tuesday that date will have arrived ... 

Free support ends April-8-2014. Not support in general.

For example:
Microsoft in 1-year Windows XP survival deal with UK govt

Quote:
Heard yesterday that the worlds Operating systems are still 71% using Windows XP ..  !


Not true, this a bit more up-to-date (last 3 months)
 Last edited: by Kulju
DVD Profiler Unlimited RegistrantStar ContributorLewis_Prothero
Strength Through Unity
Registered: May 19, 2007
Reputation: Superior Rating
Germany Posts: 6,730
Posted:
PM this userView this user's DVD collectionDirect link to this postReply with quote
Quoting Kulju:
Quote:
Quoting Lewis_Prothero:
Quote:
All in All online-life has many similarities to real-life: There are areas that when visited have an elevated risk-level, other areas are quite safe, NOWHERE is totally safe.
Or in other words:
There is only one way for your computer to be entirely safe: Pull the CPU from the socket.


Yes, but  using a supported OS is like wearing a helmet. It doesn't make you immortal, but much less vulnerable.

This would be true if the patch would be released BEFORE the leak gets known (and exploited) by criminal elements.
Putting on a helmet after you crashed is usually of no help.

XP is not supported anymore!
So what?
XP from today on is not safer or unsafer than it was yesterday.
It has been (just like any M$ software) under attack from day 1 of its public availability and this attack will continue until the market-share will sink below significancy.

Saying something different is scaremongering.

XP is vulnerable!
So what?
Any software that has some complexity is vulnerable.
Get a decent security software (which, of course, is vulnerable too) and feel safer (mind you, you not actually are safer. You just stuff one hole by tearing up another).
Implement a hardware-firewall (which, of course, is vulnerable too) and add something to the feeling.

But to abandon XP in favour of one of its descendants will add no security at all, as long as you don't take additional measures, which, strange but true, would put XP on a comparable security level.

The Top10 of the Most Vulnerable Software, currently has Microsoft products (lead by the highly praised Win8 with 156 new leaks in 2013 compared to "only" 99 for XP) on the first five ranks followed by Adobe and Oracle (Java!).

Now tell me, is this because the programs actually have more leaks, or simply because they are so wide-spread?

There are reasons to not install XP on new machines (which basically boil down to hardware compatibility), but there is absolutely no reason to purchase a new OS for an old machine.
It all seems so stupid, it makes me want to give up!
But why should I give up, when it all seems so stupid?


Registrant since 05/22/2003
 Last edited: by Lewis_Prothero
DVD Profiler Unlimited RegistrantGrendell
One disc at a time...
Registered: May 8, 2007
United States Posts: 823
Posted:
PM this userView this user's DVD collectionDirect link to this postReply with quote
Quoting Kulju:
Quote:
Quoting Lewis_Prothero:
Quote:
but this is scaremongering, nothing more.

No, it's not.


Not really about XP specifically but the same principles apply.

99.9% of all cat plans consist only of "Step 1."
DVD Profiler Unlimited RegistrantStar ContributorKulju
Registered: March 14, 2007
Finland Posts: 2,337
Posted:
PM this userView this user's DVD collectionDirect link to this postReply with quote
Quoting Lewis_Prothero:
Quote:
The Top10 of the Most Vulnerable Software, currently has Microsoft products (lead by the highly praised Win8 with 156 new leaks in 2013 compared to "only" 99 for XP) on the first five ranks followed by Adobe and Oracle (Java!).

Now tell me, is this because the programs actually have more leaks, or simply because they are so wide-spread?


Maybe you should read that Secunia report first before you use it as a reference. Programs in that table are ranked by market share, not by the amount of vulnerabilites! For example Microsoft Visual C++ is on rank #6 because it has market share of 95.5%, not because it had 0 vulnerabilites on that period. If you rank them by the amount of vulnerabilites the top 10 would be:

Mozilla Firefox (270)
Google Chrome (245)
Oracle Java (181)
MS Internet Explorer (126)
Adobe Reader (67)
Apple iTunes (66)
Adobe Flash Player (56)
Adobe Air (51)
MS .NET Framework (18)
MS Word (17)
DVD Profiler Unlimited RegistrantStar ContributorKulju
Registered: March 14, 2007
Finland Posts: 2,337
Posted:
PM this userView this user's DVD collectionDirect link to this postReply with quote
Quoting Grendell:
Quote:

Not really about XP specifically but the same principles apply.

I don't know which priciples you mean since that clip didn't have anything to do with this conversation, but if you wan't to stay as secure as possible with Windows OS connected to network:

#1. The MOST important. NEVER use use your computer with administrative privileges.
#2. Keep your OS and Software up-to-date
 Last edited: by Kulju
DVD Profiler Unlimited RegistrantStar ContributorKulju
Registered: March 14, 2007
Finland Posts: 2,337
Posted:
PM this userView this user's DVD collectionDirect link to this postReply with quote
Quoting Lewis_Prothero:
Quote:
This would be true if the patch would be released BEFORE the leak gets known (and exploited) by criminal elements.
Putting on a helmet after you crashed is usually of no help.

Yes, you should patch your computer before it will get exploited. Not all computers in the world get exploited on that second when an exploit is found. It's a bit difficult to patch if there are no patches available due the end of support. From the same article you referenced "Secunia found only 10 zero-day vulnerabilities, which are those actively being exploited that don’t have a patch, in its top 50 portfolio."

Quote:
XP is not supported anymore!
So what?

If there is a security vulnerability it won't get patched.

Quote:
XP from today on is not safer or unsafer than it was yesterday

Until first public exploit surfaces. Seriously, you don't see any diffences in these two scenarios:
#1. I leave my apartment door unlocked
#2. I leave my apartment door unlocked and post on Facebook that I live in xxxx and my apartment door is unlocked and I'm not gonna use the lock anymore. BTW, I'm not home in next 6 months.

If you think that there aren't any security vulnerabilities in XP you're so naive that I really hope you don't adminstrate any computer systems.

Quote:
It has been (just like any M$ software) under attack from day 1 of its public availability and this attack will continue until the market-share will sink below significancy.

Yes, but newer than XP will probably get fixed. Again quote from same article "Eighty-six percent of the vulnerabilities found in the top 50 software products had a patch available on the day the vulnerability was disclosed". This not the case with XP any more.

Quote:
XP is vulnerable!
So what?
Any software that has some complexity is vulnerable.

This doesn't even deserve comment. Explained umpteenth times.

Quote:
Get a decent security software (which, of course, is vulnerable too) and feel safer (mind you, you not actually are safer. You just stuff one hole by tearing up another).
Implement a hardware-firewall (which, of course, is vulnerable too) and add something to the feeling.


So based on this logic you shouldn't do anything?

Quote:
But to abandon XP in favour of one of its descendants will add no security at all, as long as you don't take additional measures, which, strange but true, would put XP on a comparable security level.


No it doesn't.

Quote:
There are reasons to not install XP on new machines (which basically boil down to hardware compatibility),


To not install? Yes, one would be the lack of support.

Quote:
but there is absolutely no reason to purchase a new OS for an old machine.

Yes there is. A lack of XP support. These cracked old systems aren't just a problem for a person who own that particular computer. Botnets are problem for all of us.
DVD Profiler Unlimited RegistrantStar ContributorLewis_Prothero
Strength Through Unity
Registered: May 19, 2007
Reputation: Superior Rating
Germany Posts: 6,730
Posted:
PM this userView this user's DVD collectionDirect link to this postReply with quote
Quoting Kulju:
Quote:
Quoting Lewis_Prothero:
Quote:
The Top10 of the Most Vulnerable Software, currently has Microsoft products (lead by the highly praised Win8 with 156 new leaks in 2013 compared to "only" 99 for XP) on the first five ranks followed by Adobe and Oracle (Java!).

Now tell me, is this because the programs actually have more leaks, or simply because they are so wide-spread?


Maybe you should read that Secunia report first before you use it as a reference. Programs in that table are ranked by market share, not by the amount of vulnerabilites!


You were in the wrong chart then.
I was in the one that showed where you could see the actual recent (2013) activities of cracking.

1) Win8 156 new leaks (+exploits) found in 2013
2) Win7 102 new leaks (+exploits) found in 2013
3) WinXP 99 new leaks (+exploits) found in 2013

So quite obviously the most cracking activities currently are for the newer OSs (which to me comes as no surprise).
Quote:
If you think that there aren't any security vulnerabilities in XP you're so naive that I really hope you don't adminstrate any computer systems.

???
When exactly did I say that?
As far as I recall I always wrote that XP, of course, has vulnerabilities (just like any other software).

I just don't see the necessity to panic just because M$ ended the support.

Quote:
Quote:
but there is absolutely no reason to purchase a new OS for an old machine.

Yes there is. A lack of XP support. These cracked old systems aren't just a problem for a person who own that particular computer. Botnets are problem for all of us.

So you are trying to tell me that I should upgrade my customers Pentium 4 with Win8?
Or would you prefer me to replace it with a newer machine even though the old machine is quite healthy and completely suffices my customer's needs?

That leaves me with the question if you are an employee of either Microsoft or Dell?

And if you believe and/or try to make others believe that the problem of botnets is limited to WinXP installation you are even more naive than you think I am.

Quote:
Quote:
Get a decent security software (which, of course, is vulnerable too) and feel safer (mind you, you not actually are safer. You just stuff one hole by tearing up another).
Implement a hardware-firewall (which, of course, is vulnerable too) and add something to the feeling.


So based on this logic you shouldn't do anything?


In fact it's what results from your logic.
I should retire WinXP machines regardless of whichever other security-solutions I may have?
Just because the manufacturer of the OS ended the support?
Any IT-professional relying on security patches to actually secure a network he is responsible for should be fired immediately.

And to be precise:
The problem is NOT WinXP, the problem are its defaults.
By default any Microsoft OS is a security leak.
If you don't do anything about it, you are inviting criminal elements into your local environment and this is entirely independend from a manufacturer's support.
It has something to do with maintenance, a concept that seemingly is unheard of in the sales-department.

This may come as a surprise for you, but the end of support is not the end of the world.
It all seems so stupid, it makes me want to give up!
But why should I give up, when it all seems so stupid?


Registrant since 05/22/2003
 Last edited: by Lewis_Prothero
DVD Profiler Unlimited RegistrantStar ContributorKulju
Registered: March 14, 2007
Finland Posts: 2,337
Posted:
PM this userView this user's DVD collectionDirect link to this postReply with quote
Quoting Lewis_Prothero:
Quote:
You were in the wrong chart then.
I was in the one that showed where you could see the actual recent (2013) activities of cracking.

1) Win8 156 new leaks (+exploits) found in 2013
2) Win7 102 new leaks (+exploits) found in 2013
3) WinXP 99 new leaks (+exploits) found in 2013


Which chart are you talking about exactly? I cannot find any Top 10 ranking or a chart which ranks MS products first then followed by Adobe and Oracle. Are we reading same paper "Secunia Vulnerability Review 2014"? It has a figure #13 where you can find that OS info you listed above, but it doesn't say a word about Adobe or Oracle and in Appendix you can find top50 ranking which doesn't even list OSs. 

Quote:
So quite obviously the most cracking activities currently are for the newer OSs (which to me comes as no surprise).


Again, I cannot find any table of cracking activities, only tables about founded vulnerabilities.

Quote:
As far as I recall I always wrote that XP, of course, has vulnerabilities (just like any other software).

I just don't see the necessity to panic just because M$ ended the support.


So the only options are "panic" or do nothing? Upgrading your OS isn't panicking. It's doing the smart thing in this case.

Quote:
So you are trying to tell me that I should upgrade my customers Pentium 4 with Win8?

No, you should advise them to remove 'em from network. If you really have paying customers anything else would be irresponsible. P4 is 14 years old processor. Product line that ended 6 years ago. In IT world that's a lifetime.
Quote:
Or would you prefer me to replace it with a newer machine even though the old machine is quite healthy and completely suffices my customer's needs?

In this case yes, if they must keep 'em connected to network.
Quote:
That leaves me with the question if you are an employee of either Microsoft or Dell?

Neather, but I work in environment which has thousands of PCs. You have to upgrade hardware sometimes too.

Quote:
And if you believe and/or try to make others believe that the problem of botnets is limited to WinXP installation you are even more naive than you think I am.


Of course problem isn't limited to XPs only, but if people would keep their computers up-to-date, the problem would be much smaller. Resent OS' also have other security features which aren't included in XP.

Quote:
In fact it's what results from your logic.
I should retire WinXP machines regardless of whichever other security-solutions I may have?

No, you just shouldn't use them connected in network.

Quote:
Just because the manufacturer of the OS ended the support?

Yes
Quote:
Any IT-professional relying on security patches to actually secure a network he is responsible for should be fired immediately

Of course patching isn't the only line of defence, but a very important one. Any administrator neglecting updates in corporate network should be fired immediately.

Quote:
By default any Microsoft OS is a security leak.


If you mean out-of-the-box, I agree.

Quote:
If you don't do anything about it, you are inviting criminal elements into your local environment and this is entirely independend from a manufacturer's support.


Can you list three first things to configure after OS install. Since you said any MS OS, let's say I have Win8.

Quote:
It has something to do with maintenance


I agree

Quote:
a concept that seemingly is unheard of in the sales-department.


Depends of sales-department

Quote:
This may come as a surprise for you, but the end of support is not the end of the world.


I agree, it's just the end of Windows XP.
DVD Profiler Unlimited RegistrantStar ContributorSpikyCactus
I have a Gold Star!
Registered: July 16, 2010
Reputation: High Rating
United Kingdom Posts: 526
Posted:
PM this userVisit this user's homepageView this user's DVD collectionDirect link to this postReply with quote
Quoting Grendell:
Quote:
Quoting Kulju:
Quote:
Quoting Lewis_Prothero:
Quote:
but this is scaremongering, nothing more.

No, it's not.


Not really about XP specifically but the same principles apply.



OMG!! NO ONE WATCH THIS!!!  If you do it will download a Trojan worm and delete all the files on your computer and then use your mobile phone to text all your contacts teddy bear porn and cause your blue-rai to melt!!!!  I'm serious!!!!!  It isn't stopped by any anti-virus software!!!!!!  Microsoft knows all about it and hasn't even bothered to sorted it!!!!!!!  It affects ApplePear Unics too!!!!!!!!  It happened to my computer and now all my friends think I'm a soft toy pervert!!!!!!!!!!
Do you ever find yourself striving for perfection with an almost worthless attempt at it?  Guttermouth "Lemon Water".  Also, I include in my Profiler database VHS tapes, audio DVDs, audio books (digital, cassette and CD), video games (digital, DVD and CD) and 'enhanced' CDs with video tracks on them, as well as films and TV I've bought digitally.  So I'm an anarchist, deal with it.  Just be thankful I don't include most of my records and CDs etc in it too; don't think I haven't been tempted...
    Invelos Forums->General: General Discussion Page: 1 2  Previous   Next