Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

please explain about the xp end of support and it's vulnerabilities


  • Please log in to reply
20 replies to this topic

#1 rp88

rp88

  • Members
  • 2,901 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:08 AM

Posted 07 February 2014 - 04:46 PM

i have known for a while that xp support ends on 8th april 2014 but am unsure as to exactly what this will mean. all the sites mention that any "unpatched loopholes" are targets for hackers but i want to know if this means that ypu are vulnerable simply by taking an xp machine online after the 8th april or only if you visit malicious sites. these days i only take the xp computer  online to log into gmail and back up documents on google drive and mediafire. would i be at risk simply form connecting or would i have to visit an infected site/those i already use get compromised and i am unlucky enough to visit them before they are repaired. also as a further matter, i keep hearing about how unupdated browsers are vulnerable, are they a security risk just to have as installed programs or must you be using the old browser  instead of any up to date ones you have installed for it to become a problem.

i would like these questions answered

thank you


Edited by hamluis, 08 February 2014 - 11:10 AM.
Moved from XP to General Security - Hamluis.

Back on this site, for a while anyway, been so busy the last year.

My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB

BC AdBot (Login to Remove)

 


m

#2 OldPhil

OldPhil

    Doppleganger


  • Members
  • 3,781 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Long Island New York
  • Local time:11:08 PM

Posted 07 February 2014 - 04:53 PM

I believe all aspects are covered in the lead post on the issue.

 

http://www.bleepingcomputer.com/forums/t/496246/end-of-support-for-windows-xp-sp3-is-april-8-2014/


If you don't stand for the flag then you will fall for anything!


#3 Chris Cosgrove

Chris Cosgrove

  • Moderator
  • 5,979 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:04:08 AM

Posted 07 February 2014 - 06:28 PM

There is also a perhaps less formal but entertaining discussion of the problem in the 'General Chat' section of BC here :

 

http://www.bleepingcomputer.com/forums/t/522994/perdurat-in-aeternum/

 

Don't be put off by the Latin subject title - it is written in English !  The Latin loosely means 'May it last forever'. A sentiment I cannot disagree with as one who has an installation set of windows 3.11 (on 20+ floppies !) kicking around somewhere. Now all I need is a 386 and a 3 1/2 inch disc drive.

 

Chris Cosgrove



#4 battyhippie

battyhippie

  • Members
  • 430 posts
  • OFFLINE
  •  
  • Local time:11:08 PM

Posted 07 February 2014 - 07:28 PM

@ rp88

 

Basically what is going in the long winded End of Support Forum is that an XP will no longer be safe being on line. You are taking a chance if you do, let us say, any banking on line that that information will be stolen. And this is not mentioning all the viruses and spyware and malware  you can get infected with. The other part being discussed is what OS to jump ship to. Most are going to Windows 7 because of the mess of Windows 8. And the natural venting of why oh why is Microsoft abandoning us. Basically, that is it in a nut shell.

 

@ Chris Cosgrove

 

Wait a minute, I am jealous, why is my Windows 3.1, on 3.5 floppies only six disks? Now if I add the MS DOS 6 update, that's 3, the MS mouse that's 2 and MS Works, 6. Okay, and if I throw in either Tools or Nortons...alright, I guess I am getting around twenty. But I do have a 3.5 drive, in what I now believe is a Windows ME computer, with the Windows ME disk. And please, do not ask me what I going to do with it, cause I don't know.



#5 rp88

rp88
  • Topic Starter

  • Members
  • 2,901 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:08 AM

Posted 07 February 2014 - 07:30 PM

thanks for those replies but i'm afraid neither of those thread a appears to have answers to the exact question i have asked here. i wanted to know whether the vulnerabilities would be an issue just from going online to gmail and one or two other very trustworthy sites and also the risks of having any software on a computer(any computer) which is not up to date but is not being used.

thanks 

your latest response came whilst i typed this so as an extra note do you mean merely visiting say the website for your own bank would cause you to get infected?


Edited by rp88, 07 February 2014 - 07:31 PM.

Back on this site, for a while anyway, been so busy the last year.

My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB

#6 battyhippie

battyhippie

  • Members
  • 430 posts
  • OFFLINE
  •  
  • Local time:11:08 PM

Posted 07 February 2014 - 08:08 PM

Now, I do not know if going on your bank's web site would get you infected, but your information is in your computer ripe for the picking. I, myself, have picked up nasties being on eBay, Amazon and I know of friends who have picked up nasties on iTunes and Facebook and YouTube.

 

I have already gotten PUPS on this 8.1 computer but then again, I had not yet switch from McAfee. I was just setting up what I wanted for my security, so as I was researching what I wanted to use for security and downloading the programs, I got crap aka those PUPS.

 

I wish there was a way to be totally safe on line, but I for one have not found it. and I am one boring online user! And I do not bank or pay bills on line. When I do buy on line, I have one cr card for that purpose. That is it. And I check the sites I do visit with both WOT and avast!. If I do not have two greens to go, I no go there.

 

I can not tell you what to do or not. I can only tell you what I would do. Yes, I still have an XP and come April, no more on line with XP. It just ain't worth it.



#7 Platypus

Platypus

  • Moderator
  • 12,910 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:03:08 PM

Posted 07 February 2014 - 08:45 PM

i'm afraid neither of those thread a appears to have answers to the exact question i have asked here.

There's no clear answer to your specific question, since it relates to what might happen in the future. However, since in the past there have been exploits which if not patched allowed a system to become infected simply by being online for a period of time, it's conceivable that a similar exploit could be discovered and remain unpatched after the free public security updates have ceased. It's these unknown factors that mean the OS can then no longer be operated at a known security status.


Edited by Platypus, 07 February 2014 - 08:46 PM.

Top 5 things that never get done:

1.


#8 rp88

rp88
  • Topic Starter

  • Members
  • 2,901 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:08 AM

Posted 08 February 2014 - 08:09 AM

 

i'm afraid neither of those thread a appears to have answers to the exact question i have asked here.

There's no clear answer to your specific question, since it relates to what might happen in the future. However, since in the past there have been exploits which if not patched allowed a system to become infected simply by being online for a period of time, it's conceivable that a similar exploit could be discovered and remain unpatched after the free public security updates have ceased. It's these unknown factors that mean the OS can then no longer be operated at a known security status.

 

thanks, that seems to answer it although i'm still not sure how a hacker could find and attack the machine if the xp computer does not connect to something he is running.


Edited by rp88, 08 February 2014 - 08:09 AM.

Back on this site, for a while anyway, been so busy the last year.

My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB

#9 caperjac

caperjac

  • Members
  • 1,649 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NS. CAN
  • Local time:01:08 AM

Posted 08 February 2014 - 08:26 AM

 

thanks, that seems to answer it although i'm still not sure how a hacker could find and attack the machine if the xp computer does not connect to something he is running.

 

 

that's because, that's not the only way hackers get access .that more the was malware/spyware works ,if im correct in the way I think real hackers work


Edited by caperjac, 08 February 2014 - 08:26 AM.

My answers are my opinion only,usually


#10 Platypus

Platypus

  • Moderator
  • 12,910 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:03:08 PM

Posted 08 February 2014 - 08:27 AM

The other thing I missed in your original question was the security aspects of other software installed on the XP system. And yes, this also constitutes a security risk, as applications like browsers are usually updated by release of a new version, and once a legacy version has to be used (because of operation under an unsupported OS), the application could be targeted if any of its code is subsequently discovered to be exploitable.

 

Even having such just installed on a system can make it vulnerable. This applies particularly to Internet Explorer, as it is integrated into Windows and provides some aspects of Windows functionality. However even another unused browser could possibly be a target. For example if it has an exploitable .DLL that loads into memory anyway due to dependency, in theory that could provide an opportunity for an attack by code injection, which wouldn't require the browser itself to be in use.


Top 5 things that never get done:

1.


#11 ranchhand1

ranchhand1

  • Members
  • 76 posts
  • OFFLINE
  •  
  • Local time:10:08 PM

Posted 08 February 2014 - 09:59 AM

It all depends on usage. For the usage you describe I think the XP vulnerability is way over emphasized. Here's how my XP Pro is set up and my wife has never been hacked in all the years of usage:

>SP3 and all current updates installed (of course).

>Linksys router with firewall

>Comodo free firewall; if something gets past both of those, Comodo will flag it if it attempts to dial out. Delete Geek Buddy, Comodo AV, they are useless.

>Avira free AV. I do not put a lot of faith in antivirus programs, but at least it's another layer of defense.

>Firefox browser (flush MIE, it's a hacker magnet).

>In Firefox Extensions:

**enable Noscript (prevents Active X-Java injection exploits, a very common source of infection)

**enable HTTPS everywhere

**enable Self Destructing Cookies

>Use a local client e-mail such as Outlook, Outlook Express, Thunderbird, etc. and absolutely, definitely use:

**Mailwasher (free version). Using Mailwasher will eliminate all e-mail virus threats, as well as bounce back to the spammer/hacker a "no such address" and they will remove you from the list. I never get spam. Personally, I like the older version, powerful and very simple, the way I like things. link: http://www.oldapps.com/mailwasher.php?ModPagespeed=noscript#screenshots

>Always have a "garbage" e-mail that you use for nuisance sign-ups, such as Yahoo mail, Gmail, etc. I never even bother to check those.

 

The reality check is that XP isn't going to last a long time. A few years from now XP will be in the position Windows98 is in now, a lot of apps just will not load or run on it. That's technology. But...there are a lot of people out there that just do not have the money to buy a new $600+ system right now, and that is also reality check. I work on these old units that come in from these poor folks every week, and a lot of retired folks on very limited incomes, single parents raising kids, buying groceries and paying rent, etc. To them that is a lot of money they just don't have. Heck, I don't charge them, I enjoy recycling these old machines and it saves their bacon. :cowboy:



#12 caperjac

caperjac

  • Members
  • 1,649 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NS. CAN
  • Local time:01:08 AM

Posted 08 February 2014 - 12:17 PM

I had an older computer running xp pro ,and just recently bought a new tower and retired the old one ,it was not much fun to use ,slow nad tired .

 

Computers are not a life necessity , if people cant afford new one ,then they could success one at there local library ,or just keep use the old XP machine ,and watch what the surf


My answers are my opinion only,usually


#13 georgehenry

georgehenry

  • Members
  • 396 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Romney, Kent, England.
  • Local time:04:08 AM

Posted 08 February 2014 - 04:24 PM

There are lots of opinions about this subject, but nothing concrete. I have a laptop with Win 7. and a desktop with xp. Should I just buy a Win 7 disc and install that in the desktop? If I do this, is the installation easy to do?



#14 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,609 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:08 PM

Posted 08 February 2014 - 04:37 PM

....i want to know if this means that ypu are vulnerable simply by taking an xp machine online after the 8th april or only if you visit malicious sites.

Both.
 

...would i be at risk simply form connecting or would i have to visit an infected site/those i already use get compromised and i am unlucky enough to visit them before they are repaired.

Even legitimate websites can be a source of malware infection.Researchers at the Global Security Advisor Research Blog have reported finding pornographic virus variants on Facebook. The Koobface Worm has been found to attack both Facebook and MySpace users. Virus Bulletin has reported MySpace attacked by worm, adware and phishing. Some MySpace user pages have been found carrying the dangerous Virut. Malware has been discovered on YouTube and it continues to have a problem with malware ads.
 

....also as a further matter, i keep hearing about how unupdated browsers are vulnerable, are they a security risk just to have as installed programs or must you be using the old browser instead of any up to date ones you have installed for it to become a problem.
i would like these questions answered

Older versions of of popular software such as Adobe (Acrobat Reader, Flash Player, Shockwave Player), Java, Windows Media Player, Web Browsers are vulnerable to exploits and should be kept updated. There are serious security issues with older versions which can increase the risk of system infection. Infections spread by malware writers and attackers exploiting unpatched security holes or vulnerabilities in older versions. Software applications are a favored target of malware writers who continue to exploit coding and design vulnerabilities with increasing aggressiveness.
 

The majority of computers get infected from visiting a specially crafted webpage that exploits one or multiple software vulnerabilities. It could be by clicking a link within an email or simply browsing the net, and it happens silently without any user interaction whatsoever.

Web Exploits


Exploit kits are a type of malicious toolkit used to exploit security holes found in software applications...for the purpose of spreading malware. These kits come with pre-written exploit code and target users running insecure or outdated software applications on their computers.

Exploit Kits - Anatomy of an exploit kitUsing unpatched and unsupported Windows systems on the Internet is a security risk to everyone as they are prone to attack from hackers, Botnets, zombie computers and malware infection. The longer malware remains on your system, the more time it has to download additional malicious files and cause further damage which in turn makes disinfection more problematic. When there are compromised computers connected connected to the Internet, malware spreads faster and more extensively, distributed denial-of-service attacks are easier to launch, spammers have more platforms from which to send e-mail and more zombies are created to perpetuate the cycle. Without installing all supported service packs first, you are wide open to infection and other high security risks which are prone to an unpatched system.

Answers to common security questions - Best Practices for Safe Computing
How Malware Spreads - How did I get infected
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#15 Crazy Cat

Crazy Cat

  • Members
  • 808 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Lunatic Asylum
  • Local time:04:08 PM

Posted 08 February 2014 - 05:03 PM

Eventually, an upgrade to Vista, Win 7 or 8, to ensure security through MS updates and software updates. Just as many hardware drivers are not available for XP, so will software updates occur.
 

Two things are infinite: the universe and human stupidity; and I'm not sure about the universe. ― Albert Einstein ― Insanity is doing the same thing, over and over again, but expecting different results.

 

InternetDefenseLeague-footer-badge.png





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users