Jump to content

Windows XP Question


travelinbob

Recommended Posts

"Would I get in trouble using XP again.?"

 

If you put it on the internet you are much more likely to get a virus or trojan, even with anti-virus running. The crooks are exploiting XP not being updated and all it takes is one hijacked website or hijacked ad window and your PC is infected. There are just too many security holes going unfixed, with more found every month.

 

I put Windows 8.1 on an old Core Duo laptop and it went well, but that might not be worth your paying for 8.1. Or you can install Linux on it for free and the cost of a blank DVD. But, there is some learning curve and it won't run Windows software.

 

You can get a cheap but usable laptop for $200 (HP Stream 11" and others) to $250 (Amazon lists a couple 15.6" from Asus and Acer), just to have something ready.

 

A Chromebook won't run Windows software either.

Link to comment
Share on other sites

I wouldn't recommend XP for on-line use, there are exploitable flaws that are not going to be patched and while an anti-virus will catch known bad programs you are still open to any new stuff until it gets added to the anti-virus list.

 

If Windows is a must then getting a Windows 7 disk might be the solution, I find it funny but the cheapest way to get Windows 7 is to buy a refurbished computer that includes it. I have seen quite a few offers for the computers and Win 7 priced below just the win 7 disk. NewEgg has some great refurbished offers if you take their advertising e-mails.

 

If you want to fool with Linux (what I use for pretty much everything now) you can download a free "Live DVD" that will boot and run from a DVD or thumb drive without making any changes to your computer. If you are on a limited data plan grab some free WiFi to do the download as it is big. I'll recommend OpenSuse as it is easy for Windows folks to adapt to and is pretty reliable. Grab a free download from here: https://software.opensuse.org/132/en The Live KDE is best for playing with but the full installable version has more programs.

Link to comment
Share on other sites

Every time I warn someone about this, one of the MS apologists comes alive and says that the MS operating systems are just as secure as any other but there are just so darn many of them that they get targeted. Well it's true that there are lots of them; but they get targeted because they are easy to break into (as 30 MILLION Windows PCs in just one botnet can testify). This is why there is a billion-dollar industry in anti-virus products; most of them aimed at MS operating systems.

 

XP, as the first of the New Technology kernels (NT), was a sinkhole of insecurity from the very get-go. It was an OS that could get a virus if you simply moused over the wrong pixel on the wrong web site; if that gives you any idea. Using it with no support (which means no security updates to fix the flaws that the bad guys probably discovered in 2001 but MS still doesn't know about) for anything that you have to put a user name and password in for a login (FB, email, Banking(!!!!), etc.) is risky, to say the least.

 

This is a website that has 9 pages of XP exploits. Each page has 50 exploits. Most of them affect other MS products (Server 2003, Windows 7, etc.). It makes for fascinating reading. http://www.cvedetails.com/vulnerability-list/vendor_id-26/product_id-739/cvssscoremin-5/cvssscoremax-5.99/Microsoft-Windows-Xp.html

 

Here is another site with over 300 pages... each page has 25 separate exploits; most of them with source code and/or instructions on how to implement them. http://www.exploit-db.com/platform/?p=windows . That is over 7500 exploits. All of these are known and patched against but there will be new ones as well as variations of the old ones And there are still old exploits out there that no one has found yet.

 

Let me explain this more clearly... the NT kernel is used on every Windows operating system from XP (in 1999) until now. Maybe even version 10. But certainly Windows Vista, 7, 8, and 8.1. Any new exploits that are discovered and patched against will be in the various security updates pushed out by MS.

 

You won't be getting any of those, though.

 

So unless you plan to never connect your XP computer to the Internet and never plug in a USB thumb drive or get a new game from a pal, my advice is to follow Stanley's advice.

 

WDR

Link to comment
Share on other sites

if by gettin in trouble you mean infected/hacked/assimilated by a botnet, well, yeas, you will be much more likely to be breached with it online.

 

XP was good for its time, which is over. I agree 100% with Bill, Stan, and WDR.

 

While the security has been enhanced leading up to Windows 8, such that almost all attacks depend on social engineering today to trick users with unpatched machines into downloading old malware, that does not work on patched systems, what WDR was saying about most, if not all, new vulnerabilities will, more often than not, also be present in XP systems. But the XP machines won't get patches.

 

Think of security online like security for your car parked in the street with a non stop line of would be thieves all trying the same ring of old keys on your car door locks. But they can't break into the cars that had their locks changed. Getting your monthly updates, despite the really crappy couple of patches Microsoft had last quarter, the cure is still much preferable to the disease.

 

Why do their bots crawl the web with old keys, some several to five years old? Because 60% of Windows owners don't do their updates. The old keys work enough of the time to reap billions in criminal revenue.

 

No percentage in being that vulnerable, and have less security AND performance at half or less of an entry level current system.

 

Since you are talking spare I'd take Stan's suggestion to try Linux. Between him and several others here, we are seeing more Linux topics then ever before.

 

Unlike switching to Macs, with Linux you don't need any new hardware as it runs on any computer unlike OSX, that only runs on Apple hardware that has their Apple "handshake" chip. Not only is the Linux OS free, and comes in preconfigured Windows-like user interfaces. But with open source freeware the only investment is time.

Link to comment
Share on other sites

Can I say this without being called a MS apoligist?

Paranoia runs deep on this site.

So he runs an old OS on the internet and he gets something,what has he lost? It's a spare.

Boy the NT kernal can be exploted. Every business in the world must be shaking in their boots and going to what?

There is more danger using a credit card at a store than there is with geting a virus on XP via the internet. Does anyone really think hackers are interested with this one computer when there are so many company XPs out there? Yes I know that MS is still giving out updatea to Cos. But there is time between ezploit Nd update.

Link to comment
Share on other sites

"So he runs an old OS on the internet and he gets something,what has he lost?"

The modern virus turns your computer into a zombie that sends out spam, attacks other computers on the internet and does these at the same time. His whole network slows down from all the gunk now running in the background using the internet. If on cell phone internet, he uses more than his limited bandwidth allowance and gets to pay overage charges. His IP address gets blocked due to spam coming from it and that causes all manner of issues. Other computers on the network get infected, even running later OSs, because they are on the same local net and that makes it easier to compromise them.

Link to comment
Share on other sites

Does anyone really think hackers are interested with this one computer when there are so many company XPs out there?

Is this how you think it works? That a group of hackers sits down every Thursday and decides who they're going to attack next week? Maybe it works that way for banks and government systems but no one sat down and decided exactly which computers they're going to turn into one of the 30 million PCs on a recent botnet.

 

I'm amazed at how many people think that. Because even the earliest viruses (on Unix machines) just invaded everything they could find. And that's how it works today unless you're the CIA, DoD, Boeing or the Bank of America. You get a virus when you open a file sent by your best friend or pick up a USB thumb drive from a bowl labeled "FREE!!" Hackers may target big business (and succeed) but they want EVERYONE!

 

And what has he lost? Maybe nothing... he could be smart enough to figure it out. But there are other folks reading these posts. One of them could read the "don't worry about it" responses and just keep on using their XP machine like they always have. They could lose their bank accounts, their credit rating or more. Or, like Bill just posted, how about a sudden increase in outgoing bandwidth charges for the guy in an RV using his cell phone as a tethering device? (Interestingly enough, there is an active thread on here about that.)

 

I'm not paranoid over exploits in computers; I'm realistic. I've spent the past 20 years designing, configuring and maintaining security systems that companies use to stop their employees from having the computers on their desks exploited. I'm not the guy with a sign outside his house that says "Viruses Removed". I'm a network engineer with business and government clients. Like several others here, I have many years of experience dealing with network and computer security.

 

Some of us here still do this for a living. People pay us to help them avoid getting in trouble with their computers. We do it here for free.

 

So at least take us seriously.

 

WDR

Link to comment
Share on other sites

I have never had a virus on any of my computers.

An executive at one of my clients told me that all the time and would never let me - or anyone else - get access to his office desktop because of, as he said, "sensitive corporate material". And, of course, because he never got any malware, what would be the point?

 

So last August he got a new computer (a Dell with Win 7 on it) and I took his older computer (also with Win 7) on it and, according to my instructions, made that a "hand me down" to a lower level manager (they hate that, by the way).

 

So before I turned it over to its new owner, I did a deep scan. It was full of malware. I didn't bother telling him.

 

Oh, the stories I could tell... it would take a book.

 

 

WDR

Link to comment
Share on other sites

Malware is not a virus. I have downloaded programs from c/net and got malware. Easy to rid though.

I've been using that term in a more broad sense. Not just something that damages or disables a computer but software that the user does not explicitly approve and that does something that the user is not aware of according to an agenda determined by someone else.

 

WDR

Link to comment
Share on other sites

Glenn,

I have to agree with WDR, but not that it is being used in a broad sense. The term encompasses every type of malicious software. Malware can be a virus, a trojan, rootkit, or any other malicious software.

 

From the Wikipedia:

 

"Malware, short for malicious software, is any software used to disrupt computer operation, gather sensitive information, or gain access to private computer systems. Malware is defined by its malicious intent, acting against the requirements of the computer user, and does not include software that causes unintentional harm due to some deficiency. The term badware is sometimes used, and applied to both true (malicious) malware and unintentionally harmful software.

 

Malware may be stealthy, intended to steal information or spy on computer users for an extended period without their knowledge, as for example Regin, or it may be designed to cause harm, often as sabotage (e.g., Stuxnet), or to extort payment (CryptoLocker). 'Malware' is an umbrella term used to refer to a variety of forms of hostile or intrusive software, including computer viruses, worms, trojan horses, ransomware, spyware, adware, scareware, and other malicious programs. It can take the form of executable code, scripts, active content, and other software. Malware is often disguised as, or embedded in, non-malicious files. As of 2011 the majority of active malware threats were worms or trojans rather than viruses.

 

In law, malware is sometimes known as a computer contaminant, as in the legal codes of several U.S. states."

http://en.wikipedia.org/wiki/Malware

Link to comment
Share on other sites

Well, if you get a keystroke logger you lose any logon and password or credit card information you type or copy/paste on the infested computer. That can lead to unpleasant surprises. If you get an e-mail harvester your mail and contacts are scanned and sent off to the author for further use.

 

I don't run Windows much so I'm way out of date on how often the security tools catch something that they know about or miss something new or mutated that isn't on their lists. I just know that the things I use my computer for would leave me in a world of hurt if my logins, passwords and credit information ended up in the wrong hands.

 

I have sees about a dozen or so infected e-mails come in every week, I don't open them on the Windows system that I use to beta test a mail scanner so they are now set to be ignored and I don't have a current count.

Link to comment
Share on other sites

If malware is used so genaricly than there is not a single computer system in the world that is infected with what you are labeling.

You win, this guy is going to infect the world with malware and wont even know it. I think he should be drawn and quartered for even thinking about using XP.

.

Link to comment
Share on other sites

wa_desert_rat has a pretty good description of malware, a virus is one specific type and that is based on the way it infects computers, not what it does once it has gained control.

 

There are a lot of computers out there that don't contain any software that the user doesn't want or doesn't approve of, BSD and Linux are two good examples. Apple, Windows, Android (Linux based) and others all contain stuff that the company that controls them or manufacturer of your device decided to stuff down your throat. Past that point it is up to the user what gets installed, hitting a dodgy download site can load you up with stuff you probably don't want and much of it installs in such a way it can be hard to remove. Even buying a CD from a reputable company can leave you with stuff buried on the computer that is nearly impossible to root out without expert help.

 

My Linux systems have only what I want loaded, my Windows 7 has what shipped with it (generic pro OEM disk) and about three programs I manually and carefully added from trusted sources, my Android devices vary a bit. The Nexus is in pretty decent shape, it has little running that I don't want - took a lot of effort to get to that point though. My Samsung is running a bunch of stuff I do not want, it won't uninstall or even not auto-start plus it keeps sucking down updates. You can go in and manually kill it but the next reboot it comes back to life and starts wasting data and probably leaking personal data.

Link to comment
Share on other sites

Duke,

Calm down old bud. He will only infect half the world. Seriously though, malware is any malicious code that does malicious things without the users knowledge or intent.

 

Stan, you've recommended that even newbies can use Linux using the example of your mother running it after you set it up. I have to split hairs with you there in that if someone decided they wanted one of the Windows look alike distributions of Linux, which as we've both mentioned eliminates the need for command line knowledge of Linux, then they too will have things on their computer that they did not personally put there.

 

Turning back the OP and his question:

 

"I was told not to use XP as all my info was vulnerable. I thought that XP was just not getting support any longer.

Would I get in trouble using XP again.?"

 

Your info indeed would be vulnerable, as any new vulnerabilities found in Windows usually applies to all versions of Windows, and in only some percentage of cases is only one version set, for example A few updates affected only Windows XP running Office 2003 and systems using server 2003, a very small percentage today.. Since the malware distributors use old vulnerabilities because so many users don't update their Windows machines, and they reverse engineer every new vulnerability patched against, every XP computer user was putting all their info on that system at risk, or vulnerable, yes, and that the month after.

 

See the Windows support they no longer do are the security patches not just performance or program updates. The XP train is at the end of its line. You might use it for awhile and not even know you've been infected and all your key strokes are being recorded and sent off in session groups making them as readable as being the recipient. Other malware could be sending all you documents and address book entries out for spamming the malicious code to others in addition to raiding your bank accounts.

 

Here are some ar5ticles to read showing that we aren't being paranoid, just being realistic about the risk assessment.

http://www.pcworld.com/article/2102606/how-to-keep-your-pc-secure-when-microsoft-ends-windows-xp-support.html

http://www.csoonline.com/article/2134013/privacy/attacks-multiply-as-hackers-target-unpatched-ie-flaw.html

 

Those are but two of thousands of examples of not paranoia, but realistic assessments of risk to an unpatched system. Patched and supported I have not had but one PUP, Possible Unwanted Program on my computer, and about ten times I ran into a malicious website and my computer warned me of it attempting to download a payload. I keep "Task Manager" pinned to my task bar so that I can pop it up and close IE if I see a download trying to start. But I get warning because my systems are patched and totally up to date with not just my MS programs updated, but all my other programs updated too.

 

Security patches are, IMO, secondary to user error in opening/clicking on a socially engineered trap. Those who are devil may care clickers without reading what they are approving exactly, are not going to stay uninfected themselves for long.

Link to comment
Share on other sites

Stan, you've recommended that even newbies can use Linux using the example of your mother running it after you set it up. I have to split hairs with you there in that if someone decided they wanted one of the Windows look alike distributions of Linux, which as we've both mentioned eliminates the need for command line knowledge of Linux, then they too will have things on their computer that they did not personally put there.

 

 

 

Might be the case, I've never used any of the versions you are talking about, RedHat, Centos, Scientific and OpenSuse are my usual choices and you get a list of exactly what is available for installing and can select from several pre-configured sets for specific tasks or pick a minimal version and add stuff you want to have available to that.

 

Some of the Live CD/DVD versions also come with a pre-configured set of applications that the user can't easily change on the install CD/ DVD but for the most part folks just use them as a trial version or in emergencies and don't really care what is loaded as long as the application they need is. Knoppix, DoD Linux, OpenSuse Live and the like as examples.

 

I've heard some Linux distributions like Ubuntu load up a lot of unwanted stuff but never paid much attention to it since they offer nothing that isn't available elsewhere without the aggravation. No way to keep up with all of the options, http://distrowatch.com/ has 284 distributions currently listed on their tracking page, didn't see a full list of available ones there though.

 

Your choice, pick something that puts you in control or pick something else...

 

 

As for needing command line knowledge for home use that is just FUD and hasn't been true for many years now. For the usual home user there is no need for the command line if they select a distribution like OpenSuse aimed at home users. The others on my list above are aimed at professionals and server situations where using the command line for most things is the preferred way to do things since that can be scripted with much less effort than a GUI.

 

What are you thinking of that a home user would be interested in doing that needs the command line to accomplish and what distribution are you using that needs it?

 

 

As an example of how easy things are in most home user oriented Linuxes today I just got a note that LibreOffice had a new version and an OpenSuse repository (the place where a secure, digitally signed download is available from) was being created for the new version. Since mom uses LibreOffice a lot I sent her an e-mail with the link to the new repository and instructions on what to click to install it, remove the old one and get her shiny new LibreOffice.

 

 

Click the Yast icon and put in your root password.

Click the Software Repositories button.

Click the line that says LibreOffice - Stable

Down below the box remove the tick marks from Enabled and Automatically Refresh

Click the Add button

Click the Next button

Copy the http line from this e-mail to the URL line ( http://download.opensuse.org/repositories/LibreOffice:/4.3/openSUSE_13.1/ )

Type LibreOffice - 4.3 in the Repository Name line

Click Next

If it asks about the signature click Accept

 

 

Now to get your new version click Software Management in Yast

Go to the Installation Summary tab

Click the keep box

Right click on the list of programs and select update all in list

Click Accept

 

Give it about 10 minutes since your connection is so slow and you will be updated and get any future patches or updates automatically.

 

Most stuff is nowhere that complicated, this required a major repository change and replacing a large application so there were several clicks, a copy/paste and a couple words of typing into a pop-up box, no command line anywhere to be seen.

Link to comment
Share on other sites

If anyone thinks they are safe simply because they have anti-virus software, they are badly mis-informed. No security software can protect you if you insist on clicking on links to bad sites or email attachments. As an example, the other day a lady asked me to help her "fix" her email. It turns out that she had received an obviously bogus email about her Paypal account. She clicked on a link to log into her Paypal account. Her security software blocked her access to the known malicious site. It looked like the Paypal site but the url was obviously wrong. She disabled the security software and kept trying to log in, but she could not. That is when she decided to seek assistance. Social engineering at it's worst... :(

 

Safe Travels...

Link to comment
Share on other sites

Run XP. Run a good free antivirus. St up weekly scans. Run MalwareBytes. Set up weekly scans. Do not open emails you don't know, do not open attachments you don't know, especially don't click links in emails you don't know. Ideally, don't use an email program like Outlook, instead use an online email like Gmail. Don't go to questionable websites. Turn on the "warn me about bad websites" feature in your browser.

 

Do all that. Then, stop listening to doom & gloomers. Relax, you'll be fine.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Guest
This topic is now closed to further replies.
×
×
  • Create New...