Jump to content

Cyber threats to WinXP plus guidance for sm biz and consumers


Guest LilBambi

Recommended Posts

Guest LilBambi

Cyber threats to Windows XP and guidance for Small Businesses and Individual Consumers - MS TechNet Blog

 

The cyber threats discussed here are based on data and insights from recent volumes of the Microsoft Security Intelligence Report. This report includes aggregate data on the threats that hundreds of millions of systems around the world encounter – many of which are successfully blocked by Microsoft antivirus software and the security features built into Windows, Internet Explorer, Bing, and other Microsoft products and services. This data gives us a good picture of the tactics that attackers have been using to try to compromise computer systems, including which attacks are used most often on Windows XP systems. The information then helps Microsoft and antivirus security companies develop ways to combat those attacks. From the year that Windows XP was built, cyber attacks have increased in sophistication. Systems receiving regular updates get the protections they need based on the latest cyber threats. But at some point an older model of any product will lack the capability to keep up and becomes antiquated. Obsolescence for Windows XP is just around the corner.

 

The areas they discuss:

 

What Motivates Cyber Attackers?

 

Microsoft Security Innovations made it Harder for Cyber Attackers to be Successful

 

The Usual Suspects – Threats to expect against Windows XP

 

So What Should You Do?

 

Upgrade Advice

 

* Most important part to read if you or someone you know is still using Windows XP

Edited by LilBambi
Link to comment
Share on other sites

Guest LilBambi

As I wrote in the comment section of your posting, here's pretty much the options for Windows XP users:

 

Yes, it is important that folks with Windows XP make some decisions:

 

1. Get a Windows 7 OEM installation from an online shop AFTER making sure their computer can actually make that transition

2. Buy a new/refurbished Windows 7 computer a local or online shop

3. Buy a Windows 8 computer

4. Buy a Mac OS X iMac, Mac mini, MacBook Pro, MacBook Air

5. Install Linux on their Windows XP computer, such as Linux Mint, Ubuntu etc.

6. Move to a iPad, Android Tablet, Windows 8/RT tablet for their computing needs

 

With #6 one could simply forget about the Internet on the Windows XP computer and use the tablet for Internet and just use Windows XP offline.

 

It’s better than the alternative of running an OS with THE BIGGEST TARGET ON ITS BACK. And never knowing when you your computer gets hit and becomes part of a DDoS botnet, spam botnet, or becomes part of the group of computers running keyloggers, backdoors, etc. by some group of unethical hackers that will be able with certainly say, ALL YOUR STUFF BELONG TO US.

 

Sad but true…

 

There are some things that can be done to lock down XP but no one will do it so why bother even mentioning them. No one wants to run without Flash and use NoScript in Firefox, use a third party firewall and an antivirus that will make the computer virtually unusable because the security is too heavy for such a machine….and more! Forget I mentioned it…

 

And it goes without saying ... don't run barefoot on the Internet! Use a stateful packet hardware firewall between you and the Internet. ;)

 

And could still use Windows XP offline regardless of the option above chosen of course.

Edited by LilBambi
Link to comment
Share on other sites

Steve Gibson has been baffling Leo Laporte with his view that the end of support for XP is not a big deal. He's continuing to use it, and will do for some time.

 

He notes the following:

  • XP support is ending, but AV (and MSE) vendors will continue to support XP for some time.
  • You can surf safely with an alternate browser with no flash/java plugins.
  • For heaven's sake..... use a router with a NAT firewall!
  • Keeping a backup image (on any OS for that matter) will save your bacon.

I'm inclined to agree with his assessment after some time thinking about it. I don't think an "Armageddon" is going to happen. We will see an uptick in attacks on the OS, but I don't think it will be the end of the world.

 

For heaven's sake... this OS is 13 years old. Time to move on, and the faster it happens, the better.

 

Adam

Link to comment
Share on other sites

V.T. Eric Layton

Nice Eric!

 

I was in a typing practice mood earlier this morning. Have to keep the little fingers in shape in case I get called for that BIG tech writer or pro blogger job tomorrow, you know. ;)

Link to comment
Share on other sites

V.T. Eric Layton

The "Armageddon" won't happen to you, me, or people like Steve Gibson because we're not lazy, ignorant, or just downright STUPID about how we use our computer systems. However, for the vast majority of the folks similar to the ones who call me all the time for help, their DOOM is upon them! The uptick in malware, botnets, trojan infections, screaming mimi locker apps, and other baddies will smack down those poor folks' systems like lightning from above. I predict a lot of work for the family IT guy/gal. ;)

Link to comment
Share on other sites

Guest LilBambi

Exactly Eric. It's the normal folk that refuse to do all those things that Steve says to do. The average user will not live without flash and their youtube videos. ;)

 

Many won't do without opening unknown emails and email attachments, and some won't stop going to risky sites or clicking on risky search results.

 

Where will those people be...yeah, you know...

Link to comment
Share on other sites

The uptick in malware, botnets, trojan infections, screaming mimi locker apps, and other baddies will smack down those poor folks' systems like lightning from above. I predict a lot of work for the family IT guy/gal. ;)

 

And those folks are already being compromised left and right. An uptick in malware and crap doesn't mean these folks are suddenly going to get hit twice as much as they did before....

 

Adam

Link to comment
Share on other sites

V.T. Eric Layton

And those folks are already being compromised left and right. An uptick in malware and crap doesn't mean these folks are suddenly going to get hit twice as much as they did before....

 

Adam

 

They WERE receiving some assistance in the way of vulnerability patching from MS up until now. The sudden lack of that assistance will have an impact. That's my whole point.

Link to comment
Share on other sites

All of us should be wishin' and hopin' that Adam's analysis is correct. One thing I found interesting in the Forbes article from the other thread was the assertion that anyone who uses the Internet has the obligation to keep their own system up to date and secure.

 

Instead of focusing on Microsoft’s supposed “obligation” to continue providing support to users—most of whom have contributed little or nothing to the PC revenue stream in the last decade—we should be focusing on the responsibility those users have to adopt more current, more secure operating systems if they want to continue to share the Internet with the rest of us.

Edited by raymac46
Link to comment
Share on other sites

Guest LilBambi

Sadly there are people who simply just don't see it.

 

There are still folks with Windows 95/98/98SE/ME ... root based systems (not user permission based systems) and Mac OS 8.5 and OS 9 still on the Internet also root based systems (not user permission based systems) unlike Linux which has always been user permission based, and modern Windows and Macs.

 

And now we will continue to see Windows XP computers on the web as well.

 

Sure some are trying to be responsible and keeping the system locked down, using other browsers, no flash, etc. but others are just out there flappin' in the breeze.

Edited by LilBambi
Link to comment
Share on other sites

V.T. Eric Layton

I'll put two bucks on the table that this will not be an "apocalypse."

 

:)

 

Adam

 

It's not going to be an apocalypse. That's so Greek. It's going to be an Armageddon. Get it straight. ;)

Link to comment
Share on other sites

V.T. Eric Layton

Maybe the NSA can use their back door access and just zap all the machines running obsolete MS Win and Apple operating systems. :)

  • Like 1
Link to comment
Share on other sites

  • 3 weeks later...
Guest LilBambi

Over at BleepingComputer Forums in a topic about the end of support for Windows XP, NickAu1 said the following and I responded as follows below that from this posting:

 

A 'stealth' firewall does not add security or add performance. A case can be made that it reduces performance, which is certainly true for legimate users.

 

Drop ("stealth") and reject do exactly the same thing except drop discards packets silently while reject sends a respond that that port isn't open.

 

They are equally secure. It does not matter if the server sends a response or not, the port is still closed.

 

http://www.insanityb...orts-or-closed/

 

Re end of XP.

 

As I see it. You have 5 options

1 Update your Windows XP to Win 7 or 8.

2 If you cant do the above because of hardware, Buy a new PC.

3 If you cant do the Above Use Linux.

4 If you cant do the above, use XP online and RUN THE RISKS. THIS WOULD BE A STUPID CHOICE.

5 Stay off line till you can do points 1, 2 or 3.

 

 

Yes, NickAu1!

 

And as far as running the risks ... sadly the risks are two sided; risks to yourself (such as becoming part of a DDoS or SPAM spewing Botnet, or becoming a victim of identity theft or being shut out of all financial institutions for using an ancient OS that's not getting updates). But that's just one side of the risk ... one you can make for yourself easily, one way or another.

 

The other side of the risk is the risk users of Windows XP will put others in danger of having to deal with, such as the flipside of each of the risks to yourself. If you become part of a DDoS or SPAM spewing botnet, all users of the Internet will suffer along with you. If your financial institution account is compromised, it's not just your problem, but it could easily give an 'in' to criminal hackers that they would never be able to get if you were not compromised because you were still running an ancient OS that is no longer getting updates.

 

We do not live and work alone on the Internet, we all swim in the same ocean or sea (the Internet), we share the same water, and the same dangers. Someone using an ancient OS just puts us all at risk.

 

We can't force people to upgrade the OS or upgrade to a new computer, and many really can't afford to do so. So...

 

If you remember, when Windows XP first got started ... Wait, this says it best:

 

Here's a great thought from the ESET Live Security Blog article entitled, If you love someone, upgrade them from XP:

 

Sting famously sang “If you love someone, set them free.”

Here’s my suggested improvement: “If you love someone, upgrade them from XP.”

It’s not actually such an odd connection to make. Way back in October 2001, Sting gave a free concert in New York’s Bryant Park to “celebrate the launch of Microsoft Windows XP”.

 

BOLD emphasis mine.

 

Who knows, Alice's Restaurant ... it could become a movement ... a movement that benefits everyone on the Internet and helps people who otherwise may not be able to do what is needed to be safe and/or be a good netizen to the rest of the world in a dangerous Internet world.

 

 

Just a thought...

 

Those that are able to do it, great! Those that aren't, just help where you can.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...