A Third of the World?

[Virgorising]

(Think this belongs here but not positive.)

http://www.huffingtonpost.com/2014/03/24/windows-xp-deadline_n_5021327.html?ir=Technology

I got lots of individuals and businesses in the world would go on running XP after support stopped, but a THIRD OF THE WORLD?

If so, and important businesses are involved, are we who moved on long ago in harm's way???? Should they get hacked, I mean?

 

[escrow4]

Too bad. You want to run an antique OS designed back when VHS was popular, be my guest. Then watch it fall to pieces if its online as its ripped apart by giddy malware artists.

 

[Red Squirrel]

It's too costly to upgrade, with no benefit. Lot of businesses use really crappy code for their internal apps and they'd have to be rewritten to work in 7. Though, they've had plenty of time to do it by now. Where I work all apps are coded by CGI (yes, the same company that screwed up the healthcare.gov site) and there is no way they would be willing to rewrite their code. It's actually kinda weird, because CGI actually makes the rules, we don't, even though we hire them. Some weird politics. Most of the apps are designed for win 9x and happen to also work in XP, but lot of them don't work in 7.


Though, people get a false sense of security that just because an OS is supported it is secure. That's not true at all, I'm sure even 7 and 8 have security holes too. Never leave a windows PC be wide open to the internet, it WILL get hacked, does not matter how well up to date it is. There will be some other flaw found and exploited. Heck, this goes for Linux even. Things like SSH are easy to hack by default as there is no brute force protection (by default). You can install stuff like fail2ban to make it safer.

 

[Virgorising]

It's too costly to upgrade, with no benefit. Lot of businesses use really crappy code for their internal apps and they'd have to be rewritten to work in 7. Though, they've had plenty of time to do it by now. Where I work all apps are coded by CGI (yes, the same company that screwed up the healthcare.gov site) and there is no way they would be willing to rewrite their code. It's actually kinda weird, because CGI actually makes the rules, we don't, even though we hire them. Some weird politics. Most of the apps are designed for win 9x and happen to also work in XP, but lot of them don't work in 7.

While I didn't get the details of the above-----and thanks for those, I thought it was more about capital outlay---I've always known it was not all about laziness per se.

Though, people get a false sense of security that just because an OS is supported it is secure. That's not true at all, I'm sure even 7 and 8 have security holes too. Never leave a windows PC be wide open to the internet, it WILL get hacked, does not matter how well up to date it is. There will be some other flaw found and exploited. Heck, this goes for Linux even. Things like SSH are easy to hack by default as there is no brute force protection (by default). You can install stuff like fail2ban to make it safer.

I think we all kinda know this, but my new fear, as posted in my first post, is NOW......ALL OF US will be in even bigger harm's way over time, as businesses & agencies who will go on running XP, entities we may deal with who may have our data, will be in increasing danger of being hacked with impunity and that will impact US.

I think its scary. Esp today, seeing the possible percentages!!!

 

[Ketchup]

Considering where hacking and security are, I cannot blame Microsoft at all for steering people away from an OS that is over 12 years old.

Can only blame people for dragging their feet. When I do a Google search for Windows XP, the first six hits are about its EOL, and the last update I received for XP on a VM was to notify me of said EOL.

Our largest customer is just now getting us (we are still using an XP VM to connect to their resources) and their stores PC's updated with Windows 7. Must have been a pretty penny for them to drag it out so long.

 

[denis280]

WTF! just don't know what to say

 

[MagnusTheBrewer]

The worst systems on the planet bar none are health services. There are major hospitals still using Dos based software. They still use 'runners ' because there is no way to post information from one program to another. They deem it more cost effective to pay a part time employee to run a paper copy to another dept., have a full time employee re -enter it into a different system so, a doctor can then review it than, upgrade the software and pay someone to transfer the info. This is NOT an isolated situation. It is found in every major city in the country.

 

[TheRyuu]

Though, people get a false sense of security that just because an OS is supported it is secure. That's not true at all, I'm sure even 7 and 8 have security holes too. Never leave a windows PC be wide open to the internet, it WILL get hacked, does not matter how well up to date it is. There will be some other flaw found and exploited. Heck, this goes for Linux even. Things like SSH are easy to hack by default as there is no brute force protection (by default). You can install stuff like fail2ban to make it safer.

To further expand upon this, it's all about mitigation. There are certain types of mitigation that can completely defeat a whole classes of exploits.

I don't think anyone is going to claim something is infallible but it's still certainly better to have these mitigation's in place. Vista was far better than XP, 7 improved upon it and 8 raised the bar again (also EMET). Of course on the linux side of things there's still grsecurity (which includes PaX) which is mandatory for any linux install as far as I'm concerned.

I suppose the defaults do leave something to be desired though for those who really want to lock stuff down.

 

[code65536]

Um, context is kinda important, here.

1) Most of those legacy XP installations are in China. (where XP's market share is well over 50%)

2) Most of those legacy XP installations that are in China are pirated. (where the piracy rate is over 90%)

3) Most of those pirated legacy XP installations in China never had Windows Update turned on and have been vulnerable for ages. (Microsoft's own telemetry indicates over 70% of Chinese Windows don't use Windows Update.)

5) The market share for XP in the US, the last time I checked, was under 10%. (which, admittedly, is still a lot, but not quite as shocking as the 30% figure that's inflated by China and other poor, piracy-heavy regions)

6) The cessation of updates will not magically flip a switch making all XP installations vulnerable overnight.

 

[VirtualLarry]

5) The market share for XP in the US, the last time I checked, was under 10%.

Again, context is important, healthcare, federal services, and the energy sector are, I believe, disproportionately higher users of XP, than say, your common consumer.

Thankfully, though, for organizations this large, MS is still willing to patch security flaws, to the tune of millions of bucks.

6) The cessation of updates will not magically flip a switch making all XP installations vulnerable overnight.

I disagree. We *will* see a rise in zero-day exploits, as soon as the deadline has passed. What will happen after that is anybody's guess, but we had better hope and pray that most of the important remaining XP computers aren't connected directly to the internet.

 

[Mem]

Considering where hacking and security are, I cannot blame Microsoft at all for steering people away from an OS that is over 12 years old.

Can only blame people for dragging their feet. When I do a Google search for Windows XP, the first six hits are about its EOL, and the last update I received for XP on a VM was to notify me of said EOL.

Our largest customer is just now getting us (we are still using an XP VM to connect to their resources) and their stores PC's updated with Windows 7. Must have been a pretty penny for them to drag it out so long.

I can see it from both sides,but end of the day they have had plenty of time to get it sorted or upgrade etc so they only have themselves to blame,sure it may involve costs etc but surely they must have realized that at some point,nobody or any company buys an OS thinking I've this for life?

 

[Virgorising]

WTF! just don't know what to say

No, U do. WTF nailed it perfectly.:|

 

[Virgorising]

Considering where hacking and security are, I cannot blame Microsoft at all for steering people away from an OS that is over 12 years old.

Absolutely agree. I would never blame MS for any of this.

Can only blame people for dragging their feet. When I do a Google search for Windows XP, the first six hits are about its EOL, and the last update I received for XP on a VM was to notify me of said EOL.

I've been trying to be understanding re capital outlay to upgrade, etc. But enuff is enuff.

Our largest customer is just now getting us (we are still using an XP VM to connect to their resources) and their stores PC's updated with Windows 7. Must have been a pretty penny for them to drag it out so long.

Wow. Bet that's more common than I once thought. Penny wise, pound foolish?

 

[Virgorising]

There are major hospitals still using Dos based software

:'(

 

[Virgorising]

Um, context is kinda important, here.

1) Most of those legacy XP installations are in China. (where XP's market share is well over 50%)

2) Most of those legacy XP installations that are in China are pirated. (where the piracy rate is over 90%)

3) Most of those pirated legacy XP installations in China never had Windows Update turned on and have been vulnerable for ages. (Microsoft's own telemetry indicates over 70% of Chinese Windows don't use Windows Update.)

5) The market share for XP in the US, the last time I checked, was under 10%. (which, admittedly, is still a lot, but not quite as shocking as the 30% figure that's inflated by China and other poor, piracy-heavy regions)

6) The cessation of updates will not magically flip a switch making all XP installations vulnerable overnight.

Re China, I have healthy cynicism about the reality of everything there, but in this, I had NO CLUE!!!!

70% unpatched??

I now think I am very sheltered. All my life, if I missed one hotfix, I would go batdoody. Even yesterday, Tuesday, I kept looking for new patches. but there were none. Well, cept for optional BING I keep hiding, but they keep offering it.

70%?????????????????

 

[Virgorising]

I can see it from both sides,but end of the day they have had plenty of time to get it sorted or upgrade etc so they only have themselves to blame,sure it may involve costs etc but surely they must have realized that at some point,nobody or any company buys an OS thinking I've this for life?

I too used to see it from both sides; NOW, getting the breadth of this, AGAIN, I am selfishly worried about all this putting US in harm's way.

 

[Virgorising]

I disagree. We *will* see a rise in zero-day exploits, as soon as the deadline has passed. What will happen after that is anybody's guess, but we had better hope and pray that most of the important remaining XP computers aren't connected directly to the internet.

Ding, ding, DING. Above, is why my immediate response to the article was "OMG!!!!! this will involve US increasingly, over time despite we left XP long ago!!!!"

 

[denis280]

There are major hospitals still using Dos based software

Yes it is.and can you imagine how much this will cost for replacement.it's alwready started with Goverment. it cost a fortune to you and me on taxxxxxxxxxxxxxxxxxxxx

 

[Virgorising]

Quote: Originally Posted by MagnusTheBrewer View Post There are major hospitals still using Dos based software Yes it is.and can you imagine how much this will cost for replacement.it's alwready started with Goverment. it cost a fortune to you and me on taxxxxxxxxxxxxxxxxxxxx

But Denis, where YOU live (lucky U), you have the civilized, single payer health care system most enlightened, industrialized nations have! Here, we do not. So, trust me, we will be made to absorb even greater health car costs than now despite they will not be in the form of taxes.

I am getting more and more, I am a little sheltered. Other nite we surfed into a presentation of a not terrible Toshiba lappy on one of the shipping channels. (Tho no bargain for sure, the lure is stretched out payments.)

The thing had quad core chip (not sure which one, tho), 8GBs of RAM, good bells and whistles; good # of USB ports, HDMI......was not a bad 17' lappy, running W 8, of course tho.

The Toshiba guy said, "Only 3 out of ten computers have quad core chips." I was shocked. See how sheltered I am?

 

[Red Squirrel]

:'(

Meditech LOL. Ok, it's not DOS based, but probably pretty close. :biggrin:

At our hospital there are plenty of NT4 boxes still running though, because they run something specialized that wont run on anything else and the company is no longer in business. The finance system is running off an old SCO unix box that nobody knows the password to and because it's so proprietary it's not like you can boot off a Linux CD to access the file system, if you had to. Lot of scary stuff like that in hospitals. Glad I don't work there anymore. It's somebody else's problem now. :biggrin:

 

[Virgorising]

Meditech LOL. Ok, it's not DOS based, but probably pretty close.

K.....but "pretty close' still shocking. Reminds me yet again of the open and shut abysmal state of our infrastructure here in America. The grid, bridges, U name it.

Glad I don't work there anymore. It's somebody else's problem now.

In this, I disagree. We are all in this together. Now, more than ever.

At our hospital there are plenty of NT4 boxes still running though, because they run something specialized that wont run on anything else and the company is no longer in business. The finance system is running off an old SCO unix box that nobody knows the password to and because it's so proprietary it's not like you can boot off a Linux CD to access the file system, if you had to. Lot of scary stuff like that in hospitals

Wow. That's not just sad, it's really interesting! And, bet, NOT UNCOMMON. What business don use proprietary software? But, well run bigger ones usually have in house Tech Teams. But maybe not as many as I thought.

It seems we R in deep doo doo.

 

[code65536]

And you know what? An old DOS box is probably a lot more secure than any modern OS. No network connectivity, and I doubt there are many people who are familiar with those kinds of systems (address banking? oh what fun!)

As I've said before and as I'll say again, old does not automatically mean insecure. It depends on the user and the installation. If the device is not connected to a network or connected only to a private internal network, what's the worry? Have Internet access but all Internet-facing applications are secure (or restricted to access only certain trusted resources), and incoming ports are all closed or externally firewalled? Yea, good luck breaking into that, no matter how old and outdated the OS is. Sure, these sorts of hardened installation scenarios are uncommon among general users, but as it's been pointed out already, most of the holdouts in first-world countries are large organizations using these machines in specialized roles where this sort of hardening is the norm.

The world isn't going to magically devolve into "OMG! Pwnies!" on April 8.

 

[Virgorising]

And you know what? An old DOS box is probably a lot more secure than any modern OS. No network connectivity

The "what" is where we start, and never the real issue; the 'WHY' always is.

 

[nemesismk2]

I have just activated another copy of windows xp which i bought new with professional service pack 3 in case that windows xp doesn't drop in popularity as fast as microsoft wants. it's got some great anti virus and a trojan scanner.

 

[escrow4]

I have just activated another copy of windows xp which i bought new with professional service pack 3 in case that windows xp doesn't drop in popularity as fast as microsoft wants. it's got some great anti virus and a trojan scanner.

Antimalware or antivirus won't protect anything. The point is that XP's kernel is actually insecure. It was never built for 2014. And exploits will neatly bypass any form of "protection" you could possibly have.