Winxp vulnerabitlity my way?

onliner123

Junior Member
Apr 5, 2014
2
0
0
Hello - Please let me know your thoughts..... If I feel it's safe, i would use my old computer with WinXp (and Norton Internet Security suite) to do only the following:

surf safe sites on the web and use email through Yahoo.

I wouldn't use the computer for any sensitive use such as ordering online, banking or anything other than email and web surfing. It isn't worth buying a new operating system for that computer and it probably wouldn't work on that machine anyway. I have another computer with Windows 7 which I use only for MS Flight Sim (FSX).

I'd appreciate your thoughts as to what my vulnerability would be in that case....


Thanks Howard
 

escrow4

Diamond Member
Feb 4, 2013
3,339
122
106
There are no safe websites online, anything can be exploted anytime. Plus XP is physically insecure down to the kernel. It isn't built for 2014.
 

code65536

Golden Member
Mar 7, 2006
1,006
0
76
You should be fine.

The vulnerability of XP is grossly exaggerated. XP lacks many of the mitigations that exist on newer versions of Windows, so it doesn't have that defense-in-depth. But to say that it's fundamentally insecure is to betray a lack of understanding of what security is.
 

Elixer

Lifer
May 7, 2002
10,371
762
126
If you are only doing 'surfing' & e-mail, then ... meh, though, it still is possible to get malware on it.
If it bugs you, you can install linux for an alternative (mint or ubuntu, both free).
 

Mem

Lifer
Apr 23, 2000
21,476
13
81
If you are only doing 'surfing' & e-mail, then ... meh, though, it still is possible to get malware on it.
If it bugs you, you can install linux for an alternative (mint or ubuntu, both free).


I agree probably a Linux Distro is your best bet,free and secure and plenty to choose from.

Zorin is also another good choice(Ubuntu based).


7.png





http://zorin-os.com/index.html


Remember there are Linux Distros out there even for very low spec PCs.
 

accguy9009

Senior member
Oct 21, 2007
504
10
81
I agree probably a Linux Distro is your best bet,free and secure and plenty to choose from.

Zorin is also another good choice(Ubuntu based).


7.png





http://zorin-os.com/index.html


Remember there are Linux Distros out there even for very low spec PCs.

Agree on Zorin, also Bodhi Linux based on Ubuntu is a good choice. OP i would dual boot a light Linux Distro of your choice on that XP box if you can't bring yourself to totally walk away from old Bessy
 

JackMDS

Elite Member
Super Moderator
Oct 25, 1999
29,516
408
126
Steve Gibson Knows about Computers' Security more than any one of us.

See what he thinks about XP security - http://twit.tv/show/security-now/445

It is in the 1:45 (1 hour 45 minimum) spot.


:cool:
 

escrow4

Diamond Member
Feb 4, 2013
3,339
122
106
You should be fine.

The vulnerability of XP is grossly exaggerated. XP lacks many of the mitigations that exist on newer versions of Windows, so it doesn't have that defense-in-depth. But to say that it's fundamentally insecure is to betray a lack of understanding of what security is.

No UAC, no ASLR, no heap/memory tweaks, no secure boot, no ELAM, no mandatory DEP, no kernel adjustments - XP didn't even have a firewall until SP2. Its a joke security wise.
 

code65536

Golden Member
Mar 7, 2006
1,006
0
76
No UAC, no ASLR, no heap/memory tweaks, no secure boot, no ELAM, no mandatory DEP, no kernel adjustments
All of which are mitigations to limit the depth and severity of a breach, not prevent the breach itself.

(Um, "mandatory DEP"? By default, in Windows 7/8, DEP is on only for system processes and off for everything else. XP has those same options and, IIRC, the same default settings.)

XP didn't even have a firewall until SP2. Its a joke security wise.
So? Software firewalls are useless; they're always disabled on my machines.

Is running XP riskier? Sure. But unless there's a new no-user-action-needed RCE that comes along, I'm not going to call it insecure. A careful user should have no problems (again, unless there's an extremely bad RCE that comes along).
 

zir_blazer

Golden Member
Jun 6, 2013
1,207
503
136
XP didn't even have a firewall until SP2.
It did had. It came disabled by default. Ticking that sole box was enough to protect against Blaster in WXP preSP1. However, the Firewall was very primitive and annoying for regular usage, as it blocked a lot of legit traffic with no way to alter it settings. For example, with it enabled you couldn't receive (Or send? Don't recall) files via Windows Messenger.
 

JackMDS

Elite Member
Super Moderator
Oct 25, 1999
29,516
408
126
onliner123 I have an old XP computer that I use for years in a similar manner that you use your.

I did not even updated it when the updates were available (it was some sort of experiment).

The computer is behind a Router using Kerio 2.1.5 firewall (last freeware version of Kerio) and Avira Antivirus. (I consider Norton Junk source as is so I do not use it).

Using it for surfing mainstream sites and email I never had a security problem.

Kerio here in the middle of the page - http://www.321download.com/LastFreeware/page7.html

Avira free version - http://www.avira.com/en/avira-free-antivirus


:cool:
 

ViRGE

Elite Member, Moderator Emeritus
Oct 9, 1999
31,516
167
106
You should be fine.

The vulnerability of XP is grossly exaggerated. XP lacks many of the mitigations that exist on newer versions of Windows, so it doesn't have that defense-in-depth. But to say that it's fundamentally insecure is to betray a lack of understanding of what security is.
It runs every process as Admin by default. That's pretty damn insecure.

Get off of XP, and get off of it now. Install Windows 7 or a modern Linux distro. It's going to be a malware free-for-all against XP users after April 8th.

Edit: And there's no such thing as "safe" browsing. The really good exploits are delivered via ads on legitimate sites.
 
Last edited:

postmortemIA

Diamond Member
Jul 11, 2006
7,721
40
91
It runs every process as Admin by default. That's pretty damn insecure.

Get off of XP, and get off of it now. Install Windows 7 or a modern Linux distro. It's going to be a malware free-for-all against XP users after April 8th.

Edit: And there's no such thing as "safe" browsing. The really good exploits are delivered via ads on legitimate sites.

Then OP (and me) can switch to non-admin account to alleviate possible damage.

These 28% PCs running XP today, do you really think they all are up to date on windows updates? half of them are probably pirated copies, and that being reason #1 why they are not upgrading.
 

code65536

Golden Member
Mar 7, 2006
1,006
0
76
It runs every process as Admin by default. That's pretty damn insecure.

Again, that's just a mitigation to limit the depth and severity of a breach; it does nothing to prevent a breach. What it means is that if you get malware, it's easier to recover from it (create a new user account on the system), but you will still get screwed.

Malware these days are more about financial gain and less about hosing a computer; there's not a whole lot to be gained by seizing full control of the system, and there's plenty of damage that malware can do even when "limited" to the confines of a user's account (e.g., Cryptolocker). This isn't the 90's where malware was made by bored guys showing off their prowess; this is the era where malware is a business whose goal is to scam, extort, or steal sensitive data.

Anecdotally, almost all of the malware that friends/family have asked me to help clean in recent years ran perfectly fine with limited privs and were not elevated. All were running a "modern" Windows 7 OS, and all had up-to-date antivirus. As I've said in other threads, the user is the biggest security hole, and nothing is a suitable substitute for a competent user. Me running XP with no firewall and no antivirus is still much, much safer than my dad running Windows 8.1 with every available security bell and whistle (that having been said, my dad running XP would be downright scary because yes, XP is riskier, and I'm not denying that, but the relative magnitude of that isn't as great as most assume).

And there's no such thing as "safe" browsing. The really good exploits are delivered via ads on legitimate sites.
Firefox+NoScript. Not only will it protect you from most attacks, but it's amazing how many annoyances disappear this way. It's a bit of a hassle to manually white-list a lot of things, but it's well worth it, especially on, er, certain types of sites.
 
Last edited:

smakme7757

Golden Member
Nov 20, 2010
1,487
1
81
The problem isn't only XP, but the browser as well. Internet explorer 8/9 or what ever XP has is starting to show it's age. Firefox 3 and 12 are the last versions to support XP. Everything is moving away from XP. As far as i know Chrome and opera are the last two browsers still supporting XP.

But I have to ask: How many of you would actually use an OS which you know will never get any official updates, ever again?

This report is good reading for anyone interested:
http://learn.avecto.com/2013-microsoft-vulnerabilities-report-b
 
Last edited:

postmortemIA

Diamond Member
Jul 11, 2006
7,721
40
91
Latest Firefox still supports XP. IE 8 is the latest for XP... And it sucks. But that one is also being shipped with windows 7
 

code65536

Golden Member
Mar 7, 2006
1,006
0
76
Firefox 3 and 12 are the last versions to support XP. Everything is moving away from XP.

No, Firefox 3 and 12 are the last versions to support XP RTM and XP SP1. XP SP2 and SP3 are still fully supported by the latest versions, and there are no plans in the foreseeable future to drop XP support.
 

smakme7757

Golden Member
Nov 20, 2010
1,487
1
81
No, Firefox 3 and 12 are the last versions to support XP RTM and XP SP1. XP SP2 and SP3 are still fully supported by the latest versions, and there are no plans in the foreseeable future to drop XP support.
Story is still the same. There is no reason to keep using an out of date operating system where the developer has officially stated that the supply of security updates will stop.

All future security flaws in XP will become Zero day. Not a chance worth taking in my oppinion unless there is a really good reason to stick with Windows XP in 2014 and beyond.
 

ViRGE

Elite Member, Moderator Emeritus
Oct 9, 1999
31,516
167
106
Then OP (and me) can switch to non-admin account to alleviate possible damage.
But they won't. Nobody does. There's a reason developers had to be dragged kicking and screaming into the modern age with Vista and UAC; outside of a tightly controlled IT environment, XP is all but useless without admin.

These 28% PCs running XP today, do you really think they all are up to date on windows updates?
Oh goodness no. And that's part of the reason why we already have so many damn bots.
 
Last edited:

pmv

Lifer
May 30, 2008
14,271
9,112
136
Surely even a 'safe' website can accidentally serve up something nasty in an ad from another source?
I seem to recall it happening on a site not a million miles from here.

I vote for going Linux. For the sake just of breaking the monotony of continuing to look at XP, if nothing else!
 

onliner123

Junior Member
Apr 5, 2014
2
0
0
First of all - thanks to all for your quick and helpful responses.....

You've given me a lot to think about - I plan to check out Linux for a start and go from there......

thanks again Howard