The support for WinXP will end at April 08, 2014: microsoft.com.
After this the OS will not get new security updates.

From what I read in the web, the bad people eagerly await this date, because they know opened doors already for to attack WinXP PCs then.
Is this true?
Or incorrect information in order to sell more Microsoft OS's? ;-)

IIRC, my WinXP PC didn't got security updates after I installed WinXP SP3.
So maybe the last 3 years no new security update.
It looks like my PC got never a virus. At least the virus tool found no virus. ;-)
But, I'm already unsafe in the web?

I have my WinXP PC at a DSL Router. He have a hardware firewall.
Or is there no difference between modem (directly) and router (firewall) connection?

If I go at April 09 with my Firefox (latest/newest v28) into the web (still with WinXP), it could be dangerous?
How I could infect my WinXP PC?
If I go to a hacked (or bad) website?
Or if the WinXP PC is just connected to the internet (my DSL router (PC) is (must be) 24/7 online, because VoIP (web phone))?

Thanks.

---

If your PC is on 24/7 with a router then you are pretty well protected from inbound attacks. Someone could find an exploit in your router, but do you replace your router just because the maker stops releasing new firmware for it?

If there was a big exploit that could be used to cripple XP machines there is no good reason why someone would wait until after the 8th to attack it. Microsoft often takes weeks, months, or never bothers to patch something once it has been publicly known. Companies that are still using embedded XP have service contracts to have their OS's patched anyway.

As far as getting bad things from the web. Your browser is your first line of defense. If something gets to your machine then they used an exploit in the browser or your settings allowed it in.

I'm not sure why you are not getting any updates. The machine we use in the lab at work to copy CD/DVD's is running XP & gets them regularly. I have it setup to prompt when there are updates. So I can uncheck the microsoft malicious software thing.

The only safe computer is one that isn't connected to power.
Also XP has a declining market share. So that makes it a less desirable target all of the time.

---

SETI@home classic workunits: 93,865 CPU time: 863,447 hours
Join the [url=http://tinyurl.com/8y46zvu]BP6/VP6 User Group[

I would suggest that this Thursday that you do a manual Windows Update using the Custom option (you have missed out a large amount of updates in that time) and make sure that you deselect and hide the "end of XP support notification" update.

So long as your anti-virus software, browser and router firewall are all up to date then you shouldn't have any problems.

I intend on keeping my shed's XP Jukebox going until a major hardware failure forces me to replace it and that could be years down the track yet.

Cheers.

The problem for the "WinXp EOS" is that there is a steady stream of exploits and bugs that are common across all versions of Windows that Microsoft issues updates for. The first set of updates that fix things for all versions of Windows except WinXP will leave WinXP as a known open target to be exploited by the 'bad guys'.

The firewall on your router should protect you from 'port based' attacks from the internet. However, that does NOTHING to protect you from all the many other ways that Windows gets subverted...

For example, recent fixes have been to stop jpg images and text files from pawning your Windows computer! (If you use Outlook or any auto-preview in such as your file manager/browser, no user interaction needed to get clobbered by those, all by the power of email and or web advertising images...)

And there's a steady stream of similar hum-dingers...


So... Come the next few days, WinXP is not going to spontaneously combust (unless the Microsoft "WGA" switches you off). However, sometime soon after, you must expect a series of new exploits to be quickly doing the rounds around the internet for which your anti-virus may well not protect you.


And then... Why still hanging onto WinXP? Really is there nothing better?


IT is what we make it...
Martin

---

See new freedom: Mageia Linux
Take a look for yourself: Linux Format
The Future is what We all make IT (GPLv3)

Is that any worse than all the new exploits that seem to be exploding through the Linux world of late Martin?

Cheers.

And for a scary alternative:


How Microsoft can keep Win XP alive – and WHY: A real-world example

Redmond needs to discover the mathematics of trust

Sysadmin blog: What if Microsoft announced it's not ending support for Windows XP next Tuesday after all, and instead will offer perpetual updates (for a small fee, of course).

Something inside me, somewhere between my sense of humor and soul-crushing cynicism, drove me to turn that dream into an April Fool for this year. But all cruel joking aside, there's a very real discussion to be had about this...


IT is very much what we make it...
Martin

---

See new freedom: Mageia Linux
Take a look for yourself: Linux Format
The Future is what We all make IT (GPLv3)

Is that any worse than all the new exploits that seem to be exploding through the Linux world of late Martin?

Yes, very much so. (And I've not seen any such dramatic headlines as 'exploding'. There's just the usual 'security company' scare-articles to try to start up anti-virus business for Linux. Ever wondered why anti-virus is pretty much a Windows-only business?)


Over in the Linux world, there are some (old) ongoing high profile break-ins where users have given away their login details for their websites... All the usual problems of keeping your credentials safe as is needed for any system.

There are no exploits/vulnerabilities in anything like the way we continue to see for Windows, and certainly nothing like losing your computer to a jpg image or a text file!... Windows still holds all the world records for the variety and persistence of malware infections...

But I'm sure all that is better for another thread...


IT is what we make it...
Martin

---

See new freedom: Mageia Linux
Take a look for yourself: Linux Format
The Future is what We all make IT (GPLv3)

From what I read in the web, the bad people eagerly await this date, because they know opened doors already for to attack WinXP PCs then.
Is this true?
Or incorrect information in order to sell more Microsoft OS's? ;-)

We will know that in the next few weeks, now nobody can tell you that.

IIRC, my WinXP PC didn't got security updates after I installed WinXP SP3.
So maybe the last 3 years no new security update.
It looks like my PC got never a virus. At least the virus tool found no virus. ;-)
But, I'm already unsafe in the web?

Than if you have not installed any updates since the release of SP3, which was released 2008 BTW, why are you worried, that you won't be able to do it in the future? With just SP3 and no updates after that at all you're probably more unsafe now than you'll ever be with a full patched WinXP.

I have my WinXP PC at a DSL Router. He have a hardware firewall.
Or is there no difference between modem (directly) and router (firewall) connection?

That helps a lot.

If I go at April 09 with my Firefox (latest/newest v28) into the web (still with WinXP), it could be dangerous?
How I could infect my WinXP PC?
If I go to a hacked (or bad) website?

That can always happen, nevermind which Windows and which browser you use, but of course you should always try to use products, which are still getting security updates, so at least you should not use IE8, which won't get updates anymore. Also you will get new updates the 8th (if you actually install them). The first patch day, when WinXP won't get updates is the 13th May and it probably wouldn't have get any updates before that anyway, regardless of EOS.

Or if the WinXP PC is just connected to the internet (my DSL router (PC) is (must be) 24/7 online, because VoIP (web phone))?

As long as the computer is behind a firewall (router), it's not a big issue, more important is the software that actually uses the connection.


That being said, I still use my WinXP laptop, which is not really Win7/8 compatible and I will use it just like nothing happened, but of course I watch it more carefully. The other WinXP machine I have is just a BOINC cruncher, it contacts only project servers (and MS and Avast update servers), so I don't see there any issues at all.

---

How Microsoft can keep Win XP alive – and WHY: A real-world example

There's more to it than just an example... Microsoft is quietly extending the EOS for paying enterprises. Perhaps this will expand. Hey, if I could pay maybe $5-10 for extended support per machine for a few more years of patches etc. this would be ideal.

Unless the bad people are sitting on an unknown XP zero-day privilege escalation, there hasn't been a good one of those discovered in years and they were all promptly patched. So, as well as other best practices such as minimizing internet access to trusted sites and ensuring you have a current antivirus/firewall always active, you can significantly harden XP by not logging in as an administrator account unless you need the privileges ie for (un)installation. This goes for just about all other OSes as well.

---

Unless the bad people are sitting on an unknown ...

The "bad people" are sitting on the greatest unknown that cannot be stopped; computer users easily socially engineered.

---

Unless the bad people are sitting on an unknown ...

The "bad people" are sitting on the greatest unknown that cannot be stopped; computer users easily socially engineered.

This is true. Biggest security risk is the user...

Fool them into clicking a link, opening an attachment, installing a trojan program etc.

I've just moved the wide and daughter over to Linux boxes. Now they have an up to date and more secure machine, at no cost.

Wont work for everyone, but it seems to be running Youtube and Candycrush. :-|
Anyone using Facebook needs to keep their security up to date....

Ian

My wifes lap top is and old Toshiba XP. I bought it in 03 I think. The grandkids are the only ones who use it now and they balk at how slow it is. I do have linux mint on it so I think that is what they will use, If they want to use the laptop that is.

---

[/quote]

Old James

I just installed the last XP updates on my jukebox and I was surprised that M$ didn't rename the "End of XP Notification" update that I hid last month, so other than keeping the AV updated on that rig it'll will just keep going on until it has a major hardware fail.

Cheers.

My 11 year old Northwood, XP machine continues to crunch on. It was retired for several years because it was obsolete but with the addition of a PCI GT430 for $30 it came alive 15 mos ago. Since all it does is crunch I have no security fears and where I live it only costs $5 to $7 per mo to run so I shall crunch on it till the smoke leaves the wires or I need the space for somthing better. God it's slow.

---

XP, like 98, will not go out with a bang but a whimper. XP will work forever but new software and hardware drivers will not work on XP if they have to be written differently than for Vista.

---

Ah, Vista. I was just reminded of why I skipped Vista. Someone donated their unused copy of Vista the other day. I can report that nothing has changed, you still can't run two platforms on Vista even after all these years. After you install the driver for the second platform Vista just says it has a problem and can't start the driver. If I wanted a single platform OS, there's always Ubuntu. I'm still running XP on that Host, Vista just doesn't do what I want from an OS.

Something interesting happened while installing AVG Antivirus in a brand new Vista the other day. After running all the M$ updates, and running MalwareBytes, I launched the AVG Web Installer off a USB Pendrive. It was the same 2014 AVG Installer I had used on a different XP machine without trouble. This time however, my brand new Malwarebytes certified clean Vista immediately was infested with the 188 file Malware/Adware package that seems to be going around. I was not running a browser at the time, the only website that new install had visited was M$ updates. Best I can figure, the Malware came in with the AVG installer. It's very convincing, no other way to explain it. After clearing out all the crap with Malwarebytes, I discovered my Pendrive had been wiped. Says it's not even formatted now. Strange stuff. I've heard others accuse the AV companies of creating work for themselves, but this experience seems pretty convincing...

Whatcha gonna do?

Just an update. I'm not having any success finding the AVG original installer. I'm just about positive all this adware was installed with AVG though. The installer was either from AVG itself or cnet. Right after the installer started I had an adware window for AnyProtect popup. Then Firefox opened to the AnyProtect site. That's just the tip though, many other items were installed and the Startpage was changed to "search.conduit.com/?gd=&ctid=CT3317816&octid=EB_ORIGINAL_...."

Here's an article on "AnyProtect" http://malwaretips.com/blogs/anyprotect-virus-removal/
"AnyProtect is a online backup program, which is promoted via other free downloads, and once installed it claims that you need to backup your personal files and folder..."
There were about 5 other "items" installed in the Programs and Features Control Panel. All this while the AVG installer was running. Unbelievable...

So if anyone has seen this "AnyProtect" Ad popup, beware! It's just the tip.

Microsoft is extending Windows XP support!

---

Ive found that most things free on cnet comes with a bunch of crap you dont want. Even reading and unchecking boxes is not a guarantee that you wont download some crapware.

---

[/quote]

Old James

The installer was either from AVG itself or cnet

I don't get anything from cnet

http://forums.cnet.com/7723-12543_102-606256/cnet-endores-s-conduit-virus-toolbar/
http://www.billhartzer.com/pages/cnet-downloads-now-come-with-a-bonus-unwanted-programs-and-spyware/


I just look which is the author/maker (if I don't know this in advance):
http://download.cnet.com/The-Matrix-Screen-Saver/3000-2257_4-10067722.html

(in this case it is 'Meticulous Software')
... and then get the clean original file from the authors:
http://www.meticulous-software.co.uk/downloads.htm


I still wonder why WOT is green for cnet (I voted Red in the WOT add-on) but see the users comments which are full with "Malware or viruses", "Misleading claims or unethical":
https://www.mywot.com/en/scorecard/download.cnet.com



ESET NOD32 Antivirus catches this as "CNETInstaller.B PUA"
(I tested by clicking the green [Download Now] button in the above "The-Matrix-Screen-Saver" CNET page
in SRWare Iron run in Sandboxie)

---

 


- ALF - "Find out what you don't do well ..... then don't do it!" :)