Are XP machines really going to be that vulnerable?

R

RegEdit

New Member
Reaction score
3
Location
Pacific Palisades, CA
Once support for XP ends, are XP machines really going to be THAT vulnerable? What if I'm connected to the Internet and all I ever use it for is going to CNN.com? No checking of emails, no visiting of out of the ordinary websites.

Will Avast pick up the Windows update "slack"?
 
From what I've heard, from people in the security field, is that the number of XP exploits being found/reported has dropped significantly since about the middle of last year.
So that means there are a couple of possibilities, either the hackers have moved on from XP and onto the newer operating systems, or they are keeping the holes they are finding quiet until after the 8th April.

The 2nd possibility is more likely and we should all prepare for a very busy day on the 9th. :eek:

Viruses/Malware can still get past antivirus software as none of them are 100%.
 
In my experience, the vast majority of XP infections have little to do with how up-to-date and patched the OS is. In most cases the infection is user-inflicted, sometimes made easier because of other software vulnerabilities, such as may be present in out-of-date browsers, Java, Flash, etc.

Since Windows updates are usually released monthly, for the next month at least, XP should be no more vulnerable than usual. It's only as time goes on that, theoretically, it will become more vulnerable, but it all depends on what new security vulnerabilities are discovered of course.

I've seen Windows XP machines, online and in daily use, running without updates and even without any service packs, that have no infections. I even had one customer that had several such machines - firewalls disabled, no AV and yet still no infections. On the other hand, I see fully patched and 'protected' machines badly infected frequently.

A lot of it has to do with the user of course. If we could remove the user element, I'm sure the XP machines would be fine. Can't complain though ... user error = profit :)
 
Right away..as in ...next week, or next month.....nah!
But after a year and two go by...yeah it will increase. But the bigger part after a year goes by will finding things that work on it. Any "current" antivirus products that will still install on it? Any websites that will still work with that old version of Internet Exploader? Yeah can slap on Chrome or Firefox...if next years version still installs on XP. Printers/peripherals still install on it? Any useful 3rd party software like Quickbooks or Office still install on it?

Like Molt mentioned above...most of todays infections come in via the 3rd party web players.

Another point....people keep worrying about "no more Microsoft updates"...but how many end users really kept up with those? Not many!

It's really going to be the 3rd party software support, and peripheral support...that drives the replacement. For businesses...this is important up front, they need computers that will run their line of business software. For residential....it'll be a slower process. But residentials often buy the "el cheapo" models...so that market is actually ahead of many businesses as far as replacement, because majority of residential market purchase computers that don't last, they they replaced their XP rigs years ago. Businesses tend to buy the higher quality biz grade models that last long...still a lot of XP rigs running strong there.
 
Moltuae said:
In my experience, the vast majority of XP infections have little to do with how up-to-date and patched the OS is. In most cases the infection is user-inflicted, sometimes made easier because of other software vulnerabilities, such as may be present in out-of-date browsers, Java, Flash, etc.

Since Windows updates are usually released monthly, for the next month at least, XP should be no more vulnerable than usual. It's only as time goes on that, theoretically, it will become more vulnerable, but it all depends on what new security vulnerabilities are discovered of course.

I've seen Windows XP machines, online and in daily use, running without updates and even without any service packs, that have no infections. I even had one customer that had several such machines - firewalls disabled, no AV and yet still no infections. On the other hand, I see fully patched and 'protected' machines badly infected frequently.
Click to expand...
I think you're right. Someone was telling me that JUST having my computer connected to the Internet will leave me vulnerable. I doubt that, especially since this is a dedicated music computer that I pretty much just use for audio software updates. I think I will wait for trouble (that may never happen) to happen before I upgrade.
Beside getting a new computer I'd have to get $500 of new music software if I upgraded.
 
Theres no way to know how severe of an exploit is going to be discovered. How easy is it to use. How much of the population still uses xp to where its worth using. etc etc
 
I was thinking the other day, what if a huge security hole is exploited after the 8th and most if not all xp machines get infected?
Will Microsoft do something about it or will they just sit back and say "Suckers!"
 
ComputerRepairTech said:
Theres no way to know how severe of an exploit is going to be discovered. How easy is it to use. How much of the population still uses xp to where its worth using. etc etc
Click to expand...

True. And a good point.

Certainly it would be wise for anyone sticking with XP, or anyone continuing to maintain XP machines for customers, to keep a close eye on what does develop.

For virus writers and hackers though, it's a diminishing target, one that I expect will diminish quite rapidly now that Microsoft have released MSE and Windows XP death-threat (EOL) notification updates. Also, for an OS of its maturity, you'd expect that most serious vulnerabilities (and by that I mean ones that would allow someone/something to gain control without any user input) would have already been discovered by now. Still, it's possible that some serious vulnerability could be discovered before XP all but disappears. It'll certainly be interesting to watch the outcome if it is ....


Larry Sabo said:
Switching to Win8.1 is surely more grief-ridden than the worst infection XP will endure.
Click to expand...
lol, I think you're probably right.
 
cyabro said:
From what I've heard, from people in the security field, is that the number of XP exploits being found/reported has dropped significantly since about the middle of last year.
So that means there are a couple of possibilities, either the hackers have moved on from XP and onto the newer operating systems, or they are keeping the holes they are finding quiet until after the 8th April.

The 2nd possibility is more likely and we should all prepare for a very busy day on the 9th. :eek:

Viruses/Malware can still get past antivirus software as none of them are 100%.
Click to expand...

I think this is a distinct possibility. If I were a hacker looking to build a botnet or something, I would be waiting until after the 8th to exploit the vulnerability I found. Also consider that patches that apply to newer versions of Windows, can also be relevant to vulnerabilities that also exist in XP. So, when MS releases a hoard of security patches on any given "Patch Tuesday", once those patches are examined, they essentially can give malware writers a blueprint (or at least some helpful hints) to writing an exploit for XP that will never be patched.

It's going to be interesting, either way.
 
Much ado about nothing?

I'm less concerned about the OS version than the browser! I looked recently and IE 6 still had 5% of the active browser installations!

I switched some people to paid versions of AV products and ensured they were using Chrome or Firefox. I also made sure their data was inconsequential or saved to some other media.

Then I told them it might buy them a year before they really, truly, positively, need to buy a new computer. I also told them it would be foolish to do any financial activities on the old XP system. Games = fine. Routine web surfing = fine. Anything else = asking for trouble.

Some people just want to play Pogo games and get their e-mail.

-Mike
 
Well, some people are taking this seriously. I just found out that a local firm is mailing all its regular clients to tell them (and I quote): "If you have XP systems that are connected to the internet, or connected to another device that has internet access, do NOT even turn them on from Tuesday 8th April." Bit of overkill there, I think...
 
Just finished reading this little AP news article about the subject: http://news.yahoo.com/end-windows-xp-support-spells-trouble-192945132--finance.html

The quote at the end is priceless:
Mike Eldridge, 39, of Spring Lake, Mich., says that since his computer is currently on its last legs, he's going to cross his fingers and hope for the best until it finally dies.

"I am worried about security threats, but I'd rather have my identity stolen than put up with Windows 8," he says.
Click to expand...
 
Once adobe and java stop supporting XP and they become really out of date then that's when XP users are really going to be in trouble. Going to be a piece of cake to exploit browsers then.
 
I will avoid using my browser then. I wonder if software updates that simply use an internet connection will be a problem. I've got a 32-bit Windows XP computer that I use exclusively for music. I am hating the idea of having to pay an extra $1,000 in software updates to get to 64-bit.
 
RegEdit said:
I will avoid using my browser then. I wonder if software updates that simply use an internet connection will be a problem. I've got a 32-bit Windows XP computer that I use exclusively for music. I am hating the idea of having to pay an extra $1,000 in software updates to get to 64-bit.
Click to expand...

32bit WIN7?

Rick
 
JoeTech said:
Once adobe and java stop supporting XP and they become really out of date then that's when XP users are really going to be in trouble. Going to be a piece of cake to exploit browsers then.
Click to expand...

Its also going to be hard to even surf the net since things like facebook and youtube wont work correctly for them anymore.
 
Even though I have a perfectly good Win7 computer at home, I'm still using my XP-Pro computer. I guess you (could/would) say that I'm waiting to see if anything should occur now that the 8th has passed us by.

It is / was quite interesting that I came across a local police officers Dell laptop (belongs to the City). He had purchased a different keyboard for it and as it turned out we had ordered the wrong one. So now the correct keyboard has been ordered....

Anyway back on subject here - his laptop is running Windows XP Pro even though it has a COA for Vista. I suspect that the IT dept that takes care of the officers laptops has programs that only run with XP - maybe. Or perhaps the IT dept. isn't working on conversion(s) to Vista and above. Time will tell as will the money that the city sets aside for non-XP computers. I asked the officer if he used it on the Internet for anything other than connecting with HQ and said yes. It'll be interesting to see how / when the City makes a move away from XP computers.
 
Last edited:
There are still a large amount of larger corporates and until recently local government operations that have these deliberately downgraded for compatability machines.... Does anyone actually use the XP VM in 7pro??

Always thought this was a useful option for the corporates.
 
You must log in or register to reply here.

Similar threads

thecomputerguy
Oprah says, "and you get a violation, and YOU get a violation, and YoU get a ViOlation!"
Replies
11
Views
1K
DRPCNZ
DRPCNZ
Metanis
[TIP] Automatic updates to digital wallets!
Replies
1
Views
297
britechguy
britechguy
GTP
Got this missive this morning...
Replies
13
Views
861
xrobwx71
xrobwx71
thecomputerguy
Client upset because mail is now going to spam after upgrading to Business Premium.
Replies
6
Views
557
britechguy
britechguy
thecomputerguy
STATUS_BREAKPOINT when going to Amazon Business.
Replies
16
Views
1K
britechguy
britechguy
Back
Top