Macro$haft: Upgrade from Windows XP or risk infinite "zero-days"


9

98 Guy

Translation:

Keep playing our silly "you must continuously upgrade your OS" games.

"Users should upgrade to Windows 7 or 8."

And how exactly does a civillian get their hands on Windoze 7 at this
point -> WITHOUT BUYING A NEW PC? (if you can find one with win-7 that
is)

"The challenge here is that you'll never know, with any confidence,
if the trusted computing base of the system can actually be trusted
because attackers will be armed with public knowledge of zero-day
exploits in Windows XP that could enable them to compromise the
system and possibly run the code of their choice,"

What a load of horse-shit.

That's been the story of XP since it was forced (rushed) into home and
soho computers starting in the fall of 2001. History shows that
Milkro$oft could never garantee that XP was a safe and secure operating
system. What makes it any different once it hits EOL?

The truth is that XP will be orders of magnitude less vulnerable to
remote intrusion and control on April 15/2014 than it was in January
2002.

And another truth: Just like certain IE hot-fix files and patches from
Win-2k/XP were usable on Win-98 well after 98 went EOL in July 2006,
it's a given that users and enthusiasts of XP will be able to do the
same by extracting files from security patches released for other
versions of Windows (2003, Vista, etc).

But the real kicker is this:

After XP goes EOL, will Macro$haft release security bullentins from time
to time giving the world details and information as to newly-discovered
exploits and vulnerabilities for XP? Meekro$oft didn't do that when
win-98 went EOL -> because 9x/me had a ridiculously low level of known
vulnerabilities to begin with and no new ones were ever discovered /
reported after it went EOL.

What has Milkro$oft done along these lines with Windows 2000?

Does anyone maintain a list or has anyone reported on any unpatched
vulnerabilities and exploits for Windows 2000 that were discovered after
it went EOL on July 13, 2010?

===========
Microsoft: Upgrade from Windows XP or risk infinite "zero-days"


http://www.scmagazine.com//microsof...nfinite-zero-days/article/307937/?utm_source=

August 19, 2013

Microsoft is asking users who haven't already migrated to a newer
operating system to do it now.

Microsoft is intensifying its efforts asking users to scrap Windows XP,
the 12-year-old operating system for which the software giant is ending
support next April.

Tim Rains, director of Microsoft Trustworthy Computing, authored a blog
post last week reminding customers of the perils that could await them
should they continue running XP, which debuted in 2001, once Redmond
stops patching the platform. Users should upgrade to Windows 7 or 8.

"There is a sense of urgency because after April 8/2014, Windows XP
Service Pack 3 (SP3) customers will no longer receive new security
updates, non-security hotfixes, free or paid assisted support options or
online technical content updates," Rains wrote. "This means that any new
vulnerabilities discovered in Windows XP after its 'end of life' will
not be addressed by new security updates from Microsoft."

Rains said that when a vulnerability is patched in one of Microsoft's
supported operating system versions, attackers typically reverse
engineer the fix in hopes of creating an exploit that could target users
who failed to apply the update.

When Microsoft ends support for XP, it will be likely that such as
vulnerability would affect even outdated Windows versions. And without
any possibility for a patch, attackers will essentially have free reign
on XP endpoints.

"Since a security update will never become available for Windows XP to
address these vulnerabilities, Windows XP will essentially have a 'zero
day' vulnerability forever," Rains wrote.

In addition, customers shouldn't rely on the hope that anti-exploit
functionality will prevent a successful attack, he said.

"The challenge here is that you'll never know, with any confidence, if
the trusted computing base of the system can actually be trusted because
attackers will be armed with public knowledge of zero-day exploits in
Windows XP that could enable them to compromise the system and possibly
run the code of their choice," Rains wrote.

So what's holding up the migrations?

According to a study conducted in April by VMware, 64 percent of
enterprise-size companies still haven't migrated off XP. The same goes
for 52 percent of midsize firms and 61 percent of SMBs.

"Common challenges such as end-user downtime, data loss, migration
failures and effort to upgrade remote employees can all be avoided if
you plan ahead," wrote Sarah Semple, VMware's director of product
marketing, in a blog post.

In addition, cost is an impediment. Gartner has estimated that, based on
a 10,000-PC environment, the expense of migration is between $1,205 and
$1,999 per machine.
 
Ad

Advertisements

P

Paul in Houston TX

scbs29 said:
Try to access the url.
Comodo Internet Security gives message:

Warning: Unsafe Website Blocked!
tinyurl.com

This website has been blocked temporarily because of the following
reason(s):
Spyware, Mobile, Hacking, Operating System
This site contains links to viruses or other software programs that
can reveal
personal information stored or typed on your computer to malicious
persons.
remove fred before emailing
Registered Linux User 490858

Something is wrong with your website security.
That link is to newegg. It does not contain any bad stuff.
It opens with no problems for me.
 
B

Bert

Something is wrong with your website security.
That link is to newegg. It does not contain any bad stuff.

It's blocking "tinyurl.com" which is like censoring the phone book
because it has phone numbers of bad people in it.

I'm surprised it lets him do searches on google.com; imagine the bad
stuff it might lead him to.
 
J

JJ

Try to access the url.
Comodo Internet Security gives message:

Warning: Unsafe Website Blocked!
tinyurl.com

This website has been blocked temporarily because of the following
reason(s):
Spyware, Mobile, Hacking, Operating System

How can it detect a website as an OS?
Why does it consider an OS as a threat?
And what the heck is a mobile website?
 
Ad

Advertisements

A

Andy

Translation:



Keep playing our silly "you must continuously upgrade your OS" games.



"Users should upgrade to Windows 7 or 8."



And how exactly does a civillian get their hands on Windoze 7 at this

point -> WITHOUT BUYING A NEW PC? (if you can find one with win-7 that

is)



"The challenge here is that you'll never know, with any confidence,

if the trusted computing base of the system can actually be trusted

because attackers will be armed with public knowledge of zero-day

exploits in Windows XP that could enable them to compromise the

system and possibly run the code of their choice,"



What a load of horse-shit.



That's been the story of XP since it was forced (rushed) into home and

soho computers starting in the fall of 2001. History shows that

Milkro$oft could never garantee that XP was a safe and secure operating

system. What makes it any different once it hits EOL?



The truth is that XP will be orders of magnitude less vulnerable to

remote intrusion and control on April 15/2014 than it was in January

2002.



And another truth: Just like certain IE hot-fix files and patches from

Win-2k/XP were usable on Win-98 well after 98 went EOL in July 2006,

it's a given that users and enthusiasts of XP will be able to do the

same by extracting files from security patches released for other

versions of Windows (2003, Vista, etc).



But the real kicker is this:



After XP goes EOL, will Macro$haft release security bullentins from time

to time giving the world details and information as to newly-discovered

exploits and vulnerabilities for XP? Meekro$oft didn't do that when

win-98 went EOL -> because 9x/me had a ridiculously low level of known

vulnerabilities to begin with and no new ones were ever discovered /

reported after it went EOL.



What has Milkro$oft done along these lines with Windows 2000?



Does anyone maintain a list or has anyone reported on any unpatched

vulnerabilities and exploits for Windows 2000 that were discovered after

it went EOL on July 13, 2010?



===========

Microsoft: Upgrade from Windows XP or risk infinite "zero-days"





http://www.scmagazine.com//microsof...nfinite-zero-days/article/307937/?utm_source=



August 19, 2013



Microsoft is asking users who haven't already migrated to a newer

operating system to do it now.



Microsoft is intensifying its efforts asking users to scrap Windows XP,

the 12-year-old operating system for which the software giant is ending

support next April.



Tim Rains, director of Microsoft Trustworthy Computing, authored a blog

post last week reminding customers of the perils that could await them

should they continue running XP, which debuted in 2001, once Redmond

stops patching the platform. Users should upgrade to Windows 7 or 8.



"There is a sense of urgency because after April 8/2014, Windows XP

Service Pack 3 (SP3) customers will no longer receive new security

updates, non-security hotfixes, free or paid assisted support options or

online technical content updates," Rains wrote. "This means that any new

vulnerabilities discovered in Windows XP after its 'end of life' will

not be addressed by new security updates from Microsoft."



Rains said that when a vulnerability is patched in one of Microsoft's

supported operating system versions, attackers typically reverse

engineer the fix in hopes of creating an exploit that could target users

who failed to apply the update.



When Microsoft ends support for XP, it will be likely that such as

vulnerability would affect even outdated Windows versions. And without

any possibility for a patch, attackers will essentially have free reign

on XP endpoints.



"Since a security update will never become available for Windows XP to

address these vulnerabilities, Windows XP will essentially have a 'zero

day' vulnerability forever," Rains wrote.



In addition, customers shouldn't rely on the hope that anti-exploit

functionality will prevent a successful attack, he said.



"The challenge here is that you'll never know, with any confidence, if

the trusted computing base of the system can actually be trusted because

attackers will be armed with public knowledge of zero-day exploits in

Windows XP that could enable them to compromise the system and possibly

run the code of their choice," Rains wrote.



So what's holding up the migrations?



According to a study conducted in April by VMware, 64 percent of

enterprise-size companies still haven't migrated off XP. The same goes

for 52 percent of midsize firms and 61 percent of SMBs.



"Common challenges such as end-user downtime, data loss, migration

failures and effort to upgrade remote employees can all be avoided if

you plan ahead," wrote Sarah Semple, VMware's director of product

marketing, in a blog post.



In addition, cost is an impediment. Gartner has estimated that, based on

a 10,000-PC environment, the expense of migration is between $1,205 and

$1,999 per machine.

I would recommend chilling out.

I have XP and have no messages to upgrade.

If you are that ticked off, go to Linux.

http://happynews.com/
 
9

98 Guy

I would recommend chilling out.
I have XP and have no messages to upgrade.
If you are that ticked off, go to Linux.

Did you have to double-space-full-quote my entire post - just to add 3
lines?
I have XP and have no messages to upgrade.

Messages?

I run win-98 on my systems - the emperor's new clothes (the NT-line of
Windows) didn't impress me from the start - I saw it for what it was.
Time has proven me right.
 
G

Good Guy

Did you have to double-space-full-quote my entire post - just to add 3
lines?

Messages?

I run win-98 on my systems - the emperor's new clothes (the NT-line of
Windows) didn't impress me from the start - I saw it for what it was.
Time has proven me right.

You are also running Mozilla 4.79. This is old Netscape as far as I can
remember. at least you could download Netscape 4.80 for your Windows 98
(or Windows 98SE)
 
N

Nil

I run win-98 on my systems - the emperor's new clothes (the
NT-line of Windows) didn't impress me from the start - I saw it
for what it was. Time has proven me right.

You're quite mistaken. NT and all that followed were a huge
technological leap beyond Windows 98 in security and stability. It not
just "the emperor's new clothes." Whether or not you were impressed is
irrelevant.
 
Ad

Advertisements

A

Andy

I'm thnking the older the OS, the less likely it is to being targeted. But

I'm not really sure how code specific the threats are to each version (and

only that version) of an OS, so that may be a false assumption!



re: "Never be led astray onto the path of virtue"...

Alas, I don't think you have to worry too much about that one, given what

I've seen of this world, unfortunately. :)

Windows 98 has tons of ways in.

There was even a program someone wrote that separated parts of Internet Explorer from the Win 98 Operating System.

It was supposed to offer more privacy.

Since you posted so many posts, someone may be writing some code right now because they perceive a challenge. :)

You could crash it accidentally with batch files, etc.

Andy
 
J

J. P. Gilliver (John)

scbs29 said:
[]
It's blocking "tinyurl.com" which is like censoring the phone book
because it has phone numbers of bad people in it.

I'm surprised it lets him do searches on google.com; imagine the bad
stuff it might lead him to.

thanks for the replies.
I will take this up with Comodo.

remove fred before emailing
Registered Linux User 490858

(A "-- " line _might_ have prevented that being quoted.)
I have had a reply from Comodo as follows : []
You can check for more details about the web-site http://tinyurl.com
why it is blocking. The domain 'tinyurl.com' is BLACKLISTED. []
Following these links leads to reports that seem to indicate that
tinyurl is overall not trustworthy and does not respond to any
complaints of abuse.

Make of it what you will.
[]
What I make of it is that Comcast (presumably your ISP) are being
overprotective, or at least are making all users suffer for the benefit
of inexperienced users.

tinyurl is just a URL-shortening service, which anyone can use. Of
course, this does make it (and similar services) popular with malware
authors: whenever someone posts a tinyurl link, you need to make a
judgement on whether you trust the person posting it before following
it. (Of course, that applies to any URL!) But for Comcast to block all
of it sounds lazy on their part to me.

Some UEL shorteners - I don't know if including tinyurl - run a scheme
whereby when you use one, you can opt (I presume by cookie) to see an
intermediate page which shows you where the shortened link is actually
going to take you to if you proceed. (Though even if tinyurl do offer
this, that won't help you if Comcast are blocking completely: you need
to find a way round - I don't know if the old trick, for example, still
works of asking a translation site like google to translate the page
from English into English).
--
J. P. Gilliver. UMRA: 1960/<1985 MB++G()AL-IS-Ch++(p)[email protected]+H+Sh0!:`)DNAf

Jurassic-period viewers like me for whom /The Flintstones/ was actually a
fly-on-the-wall documentary series. - Alison Graham in Radio Times 3-9 March
2012
 
Ad

Advertisements

P

Paul

J. P. Gilliver (John) said:
scbs29 said:
[]
It's blocking "tinyurl.com" which is like censoring the phone book
because it has phone numbers of bad people in it.

I'm surprised it lets him do searches on google.com; imagine the bad
stuff it might lead him to.

thanks for the replies.
I will take this up with Comodo.

remove fred before emailing
Registered Linux User 490858

(A "-- " line _might_ have prevented that being quoted.)
I have had a reply from Comodo as follows : []
You can check for more details about the web-site http://tinyurl.com
why it is blocking. The domain 'tinyurl.com' is BLACKLISTED. []
Following these links leads to reports that seem to indicate that
tinyurl is overall not trustworthy and does not respond to any
complaints of abuse.

Make of it what you will.
[]
What I make of it is that Comcast (presumably your ISP) are being
overprotective, or at least are making all users suffer for the benefit
of inexperienced users.

tinyurl is just a URL-shortening service, which anyone can use. Of
course, this does make it (and similar services) popular with malware
authors: whenever someone posts a tinyurl link, you need to make a
judgement on whether you trust the person posting it before following
it. (Of course, that applies to any URL!) But for Comcast to block all
of it sounds lazy on their part to me.

Some UEL shorteners - I don't know if including tinyurl - run a scheme
whereby when you use one, you can opt (I presume by cookie) to see an
intermediate page which shows you where the shortened link is actually
going to take you to if you proceed. (Though even if tinyurl do offer
this, that won't help you if Comcast are blocking completely: you need
to find a way round - I don't know if the old trick, for example, still
works of asking a translation site like google to translate the page
from English into English).

They should not be blacklisting http://preview.tinyurl.com/xxxxxxx
as the preview page makes it possible to examine the long version
of the link, without going there directly.

That's one of the best features of tinyurl.com, is that if you
pre-pend the word "preview" to the URL, you get to see the link
value. I've seen at least one other link shortener, that offers
no preview capability.

As far as I'm concerned, if posting shortened links from that
site, they should be in the form

http://preview.tinyurl.com/xxxxxxx

so people get a chance to see the link first.

Paul
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top