D&C GLug - Home Page

[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]

Re: [LUG] OT: Advice for Windows XP Users

 

On 29 March 2014 14:53, Martijn Grooten <martijn@xxxxxxxxxxxxxxxxxx> wrote:
On Sat, Mar 29, 2014 at 01:32:43PM +0000, Simon Avery wrote:
> What's also interesting is the increasing evidence that hackers are
> preparing for a major attack on XP machines once support finishes - and
> it's likely they have a bunch of unused exploits waiting for the day
> they're safe to deploy them knowing they'll never be patched.

I haven't seen any such evidence, other than people making informed
guesses, but I can also come of with some sensible arguments why this
won't be the case.

You're right, 'evidence' was too strong a word. Conjecture, rumour, speculation would all have been better choices. 

I know there are still many machines running XP, but what I haven't seen
much of are numbers of XP machines that aren't either running a very old
version, or are run by sysadmins that know what they're doing and have
secured the system in other ways. It's those machines for whom the
situation will become a lot worse after 8 April.

(Machines that haven't been patched in ages are a real problem, but they
won't become more vulnerable when Microsoft stops rolling out patches.)

True, and not restricted to XP or even Windows.

What about ATMs and Embedded devices running XP? (One would hope the former would be isolated from the internet, but we all know that's not the only vector). Or countries who have can't afford to upgrade as often. (Using old licences and who haven't been bitten by the linux opportunity bug yet)
 
What's clear is that all the XP machines are not going to suddenly burst into flames, so some perspective needs to be kept. And exploits are found against operating systems and software that *are* up to date constantly, so relying on keeping things up to date alone is not good enough - but it is a part of a good security strategy. 

Surprised more AV companies haven't promoted covering more aspects of protecting above patches in XP.

-- 
The Mailing List for the Devon & Cornwall LUG
http://mailman.dclug.org.uk/listinfo/list
FAQ: http://www.dcglug.org.uk/listfaq