# Discussion of security concerns for EOL or near EOL Windows versions



## lexluthermiester (Aug 26, 2019)

At the request of staff this thread was created to discuss security concerns of Windows Versions which have be retired. The discussion started as follows.


lexluthermiester said:


> Windows XP never magically became an insecure OS and interestingly still isn't. Windows 7 is unlikely to become such either. Still being EOL will trigger software and hardware devs to being phasing out support. As irritating and sad as it is, it's the future..





Solaris17 said:


> None of that is true. Would love to further discuss security in a thread meant for it.


So lets discuss? What do you find untrue?


----------



## newtekie1 (Aug 26, 2019)

If you don't think XP is insecure, then give it a public IP and see what happens.


----------



## FinneousPJ (Aug 26, 2019)

I mean windows in general is no paragon of security.


----------



## lexluthermiester (Aug 26, 2019)

newtekie1 said:


> If you don't think XP is insecure, then give it a public IP and see what happens.


Not without proper security in place. However, with a solid firewall and AntiMalware suite I have.


----------



## Dinnercore (Aug 26, 2019)

The context for this question is relevant too, are we talking home use or professional application like a workstation in a big open network or even a public server? For home use I would agree that there is not much concern. 



newtekie1 said:


> If you don't think XP is insecure, then give it a public IP and see what happens.


Well do the same for Win7 which is still in support and the outcome will be very similar.


----------



## 64K (Aug 26, 2019)

I don't think it's a good idea to go online while running XP anymore and the OS is 18 years old. For gods sake let it rest in peace and move on. I'm not sure if Win 7 is safe for going online or not. I've still got a backup rig with Win 7 on it and I go online sometimes but definitely not to any bad neighborhoods.


----------



## newtekie1 (Aug 26, 2019)

lexluthermiester said:


> Not without a proper security in place. However, with a solid firewall and AntiMalware suite I have.



If you need all of that just to keep an idle OS from getting infected, then the OS isn't secure.



Dinnercore said:


> Well do the same for Win7 which is still in support and the outcome will be very similar.



No it won't.


----------



## Dinnercore (Aug 26, 2019)

The only real way to settle this discussion would be a proper scientific experiment.


----------



## lexluthermiester (Aug 26, 2019)

Dinnercore said:


> The context for this question is relevant too, are we talking home use or professional application like a workstation in a big open network or even a public server?


I think in general we're talking about home use.


Dinnercore said:


> For home use I would agree that there is not much concern.


Agreed.


64K said:


> I don't think it's a good idea to go online while running XP anymore


I know many who do.


64K said:


> the OS is 18 years old. For gods sake let it rest in peace and move on.


Some people can't upgrade for various reasons. 

The reality is XP didn't and hasn't fallen apart. Same with Vista. Windows 7 is unlike to either.


----------



## newtekie1 (Aug 26, 2019)

lexluthermiester said:


> I know many who do.



I know plenty of people that smoke, that doesn't make it a good idea.



lexluthermiester said:


> The reality is XP didn't and hasn't fallen apart. Same with Vista. Windows 7 is unlike to either.



It hasn't fallen apart, it's been picked apart.  Every worm knows how to exploit all the security holes that exist in XP.  Over the years since it has stopped receiving security patches, many vulnerabilities have been found and exploited in the wild.


----------



## dorsetknob (Aug 26, 2019)

For Any Build or reinstall of ANY O/S i always install suitable AV solution and Firewall
""BEFORE I LET IT GO ONLINE""

PS i have working laptops with win98 / XP-Pro /Vista / win7 and Win 10 all go online Occasionally
None are affected with malware apart from the Win 10 ( and that is by Microsoft Design )


----------



## 64K (Aug 26, 2019)

lexluthermiester said:


> The reality is XP didn't and hasn't fallen apart.



But when they need to replace hardware can they even find drivers for it?


----------



## Athlonite (Aug 26, 2019)

If your machine is that old it won't allow you to upgrade it to Window 8.1 or 10 then it's probably a better candidate for Linux if you are unable to purchase newer hardware or buy a newer machine then Linux


----------



## dorsetknob (Aug 26, 2019)

64K said:


> But when they need to replace hardware can they even find drivers for it?


I Regularly aquire / buy Old used Hardware.......Drivers are not a problem
finding Drivers for a piece of win 98 era hardware for say the win7 is on occasion Difficult.
The Average jo Pubic cannot  and gives up ....more knowledgeable people can usually find workarounds


----------



## Vario (Aug 26, 2019)

Once EOL is reached in several months, I plan to move my present Win 7 disk's image to a back up drive that will not see internet, and switch to  Win 10 long term service or a tweaked consumer 10 with annoying features removed.

The hassle of running 7 will eventually outweigh the hassle of 10.  I love everything about 7, it is sad to see it end.  I have thought about running 8.1 instead as the EOL is a bit later.
As this machine is predominantly for gaming, 10 will be eventual.


----------



## lexluthermiester (Aug 26, 2019)

64K said:


> But when they need to replace hardware can they even find drivers for it?


Sure, drivers are easy to find presuming older hardware is used.


----------



## Bill_Bright (Aug 26, 2019)

I think this is a silly debate. 

It is a simple fact that XP has unpatched vulnerabilities. It is reasonable to assume W7 does too - or that newly discovered vulnerabilities will be discovered in the future. And it is a simple fact any such vulnerabilities will NOT be patched or fixed by Microsoft.



lexluthermiester said:


> Not without proper security in place. However, with a solid firewall and AntiMalware suite I have.


Therein lies the problem and why suggesting XP is still safe, and that W7 is unlikely to become unsafe is totally flawed logic. And frankly, I think suggesting XP is still safe and W7 will remain safe is reckless - at least in an open and public forum where gullible novices are likely to see it. 

Many security applications no longer support XP. As time goes on, that surely will be the case with W7. Why? Because as time goes by, fewer and fewer users will be using these operating systems. So why should or would any security app company continue to throw resources ($$$$) into research and support for them? There would be zero incentive (read: profits) for them to do so.

So even if a new vulnerability is discovered, neither Microsoft nor the security app developers are developing methods to protect against exploitation. 

What does that mean? It means a zero-day exploit could surface today with no chance any security organization will discover it, and protect against it, before your system is compromised by a bad guy.

Most, if not all the major testing labs no longer test anti-malware programs with XP, and in fact, some already don't test for W7. So how do you know your antimalware truly is protecting you from all the XP malware currently out there? You don't. You may have just been lucky and the bad guys have not found you - yet. Same will soon be true of W7. At least with W10, we know Microsoft and all the security app developers are actively looking for vulnerabilities and the malware designed to exploit them. And if discovered, we know Microsoft and/or the security app developers then address those issues in upcoming updates.

So yes, today, as in this minute, it may still be possible to protect obsolete and superseded operating systems from exploits. But all bets are off for tomorrow. And that's why XP should stay off any network that has Internet access, and the same will soon be true for W7. 

And for sure, home use is a concern. Most home users are not security experts, nor do they have a security expert watching over their networks.


----------



## biffzinker (Aug 26, 2019)

newtekie1 said:


> If you don't think XP is insecure, then give it a public IP and see what happens.


I did that once by mistake after a clean install, and guess what happened? Didn't have enough time to install the updates. This was before XP went out of support. I learned to leave the Ethernet cable unplugged.


----------



## moproblems99 (Aug 26, 2019)

Bill_Bright said:


> I think this is a silly debate.



It is a silly debate because all OS have unpatched vulnerabilities.  The question is how many, and who knows about them.

Plugging any PC into the internet with out some form of decent security posture is akin to hitting the brothels without being wrapped up.  You're gambling with your digital appendage.


----------



## Yukikaze (Aug 26, 2019)

*Update your shit*. Update your drivers, update your micro-code, update your BIOS. Update your software. Update your OS. Update your router firmware. Keep it up to date and stay diligent.

Windows XP is NOT a safe operating system. Windows 7 will NOT be a safe operating system once it is no longer supported. While 0-days are always a possibility for software, they get patched. While unknown vulnerabilities are present in all environments, most attacks occur on well known vulnerabilities that are unpatched by vendors and users, because attackers, aside of small highly resourceful groups, want to have a maximum bang-for-their-buck, and using a proven exploit is easier than discovering one on their own.

Just this year we've seen BlueKeep and DejaBlue on Windows systems, and they got patched. If you end up with a BlueKeep equivalent on an unsupported OS without updates (or because you refuse to update your shit), you are a ticking time bomb: You are both in danger, and a danger to the safety of the internet overall (together with the millions of others who think the same as you, or lack the knowledge to protect themselves).

As for everyone saying: "This never happened to me" - You usually have no idea if it happened to you or not, especially not on something as old as Windows XP. Unless you are part of a small minority of people running (relatively) high-end security at the edge of your home and/or home-business network, you are a lot more vulnerable than you think.


----------



## Bill_Bright (Aug 26, 2019)

moproblems99 said:


> It is a silly debate because all OS have unpatched vulnerabilities. The question is how many, and who knows about them.


That's not why. The reason why is because unsupported operating systems are not supported. So vulnerabilities will go unpatched. Supported operating systems will [eventually] be patched by the OS developer and/or protected by supporting anti-malware programs.


moproblems99 said:


> Plugging any PC into the internet with out some form of decent security posture is akin to hitting the brothels without being wrapped up. You're gambling with your digital appendage.


True - but again, supported operating systems will get "wrapped" - hopefully very soon after the vulnerability is discovered, or new malware is discovered (typically found in honey-pots) but before it spreads out into the wild.


----------



## R-T-B (Aug 26, 2019)

FinneousPJ said:


> I mean windows in general is no paragon of security.



My main router runs Window Server.  It can be, if properly configured.  That said, I'd never pay for it (old Academic License).

It has a firewall, naturally, the built in one.  That's really all it needs if all it runs is a static web server and some internal routing shit.  I've yet to be hijacked, and yes, you've seen my IP on these forums.  I host my bios mods with it... lol.


----------



## moproblems99 (Aug 26, 2019)

R-T-B said:


> My main router runs Window Server.  It can be, if properly configured.  That said, I'd never pay for it (old Academic License).
> 
> It has a firewall, naturally, the built in one.  That's really all it needs if all it runs is a static web server and some internal routing shit.  I've yet to be hijacked, and yes, you've seen my IP on these forums.  I host my bios mods with it... lol.



Is that implicit permission?


----------



## lexluthermiester (Aug 26, 2019)

Due to recent shenanigans in another thread, I'm going to refrain from directly responding to anyone as to avoid the idea of disrespect toward any user as none is intended.

With regards to XP, any competent firewall other than the one it came with(even Tiny Personal Firewall) will be enough to keep the OS safe from the vast majority(99.99%) of attacks, even worms as every firewall I would recommend will drop malformed packets by default. Additionally, almost all ISP's modems have at least some form of basic firewall built into them and have NAT enabled by default. This makes direct attack almost impossible anyway. So if anyone one is crazy enough to use XP to directly connect to the internet without a some form of protection is a fool to themselves and deserves to be attacked. Even then, it's unlikely.

That said, I don't recommend anyone using XP as their daily internet driver. XP should only be used if no other option remains or if a specific need exists. Should such a need exist though, a few simple precautions taken will be enough to protect even the average user.


----------



## delshay (Aug 26, 2019)

WIN 7 will still be supported for another two years, but you have to pay for it & it's not open to all end users.


----------



## Bill_Bright (Aug 26, 2019)

lexluthermiester said:


> That said, I don't recommend anyone using XP as their daily internet driver. XP should only be used if no other option remains or if a specific need exists. Should such a need exist though, a few simple precautions taken will be enough to protect even the average user.


I don't even agree with this. The only specific need that may still exist is with custom software that only runs on XP. And in that case, that software needs to be upgraded or replaced with something not designed for an 18 year old OS. 

I can certainly understand the desire to keep perfectly capable hardware in service. Nobody likes to retire any hardware that is still running. As a hardware guys, I'm on their side on that one. So to that, I say fine. But instead of running XP, install Linux on it. Then you can still use it safely for just about anything you want, except modern gaming. And if that is your goal, the ancient hardware probably is not capable of keeping up anyway.


----------



## lexluthermiester (Aug 26, 2019)

delshay said:


> WIN 7 will still be supported for another two years, but you have to pay for it & it's not open to all end users.


While this is true, such support is unlikely to make it out into the wild.


----------



## Yukikaze (Aug 26, 2019)

Bill_Bright said:


> I can certainly understand the desire to keep perfectly capable hardware in service. Nobody likes to retire any hardware that is still running. As a hardware guys, I'm on their side on that one. So to that, I say fine. But instead of running XP, install Linux on it. Then you can still use it safely for just about anything you want, except modern gaming. And if that is your goal, the ancient hardware probably is not capable of keeping up anyway.



While I am firmly in the Update Your Shit camp (as my earlier post in this thread shows): This is not always true. Laboratory equipment may not be compatible with Linux software, or may not have driver support. There are examples of Microscopes, microscope cameras, various diagnostic equipment is still perfectly usable 20 years after it first launched, but it has no support on anything by WinXP, and replacing this equipment can be exceedingly expensive (we're talking tens of thousands of dollars per a single piece of equipment).

Linux will not be your savior in this case, unfortunately. In this case the only real solution is an air gap, or good security at your gateway/firewall, but knowing these environments, they often lack in the knowledge to implement the latter properly. The good old air gap plus a good stable backup (if you catch something fatal due to the use of USB sticks to transfer data off these systems) still works, however.


----------



## lexluthermiester (Aug 26, 2019)

Bill_Bright said:


> I don't even agree with this. The only specific need that may still exist is with custom software that only runs on XP.


That's fair, but I've actually tested this recently. *When protected properly*, XP is still safe to use even today. Sure it has risks, but not much more than what you might get with Windows 10. Bill, grab a spare machine and try it. I'll walk you through setting it up and you can see for yourself.


----------



## biffzinker (Aug 27, 2019)

delshay said:


> but you have to pay for it & it's not open to all end users.





			
				Neowin said:
			
		

> Details of the promotion were originally discovered by Computerworld (via ZDNet) in Microsoft's support documentation. The document states _that businesses that have an active Windows 10 E5, Microsoft 365 E5, or Microsoft 365 E5 Security subscription as of December 31, 2019 are automatically entitled to an additional year of security updates for Windows 7. _The promotion is valid for any subscription that's active as of that date, and though the promotion technically started on June 1, it doesn't matter when the subscription started.











						Businesses may be able to extend Windows 7 security updates for free for one year
					

As Windows 7 gets increasingly closer to its end-of-support date, Microsoft is running a promotion which lets businesses with E5 subscriptions get an additional year of security updates for free.




					www.neowin.net


----------



## R-T-B (Aug 27, 2019)

moproblems99 said:


> Is that implicit permission?



No.  But I am fairly confident it's footprint is minimal.  Still, intrusion attempts in the logs are not met with kindness.


----------



## Bill_Bright (Aug 27, 2019)

Yukikaze said:


> This is not always true. Laboratory equipment may not be compatible with Linux software, or may not have driver support. There are examples of Microscopes, microscope cameras, various diagnostic equipment is still perfectly usable 20 years after it first launched, but it has no support on anything by WinXP, and replacing this equipment can be exceedingly expensive (we're talking tens of thousands of dollars per a single piece of equipment).


I agree but for one, it is not likely any of those devices are connected to the Internet - and exposure to the Internet and its security concerns is the issue here. And I note it is the hardware makers responsibility to ensure compatible W10 drivers are available, not Microsoft's. But of course, those HW makers have no financial incentive to keep all that legacy hardware compatible. They would much rather these labs and other institutions buy all new hardware. Exactly the same as Dell, HP, Lenovo, Epson, ASUS, Gigabyte, MSI and all the others want us to buy new computers, printers, motherboards and graphics cards too.


lexluthermiester said:


> *When protected properly*, XP is still safe to use even today.


But what about tomorrow? As I said above, that's the problem and key point you keep ignoring or overlooking. A new zero-day exploit could surface tomorrow and because Microsoft is no longer supporting it, and because many security apps no longer support it, that vulnerability may remain exposed forever. Where with W10, we know MS and the security apps will very quickly address it. That's the big difference and that's the reason XP (and Vista, and soon W7) needs to go away - or at least be disconnected from any network that has Internet access.


lexluthermiester said:


> I'll walk you through setting it up and you can see for yourself.


LOL 

No. You don't have to walk me through anything. I know very well how to secure my networks and computers, and those I am responsible for. 

It is not me or my systems I am worried about. It is the systems belonging to the millions and millions of fools, undisciplined, ill-informed, misled, and/or inexperienced XP users out there who put the rest of us at risk that I am worried about - and you should be too, especially as a technical advisor! That's my whole point here. 

It is those systems that are likely to be compromised (unbeknownst to the user)! And it is those systems that are then likely to be used to distribute spam or malware, or drafted into bot armies as zombies in DDoS attacks against company, organization and government networks.

If XP users only put themselves at risk, this really would not be an issue at all (unless they are one my family, a friend, or a client). But *XP users who connect to the Internet put the rest of us risk*, and are threats (if not today, then possibly tomorrow) to the rest of us. That point must NOT be ignored. And IMO, it is up to us, as the experts, to educate and get the word out. Not to ignore it or to minimize the threat with less experienced readers/users.


----------



## eidairaman1 (Aug 27, 2019)

64K said:


> I don't think it's a good idea to go online while running XP anymore and the OS is 18 years old. For gods sake let it rest in peace and move on. I'm not sure if Win 7 is safe for going online or not. I've still got a backup rig with Win 7 on it and I go online sometimes but definitely not to any bad neighborhoods.



Any system can be infected, smart browsing is key, even parental controls enabled on a isp can help


----------



## lexluthermiester (Aug 27, 2019)

Bill_Bright said:


> No. You don't have to walk me through anything. I know very well how to secure my networks and computers, and those I am responsible for.


So you are saying you are unwilling to try it. Ok. If you aren't willing to give it a go, further discussion is moot. At this point we need to, once again, agree to disagree.


Bill_Bright said:


> But *XP users who connect to the Internet put the rest of us risk*


Using this logic, none of us should ever connect to the internet as we're all a potential risk to each other. For that matter none of us should ever leave our home for the risk of car accidents and such. Such is a flawed logic and is not supported by merit. Again *properly configured* Windows XP systems are no more a risk than old versions of MacOS and are harmless.


----------



## Bill_Bright (Aug 27, 2019)

lexluthermiester said:


> So you are saying you are unwilling to try it


Gee whiz. Did you even read what I said? Apparently not. I know I can secure a XP system that's why I certainly don't need you to show me how. It is not about me (or you). We are not "normal" users. It is about less experienced or negligent users and their machines.


lexluthermiester said:


> Using this logic, none of us should ever connect to the internet as we're all a potential risk to each other.


Once again, it is clear you didn't bother to read what was said. The logic is NOT the same. W10 is supported by both the OS maker and all current security program developers. So even if a brand new zero day exploit is discovered, chances are it will be fixed, patched or some how secured BEFORE the bad guys are able to write and distribute code to exploit it. But once again, you bury your head in the sand and refuse to see or acknowledge that fact and clear distinction with XP.


----------



## John Naylor (Aug 27, 2019)

I don't have any XP boxes.  That being said, until I see a documented story saying "I was using Windows XP (or 7 or anything) and  ... " / "I didn't patch Spectre ..." /  "I didn't yad yada yada ... and then this bad thing happened", it's not real.  Until then it's just FUD.... there's more reality in roadside tent churches performing miracles healing the infirm.    Something that has yet to ever happen, is not something I care to worry about.  These lab concept demonstrations which require Ethan Hunt and the Mission Impossible team to gain access to the PC and perform a series of unlikely tasks are not going to be undertaken by your usual hacker.

I used to get at least 2 e-mails a month from an obviously compromised windows 10 box with a cc list 50 names long and containing  a link to an obviously untrustworthy site.   How do I know ?  You mostly get emails from folks you know.   Many of them i built ... those  came with 30 day free trials of a quality 3rd party AV program which the user obviously decided it wasn't worth $6 a year. 

As for putting other users at risk ... if what you are using is so danged impregnable, then what is there to be worried about ?  In December of 2018, Win 10 finally passed Win 7 in installed users ... those two being most prevalent that's what the bad guys are targeting.   With less than 3%, of what value is both the market share but also the quality value of targeting some poor ole soul who hasn't upgraded in a decade.   What critical / valuable  info is on those machines?

Windows 10    41.58%
Windows 7    37.31%
Windows 8.1    4.56%
Mac OS X 10.14    3.97%
Mac OS X 10.13    3.10%
*Windows XP    2.99%*
Linux    1.55%
Mac OS X 10.12    1.17%
Windows 8    0.83%
Mac OS X 10.11    0.75%

The logic that an XP user could be infected and the only reason YOU got infected was because of them is faux logic.  If they got infected, it's out there; if you are practicing safe habits, and have adequate protection there should be no reason to worry.

This was being said when Win 10 first came out in July / August 2015 and the same folks were saying the built in AV was just fine....

In August 2015 Windows Defender scored a 3 / 6 on protection.... letting thru 12.8% of  *"*0-day malware attacks, inclusive of web and e-mail threats" in August of 2015 and 442 instances "widespread and prevalent malware discovered in the last 4  weeks" in July .... That was real.         Now today, with Defender finally approaching a consistent level or reliable performance, we can reasonably expect this will continue to diminish over time.  Certainly the number of boxes coming in to be 'cleaned of viruses" is diminishing.

This subject reminds me of the day I was taking the kids to Chucky Cheese for a B'day party and we passed a van with flags and lettering claiming the end was near and we only had 13 days to repent.... on the way back we saw the same van parked on the service road in front of a house with sheets on the roof with similar messages.  Two weeks later, the kids came in and said "Hey dad, can we go back to that house ... I wanna see what the signs say now".  So we did, and there were new signs with a new date.  Every time we went past, it became a ritual to 'see what the new bed sheets said" ... this went on for about 12 years  till I guess they moved out.

Started building Windows PCs in early 90s.   In 25+ years, we have never performed an OS upgrade on a PC.  Simple reason was "downgrade" was the more appropriate term.   An OS upgrade required more OS resources cutting application performance.  New boxes received the current NT based OS at the time and later the Pro versions.   Each generation we always tested the new and old on same hardware and the older OS was always faster ....  ME, Vista and Win 8 we never put any boxes using those OS's into active usage.   Win 10 was close to Win 7 ... 10 did better in some things, 7 in others.  Win95 was 40% slower than W4WGs and NT4.

Finally ya just have to wonder how much of this FUD comes from MS themselves ?  As always, have to ask "who benefits ? "


----------



## Vayra86 (Aug 27, 2019)

Bill_Bright said:


> I think this is a silly debate.
> 
> It is a simple fact that XP has unpatched vulnerabilities. It is reasonable to assume W7 does too - or that newly discovered vulnerabilities will be discovered in the future.



I would like to stretch your reply a bit further if I may, playing devils advocate. Isn't the above _also_ true for W10? The only saving grace you have is that its supported and might be fixed. Might be - because its not like everything happens tomorrow.

Not a comforting thought, but a reality nonetheless. The illusion here is that of a perfect security, I think. We've seen recently that even our CPUs having unpatched vulnerabilities. Been running that for decades. You say zero day and 'it will be fixed' as if those things always happen in perfect harmony and order, but they really do not. Many applications harbor zero days on purpose for a while to _get exploited. _There is a whole economy going dealing in just that.

Which brings me to my personal stance on security.

Security is about _mitigation._ Not about a perfect airtight defense. Not using XP, does that truly mitigate things? For this, you would have to know what criminals would be targeting more, and I would dare say that today, a far more appealing target is W10; simply by market share. Then again, not all threats are OS specific. But say you need money. What would be a more appealing target, a W10 user with likely a newer rig (=money to buy one) or a dusty old sock using XP?

The question remains how much _more_ you really mitigate by using W10 over, say, XP or Win7 after 2020, especially when you've done the bare necessities to secure an online rig.

This is not the same question btw as "Should you use XP". That is more than a security question, I think.



John Naylor said:


> I don't have any XP boxes.  That being said, until I see a documented story saying "I was using Windows XP (or 7 or anything) and  ... " / "I didn't patch Spectre ..." /  "I didn't yad yada yada ... and then this bad thing happened", it's not real.  Until then it's just FUD.... there's more reality in roadside tent churches performing miracles healing the infirm.    Something that has yet to ever happen, is not something I care to worry about.  These lab concept demonstrations which require Ethan Hunt and the Mission Impossible team to gain access to the PC and perform a series of unlikely tasks are not going to be undertaken by your usual hacker.
> 
> I used to get at least 2 e-mails a month from an obviously compromised windows 10 box with a cc list 50 names long and containing  a link to an obviously untrustworthy site.   How do I know ?  You mostly get emails from folks you know.   Many of them i built ... those  came with 30 day free trials of a quality 3rd party AV program which the user obviously decided it wasn't worth $6 a year.
> 
> ...



You're right it won't be an individual hacker, but what you will see is actual applications being built and sold as 'ready to deploy' for large scale attacks. For example the Ransomware packages. This rabbit hole goes pretty deep. The question really is how much have you got to lose and how much mitigation would you like to use. But to think its not real until it happened... that is a recipe for always being caught by surprise. I mean even Spectre, all you need is place a bit of code on a system to get to work collecting data. That is not unheard of, especially when its combined with an unpatched system.

Mitigation = layers of security. Its always good to have as many layers 'intact' as possible, so that also sort of answers the XP question: the OS is one of those layers you can get better versions of that are not quite as leaky. And in the very same way, its good to have those mitigations for Spectre installed, unlikely as a breach may be.


----------



## TheoneandonlyMrK (Aug 27, 2019)

Vayra86 said:


> I would like to stretch your reply a bit further if I may, playing devils advocate. Isn't the above _also_ true for W10? The only saving grace you have is that its supported and might be fixed. Might be - because its not like everything happens tomorrow.
> 
> Not a comforting thought, but a reality nonetheless. The illusion here is that of a perfect security, I think. We've seen recently that even our CPUs having unpatched vulnerabilities. Been running that for decades. You say zero day and 'it will be fixed' as if those things always happen in perfect harmony and order, but they really do not. Many applications harbor zero days on purpose for a while to _get exploited. _There is a whole economy going dealing in just that.
> 
> ...


Im of the present opinion security is an illusion created by marketing and management to keep turning a dime.
While others earn by the direct compromise of this illusion of security.

In life I see too many people willing to let stuff slip for a deadline or target or to have mearly an easier life. 
I can't stand that mentality personally im apparently observations man though (blue a sickly colour to a man U fan) but i definitely envision half assed shit going on everywhere.
Not good for security.


----------



## Vayra86 (Aug 27, 2019)

theoneandonlymrk said:


> Im of the present opinion security is an illusion created by marketing and management to keep turning a dime.
> While others earn by the direct compromise of this illusion of security.
> 
> In life I see too many people willing to let stuff slip for a deadline or target or to have mearly an easier life.
> ...



Haha, well we all know that most of the security problems involve PEBCAK. Which also brings us to keeping XP over a more secure OS when the option is there 

Still I like how some believe it to be a capital sin, I think that's a bit much, especially if you're conscious about your usage. The question remains how an individual would know he knows enough though


----------



## TheoneandonlyMrK (Aug 27, 2019)

Vayra86 said:


> Haha, well we all know that most of the security problems involve PEBCAK. Which also brings us to keeping XP over a more secure OS when the option is there


Maybe, but someone hire's and pay's said people.

In The old days someone , normally The Boss, walked round , checked what people were doing and gave them shtick if it wasn't their job.
In this modern era of f@@# experience we want the most enthusiastic and pre desposed to nod person as Boss and underling they typically do not do this.

So the quality of output slip's.


----------



## eidairaman1 (Aug 27, 2019)

Software is vulnerable no matter what so might as well cut the ethernet cord or break your wifi adapters, modems, phones


----------



## moproblems99 (Aug 27, 2019)

eidairaman1 said:


> Software is vulnerable no matter what so might as well cut the ethernet cord or break your wifi adapters, modems, phones



The difference is whether you need to be state funded or a script kiddie to exploit the flaws.

Simply saying cut the cord because everything is vulnerable is the same as saying don't use any protection because everything is vulnerable.

All of this still falls into the common sense realm.  If you do dumb things, you are going to pay for them.  If you take decent precautions, you are likely going to be ok.

Security 101.


----------



## TheoneandonlyMrK (Aug 27, 2019)

eidairaman1 said:


> Software is vulnerable no matter what so might as well cut the ethernet cord or break your wifi adapters, modems, phones


Absolutely if security is everything, I still use most gadgets etc though bro, because at the end of the day we mere people have processing needs, so we have to risk it.
You should do all that's reasonable, especially backup's and clever password systems or tricks, latest software is a minimum for me these days yet in the past this didn't concern me much.

And just crack on , I would only use Xp in a virtual or isolated condition personally though.


----------



## eidairaman1 (Aug 27, 2019)

moproblems99 said:


> The difference is whether you need to be state funded or a script kiddie to exploit the flaws.
> 
> Simply saying cut the cord because everything is vulnerable is the same as saying don't use any protection because everything is vulnerable.
> 
> ...





theoneandonlymrk said:


> Absolutely if security is everything, I still use most gadgets etc though bro, because at the end of the day we mere people have processing needs, so we have to risk it.
> You should do all that's reasonable, especially backup's and clever password systems or tricks, latest software is a minimum for me these days yet in the past this didn't concern me much.
> 
> And just crack on , I would only use Xp in a virtual or isolated condition personally though.




I was being sarcastic with my statement.

To be frank I am tired of Microsoft's bullcrap, forced updates that break the operating system and also change the GUI in 2015-now, from what it was in 95 all the way to Windows 7 was perfect, it made no sense to change it 4 years ago.

I'd only run XP stripped out of all Telemetry and hardened on a Athlon XP system unless if I can find a nf2 gart driver for Windows 7 32.

I believe at this point I see a hybrid Linux operating system being my next move. I refuse to run Windows 10, my school notebook has it and it sucks.


----------



## R-T-B (Aug 27, 2019)

eidairaman1 said:


> Software is vulnerable no matter what so might as well cut the ethernet cord or break your wifi adapters, modems, phones



Really bad philosophy here.  Just because exploits are unavoidable does not make ignorning them desirable.


----------



## Grog6 (Aug 27, 2019)

I just put all the old computers on a separate network, and have one PC with two ethernet ports, one for each network, for loading files or drivers to the other computers.

I have Win95 computers running still.

As long as you don't bridge the ports, they're not exposed to the internet.

Also, I run NoScript and UBlock, along with ESET AV, so malware has a rough time getting started.


----------



## lexluthermiester (Aug 28, 2019)

John Naylor said:


> Finally ya just have to wonder how much of this FUD comes from MS themselves ?


A fair amount of it. Little more than fear-mongering.


Vayra86 said:


> would like to stretch your reply a bit further if I may, playing devils advocate. Isn't the above _also_ true for W10? The only saving grace you have is that its supported and might be fixed. Might be - because its not like everything happens tomorrow.
> 
> Not a comforting thought, but a reality nonetheless. The illusion here is that of a perfect security, I think. We've seen recently that even our CPUs having unpatched vulnerabilities. Been running that for decades. You say zero day and 'it will be fixed' as if those things always happen in perfect harmony and order, but they really do not. Many applications harbor zero days on purpose for a while to _get exploited. _There is a whole economy going dealing in just that.
> 
> ...


That was very well stated. Can not disagree on any one point.


R-T-B said:


> Really bad philosophy here.  Just because exploits are unavoidable does not make ignoring them desirable.


Again, what are we all going to do, not get on the internet? And never was it suggested that they be ignored. I suggested that they be preempted by properly configuring the OS and using a good firewall and antimalware. There are plenty of them out there that still work very well. Hell, such is what I regularly research for Windows 10. It is an ongoing process.


----------



## moproblems99 (Aug 28, 2019)

lexluthermiester said:


> Again, what are we all going to do, not get on the internet? And never was it suggested that they be ignored. I suggested that they be preempted by properly configuring the OS and using a good firewall and antimalware. There are plenty of them out there that still work very well. Hell, such advice I what I regularly research for Windows 10. It is an ongoing process.



Clearly you were not who he was quoting, right?


----------



## lexluthermiester (Aug 28, 2019)

moproblems99 said:


> Clearly you were not who he was quoting, right?


 Clearly you understand how forum discussions work... (Hint, you don't have to be the one quoted to respond to a comment. That's why it's called a "forum". It is a venue of public discussion.)


----------



## Bill_Bright (Aug 28, 2019)

John Naylor said:


> I don't have any XP boxes. That being said, until I see a documented story saying "I was using Windows XP (or 7 or anything) and ... " / "I didn't patch Spectre ..." / "I didn't yad yada yada ... and then this bad thing happened", it's not real. Until then it's just FUD


 So are you really suggesting anyone who's system becomes compromised will automatically know their system has been compromised? Does that really make sense to you? Is all malware so poorly written that once installed, it will immediately result in "bad things happening" to that machine such that every infected user will immediately know they are infected? 

Sorry, but that is more nonsense. There is a lot of malware that is designed to be very stealthy and NOT disrupt operations of the compromised system. Some are designed, for example, to send out small, undetectable bursts of 10 or 12 small spam messages, or "socially engineered" malware laded messages to other users. Or the malware may make a couple dozen quick log-in attempts on a targeted site as part of a DDoS attack, go dormant for awhile then send a dozen more. Tasks that last just a few seconds. Malware that does NOT corrupt the infected system. There is a lot of malware designed to sit dormant and undetected until triggered by some event months or even years down the road.

And it is not whether the user applies available patches or not. Its the fact MS is no longer developing patches for XP to apply! That's not FUD, that's fact! 

It is the fact "white-hat" security firms are actively working for and with Microsoft, or independently to seek out and report vulnerabilities in W10 before the bad guys can find them. That's not FUD. That's fact.

Popular anti-malware programs may still send out signature/definition updates, but many no longer provide program updates or even bug fixes and other support for XP. AVG is a perfect case in point. And of course, Avast (as the parent company to AVG), has the same policy.

McAfee provides "_only 'best effort' support on XP_" and the "_current McAfee Windows security products do not support Windows XP._" 
Kaspersky system requirements - no mention of XP or Vista.

Again, not FUD, but fact.



Vayra86 said:


> I would like to stretch your reply a bit further if I may, playing devils advocate. Isn't the above _also_ true for W10? The only saving grace you have is that its supported and might be fixed. Might be - because its not like everything happens tomorrow.


Only? And might be? The fact it is still supported (by both MS and the anti-malware industry) is the critical difference. You can't marginalize this by suggesting that fact is insignificant or nearly insignificant. 

The facts you and Lex keep ignoring is that any newly discovered vulnerability in W10 will be addressed. Microsoft will either correct the bug, patch the flaw and/or the anti-malware industry will protect the vulnerability from exploitation. That is a HUGE distinction between the supported Windows 10 and the unsupported XP.  

I don't doubt that any of the regulars on this site are capable of securing XP for their own protection. As I said above, that is not my worry. My worry is the message, we as advisers, send to the other 99% of the users out there when we suggest the security threat with XP Is just FUD. Its not FUD, its fact. And the fact remains, infected XP systems are not likely to be patched, thus they will become and remain threats to the rest of us, and targeted organizations. 

Do you really think it wise of you (speaking to those condoning and even promoting the continued use of XP) to dismiss these facts when giving advise to your friends and family workers who don't have your levels of expertise or discipline and whose computers are not under your direct control? Do you really think it wise to give such advice in forums like this where you don't truly know the level of expertise of all the posters and potential readers?

Not only do I think it unwise, I say it is irresponsible. XP holdouts need to be told to upgrade, or switch to Linux. Simple as that. It is not like they didn't have plenty of advanced notice. 

Retiring superseded and obsolete protects - especially consumer electronics - before it dies is just a fact of life. We did it with 8-Tracks, cassettes, CRT TVs and monitors, analog TVs, wireless phones and cell phone and more.  The difference here is keeping old 8-Track players and CRT monitors in use did not present a security threat to us or others.


----------



## lexluthermiester (Aug 28, 2019)

Bill_Bright said:


> XP holdouts need to be told to upgrade, or switch to Linux.


That isn't always possible and/or desired. And the only people who get to make that choice are the owners of the systems running old software. It's not mine, yours or anyone else's place to tell people what to do with their own property. It is only our place to advise them of risks and help them mitigate those risks, nothing more.


Bill_Bright said:


> The difference here is keeping old 8-Track players and CRT monitors in use did not present a security threat to us or others.


Neither does the use of old OS's. You are making a mountain out of a mole-hill again. We all know where you stand on this matter. Let it go Bill.


----------



## Bill_Bright (Aug 28, 2019)

lexluthermiester said:


> That isn't always possible and/or desired.


What's desired is irrelevant. I don't desire spending money on insurance but I do it. I don't desire having to deadbolt my doors at night, but I do it even though I have never been broken into. I don't like wearing seatbelts either, but I do it. And that is not just for my own safety. It is proven when in an accident, belted in drivers maintain or regain control better and faster, thus saving other lives.


lexluthermiester said:


> And the only people who get to make that choice are the owners of the systems running old software. It's not mine, yours or anyone else's place to tell people what to do with their own property. It is only our place to advise them of risks and help them mitigate those risks, nothing more.


Wrong. Yes, the owners get to make the choice but as advisors, it our place to tell them what to do when their negligence may affect others. 

Of course another flaw in your logic is you assume (1) all XP users are fully competent at securing their computers and (2) that they are the only users of their computers. 

***

Its funny when one person in a debate who keeps pushing their agenda tries to place blame on the other for keeping the debate going by saying "let it go". It takes two to tango, lex.


lexluthermiester said:


> Neither does the use of old OS's.


Yeah right.


----------



## moproblems99 (Aug 28, 2019)

Bill_Bright said:


> Wrong. Yes, the owners get to make the choice but as advisors, it our place to tell them what to do when their negligence may affect others.
> 
> Of course another flaw in your logic is you assume (1) all XP users are fully competent at securing their computers and (2) that they are the only users of their computers.



I think you'll find that most using XP are doing so because they have legacy hard/software that rely it on upgrading simply isn't an option and understand what they are dealing with.

The users that don't understand likely don't have any pcs still alive from the xp era because they buy cheap run of the mill garbage that doesn't last.  As always, there will be exceptions.

There are plenty of things to worry about when it comes to the sec world and other users xp boxes is just not high enough to make the list of things I need to worry about.


----------



## Bill_Bright (Aug 28, 2019)

moproblems99 said:


> I think you'll find that most using XP are doing so because they have legacy hard/software that rely it on upgrading simply isn't an option and understand what they are dealing with.


I disagree. While true that is a large percentage, I believe most hang-outs don't want to spend the money or take the time to learn something totally new when the current hardware is still chugging along and refuses to die. And I can certainly understand that. Humans are creatures of habit. We generally don't like change. 

And for the record, there are still many "run of the mill" old Compaqs, Dells, Gateways and custom builts still running that refuse to die. While it was not "run of the mill" I finally retired my last XP box two year ago. But it was still running fine - slow compared to current stuff, but fine just the same. 

But for the previous 4 or 5 years, I had it stuffed with hard drives and was using it as my NAS. But it was isolated from the Internet in my router. Repurposing it this way kept it out of the recycling center for as long as possible.



moproblems99 said:


> There are plenty of things to worry about when it comes to the sec world and other users xp boxes is just not high enough to make the list of things I need to worry about.


But this is ignoring and/or missing the point I've been making all along.  I don't worry about my systems getting infected either. I know how to keep my systems secure and I am very disciplined and adept when it comes to spotting suspicious emails and sites, and at avoiding being "click-happy" on unsolicited emails, links, downloads, attachments and popups. 

I worry about those who are not so experienced or disciplined - to include invincible ("it can never happen to me") teens and the elderly. I worry about schools, financial institutions and other organizations that are frequently targeted by compromised systems with socially engineered malware and DDoS attacks. I worry about those less experienced, less disciplined and less skilled who come to sites like TPU seeking help who see regulars blowing-off the threat as if it is nothing, thinking they can safely keep using XP too and they and their families are safe from the bad guys.

The universe is much bigger than just ourselves. And I am saddened that so many here don't see or care about that fact.


----------



## moproblems99 (Aug 28, 2019)

Bill_Bright said:


> But this is ignoring and/or missing the point I've been making all along. I don't worry about my systems getting infected either. I know how to keep my systems secure and I am very disciplined and adept when it comes to spotting suspicious emails and sites, and at avoiding being "click-happy" on unsolicited emails, links, downloads, attachments and popups.
> 
> I worry about those who are not so experienced or disciplined - to include invincible ("it can never happen to me") teens and the elderly. I worry about schools, financial institutions and other organizations that are frequently targeted by compromised systems with socially engineered malware and DDoS attacks. I worry about those less experienced, less disciplined and less skilled who come to sites like TPU seeking help who see regulars blowing-off the threat as if it is nothing, thinking they can safely keep using XP too and they and their families are safe from the bad guys.
> 
> The universe is much bigger than just ourselves. And I am saddened that so many here don't see or care about that fact.




You'll see in your quote that I said others' xp boxes.  As it pertains to how it impacts me, I don't worry.

I also understand the universe is bigger than just myself. I also know that I can't worry about everyone else's problems.

Guess where XP boxes stand?  Way down the list.  Far behind things like people veteran's mental and physical well being, functional disabled people (mental or physical) that want a job that don't have, people that can't afford medical bills....or food.

XP boxes are a very small piece of the pie compared to the bigger fish such as companies that write trash applications and store pii in plain text.  Those put more people in jeopardy regardless of your own personal posture.


----------



## R-T-B (Aug 28, 2019)

lexluthermiester said:


> Again, what are we all going to do, not get on the internet?



No, but I was responding to a very different comment than yours.

The point is there is a medium between the "love it or leave it" rhetoric.


----------



## Bill_Bright (Aug 28, 2019)

moproblems99 said:


> and store pii in plain text.


I'm 100% with you on this. Setting aside the [IMO] criminally negligent fact IT and IT/Security management failed to apply the _supplied_ patch that was specifically designed to prevent the exploitation of the vulnerability, one thing that made the massive Equifax breach so unforgivable is the fact all our personal information, including social security numbers, driver's license numbers, credit account numbers, etc. were all stored in the clear - not encrypted. 

Now the company is facing historic fines but is any one being held accountable? Nope. 


moproblems99 said:


> XP boxes are a very small piece of the pie


True XP only holds 3% (depending on who you talk to) of the global market share. But with over 1.5 billion windows systems out there, 3% still represents 45 million computers. So while just a sliver of that pie, not sure I would call that a "very small" piece.


----------



## moproblems99 (Aug 28, 2019)

Bill_Bright said:


> not sure I would call that a "very small" piece.



The bulk of cyber crimes are crimes of opportunity.  3% is small.  They are going to target attacks that are going to net them bang for the buck.  3% is not bang for the buck.  Especially when the bulk of that 3% are systems in China.


----------



## Bill_Bright (Aug 29, 2019)

moproblems99 said:


> The bulk of cyber crimes are crimes of opportunity.


I've said many times most badguys are lazy opportunists. Most go for the easy pickings. But that's not true for all bad guys - especially the organized bad guys, including state sponsored bad guys.



> 3% is small.


Again, this misses the point. Why do spammers send out send out millions and millions of spam messages every day? Why do scammers, robocallers and telemarketer call Billions (with a "B"!) of numbers every month? Over 150 million robocalls per day! Because if just one person clicks a link or provides their account number, they succeeded in their quest.

Yes, 3% is a small percentage. But again, that amounts to at least 45 million systems. What if just 1/10th of 1% of those 45 million get compromised? You don't think 45,000 computers banging on California's power grid at the same time would cause some major disruptions and damage to California's economy? Good thing the last was not very sophisticated.


moproblems99 said:


> Especially when the bulk of that 3% are systems in China.


Says what? Got a link? 

And so what? What difference does it make where the infected computers are located? It seems you either just don't understand the threat, or you just refuse to accept the facts. 

It is not about the XP machines getting infected. It is about them being compromised then used as tools and weapons against the rest of us.

I recommend you do some homework before blowing these threats off. Spam and malware can be distributed from anywhere. And where do you suppose a major source of DDoS attacks come from? It's China as seen by this Digital Attack Map. What country distributes the most spam? China. Sadly, the US is second with Russia coming in third.

Do all these automatically point to XP? Of course not. But it is a fact that XP is inherently less secure than later versions of Windows and of course, we already know when new vulnerabilities are discovered, they will not be fixed by Microsoft, and may not be patched or secured by the anti-malware industry. 

These are just facts, and as noted by the last line in my signature, we are not entitled to our own facts.


----------



## moproblems99 (Aug 30, 2019)

Bill_Bright said:


> It is not about the XP machines getting infected. It is about them being compromised then used as tools and weapons against the rest of us.
> 
> I recommend you do some homework before blowing these threats off. Spam and malware can be distributed from anywhere. And where do you suppose a major source of DDoS attacks come from? It's China as seen by this Digital Attack Map. What country distributes the most spam? China. Sadly, the US is second with Russia coming in third.



I suggest you do a quick read about what makes up the vast majority of botnets.  Hint: It isn't XP boxes.

When you are doing code reviews and remediation for financial institutions (and some tech companies), you would understand why XP boxes don't rank high on the list.

Edit: https://www.google.com/amp/s/www.te...million-machines-in-china-still-using-it/amp/

So according to that article, China had 77% of XP users.  I have no reason to believe it changed.



Bill_Bright said:


> These are just facts, and as noted by the last line in my signature, we are not entitled to our own facts.



I'm on mobile.  Can't see your sig.


----------



## eidairaman1 (Aug 30, 2019)

moproblems99 said:


> I suggest you do a quick read about what makes up the vast majority of botnets.  Hint: It isn't XP boxes.
> 
> When you are doing code reviews and remediation for financial institutions (and some tech companies), you would understand why XP boxes don't rank high on the list.
> 
> ...



Enable phone rotation


----------



## lexluthermiester (Aug 30, 2019)

Bill_Bright said:


> It is not about the XP machines getting infected. It is about them being compromised then used as tools and weapons against the rest of us.


This can happen to ANY Windows machine. XP is not in use on a large enough number of machines to make it a viable or attractive target.



moproblems99 said:


> So according to that article, China had 77% of XP users. I have no reason to believe it changed.


That article is 5 years old. It's changed.


----------



## moproblems99 (Aug 30, 2019)

lexluthermiester said:


> That article is 5 years old. It's changed.



Do tell.  Do they have more or less?


----------



## lexluthermiester (Aug 30, 2019)

moproblems99 said:


> Do tell.  Do they have more or less?


You tell us..








						Desktop Windows Version Market Share Worldwide | Statcounter Global Stats
					

This graph shows the market share of desktop windows versions worldwide based on over 5 billion monthly page views.




					gs.statcounter.com
				











						Desktop Windows Version Market Share China | Statcounter Global Stats
					

This graph shows the market share of desktop windows versions in China based on over 5 billion monthly page views.




					gs.statcounter.com
				



And for the sake of argument, your earlier estimate of 77% wasn't even close...








						Desktop Windows Version Market Share China | Statcounter Global Stats
					

This graph shows the market share of desktop windows versions in China based on over 5 billion monthly page views.




					gs.statcounter.com


----------



## Bill_Bright (Aug 30, 2019)

moproblems99 said:


> I suggest you do a quick read about what makes up the vast majority of botnets. Hint: It isn't XP boxes.


Ah! So it only matters to you if 51% or more are involved. Got it.   And for the record, I do my homework before posting.


lexluthermiester said:


> XP is not in use on a large enough number of machines to make it a viable or attractive target.


Right. Because 45 million (or even 15 million) is too small of a target. 

And I say again, it does not matter in what country the computer is located so discussing that is pointless. An XP machine can be target or used for malicious purposes, regardless if located in China, Russia, Ukraine, N. Korea, Iran, or the US.


----------



## moproblems99 (Aug 30, 2019)

Bill_Bright said:


> Ah! So it only matters to you if 51% or more are involved. Got it.



Sorry if that's what you got of your research.  And no, I don't consider 51% a fast majority.



lexluthermiester said:


> And for the sake of argument, your earlier estimate of 77% wasn't even close.



So where in your links does it show China's global percentage of XP builds?

All that says is that less than 2% are XP.  That has nothing to do with how much of the world's XP machines live in China.


----------



## lexluthermiester (Aug 30, 2019)

moproblems99 said:


> So where in your links does it show China's global percentage of XP builds?
> 
> All that says is that less than 2% are XP.  That has nothing to do with how much of the world's XP machines live in China.


Did you actually look at the links(plural) provided? The math isn't difficult there. You either didn't look or failed to do the math. Either way, the problem is with you. Any further meritless drivel will be considered trolling and shall be reported.


----------



## moproblems99 (Aug 30, 2019)

lexluthermiester said:


> Did you actually look at the links(plural) provided? The math isn't difficult there. You either didn't look or failed to do the math. Either way, the problem is with you. Any further meritless drivel will be considered trolling and shall be reported.



Obviously I had to look at it somewhat to get the number eh?

Perhaps it didn't render correctly because I am on a phone because my office is torn down as I am moving.  Perhaps I can't see it all the at the same time because I have a 5" screen.

Maybe you could post the math to demonstrate your superiority.


----------



## lexluthermiester (Aug 31, 2019)

Bill_Bright said:


> An XP machine can be target or used for malicious purposes


Again, so can any other Windows machine. It's a numbers game and XP doesn't have the numbers(in percentage) to be an effective target. Heck, Windows 8/8.1 would be more of a viable target and arguably easier to hack.


----------



## Bill_Bright (Aug 31, 2019)

lexluthermiester said:


> Again, so can any other Windows machine.


And again, with W10, a fix or patch will soon follow (and often even released BEFORE the malware goes widespread). Not so with XP - the paramount point you keep choosing to ignore. 

So I will continue to stress users upgrade, disconnect for any Internet access, or switch to Linux - if not for their own good, but for their fellow netizens. 

Since you, ironically and hypocritically keep failing to follow your own advice and won't "let it go", I will. 

I'm out of here.


----------



## lexluthermiester (Aug 31, 2019)

Bill_Bright said:


> Not so with XP - the paramount point you keep choosing to ignore.


Not so much ignoring it as I've already addressed that problem from two angles. You either didn't see them, ignored those points or chose to disregard them. Regardless, the problem of context here is with you.


Bill_Bright said:


> Since you, ironically and hypocritically keep failing to follow your own advice and won't "let it go", I will.
> 
> I'm out of here.


I changed my mind. Big deal. But hey, you're always welcome to return.


----------

