

Windows XP gains in January but so does Windows 8.1 - tbrock
http://m.cnet.com/news/oops-windows-xp-gains-in-january-but-so-does-windows-81/57618211

======
neonscribe
So almost one-third of Windows machines are about to be unsupported. That
sounds scary, but what percentage of those XP systems are anywhere near
current with updates anyway?

~~~
cvbu
Windows XP updates are not very important.

Just use a firewall, and antivirus, and don't use IE, and disable autorun.
Then out-of-box XP SP3 runs just fine and is secure.

I always turn off autoupdates because:

1\. Update-on-shutdown sometimes hangs and corrupts system.

2\. They interfere with Anti-WPA. (remotely disabling Windows)

Updates might matter at multi-user installations or when there is no firewall.

~~~
laumars
That's terrible advice in my opinion.

Non-IE browsers still have vulnerabilities. And that's without taking exploits
in third party plugins into account (Flash and Java being two popular vectors
for attack)

Most antivirus solutions are notoriously bad at new threats and while
firewalls might highlight malware trying to phone home, by that point you're
already infected.

Security is only as strong as your weakest link and thus OS security updates
are as vital as updates on any other part of the software stack.

And don't think common sense will save you as ad banners are sometimes known
to be boobytrapped; legitimate sites get hacked to serve malware too.

------
CWIZO
Does anyone know what banks, governments etc will do once XP doesn't have
support anymore?

I had a discussion with a coworker a couple of times now, and he said a big
company can always just pay Microsoft money to support them onwards. Any truth
in this?

~~~
csmithuk
Yes. Not much.

Dangerous ports are already turned off with group policy (USB, removable media
etc), BIOSes are locked down, hardware is still available that will support
XP, the networks aren't directly connected to the Internet so they will either
be airgapped or have massive edge content filters and firewalls. There aren't
many infection vectors for nasties. In fact most of the machines probably
don't even have latest updates on them already. Possible not even SP2.

Microsoft probably won't be paid other than through their select agreements
which allow XP use indefinitely. 3rd party consultants will swarm to help any
issues for a fee which is still cheaper than upgrading.

The world will still spin and lots of "meh" will be chanted as Windows 7 boxes
slowly trickle into production with an old ancient IE9 build on them as and
when they feel like it...

This really isn't a big issue for companies and governments despite technology
news panic stations and sensationalism.

To be fair, I consider that I'll be using Windows 7 until possibly after EOL
as it does what I need. I'm sitting on a second hand 2008 circa Lenovo T400
and have a spare one in the cupboard. It'll do me fine until 2020 - progress
hasn't exactly been rapid in IT in the 6 years.

~~~
keithpeter
_" I'm sitting on a second hand 2008 circa Lenovo T400 and have a spare one in
the cupboard. I'm sitting on a second hand 2008 circa Lenovo T400 and have a
spare one in the cupboard."_

Do you boot up the spare one now and again or have you simply removed the
battery and bagged it? Just interested as I'm considering a similar move with
X series Thinkpads.

~~~
csmithuk
It gets booted up every 3 months or so to apply windows updates so it's ready
to roll if this one fails. If it does, I'll repair this one as they're pretty
easy to fix even with massive failures. I've got another T61 running FreeBSD
which gets used regularly as well.

The battery _is_ removed and placed in a box. It's a second hand 9-cell
battery with 12 recharge cycles (Paid £20 for it!) so it's been charged to 80%
and will be maintained at that where possible. I've investigated rebuilding
the packs as well in the future and it's not impossibly difficult.

I'd definitely go for it. There is a vacuum of quality hardware now. Even the
latest Lenovo T/X series are cruddy machines.

I'll go back to desktops if the situation doesn't improve by 2020.

~~~
keithpeter
_" I'll go back to desktops if the situation doesn't improve by 2020."_

I hope to be using a dockable phone then with a mechanical switch keyboard and
a monitor the size of a window... we shall see. Thanks.

~~~
csmithuk
If that happens, I'm in :)

------
dmfdmf
I have a lot of clients still running XP. I have warned them that once MS
stops the updates, the bad guys can examine updates for Vista or Win7 and see
if the security hole exists in XP. I am guessing that with an April cutoff XP
will be unusable as an internet connected device by October.

~~~
copx
I know very little about this type of security, how can one remotely hack into
a computer just because it is connected to the internet and has some known
vulnerability?

I mean as far as I know my computer does not execute arbitrary code someone
sends it through the internet without asking. So how do you exploit those
vulnerabilities?

I understand how you can exploit a vulnerability in a browser, those things
actually execute whatever code happens to be on the pages you visit, they load
images etc. by default. But just Windows XP with an open internet
connection... how does code execution happen there?

~~~
mitchty
Imagine a problem in tcp packet handling that happens due to a problem parsing
a tcp packet and further on up the chain the affected service has a buffer
overflow in how it reads the data contained in the tcp packet(s) allowing you
to inject arbitrary code into that service, lets say the service is RDP or
whatever.

Then just by having a system being online and able to accept malicious packets
to this service, you can with say shodan scan for that vulnerable port across
the entire internet, see if the ip is running xp via tcp fingerprinting, then
send your malformed packets to the system and add your shiny new xp machine to
your botnet for whatever nefarious purposes you need. Also probably patching
the hole you used to get in so that nobody else can use it for their purposes.

Now this is highly high level and remote vulnerabilities like these are much
rarer than browser vulnerabilities, but from what I've heard there are a
number of these vulnerabilities floating around just waiting for microsoft to
abandon support for xp. Once that happens we might see more xp botnet nodes
showing up and causing havoc.

~~~
copx
I see, thank you for the explanation.

------
laumars
Does anyone know how these figures are collated as Windows sales might include
PCs running Linux, some people build machines and then pirate Windows and web
site statistics are open to a whole slew of problems from selection bias
through to easy OS spoofing.

I've not heard of an accurate way to produce these statistics yet cnet are
displaying floating points as their percentages and publishing them as fact.
So I'd hope they have a reasonably accurate method of collation which I'm
unaware of.

~~~
frobozz
The netmarketshare link in the article states

> This report lists the market share of the top operating systems in use for
> browsing (not servers). This data is derived by aggregating the traffic
> across our network of websites that use our service.

Which isn't all that helpful, as it doesn't say what the network of websites
consists of.

I would imagine that, with the approaching death of XP, many organisations
still stuck on XP are shifting from desktop apps to browser-based apps
wherever possible, in order to smooth the transition. This would lead to a
rise in traffic from XP machines to SAAS sites.

------
300bps
To me, the real interesting part of this story is that Mac OS X trails Windows
Vista in market share.

~~~
ChuckMcM
I took a picture on the train the other day, in the echo chamber that is
Silicon Valley on CalTrain it was macbooks all the way down the car. It was
the first time I had seen the entire car with nothing but Macbooks.

That said, the particular infographic is misleading in a number of ways, MacOS
10.9 but none of the other versions? Windows 8 and 8.1 are differentiated by
not Windows Vista, SP1, and SP2?

Microsoft's biggest problem is that XP is "good enough" on hardware that will
never run Windows 7. That leaves them asking someone to spend anywhere from
$500 to $1000 to "upgrade" a machine that is working fine for the intended
purpose, sometimes several thousand machines. And who wants to do that?

If someone wants to do something crazy at Microsoft it would be to target
windows 9 to _every single windows capable platform_ from XP to present. That
would be a _huge_ amount of work and so I doubt they will even attempt it, and
they would have to back port drivers for hardware where the vendor no longer
exists. But it would solidify their OS position once again.

~~~
Aaronontheweb
Ex-Microsoftie here.

They actually already did that with Windows 8.

Steven Sinofsky even did a demo to us where he got Windows 8 up and running on
an ancient laptop originally manufactured for use with Windows 95 or 98 (piece
of x86 hardware that was close to 20 years old.)

Windows 8 has lower system requirements and a smaller storage requirement than
Windows 7 - this was necessitated by the requirement to support ARM
architecture beginning with Windows 8.

The problem is that Windows XP exists predominantly in two environments that
are historically tricky for Microsoft:

1\. Pirated copies, largely in Asia and

2\. Deeply barnacled enterprise deployments, especially in Governments.

The reason why Microsoft's bothered supporting XP for so long is because of
the amount of revenue tied up in #2.

If Microsoft dynamites support for XP and those barnacled enterprises have to
reinvent their entire IT infrastructure around something new, there's a very
strong possibility in some cases that a Linux-based solution might win,
particularly in the public sector.

So it's a tricky issue, but Microsoft won't ultimately be able to kick the can
down the road forever. What will ultimately move people off of XP is when
third party developers decide to stop supporting it, which they largely still
do.

~~~
keithpeter
_" Steven Sinofsky even did a demo to us where he got Windows 8 up and running
on an ancient laptop originally manufactured for use with Windows 95 or 98
(piece of x86 hardware that was close to 20 years old.)"_

Interesting. So I could buy a retail copy of Windows 8 and install it on this
X61s (Duo Core 2, 3Gb RAM, Lenovo BIOS, Intel 945 graphics, Atheros WiFi) and
it would run reasonably quickly?

~~~
Aaronontheweb
In theory - the poster below pointed out that they added a requirement later
which eliminated support for any pre-2003 CPU. The demo I referred to happened
about a year before Windows 8 RTMed.

------
userbinator
So Vista and 7 users are moving to XP and 8.1? That's weird...

------
Theodores
This reminds me of election polls in the UK. Before an election some agency
will phone up a thousand or so people and ask them what they plan to do on
election day - tick the red box or the blue box. Sometimes they also go door
to door or ask people in shopping centres. Despite their methods they do get
to miss a lot of folk - those that do not have phones and those that are out
working rather than waiting for the pollster to ring their doorbell.
Consequently the results are not necessarily representative of true voter
intentions.

As for the total XP installed count, what about all those machines that get
used every day in some workplace for something as ordinary as printing labels
but never get to go online? Or those rooms full of PCs that only get
occasional use because people bring their own device or do their personal
surfing on a phone? Or those PC's in back rooms that generally collect dust?
These machines are like the voters the pollsters miss.

