Okay. Good to know. So, when
I decide to upgrade from Windows
XP, I will install the legal DVD
I have of Windows 7 and stay with
that for years!
No Windows 8, 10, etc. for me until
Microsoft makes some fantastically strong and
solid statements about compatibility
with old software, security, and privacy.
Have anything specific except for
Flash or macros for Word? There
is the recent 15 or so year old
problem, so far never seen in practice,
having to do with fonts or some such.
Otherwise, what's insecure about XP?
Or more secure about 7, 8, 8.1, or 10?
Sure, using XP means I'm not cool, but
what about actual security?
Or are the crucial parts of XP really
much different than those of
7? I doubt it. Until the XP support
stopped, the same malware scanning and
repair software worked for XP and 7.
> Otherwise, what's insecure about XP? Or more secure about 7, 8, 8.1, or 10?
Windows XP had no UAC and most users were surfing as admin, which was inherently more insecure. Also, XP does not have a bunch of security features the newer Windows had, see http://superuser.com/a/739204. And now without the updates, since security issues are not patched, the system should be open to all kinds of drive-by attacks and whatever was found in the last months. I do not have a list of them.
I read the link and got nothing out of it.
I don't even know what the acronyms mean.
I don't understand "drive by attacks": My
XP computer has nothing wireless, not
even the
keyboard or the mouse. Wireless,
essentially everything about everything
wireless looks to me like a gigantic
security problem. Right: I have no
smartphone; I have a cell phone someone
gave me, but I've never used it and
intend never to use it.
I see no
panel trucks outside looking at whatever
radiation my equipment giving off.
I really don't get the suggestion in the
link that somehow XP is vulnerable just from
being connected to the Internet.
I don't have much software listening
on IP ports -- I shut down that stuff.
I don't use Internet Explorer except
rarely at Microsoft sites. I use
Firefox and have Java disabled.
I don't let data from untrusted sources
execute at software. Really, I rarely
download any software, not plug-ins,
macros, or anything else.
The link says that most XP users run
as Administrator. Well, I don't.
I have to run as Administrator
for some of my software development,
but otherwise I run as an ordinary user.
People used to worry about opening
e-mail attachments. I never did or would do
such a thing. I run Outlook
only in text mode; I never let Outlook
trigger the processing of HTML or display
an image.
My version of Flash is a bit old and,
that means that Flash never runs
except when I explicitly permit it to
run, and I only do that on no doubt
fairly safe Web sites.
I permit Acrobat to see a PDF file only
from no doubt highly trusted sources.
I fail to see just why my computer is
so vulnerable. All evidence is that
my computer is safe enough to date.
Windows XP does support the Microsoft
High Performance File System (HPFS),
and it has capabilities and
access control lists (ACLs) which,
going all the way back to Multics,
IBM's Resource Access Control Facility
(RACF), parts of SQL Server, etc.,
are relatively good ideas for security.
In time I will convert over to
Windows Server anyway, make use
of ACLs, use virtual machines,
maybe some version of containers, etc.
I don't read removable media from
untrusted sources. I never use
thumb drives.
For CDs and DVDs,
I tell Windows over and over, "take
no action".
There is a suspicion that once Microsoft
noticed, say, way back in Windows 95, that
their code was awash in security holes,
they first saw the bad news and, later,
noticed some good news: Fix the bugs
but use bug fixes as a way to get users
to upgrade to new software, with more
bugs to be fixed, to get people to
upgrade to more software, etc. Generally
Microsoft wants users of Windows to
have to keep returning to Microsoft
and paying money. Gee, my processor is
from AMD and I don't have to keep
interacting with them and paying money.
Considering this suspicion, why should
I rush to Windows 7, 8, 8.1, 10
with a lot of new software and bugs?
I look at Satya's face and I know
that I can't read it or understand
him. I can't trust Satya.
Really my big concern on upgrading
is the weeks and weeks and weeks
of barbed wire enemas I will have to
go through, clicking, guessing,
struggling, clicking, clicking,
clicking, over and over, for
hours and hours at a time,
days, weeks, months, screaming
in anger, literally, until my
throat is sore, literally,
as I've
done too often in the past,
just to get back to
a system as usable as I have now.
E.g., now I have my main boot partition
backed up so that I can restore it.
If that partition gets infected,
then I will just restore my most recent
backup, which has been apparently solid,
stable, and secure now for about three years.
I know how to do the restore and have
done it and tested it. And I have
two other partitions I can boot
from to do the restore.
So, how would
I do such things with 7, 8, ...?
Will Microsoft tell me? Nope. They
just want to suggest that they
can solve all my problems by
migrating my options in Outlook.
Bummer.
Now I'm using XP to develop
the .NET software for my startup.
Here, XP seems fine. But
I intend to go live on
Windows Server. Windows 7?
I have a legal copy if I need it.
Windows 8, 8.1, 10,
metro interface, integration with
XBOX, Surface, and phones? I can't
imagine why I'd ever tolerate
any such nonsense. A new GUI
UI? No thanks: I want command lines
and scripts. Office 365? No thanks.
I have a copy of Office 2003 -- with
lots of patches, and that's fine with me.
Uh, if I install Windows 7
will Office 2003 install? Will I be
able to get the patches for
Office 2003? If not will I have
to buy a new copy of Office?
Will I hate the new copy? Likely.
Drive by attacks in that context does not mean wireless. It means exactly what you think is not the case: That just by being in the Internet you are vulnerable. Exploits like http://www.computerworld.com/article/2488674/malware-vulnera... get patched in Windows 7+, but they stay as a gaping hole in your OS. Nothing you described helps just a bit against that.
> My version of Flash is a bit old and, that means that Flash never runs except when I explicitly permit it to run, and I only do that on no doubt fairly safe Web sites.
That does not help. There were flash-exploits for which the click to activate function of browsers were useless against.
> I have a copy of Office 2003 -- with lots of patches, and that's fine with me.
Office 2003 is not supported anymore as well and might contain equally big security bugs (I did not look that up). You open word documents with it, you might be infected.
If you want to stay on a secure system for years where the UI does not change, you will have to migrate to Linux with one of the custom Window Managers like Openbox.
The link was for a lot of versions of IE,
some of which don't run on XP. I try not
to use IE. Sometimes I had to use it at
some Microsoft Web sites. Okay.
Mozilla will let me install a new version of
Firefox, but Microsoft won't let me install
a new version of IE or let me patch an
old version of IE. Bummer.
I'd be reluctant to let my 2003 copy
of Word open a file from an untrusted
source. I do next to nothing with Word.
Occasionally I run the 2003 version of
Excel: I generate the data outside of
Excel using whatever software I write
and then pull the data into Excel for
graphing. I don't try to use Excel files
from other people.
So, Flash can hurt even if I don't run it!
Wow. Looks like Adobe worked really hard
to help the hackers.
Does Microsoft really want the their
security holes fixed?
Gee, in a big company, how can people
pass around Word, Excel, and HTM files?
One infected file, and many of the
computers in the company can get infected.
Whatever happened to the idea that a program
that reads data checks to see if the
data is okay and makes sure that
bad data can't cause the program to
hurt anything? That was the
long the implicit, expected standard, right?
If someone can send me a DOC file for
Word and, reading that file, Word
infects my computer, then Word is junk,
and Microsoft writes junk software.
Bill and Satya need to get on the case
here.
Microsoft's infected toxic-ware?
It's been a long time, Microsoft --
time to fix this stuff.
On time sharing, it was the case
that any user could write and run
any software at all with no damage
to the operating system or to any other
user. Why is it possible at all to
run software as a user on Windows and
hurt Windows? Bummer.
Microsoft,
we need some guarantees, or at least
strong assurances with, say, a
major bounty program, that such things
just are not possible. How about
a bounty of $1 for the first bug and
for each subsequent bug double the
bounty? How 'bout that Bill?
Risk your fortune or fix the bugs?
The "security" of newer Windows is mostly anti-user, anti-freedom. XP doesn't enforce code signing, and SFP is only advisory, so you can run whatever you want, hack and customise the OS code easily to get it to behave how you want. Most of the exploits that gave XP a bad name in the early days were from IE in its default configuration, which basically no one on XP will be using now.
It takes time to get bugs get discovered and fixed. There's a lot of new code in these newer versions and I bet they'll be uncovering more bugs in it as time goes on, some of which won't be applicable to XP because the code isn't even present.
As for "privacy"... XP most certainly does not phone home with anywhere near the amount of info that Win10 collects, as this article shows.
I'd be more inclined to say "Worried about security and privacy...but still wants to upgrade to Windows 10?"
My next jump after XP will likely be some form of Linux with WINE - with everything that can phone home removed.
You have four and a half years before Windows 7 "End of extended support" occurs on January 14, 2020. You might want to transition straight to linux or OSX.
Depends on how old. What I'm running
and like would not have run on
Windows 3.1 or PC/DOS but did run
on Windows NT SP3 and Windows 2000.
But maybe some of that software would
have run into problems on Vista.
Maybe Microsoft wants to assume that I
will do my typing into Word or Outlook
or Excel. No I won't. I type into
my favorite text editor KEDIT. I keep
my e-mail in files maintained with KEDIT
and use Outlook only to send and receive, that
is, handle the POP3 interactions. Maybe
Microsoft believes that, sure, I will
do my word whacking with Word. No I won't;
I use Knuth's TeX and, then, PDF.
Microsoft thinks I like their efforts
at GUIs -- I hate nearly all GUI efforts
and make heavy use of command lines in
text windows. The command lines run
scripts I wrote.
I make relatively little and light
use of the features of XP and
still less use of Microsoft's
applications. So, my security
is not very vulnerable to
any remaining security holes
in XP.
No Windows 8, 10, etc. for me until Microsoft makes some fantastically strong and solid statements about compatibility with old software, security, and privacy.