Windows XP Users 6X More Likely To Be Hacked

HardOCP News

[H] News
Joined
Dec 31, 1969
Messages
0
This article claims that Windows XP users are six times more likely to be hacked. The part they failed to mention is that Windows XP users are also 100x more likely to BE the hacker. :D

Microsoft's venerable Windows XP operating system is six times more likely to be successfully hacked than newer Windows 7 and Windows 8 personal computers. Microsoft disclosed that metric at the RSA Conference in Amsterdam this morning.
 
It truly is time for people to buy their fine new Windows® 8.1 operating system for their PC, safety first™!
 
The part they failed to mention is that Windows XP users are also 100x more likely to BE the hacker. :D

This. As my girlfriend works through her computer security class for her IT degree, all their research, tools and practice are on XP SP1/2 VMs. I've even set up a couple unpatched practice rigs at home for us to work on using some old XP licenses. Those machines are definitely not internet connected, that would be rather scary to have them on my network waiting for everything to come at them.
 
This. As my girlfriend works through her computer security class for her IT degree, all their research, tools and practice are on XP SP1/2 VMs. I've even set up a couple unpatched practice rigs at home for us to work on using some old XP licenses. Those machines are definitely not internet connected, that would be rather scary to have them on my network waiting for everything to come at them.

Know what's more fun? Set up a Win 2012 server as your router/gateway to the internet, then hook an unpatched WinXP or Server 2003 VM directly to the internet and see what happens. It's amusing how quickly it gets hacked and starts sending out spam. I think my experiment lasted all of 15 minutes before it became a spambot. I killed it right after that.

My server has lasted several months without hacks. My wireless AP has been hacked twice in the same time period, but not the server.

I need a new Wireless AP, preferably with 5GHz capabilities, anyone have suggestions?
 
I would expect nothing less from the swiss-cheese of operating systems.
 
Do testing with 5ghz before relying on it.

5 has lousy penetration. ie - Testing it versus 2.4 gives 1/2 the signal strength through 3 walls. A good 2.4 will exceed 80mbps (hit 122 sustained on large files, Nighthawk), so unless you're streaming, it's lots of muscle.

The hotrod right now is the Netware Nighthawk, dual band, ac. It has a dual core 1ghz CPU.

Note: I beamed 5.8ghz 3.3 miles as an access point at legal unlicensed power levels for 40mbps as an access point. My ISP was capped at 40 though. But that was line of sight. Legal-power record is about 100km.
 
Do testing with 5ghz before relying on it.

5 has lousy penetration. ie - Testing it versus 2.4 gives 1/2 the signal strength through 3 walls. A good 2.4 will exceed 80mbps (hit 122 sustained on large files, Nighthawk), so unless you're streaming, it's lots of muscle.

The hotrod right now is the Netware Nighthawk, dual band, ac. It has a dual core 1ghz CPU.

Note: I beamed 5.8ghz 3.3 miles as an access point at legal unlicensed power levels for 40mbps as an access point. My ISP was capped at 40 though. But that was line of sight. Legal-power record is about 100km.


Ok... Thanks for sharing that with us guy...
 
So are XP USERS more likely to be hacked? Or companies that still have hundreds (thousands) of computers using XP still attached to the internet with dumb users who come into work and think anything they do will be fixed by their IT guy?
 
Know what's more fun? Set up a Win 2012 server as your router/gateway to the internet, then hook an unpatched WinXP or Server 2003 VM directly to the internet and see what happens. It's amusing how quickly it gets hacked and starts sending out spam. I think my experiment lasted all of 15 minutes before it became a spambot. I killed it right after that.

My server has lasted several months without hacks. My wireless AP has been hacked twice in the same time period, but not the server.

I need a new Wireless AP, preferably with 5GHz capabilities, anyone have suggestions?

Dude, use a firewall on that stuff...
 
Even if there is some truth to it, this specific quote is nothing more than a scare tactic from Microsoft. It's hard to take comments like this seriously from them when you know they are really just going to say whatever they think will cause people to buy more copies of windows 8 :rolleyes:

90% of the malware infections I deal with on XP computers are the result of the exact same thing that infects Vista, 7, and 8 users also: Dumb users clicking on stuff that they shouldn't. Almost everyone is behind a router these days, so it's not like the good ole's days were people can just port scan a range of IP addresses to find vulnerable computers. Hell, there was a point in time ~10 years ago where everyone in my neighborhood who had a cablemodem was on the equivilent of a local LAN; even Netbeui worked :p There was a real possibility of getting "hacked" just due to having your computer connected to the internet, without the user having to do anything. These days? Not so much.

Also, it's not like running 7 or 8 is going to cause Java or Flash to say updated :p

The kind of people who run XP these days are the same kind of people who spend hours playing flash-based slot machines, and when the malware pop-up says it will give you extra tokens, who can resist?
 
Even back in the old days, when you first booted up an XP machine with a public IP, you had a few minutes to get things patched, a good firewall and an AV. They had some articles that wanted to see the least time it took for it to get infected. Plug it in and wait... I think 15 minutes was about normal. SP2 helped out a lot with the firewall, but other exploits came along.

Vanilla XP was fun, though. Install it, and come back a few hours later and see a public FTP server running on it, tagged multiple times, virus infected....

I'm surprised it's still a large security risk, 6x more likely. I believe it, but damn.... Vista/7/8 are much more secure in comparison. XP is over a decade old, if you think Microsoft is trying to force you to upgrade - they are. Not only for their own profit, but because of internet safety. If you don't want to, fine. But, if your machine gets infected - don't blame Microsoft for a shitty OS. You were warned. Nothing lasts forever. It's business, but it's also preventing your computer from getting screwed up (usually when you really need it, too).
 
I'm surprised it's still a large security risk, 6x more likely. I believe it, but damn.... Vista/7/8 are much more secure in comparison. XP is over a decade old, if you think Microsoft is trying to force you to upgrade - they are. Not only for their own profit, but because of internet safety. If you don't want to, fine. But, if your machine gets infected - don't blame Microsoft for a shitty OS. You were warned. Nothing lasts forever. It's business, but it's also preventing your computer from getting screwed up (usually when you really need it, too).

The thing to remember is how big Vista was in terms of security. For all of its flaws, Microsoft made major security changes in Vista that overall seem to have proven successful with 7 and 8 providing incremental enhancements over the big changes from XP to Vista.

The whole forcing users to upgrade doesn't made a lot of sense when you compare XP to non-Windows OSes. How many people are running 12 year old versions of Linux or OS X? If there were significant percentages of other OSes with 12 year old versions running, then maybe the argument would be valid.
 
Even if there is some truth to it, this specific quote is nothing more than a scare tactic from Microsoft. It's hard to take comments like this seriously from them when you know they are really just going to say whatever they think will cause people to buy more copies of windows 8 :rolleyes:

90% of the malware infections I deal with on XP computers are the result of the exact same thing that infects Vista, 7, and 8 users also: Dumb users clicking on stuff that they shouldn't. Almost everyone is behind a router these days, so it's not like the good ole's days were people can just port scan a range of IP addresses to find vulnerable computers. Hell, there was a point in time ~10 years ago where everyone in my neighborhood who had a cablemodem was on the equivilent of a local LAN; even Netbeui worked :p There was a real possibility of getting "hacked" just due to having your computer connected to the internet, without the user having to do anything. These days? Not so much.

Also, it's not like running 7 or 8 is going to cause Java or Flash to say updated :p

The kind of people who run XP these days are the same kind of people who spend hours playing flash-based slot machines, and when the malware pop-up says it will give you extra tokens, who can resist?

+1

Also, most of those Windows XP users are still using IE 6, 7 or 8. If you switch over to a newer/alternate browser, 99% of those malware injection problems go away...
 
+1

Also, most of those Windows XP users are still using IE 6, 7 or 8. If you switch over to a newer/alternate browser, 99% of those malware injection problems go away...

I think a bigger issue than even antiquated browsers is XP users mostly running as local admins.
 
I think a bigger issue than even antiquated browsers is XP users mostly running as local admins.

That's a huge problem with Vista, Windows 7 and 8, not just XP. The OOBE creates a user account with administrative privileges by default. Although Windows 7 and 8 prompts for elevated privileges to modify system files and settings, most users just click "OK" without knowing or reading the prompt. I work on hundreds of computers a month and see just as may Vista, Windows 7 and 8 systems with malware installed. Actually, I see more now that most people have upgraded beyond XP...
 
That's a huge problem with Vista, Windows 7 and 8, not just XP. The OOBE creates a user account with administrative privileges by default. Although Windows 7 and 8 prompts for elevated privileges to modify system files and settings, most users just click "OK" without knowing or reading the prompt. I work on hundreds of computers a month and see just as may Vista, Windows 7 and 8 systems with malware installed. Actually, I see more now that most people have upgraded beyond XP...

It goes beyond the accounts though. XP and much software from that era required admin privileges that shouldn't have. Vista began to force the issue with software running with least needed privileges and it's much easier to use a Vista and beyond system with proper applications without using an admin account.

At any rate, many are taking this seriously. XP clients will be locked out of our network by the end of Q1 2014.
 
The whole forcing users to upgrade doesn't made a lot of sense when you compare XP to non-Windows OSes. How many people are running 12 year old versions of Linux or OS X? If there were significant percentages of other OSes with 12 year old versions running, then maybe the argument would be valid.
Bear in mind, however, that the market share of folks running OSX or Linux is a lot smaller, and that both of those started out as much harder targets. And Linux doesn't require payment to upgrade. :)

I'm still rocking XP SP3 on my main desktop. I'd *like* to upgrade, but upgrading to Win7 or Win8 costs a lot of money. The pressure is mounting--I'd sure like to get on a 64-bit OS--so I may end up switching to Linux. I think the only thing I'll need to run in Wine is SC2...
 
Bear in mind, however, that the market share of folks running OSX or Linux is a lot smaller, and that both of those started out as much harder targets. And Linux doesn't require payment to upgrade. :)

I'm still rocking XP SP3 on my main desktop. I'd *like* to upgrade, but upgrading to Win7 or Win8 costs a lot of money. The pressure is mounting--I'd sure like to get on a 64-bit OS--so I may end up switching to Linux. I think the only thing I'll need to run in Wine is SC2...

I was about to say it is not about the cost it is about the performance and the lack of growth in windows. It is the same shit just in a different package.

The only thing they managed is limit which DirectX version can be used on each OS. The rest of the "changes" are rather trivial.
 
Even if there is some truth to it, this specific quote is nothing more than a scare tactic from Microsoft. It's hard to take comments like this seriously from them when you know they are really just going to say whatever they think will cause people to buy more copies of windows 8 :rolleyes:

90% of the malware infections I deal with on XP computers are the result of the exact same thing that infects Vista, 7, and 8 users also: Dumb users clicking on stuff that they shouldn't. Almost everyone is behind a router these days, so it's not like the good ole's days were people can just port scan a range of IP addresses to find vulnerable computers. Hell, there was a point in time ~10 years ago where everyone in my neighborhood who had a cablemodem was on the equivilent of a local LAN; even Netbeui worked :p There was a real possibility of getting "hacked" just due to having your computer connected to the internet, without the user having to do anything. These days? Not so much.

Also, it's not like running 7 or 8 is going to cause Java or Flash to say updated :p

The kind of people who run XP these days are the same kind of people who spend hours playing flash-based slot machines, and when the malware pop-up says it will give you extra tokens, who can resist?

With XP, while it is vulnerable to the usual user problems (which UAC is supposed to be able to discourage with Win7 and Win8,) it is also vulnerable to malware that doesn't even require user intervention, even with the built in "firewall" operational. I use quotes around that because the attempts at firewalls on XP have been mostly unsuccessful. That's exactly why XP is so much more vulnerable than Win7. Also, those types of programs that can hack into XP without user intervention are the types that make systems into spambots or DDoS bot. They are hacker favorites. A Windows XP laptop in an internet cafe is almost assured to become a spambot or DDoS bot within 15 minutes. Hackers can even get into someone's wireless network at home (it takes about half an hour for amateurs) and can use that connection to infect any XP systems in the local network. Where do you think these hackers get their DDoS bot groups and smap nets? It's from the idiots who keep running XP. The sooner we get rid of XP, the sooner we have less spam and fewer DDoS attacks.
 
I was about to say it is not about the cost it is about the performance and the lack of growth in windows. It is the same shit just in a different package.

The only thing they managed is limit which DirectX version can be used on each OS. The rest of the "changes" are rather trivial.

The biggest change with versions after XP is network security. With XP, the firewall accepts all traffic, analyzes it, and then dumps what it is set to not like. This allows for a great many attacks to work that don't require user intervention. They've tried many times to stop this, but the core Windows XP architecture prevents real firewall protection.

With Windows Vista and above, they used a real firewall strategy from the ground up. It's far harder to hack into Windows 7 without user intervention.
 
I still run windows 98SE while connected to the internet on one of my old machines for retro gaming.
10633-Come-At-Me-Bro.jpg
 
Even if there is some truth to it, this specific quote is nothing more than a scare tactic from Microsoft. It's hard to take comments like this seriously from them when you know they are really just going to say whatever they think will cause people to buy more copies of windows 8 :rolleyes:

But XP support is going to be ending soon. So it does need to be said. Although it's probably not worth the cost to upgrade old XP machines to Windows 8. Time to get everyone still XP to switch to Linux.
 
Stick your browser in a decent sandbox and XP has very little risk on the web from the browser.
Put Comodo firewall on the OS and the chance of being hacked is vastly reduced, even when using an admin account.
It is a full blown HIPS as well as as a firewall (Host Intrusion Protection system).
ie it controls what can run, what can start it running and what access it has to the system and the internet.

Just sayin' MS :p
 
In the big push for profit and an unwillingness to support a product purchased in good faith, Microsoft has shown it's puckered rear to the consumer, as do most inhuman corp entities that are too big to be genuinely valuable to human beings.
 
I got a computer in the other day to work on. Dell, Windows XP - no SP1...zero updates...never once been connected to the internet. It was having printing issues. I didn't know this at the time but I connected it - turned it on and left for the evening - came back and it was never the same.
 
In the big push for profit and an unwillingness to support a product purchased in good faith, Microsoft has shown it's puckered rear to the consumer, as do most inhuman corp entities that are too big to be genuinely valuable to human beings.

Lol, XP is how old now?

I pretty much stopped using it as soon as SP1 for Vista came out.

I suppose you expect other software companies to keep providing updates to there decade old software packages as well? :rolleyes:
 
Do testing with 5ghz before relying on it.

5 has lousy penetration. ie - Testing it versus 2.4 gives 1/2 the signal strength through 3 walls. A good 2.4 will exceed 80mbps (hit 122 sustained on large files, Nighthawk), so unless you're streaming, it's lots of muscle.

The hotrod right now is the Netware Nighthawk, dual band, ac. It has a dual core 1ghz CPU.

Note: I beamed 5.8ghz 3.3 miles as an access point at legal unlicensed power levels for 40mbps as an access point. My ISP was capped at 40 though. But that was line of sight. Legal-power record is about 100km.

That's awesome. My buddy actually has the Nighthawk, the thing is a BEAST
 
That's awesome. My buddy actually has the Nighthawk, the thing is a BEAST


I got Massive Nerd Wood when I fired up the Nighthawk at home. :D

Wifey just got a new dual band notebook yesterday, and it hit 192mbps on wireless according to speedtest.net. No shit.:eek:
 
That Nighthawk looks to be a future purchase. I am tired of shitty routers losing wifi and not assigning IP's and silly simple crap. Hopefully this one does the trick
 
Back
Top