Jump to content

Microsoft reminder: No support for XP from April 8


Recommended Posts

Posted

You're missing the point I think. AntiVirus software suites don't rely on a database and scanner alone, as I pointed out before. They use behavioural analysis to identify malware so whether or not a certain AntiVirus scanner spots a bad file is of very little interest to me. You still haven't provided a single example that I can test. Of course, you're under no obligation to either but I thought it would make the discussion more informative. I'm not familiar with 4Chan so I don't know where to make such a post.

For someone who claims to know all about antivirus, I find it strange that you can't find a way to get yourself infected.

Fill your boots man.

http://www.malwaredomainlist.com/mdl.php

I wonder how many users here will think you are posting a good list and go to some of the sites expecting good things to see:)

remember everyone....if it is not on its not on and that applies to computer protection too.

He asked me for examples of malware, so you don't need to be a brain surgeon to assume that's what I provided.

Anyone who doesn't understand "Malware Domain List" is probably already infected.

wink.png

  • Replies 71
  • Created
  • Last Reply

Top Posters In This Topic

Top Posters In This Topic

Posted Images

Posted

You're missing the point I think. AntiVirus software suites don't rely on a database and scanner alone, as I pointed out before. They use behavioural analysis to identify malware so whether or not a certain AntiVirus scanner spots a bad file is of very little interest to me. You still haven't provided a single example that I can test. Of course, you're under no obligation to either but I thought it would make the discussion more informative. I'm not familiar with 4Chan so I don't know where to make such a post.

For someone who claims to know all about antivirus, I find it strange that you can't find a way to get yourself infected.

Fill your boots man.

http://www.malwaredomainlist.com/mdl.php

I wonder how many users here will think you are posting a good list and go to some of the sites expecting good things to see:)

remember everyone....if it is not on its not on and that applies to computer protection too.

He asked me for examples of malware, so you don't need to be a brain surgeon to assume that's what I provided.

Anyone who doesn't understand "Malware Domain List" is probably already infected.

wink.png

The only relatively uninfected computer I have seen in Thailand is mine and I am not even sure of that.

Posted

You're missing the point I think. AntiVirus software suites don't rely on a database and scanner alone, as I pointed out before. They use behavioural analysis to identify malware so whether or not a certain AntiVirus scanner spots a bad file is of very little interest to me. You still haven't provided a single example that I can test. Of course, you're under no obligation to either but I thought it would make the discussion more informative. I'm not familiar with 4Chan so I don't know where to make such a post.

For someone who claims to know all about antivirus, I find it strange that you can't find a way to get yourself infected.

Fill your boots man.

http://www.malwaredomainlist.com/mdl.php

I never claimed to know all about antivirus, just making the point that there's a lot more to antivirus software than on-demand scanners. Cheers for the link.

More importantly, there's a lot more to malware than things Antivirus can detect.

There is no substitute for patching (Windows and applications).

Well, I'm not a dishonest person so I will have to admit that I was able to download at least one of those malware examples without any interference from my AV software. Many URLs were blocked by my web browser and some files were recommended not to open by AV program but I was able to download qiji.exe and open it too. Unfortunately, I was too gay to click yes to allow it to run and make changes on my computer when prompted by User Account Control so I still have no idea if the behavioural analysis part of the AV would have spotted anything unusual. I wanted to run it, to prove a point, but when it came down to it I thought it was just too stupid a thing for me to do, knowing that it was malware!

Cheers

Posted

The record last year was 85,000 new pieces of malware in one day. I wouldn't expect the AV companies to keep up with all that, heuristic/behavioural analysis or not.

Posted

The record last year was 85,000 new pieces of malware in one day. I wouldn't expect the AV companies to keep up with all that, heuristic/behavioural analysis or not.

How much of the 85000 was script kiddie varients with same signatures?

Posted

I've been kinda following this thread, and there have been a number of interesting points made, and I thought I'd add another one.

I do want to say to inthepink, don't do it. Don't knowlingly download and run any kind of malware on a machine that you are still using. There is no need to put yourself at risk just to make any kind of point on this forum.

I'm actually a linux user, but I still have a 10 year old computer running XP. It's only function now is to continue to run magic jack, the one and only thing that has tied me to windows. My 5 year magic jack subscription will run out in March 2015, so I only need to keep this old computer going til then. At that time I will not be renewing with then so this computer can be retired.

My addition to this discussion is a podcast of a show called Security Now, with the host Leo Laporte and security guru Steve Gibson, episode 450 from 8 April 2014. Here is the transcript.

https://www.grc.com/sn/sn-450.htm

A short quote from the transcript

Steve: ...But all of what we are seeing, with few exceptions, are problems in the apps, in the things that run on the operating system. That's what gets exploited. The browser gets exploited, Flash, Java. I mean, this podcast is all about those things. It's true that there are occasionally kernel OS-level problems. But, for example, even the topic of today's podcast is not about Apache or about Linux. It's about OpenSSL, a library running on top of the operating system. So my argument is nothing is going to happen, I mean, that all of the things that we run on XP, they continue to be patched except for Office 2003. That stops.

Leo: And IE. Got to remember, IE also is not going to be updated anymore. And in fact it hasn't been updated in a while on XP.Steve: Right. And so, as we've said...Leo: Don't use IE.Steve: ...Chrome or Firefox, exactly. So anyway, I think this is a tempest in a teapot. I could be wrong, but I'm happy to plant my flag, and we'll all see whether I end up with egg on my face or not. I think, I mean, I'm going to keep using it. I haven't patched since '08, I think it was. And I'm just fine. And I'm not going to stop right now, working on SQRL and then on SpinRite 6.1, I'm not delaying those in order to move to Windows 7 because for me, it's a huge, I mean, it's weeks of downtime to set everything up again. And it is unfortunate that that's what Microsoft has done with their operating system, that you just can't move everything to a new platform, but you just can't. You have to reinstall everything.So we'll see how this goes. There really is no news. You were showing a minute ago a clock that Microsoft has created. I mean, Microsoft is milking this for all they can in order to generate revenue, to force people off a platform which is working just fine. And you've probably seen in the news also that some major governments, I know over in the U.K. several large organizations have paid lots of money for the privilege of continuing to receive the XP patches which the rest of us won't be getting any longer. So Microsoft is now turning their vulnerabilities into a revenue stream for the first time. Which, I mean, remember that when the idea of getting auto-patched first happened, it was really controversial. We've gone from that extreme to exactly the opposite extreme, where people are freaked out now about this IV drip being turned off. So anyway, we live in interesting times.
Posted

The record last year was 85,000 new pieces of malware in one day. I wouldn't expect the AV companies to keep up with all that, heuristic/behavioural analysis or not.

How much of the 85000 was script kiddie varients with same signatures?

I don't know, I haven't looked at them all.

That was just one day.

rolleyes.gif

Posted

Hi JSixpack,

Have you tried Robolinux?

When running say Win XP in Robolinix's built in virtual machine, what kind of performance do you get? Does Win XP run normal speed, or is it too slow to be of any practical use?

Thanks in advance.

Posted

Hi JSixpack,

Have you tried Robolinux?

When running say Win XP in Robolinix's built in virtual machine, what kind of performance do you get? Does Win XP run normal speed, or is it too slow to be of any practical use?

Thanks in advance.

I haven't tried it myself but it looks promising I'd say.

Posted

I've been kinda following this thread, and there have been a number of interesting points made, and I thought I'd add another one.

I do want to say to inthepink, don't do it. Don't knowlingly download and run any kind of malware on a machine that you are still using. There is no need to put yourself at risk just to make any kind of point on this forum.

I'm actually a linux user, but I still have a 10 year old computer running XP. It's only function now is to continue to run magic jack, the one and only thing that has tied me to windows. My 5 year magic jack subscription will run out in March 2015, so I only need to keep this old computer going til then. At that time I will not be renewing with then so this computer can be retired.

My addition to this discussion is a podcast of a show called Security Now, with the host Leo Laporte and security guru Steve Gibson, episode 450 from 8 April 2014. Here is the transcript.

https://www.grc.com/sn/sn-450.htm

A short quote from the transcript

Steve: ...But all of what we are seeing, with few exceptions, are problems in the apps, in the things that run on the operating system. That's what gets exploited. The browser gets exploited, Flash, Java. I mean, this podcast is all about those things. It's true that there are occasionally kernel OS-level problems. But, for example, even the topic of today's podcast is not about Apache or about Linux. It's about OpenSSL, a library running on top of the operating system. So my argument is nothing is going to happen, I mean, that all of the things that we run on XP, they continue to be patched except for Office 2003. That stops.

Leo: And IE. Got to remember, IE also is not going to be updated anymore. And in fact it hasn't been updated in a while on XP.Steve: Right. And so, as we've said...Leo: Don't use IE.Steve: ...Chrome or Firefox, exactly. So anyway, I think this is a tempest in a teapot. I could be wrong, but I'm happy to plant my flag, and we'll all see whether I end up with egg on my face or not. I think, I mean, I'm going to keep using it. I haven't patched since '08, I think it was. And I'm just fine. And I'm not going to stop right now, working on SQRL and then on SpinRite 6.1, I'm not delaying those in order to move to Windows 7 because for me, it's a huge, I mean, it's weeks of downtime to set everything up again. And it is unfortunate that that's what Microsoft has done with their operating system, that you just can't move everything to a new platform, but you just can't. You have to reinstall everything.So we'll see how this goes. There really is no news. You were showing a minute ago a clock that Microsoft has created. I mean, Microsoft is milking this for all they can in order to generate revenue, to force people off a platform which is working just fine. And you've probably seen in the news also that some major governments, I know over in the U.K. several large organizations have paid lots of money for the privilege of continuing to receive the XP patches which the rest of us won't be getting any longer. So Microsoft is now turning their vulnerabilities into a revenue stream for the first time. Which, I mean, remember that when the idea of getting auto-patched first happened, it was really controversial. We've gone from that extreme to exactly the opposite extreme, where people are freaked out now about this IV drip being turned off. So anyway, we live in interesting times.

Don't worry, I didn't do it - I don't have that much faith in the software and I am using this machine every day. I've used various Linux distros myself but I can never get really comfortable with them. I find the additional effort required to be a bit of a pain to be honest...but that could just be because I like to fiddle around with things. External disks are a good example, if I want them to be available every time I boot up, I've found that I have to edit the fstab file, something I don't have to do with Windows. But maybe that wouldn't be the case if they weren't all formatted as NTFS. Anyway, straying a little off topic now.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.




×
×
  • Create New...