chrismeyer6 wrote:

HI everyone long time lurker and huge fan of this site. I have a xp pro laptop and i dual boot my main rig with xp pro an win 7 ultimate and on both of my XP installs MSE still updates just fine in fact my laptop just finished downloading new definitions.

Quite to the point: this problem only hit a minority of people. It makes me wonder whether it could all be brought back to a very specific MSE update that the victims all downloaded at a certain time...so instead of all XP systems with MSE encountering problems at once and the ensuing negative publicity for Micorsoft when it makes the headlines it stays below the radar and 'forces' people to upgrade to Windows 10 or something...

Call me crazy, but I don't run A/V on my XP machine. I protect on other layers:
-linux-based firewall with MVPS HOSTS (so it filters all machines on my network) and IDS that uses Snort/Sourcefire VRT rules. Also have Symantec DNS filters in the firewall.
-uBlock Origin extension in Firefox that has tons of other malware filters built in.

Not running A/V saves precious RAM and resources on a 3.2GB-limited XP system.

edit: I scan with Malwarebytes every week or so and have never had so much as a PUP detection.

If you have a good antivirus and you're smart about what you do on the internet, XP will be just fine.

I wouldn't set certain people loose with XP though, seeing what they are capable of doing to 7.

keenmaster486 wrote:

If you have a good antivirus and you're smart about what you do on the internet, XP will be just fine.

Malware from the web is only one part of system security. XP has that down packed for now, its all the other holes that can be manually exploited you truly need to be worried about at this pinot. But if your behind a good firewall and well build network and don't leave the system online you should be fine.

Biggest exploits are email, infected ads, and shady sites. Do your email somewhere else (I have a linux laptop for email and financial stuff), use an ad blocker (uBlock Origin is best), and don't go to shady sites. 😀

clueless1 wrote:

Biggest exploits are email, infected ads, and shady sites. Do your email somewhere else (I have a linux laptop for email and financial stuff), use an ad blocker (uBlock Origin is best), and don't go to shady sites. 😀

That would depend on the user, Not everyone uses the internet in the same way. Infected ads, and shady sites are a big part of things, email being a toss up, it can be and can't be depending on the user and email account.

Having a xp system within a network attached to a exchange server that's walled in will not make email a big problem at all.
But if your using something like gmail/Hotmail and sign up for free coupons and stuff you have a real problem there, on any system for the matter.

Jade Falcon wrote:

That would depend on the user, Not everyone uses the internet in the same way. Infected ads, and shady sites are a big part of […]
Show full quote

clueless1 wrote:

Biggest exploits are email, infected ads, and shady sites. Do your email somewhere else (I have a linux laptop for email and financial stuff), use an ad blocker (uBlock Origin is best), and don't go to shady sites. 😀

That would depend on the user, Not everyone uses the internet in the same way. Infected ads, and shady sites are a big part of things, email being a toss up, it can be and can't be depending on the user and email account.

Having a xp system within a network attached to a exchange server that's walled in will not make email a big problem at all.
But if your using something like gmail/Hotmail and sign up for free coupons and stuff you have a real problem there, on any system for the matter.

I don't think there will be many systems trying to run both MSE and Exchange. Unfortunately, malware has gotten to the point where simply visiting a malformed site or displaying an HTML email that has been specially crafted can bite you. Turning off HTML in email and using filters upstream will defeat most of that.

BTW, you have PM receipt turned off Jade Falcon. Was trying to reply to you but couldn't.

clueless1 wrote:

I don't think there will be many systems trying to run both MSE and Exchange. Unfortunately, malware has gotten to the point where simply visiting a malformed site or displaying an HTML email that has been specially crafted can bite you. Turning off HTML in email and using filters upstream will defeat most of that.

You'd be amazed. I see this a lot in bigger company's with limited budgets for the IT staff and tech stuff.
a lot of company's have XP systems still in use for non replaceable legacy apps but don't spend the time to bother installing or buying a better AV do to their budget.

I even seen a lot of older XP based DVR/camera servers that use exchange and no AV at all.
exchange is often used to send the video to anther system and reporting.

Pure HTML as I know it can not contain any virus code. Or something must have been added to the format it in the last few years.
As far as I know it is Javascript, Active-X, Office Macros and WMV media files that can contain a malicious code besides executables. (Three of those are Microsoft inventions, thank you very much) Then maybe visual basic script files too. I once heard that an exploit could be put in Font files. What else is there?

I'm no expert on HTML, but I do recall hearing this in some security podcasts I listen to. Maybe I didn't understand correctly. But couldn't malicious scripts be inserted into HTML?
http://www.technicalinfo.net/papers/CSS.html