I think someone should set up an install of original XP and run it with a direct internet connection and see what happens. 😀

I've done that in the past, what used to happen (dunno if it still does since the number of unpatched XP original machines around now must be a lot lower) is that all these Windows messaging boxes would pop up on your desktop trying to sell you stuff, before you connected to the web even. I took to installing XP with the network cable disconnected after that then using Autopatcher or Offline Update to install the patches first.

If you're behind a router, don't use IE, don't download anything from shady websites, and install a virus scanner with real-time protection, can XP still get exploited?

Almost certainly. Could a modern OS? almost certainly too, Google the Pwn2Own contests. How easy is it? Well, the problem is that there's likely to be vulnerabilities that will be easy to exploit that go unpatched. Once everyone knows about them, it's just a matter of getting the payload on your XP box somehow, either via a browser exploit, dodgy PDF file etc. Sure as another poster pointed out there's always unknown vulnerabilities, but only very sophisticated adversaries like the government typically have access to vulnerabilities like that before they become widely known.

Realistically though what's the worst case scenario? If you're only running Steam and maybe Xfire (until they drop XP support too) and you get exploited, reset your steam password and reinstall XP. Steam has that double-check sign in thing anyway so as long as you don't check your email on your XP box it's unlikely a hacker could get into your steam account just by stealing the password (unless you use the same password for both Steam and your E-mail).

Jorpho wrote:

Mau1wurf1977 wrote:

How will you activate Windows?

It is trivial to circumvent the need for Windows activation in XP. Even then, the primary reason for activating Windows XP is to get updates from Microsoft, which won't be a problem soon.

I'd like to know more. And this is not to use a dodgy copy, I have licences and genuinely want to setup a semi-offline XP system with just Steam and GOG.com games.

Well, it's been a while since I poked at it and the exact details escape me, but I certainly don't remember having any trouble. Just Google for <bypass wga check>.

I'm pretty sure I made a slipstreamed install CD using nLite which never asked me for any kind of product code.

Cool I will check it out. Waiting for some S478 gear and will see how it goes.

Volume licence editions don't need activation. While not strictly the "correct" I doubt MS would mind using volume licence copies once they turn off their activation servers.

jwt27 wrote:

If you're behind a router, don't use IE, don't download anything from shady websites, and install a virus scanner with real-time protection, can XP still get exploited?

Of course it can. The technique is called "malvertising" - malicious advertising. It happens even on the big sites like Yahoo. Bad guys buy ad space, the ads can use scripts or even ActiveX, and exploit vulnerabilities... and it's not just IE. FireFox and Chrome are targets, too. FireFox performed the worst at the last Pwn2Own.
Just because it's not Microsoft doesn't make it safe.

Of course it can. The technique is called "malvertising"

That's just one of many, many ways you could get an infection onto a target system, in fact as far as I know that happens a lot less often than say, a cross site scripting attack. The problem with buying banner ad space as a bad guy is there's an easy paper-trail back to you. That and the fact that Google scan ads for malware and could detect what you're trying to do at any point.

Just because it's not Microsoft doesn't make it safe.

Indeed going by number of vulnerabilities found and patched last year isn't IE the safest browser now?

"Indeed going by number of vulnerabilities found and patched last year isn't IE the safest browser now?"

Far from it IE, to its detriment, is better than it was but still has far too many falws to say it is the best but its the windows kernel that is full of security holes that rarely get patched unless its an OS update that affect all the browsers

A little quote from the pwn2own hacking contest

"Nils and Jon from MWRLabs were successful at exploiting IE, Google Chrome using WebKit and Windows kernel flaws and won $100,000."

"At Pwn2Own 2014,[55][56] French security firm VUPEN has won a total prize of $400,000, the highest payout to date, after successfully exploiting fully updated Internet Explorer 11, Adobe Reader XI, Google Chrome, Adobe Flash, and Mozilla Firefox on a 64-bit version of Windows 8.1, by using a total of 11 distinct zero-day vulnerabilities"

The problem is the windows kernel at heart. So far from me to tell people what to do but they are mislead as to what part of Windows is unsafe. The kernel is full of security holes and patch after patch wont help it unless they re-write it TOTALLY which would cost them money and time on a monumental scale

A quick link to show the lack of security in the NT kernel comapred to others

http://en.wikipedia.org/wiki/Comparison_of_op … kernel_security

It's safe to say the world most used desktop OS is based on the worst kernel in history

http://secunia.com/vulnerability-review/vulne … date_top50.html

IE, less vulnerabilities than Chrome or Firefox despite being the most used, that's not bad going, though like many users I'm burned by memories of IE6 😀

The problem is the windows kernel at heart.

Nah, disagree completely. As we've seen at other Pwn2own contests exploits work on and are found on OSX and Linux too, plus many browser exploits have nothing to do with the Windows kernel.

Microsoft used to fail hard on security but these days they're actually not too shabby. Trouble is, XP is from exactly that time when they were failing in a big way. The way XP manages users accounts for starters is pretty dire.

Bladeforce wrote:

Take a leap of faith and try a linux distro with Wine if you like older games. I am having plenty of success running many, many older games. If you use Office, look for alternatives. I haven't had Windows as my main OS for nearly 8 years now and enjoying every minute of it

some programs may not run under wine very well but you could usually set up vm install windows in vm then the games you wanted (a bit of a pain though)
for dos programs you can use dosbox or dosemu
I use dosemu myself for running control programs for the glass furnace moore temp controllers
and my old dos inventory database program through linux

The problem is the windows kernel at heart.

and the simple fact of one large partition and 1 single format (exploitable as hell)
a linux set up uses at minimum 3 partitions unless you choose to make it all one.
the average good set up
root, swap, home, usr, temp, and var
add to this that linux has many formats you can choose from.
and a mac typically sets up under the bsd scheme with as many as 9 partitions but you are typically kept out of them by the os
they are for exclusive use by the os only

all this said linux is not for everybody you have to have a certain dedication to change and the curiosity to try new things.

gnuuser wrote:

you have to have a certain dedication to change and the curiosity to try new things.

I hate it when people put it that way, because it suggests that if you do not like Linux then it means you do not have a dedication to change and a lack of curiosity to try new things.

I would say you have to have a certain patience for whatever new and wholly unexpected crap might show up at any time and a tolerance for bad documentation.

But perhaps we shouldn't get into the whole Linux vs Windows thing yet again.

I don't understand people's obsession with security.

Apparently it has become a common opinion that if you use an older, out-of-date system you're gonna get virus-raped and hacked and what have you. It's madness!

Simple fact is, that with a bit of common sense, you will be just fine. Whenever you find a website on google which looks rather bland and shows a download for exactly the thing you were looking for and the file you download from it turns out to be suspiciously tiny, don't run it! When Chrome (or whatever browser you are using) tells you that a website you want to go to appears malicious, don't go there! That's it.

Just install an anti-virus (and no, you don't need to spend money on a paid one. Free ones will suffice for everyday use at home). If it makes you feel better keep the windows firewall running (although I can't recall a single instance in my entire life in which the thing actually stopped something bad from happening. Usually it's just annoying.)

If you were talking about a computer used for bank account data then yes, you do need to worry about security. But you said yourself you use the computer for gaming. That is not something you need tight security for.

That's what happens. People hear a news report about the dangers of computer viruses and they get scared and obsessed and they install expensive anti-viruses and firewalls. And God forbid they don't have the latest security updates!

Here's a thing: I got my first computer with Windows 98 on it. Didn't install a single update, nor an anti-virus. Never got infected. Then I moved on to XP. After some time I installed an anti-virus for no other reason than having one. Never installed an update (aside from service packs but that's just because many programs won't run without it). Never got infected. Now I've been using Windows 7 on both my main computer and my netbook and while I do install updates (in hopes of fixing bugs rather than security) my computers haven't got infected to this point.

The only time I had a virus on my computer, I installed it myself willingly because I was curious what would happen (of course it was just before I formatted the drives).

And it's not like I don't put my computer in dangerous situations. I download torrents and will sometimes ignore the "the website appears malicious" warning.

Still, let's assume that somehow your computer still gets infected or hacked. So what? It's not like you can, oh I don't know... format the drive and install the system again? As long as you keep your files backed up somewhere (I record my stuff on DVDs. People consider that a fossilized solution but I don't care because it works well) there will be no real damage.

So keep calm and keep using outdated systems.

the funny thing is that if you have a good infection you won't be able to spot it 😀
and aside from security (which is indeed overrated on a gaming computer- you are right there) there is also the possibility of becoming a mindless bot zombie... Staying on known good sites is also not always secure, there have been infected good sites offering drive by infections lately

BuckoA51 wrote:

http://secunia.com/vulnerability-review/vulne … date_top50.html

Speaking of the devil:

Windows 8 is the most vulnerable Windows OS, you can thank Flash for that

the way to deal with flash is to uninstall it and instead use Google Chrome whenever you really need flash...

BuckoA51 wrote:

I still like to boot my XP installation for games like Killing Floor, since I have a surround sound system, that game only works with EAX and not ALchemy. Of course then I need internet for Steam and multiplayer.

Not correct, I'm using a Creative X-Fi card and I don't have Alchemy configured for Killing Floor and it uses the native HW 3D + EAX setting just fine.

Win 7 Pro x64-bit

EAX doesn't work on ANY game without ALchemy under Windows 7, it cannot since the OS support for that was stripped away. You might be able to choose the option but it won't work properly. ALchemy sort of works in Killing Floor but not quite and the difference in the quality of surround sound is quite noticeable when you switch from 7 or 8 back to XP. There's an extensive discussion about it over on Tripwires forum here http://forums.tripwireinteractive.com/showthread.php?t=75563

Also.. Linux is more secure because it uses multiple hard drive partitions? Give me a break.. 😵 Seriously though if you believe Linux is super secure and better than Windows go use it, I personally think its better in some ways worse in others, and believing it is some kind of silver bullet for security is foolish.

Alchemy is a DirectSound to OpenAL wrapper.

OpenAL-native games like Killing Floor don't need it. Lots of Unreal Engine 2 games used OpenAL.