XP, is it still viable for online browsing?

[Nelson37]

What percentage had anti-virus software? Virtually all of them. Teaching them that they have NOT won a free Xbox, they are NOT the 1 millionth customer is the key. For older folks (lots of those here in Florida) I tell them "If I approached you in some back alley, opened my raincoat, and offered you a Rolex for $5, you know the deal, right?"

My favorite was this 70-plus, Very Southern lady who found an employee with porn on his PC.

(Heavy Southern Accent) " He had these...these Pictures on his Computah, and Ah...Ah have never SEEEEEEN such things... (Long pause), Well now....Well now Ah Have SEEEEEEEN such things, but it has been Quite some Time."

[hello_hello]

Some people find out their PC could be infected by malware because of a notice posted at the website used to spread the malware, or via a warning from Google, when they tried to access the site later on. (Google scans websites for malware.) That describes what I have personally seen when somebody attempted to use VideoHelp to spread malware in the past couple of years.

Other times, the malware is eventually discovered by a scan following an update to security software. A little research on the malware may reveal how the malware is spread and sometimes a list of sites that were used to spread it.

[Edit]Since you are demanding proof, here is a link to a thread about an attack at VideoHelp, which I forgot to post last night. https://forum.videohelp.com/threads/346642-Has-VH-com-been-Hacked

I've not demanded proof a website can infect a PC. I'm simply claiming it's not too likely if you keep your browser etc up to date. The page you linked to doesn't indicate that at the time anyone was infected through simply visiting videohelp. At least nobody posting in the thread claimed to have been infected.

deadmeow has claimed his PC was infected simply through surfing to the wrong web page, but due to my having asked several times which infection he picked up and which site infected his PC, only to have the question was ignored each time, I'm happy to take such a claim with a grain of salt.

[usually_quiet]

Some people find out their PC could be infected by malware because of a notice posted at the website used to spread the malware, or via a warning from Google, when they tried to access the site later on. (Google scans websites for malware.) That describes what I have personally seen when somebody attempted to use VideoHelp to spread malware in the past couple of years.

Other times, the malware is eventually discovered by a scan following an update to security software. A little research on the malware may reveal how the malware is spread and sometimes a list of sites that were used to spread it.

[Edit]Since you are demanding proof, here is a link to a thread about an attack at VideoHelp, which I forgot to post last night. https://forum.videohelp.com/threads/346642-Has-VH-com-been-Hacked

I've not demanded proof a website can infect a PC. I'm simply claiming it's not too likely if you keep your browser etc up to date. The page you linked to doesn't indicate that at the time anyone was infected through simply visiting videohelp. At least nobody posting in the thread claimed to have been infected.

deadmeow has claimed his PC was infected simply through surfing to the wrong web page, but due to my having asked several times which infection he picked up and which site infected his PC, only to have the question was ignored each time, I'm happy to take such a claim with a grain of salt.

IE8 is the final browser that MS realeased for XP, and fair number of XP users have not switched to an alternate browser.

https://forum.videohelp.com/threads/346642-Has-VH-com-been-Hacked?p=2166258&viewfull=1#post2166258
Even if no members posting in that thread explicitly said "My PC was infected", if you read the above post from the same thread you will see anybody using IE8 to view VideoHelp at the wrong time was at substantial risk of infection, particularly if they were not running some kind of security software.

[hello_hello]

IE8 is the final browser that MS realeased for XP, and fair number of XP users have not switched to an alternate browser.

My original claim was it's unlikely you'll become infected through simply browsing if you keep your browser patched and/or up to date. If Microsoft's contempt for their customers prohibits them from installing the latest version of IE, and/or Microsoft don't keep releasing patches for older versions of their browser, failing to dump IE and use something more secure instead doesn't negate my claim.
Mind you after recently installing XP and running Windows Update, I'm fairly sure amongst the 100 or more updates there were many security patches for IE6, IE7, IE8. Admittedly I didn't pay much attention to how recent they were (I only installed IE7 anyway), but I suspect Microsoft will at least keep releasing IE8 security updates for as long as XP is supported.

https://forum.videohelp.com/threads/346642-Has-VH-com-been-Hacked?p=2166258&viewfull=1#post2166258
Even if no members posting in that thread explicitly said "My PC was infected", if you read the above post from the same thread you will see anybody using IE8 to view VideoHelp at the wrong time was at substantial risk of infection, particularly if they were not running some kind of security software.

I'm not seeing that. I see an antivirus program caught something it considered to be nasty, probably amongst the temporary internet files (I recall similar antivirus warnings while running Firefox on occasion). What I'm not seeing is evidence a fully patched browser would have allowed that nasty to infect a PC even if the browser was IE8, but I suspect running antivirus software as a second line of defence alongside a fully patched browser would make it very unlikely.

[MOVIEGEEK]

hello_hello,

I am the one that started that thread last June and I can assure you that Chrome blocked the malware but IE 9 did not, luckily my AV software quarantined it. Support for XP ends next April and the experts do NOT recommend using IE 8 after that, I don't recommend using it now because it's outdated. The PC I was using at the time was a Windows 7 rig with all the recent security patches.

Why Microsoft refuses to allow IE 9 and 10 on an XP PC is beyond me, I guess they want people to upgrade their OS.

[usually_quiet]

https://forum.videohelp.com/threads/346642-Has-VH-com-been-Hacked?p=2166258&viewfull=1#post2166258
Even if no members posting in that thread explicitly said "My PC was infected", if you read the above post from the same thread you will see anybody using IE8 to view VideoHelp at the wrong time was at substantial risk of infection, particularly if they were not running some kind of security software.

I'm not seeing that. I see an antivirus program caught something it considered to be nasty, probably amongst the temporary internet files (I recall similar antivirus warnings while running Firefox on occasion). What I'm not seeing is evidence a fully patched browser would have allowed that nasty to infect a PC even if the browser was IE8, but I suspect running antivirus software as a second line of defence alongside a fully patched browser would make it very unlikely.

MOVIEGEEK would have to confirm how he handles Microsoft updates on his PC, but what makes you think MOVIEGEEK did not have a fully patched version of IE9 when it let that nasty through?

[Edit]Never mind. MOVIEGEEK spoke for himself when I was typing this.

@MOVIEGEEK XP has been patched innumerable times over the years to improve security and add more features, but there is only so much that can be done via patches. Versions of IE after IE8 use features from later Windows operating systems that are not a part of XP. Microsoft's would have had to forgo using these features to release later versions of IE that XP users could run.

Microsoft will have supported XP for more than 12 years when support finally ends next year. For almost half that time they had one or more newer OSs that they were supporting as well. Since they don't get paid for supporting XP and don't offer XP for sale anymore, it is not surprising they want their XP customers to move on.

[hello_hello]

hello_hello,

I am the one that started that thread last June and I can assure you that Chrome blocked the malware but IE 9 did not, luckily my AV software quarantined it. Support for XP ends next April and the experts do NOT recommend using IE 8 after that, I don't recommend using it now because it's outdated. The PC I was using at the time was a Windows 7 rig with all the recent security patches.

When you say Chrome blocked the malware, can you be more specific? How did it block it? Did Chrome itself warn you it found malware or was it just that your antivirus program didn't while you were using Chrome? Which antivirus program were you using?

I've no doubt nasties make there way into the temp internet files folder but that doesn't mean they can automatically infect you if your browser's not vulnerable to them, and when or how your antivirus program warns you of a nasty may depend on how it works.... whether it monitors incoming data in real time or simply checks any reads and writes to your hard drive, or even how tightly it integrates itself into a particular browser etc. I wouldn't jump to any conclusions regarding a browser itself "blocking" malware as such without more info. As I said, I recall Avira warning me of nasties in Firefox's cache a few times but it doesn't mean Firefox would have let them infect me. For all I know they may have been nasties which can only exploit an IE vulnerability. Theses days I don't run antivirus so for all I know Firefox's cache could be regularly filling with nasties, but if it is, so far none have infected me.

I wouldn't ever recommend using IE myself. Any version. Not necessarily because the current version is bad or likely to infect you, but because I remember how likely IE5 and IE6 were to infect you via drive-by ActiveX downloads thanks to Microsoft's master plan to control the internet (I'm still emotionally scarred by the number of times IE caused Win98 to crash once they "integrated" that POS into the OS). And because I remember the contempt with which Microsoft treated their customers after they killed off the browser competition.... 5 years..... 5 long years Microsoft sat on their hands without developing IE, leaving the tabless hunk of junk IE6 as the browser most people used. If it wasn't for some renewed competition I'm not sure Microsoft wouldn't still consider taskbar grouping to be a clever substitute for tabs. In my opinion if you use IE you're either fairly new to computers, have a very short memory, or enjoy being treated with contempt.

MOVIEGEEK would have to confirm how he handles Microsoft updates on his PC, but what makes you think MOVIEGEEK did not have a fully patched version of IE9 when it let that nasty through?

I have no idea how patched his browser was. I'd just not jump to the conclusion you did regarding IE8 being more vulnerable to a particular nasty.

[usually_quiet]

MOVIEGEEK would have to confirm how he handles Microsoft updates on his PC, but what makes you think MOVIEGEEK did not have a fully patched version of IE9 when it let that nasty through?

I have no idea how patched his browser was. I'd just not jump to the conclusion you did regarding IE8 being more vulnerable to a particular nasty.

So you really think that IE8 is not more vulnerable to all malware than IE9? If so, then don't complain about Microsoft's decision to make IE8 its final XP browser.

Lots of people are still using IE8 anyway. Some corporate environments that are still using XP have IE8 as their only approved browser, and some home users don't know there are other browser options. I find I still have to use IE for some websites. The last webpage that did not load correctly for me with Chrome was one of Microsoft's.

[Cornucopia]

Unfortunately, there are multitudes of corporate sites & apps that make use of ActiveX or ASP scripting, or other MS- centric plugins & gimmicks, to where if you use those sites, you HAVE to still use IE, sometimes even IE8! Otherwise, all the necessary features aren't there or don't work.
I'm talking: billing submission sites, tech support sites, electronic payroll sites. Those are required for the user's jobs (I should know, having been one of those for years). Things won't really change until all those other developers get on board also, or at least the bulk of them.
Similar things happen with sites that stick to an outdated version of the Java plugin. I could tell you stories!

Scott

[hello_hello]

So you really think that IE8 is not as vulnerable if not more vulnerable to all malware than IE9?

I simply said I wouldn't jump to the same conclusion you did that anyone running IE8 was at "substantial risk of infection." At least no more substantial than anyone running IE9.
Whether one IE version is more vulnerable than the other I don't know, but judging from past history when a particular IE vulnerability is found it generally effects most versions of IE and Microsoft generally release a security patch for all versions of IE they support at the time. Currently for XP that'd be at least IE8. In fact the way I read this Wikipedia page, IE6 and IE7 are still in extended support (which admittedly mightn't mean much) but IE8 is still fully supported. You could probably confirm that here if you're so motivated.

If so, then don't complain about Microsoft's decision to make IE8 its final XP browser.

Where did I complain? I don't even use IE.
I said if you use a current browser and keep it patched, then the chances of picking up a nasty while simply surfing are in my opinion fairly remote, so if IE8 doesn't fit into that catagory then it has nothing to do with my original claim. As IE8 is currently supported though, I'd be willing to go out on a limb and include it.

[usually_quiet]

If so, then don't complain about Microsoft's decision to make IE8 its final XP browser.

Where did I complain? I don't even use IE.
I said if you use a current browser and keep it patched, then the chances of picking up a nasty while simply surfing are in my opinion fairly remote, so if IE8 doesn't fit into that catagory then it has nothing to do with my original claim. As IE8 is currently supported though, I'd be willing to go out on a limb and include it.

If Microsoft's contempt for their customers prohibits them from installing the latest version of IE, and/or Microsoft don't keep releasing patches for older versions of their browser, failing to dump IE and use something more secure instead doesn't negate my claim.

Your use of the word "contempt" made the above statement look like a complaint to me.

[deadmeow]

Who uses IE these days????? Didn't that die with the dinosaurs, Atari 2600, and AOL???

[usually_quiet]

Who uses IE these days????? Didn't that die with the dinosaurs, Atari 2600, and AOL???

No. Read Cornucopia's post.

[PartingShot]

I'm still on WinXP with IE8 and have been noticing extremely long page load times with some sites, like Newegg and Slickdeals. With those sites, IE8 freezes and CPU usage goes to 100% for around a minute. I am running the latest MS updates for the OS and browser, and AFAIK, my system is clean. I am wondering if anyone else has noticed the same (Newegg is especially bad).

Oh, and sites that have the "slow load" problem (for me) with IE8 do not have the issue with Firefox. So I may switch to Firefox permanently on my XP machine.

[El Heggunte]

I'm still on WinXP with IE8 and have been noticing extremely long page load times with some sites, like Newegg and Slickdeals. With those sites, IE8 freezes and CPU usage goes to 100% for around a minute. I am running the latest MS updates for the OS and browser, and AFAIK, my system is clean. I am wondering if anyone else has noticed the same (Newegg is especially bad).

Oh, and sites that have the "slow load" problem (for me) with IE8 do not have the issue with Firefox. So I may switch to Firefox permanently on my XP machine.

MANY sites simply don't care about IE8 (and Opera) anymore, all their designers want is be "best viewed" with Chrome + Firefox + IE9/IE10. Use IE8 only when there's really no other way (banking and gov't sites, for example).

Last but not least, IE7 and IE8 are naturally sluggish when compared to the REAL, performance-optimized, web browsers.

[deadmeow]

I have always avoided internet explorer. I used Netscape in the 90's and after it died around 2000, I switched to Opera. I have never had any problems with Opera.

[cedricm]

I'm still on WinXP with IE8 and have been noticing extremely long page load times with some sites, like Newegg and Slickdeals. With those sites, IE8 freezes and CPU usage goes to 100% for around a minute. I am running the latest MS updates for the OS and browser, and AFAIK, my system is clean. I am wondering if anyone else has noticed the same (Newegg is especially bad).

Oh, and sites that have the "slow load" problem (for me) with IE8 do not have the issue with Firefox. So I may switch to Firefox permanently on my XP machine.

You should switch over to a modern browser like Firefox or Chrome.

IE8 is the last IE version that was released for Windows XP. It was made in days where websites didn't use JavaScript all the time.
Facebook for example uses JavaScript all the time (because it's a "single page application" => check it on wikipedia).
The JavaScript engine in IE8 is utterly slow and was not made with this kind of webapps in mind.

That's why your IE8 hangs and freezes all the time.

Now ontopic:
There's nothing wrong with Windows XP but come on... It's nearly 12 years old... That's ancient for computers...
You should really start switching over to a more modern OS because Windows XP's extended support is coming to an end on the 8th of april 2014.
From that point in time, you won't receive any security updates through Windows Update and your computer will be vulnerable to exploits and other security holes.

[El Heggunte]

........
You should switch over to a modern browser like Firefox or Chrome.

I would agree with you... IF Google Chrome and Firefox did not look so gayish and dumbed-down At least Seamonkey IS "modern" (functionality-wise) but still has an old-school user-interface ( Firefox is essentially a Netscape 6 that went refurbished ).

Even more seriously --- Opera has been even more "modern" than Firefox or Chrome, however many/¿most? web designers have been writing HTML/CSS/Javascript that works in Firefox and Chrome and IE9/IE10, but does not work in Opera And no, it's not because Opera does it wrong and the wannabe browsers do it right, usually it's quite the opposite , therefore....

Now ontopic:
There's nothing wrong with Windows XP but come on... It's nearly 12 years old... That's ancient for computers...
You should really start switching over to a more modern OS because Windows XP's extended support is coming to an end on the 8th of april 2014.
From that point in time, you won't receive any security updates through Windows Update and your computer will be vulnerable to exploits and other security holes.

It would be too silly to trust/rely on Microsoft good-will if the goal is keep XP secure enough for being in touch with the Internet. The main problem with XP and Windows 2000 is, sooner or later people will stop writing applications that are compatible with these ancient operating systems, regardless of security issues. Windows 2000 already has become "abandoned", and Windows XP eventually will be too --- the following post by JEEB at Doom9 has the details:

Quote: Originally Posted by trodas
XP is not different that W2k afterall, so a little change won't hurt, will it?

<sarcasm>Yes, because neither XP or XP SP2 added any new APIs, right?</sarcasm>

If there are APIs that are worth it to be used by default, and the last OS that didn't have them was EOL'd a few years ago, why not use it by default if it leads to a better result and/or simpler code? If the system gives you something that works fine, why redo the wheel just to support something that is no longer supported by its creator (for free, at least)?

You are seemingly in some imaginary world where Windows 2000 equals Windows XP SP2 or newer API-wise, or one where everyone should implement everything themselves because of a "We must keep compatibility with NT3.5!" mentality :P .

The latter is of course a noble goal in a way, but I really, really wouldn't do it unless I got paid to recreate all the wheels for the users of such operating systems. In a way, the same can be said for Windows 2000 users. They create extra work, so if they want their unsupported-by-maker OS to be supported, they should be ready to compensate the creators for it.

{
http://forum.doom9.org/showthread.php?p=1619548#post1619548
}

[cedricm]

I would agree with you... IF Google Chrome and Firefox did not look so gayish and dumbed-down At least Seamonkey IS "modern" (functionality-wise) but still has an old-school user-interface ( Firefox is essentially a Netscape 6 that went refurbished ).

Why does it look dumbed down to you? Because it doesn't have the classic menu's IE8 have with options you never use?
If you really want a less "dumbed down" browser, there are plenty of plugins that enable you to do so.

Even more seriously --- Opera has been even more "modern" than Firefox or Chrome, however many/¿most? web designers have been writing HTML/CSS/Javascript that works in Firefox and Chrome and IE9/IE10, but does not work in Opera And no, it's not because Opera does it wrong and the wannabe browsers do it right, usually it's quite the opposite , therefore....

Opera has switched over to the chromium (webkit) engine in their latest builds, so that won't be a problem anymore in the future.

The main problem with XP and Windows 2000 is, sooner or later people will stop writing applications that are compatible with these ancient operating systems, regardless of security issues.

That's because the newer operating systems allow programmers to do stuff more easily.
They do not want to put lots of extra effort in providing compatibility for an ancient operating system that only is used by a small percentage of the userbase.


My conclusion of your posts is that you are afraid of renovation and you are probably that guy who bashes on Windows 8 without having used it for more than a week

[Steve(MS)]

My conclusion of your posts is that you are afraid of renovation and you are probably that guy who bashes on Windows 8 without having used it for more than a week

This statement nullifies anything you have to say, your attitude towards El Heggunte and your embracing W8...with its stupid metro goofy smartphone gui.

[Joe The Dude]

You should switch over to a modern browser like Firefox or Chrome.

I would agree with you... IF Google Chrome and Firefox did not look so gayish and dumbed-down

Eh? Is this FireFox on XP layout, that you have a problem with?


It's actually taller, and wider, than this; I shrunk it down so it would fit on these forums.

I dunno where you got the impression that it is 'gayish'.
Perhaps it was a typo, and you meant to write 'Grayish'?

I prefer the simple, clean layout, of the way I set up FireFox.

EDITED TO ADD: I'm using a customized version of the "Windows Classic" theme, in XP, so that all of my app's windows/titlebars aren't balloonish. You can do the same in Window Vista and 7, by turning off Aero, and/or tweaking some system settings, and/or getting an app called Classic Shell.

They also make a version of Classic Shell for Win 8.
However, you should be aware that some apps for Win 8 can only be accessed through the Metro Interface.
You can switch to standard Desktop Mode by pressing the Windows Key and D.

To re-enter Metro Mode, put your mouse pointer in the upper-right corner of your screen.
A panel will slide out; press the Start button on the slide-out panel to switch back to Metro.
There's probably a keyboard shortcut that'll work too, but someone else will have to post that, as I don't know what it is (yet).

Keeping older OSes, for apps that won't work in Win 7, or for PCs that can't handle Win7, is a good idea.
For PCs that can handle Win 7, you can set it up as dual boot, and install Classic Shell for Win 7.
There's still a bit of a learning curve, and I really dislike the file browser in Win 7. I read somewhere about a 3'rd party app for file browsing for Win 7, so it'll look like XP's file browser, but I haven't gotten around to trying it out yet.

[hello_hello]

I read somewhere about a 3'rd party app for file browsing for Win 7, so it'll look like XP's file browser, but I haven't gotten around to trying it out yet.

I don't know about the "look like XP" part, and I use XP myself, but I think it's pretty hard to go past xplorer2. Even the free version is a big step up from Windows Explorer. It's dual paned, and each pane can have tabs like a browser. You can also set it to open to the last state when you close it, or set it to open in a particular state. I do the latter. It has the same folder tree pane as Windows Explorer but I generally leave it disabled to save screen real estate. I couldn't go back to using a tabless Windows Explorer any more than I could use a tabless Internet Explorer. When I first open xplorer2, it looks something like this for me:

[PartingShot]

Going all the way back to the original post...

I have read statements here and there about so called security holes in XP and that it is vulnerable to attacks.
Now if it is true it wouldn't affect me but I do have family members using XP.

So what are you thoughts....or should the question be.... how to make XP secure for online browsing?

MSDN recently published a whitepaper called "Software Vulnerability Exploitation Trends" which basically discourages hanging on to XP because it is inherently less secure than later versions of the OS. Here's the direct link to the pdf, from MS:
http://www.microsoft.com/en-us/download/confirmation.aspx?id=39680

An interesting read that is quite relevant to the original topic.

[El Heggunte]

^ OK, the PDF file says:

As of 2013, the predominate threats that individuals and organizations face are now much different. Rather than actively targeting remote services, attackers primarily focus on exploiting vulnerabilities in client applications such as web browsers and document readers. In addition, attackers have refined their tools and techniques over the past decade to make them more effective at exploiting vulnerabilities. As a result, the security features that are built into Windows XP are no longer sufficient to defend against modern threats.

Anyway, the truth is, even Windows 7 with SP1, on its own, is not secure enough against well-crafted malicious Javascripts I might name some p0rn sites which were (and probably still are) very-good at defeating MSE and the built-in firewall on Windows 7.

[PartingShot]

From page 17 of the pdf (under the "Recommendations" heading):

Use the Enhanced Mitigation Experience Toolkit (EMET)
EMET can be used to protect applications that run on all supported versions of Windows. The features included in EMET are specifically designed to break exploitation techniques that are currently used by attackers.

Has anyone tried EMET? I've never heard of it before reading about it here today.