undefined | Better HN

0 pointsgraycat10y ago0 comments

I read the link and got nothing out of it. I don't even know what the acronyms mean.

I don't understand "drive by attacks": My XP computer has nothing wireless, not even the keyboard or the mouse. Wireless, essentially everything about everything wireless looks to me like a gigantic security problem. Right: I have no smartphone; I have a cell phone someone gave me, but I've never used it and intend never to use it. I see no panel trucks outside looking at whatever radiation my equipment giving off.

I really don't get the suggestion in the link that somehow XP is vulnerable just from being connected to the Internet. I don't have much software listening on IP ports -- I shut down that stuff. I don't use Internet Explorer except rarely at Microsoft sites. I use Firefox and have Java disabled.

I don't let data from untrusted sources execute at software. Really, I rarely download any software, not plug-ins, macros, or anything else.

The link says that most XP users run as Administrator. Well, I don't. I have to run as Administrator for some of my software development, but otherwise I run as an ordinary user.

People used to worry about opening e-mail attachments. I never did or would do such a thing. I run Outlook only in text mode; I never let Outlook trigger the processing of HTML or display an image.

My version of Flash is a bit old and, that means that Flash never runs except when I explicitly permit it to run, and I only do that on no doubt fairly safe Web sites.

I permit Acrobat to see a PDF file only from no doubt highly trusted sources.

I fail to see just why my computer is so vulnerable. All evidence is that my computer is safe enough to date.

Windows XP does support the Microsoft High Performance File System (HPFS), and it has capabilities and access control lists (ACLs) which, going all the way back to Multics, IBM's Resource Access Control Facility (RACF), parts of SQL Server, etc., are relatively good ideas for security.

In time I will convert over to Windows Server anyway, make use of ACLs, use virtual machines, maybe some version of containers, etc.

I don't read removable media from untrusted sources. I never use thumb drives. For CDs and DVDs, I tell Windows over and over, "take no action".

There is a suspicion that once Microsoft noticed, say, way back in Windows 95, that their code was awash in security holes, they first saw the bad news and, later, noticed some good news: Fix the bugs but use bug fixes as a way to get users to upgrade to new software, with more bugs to be fixed, to get people to upgrade to more software, etc. Generally Microsoft wants users of Windows to have to keep returning to Microsoft and paying money. Gee, my processor is from AMD and I don't have to keep interacting with them and paying money.

Considering this suspicion, why should I rush to Windows 7, 8, 8.1, 10 with a lot of new software and bugs?

I look at Satya's face and I know that I can't read it or understand him. I can't trust Satya.

Really my big concern on upgrading is the weeks and weeks and weeks of barbed wire enemas I will have to go through, clicking, guessing, struggling, clicking, clicking, clicking, over and over, for hours and hours at a time, days, weeks, months, screaming in anger, literally, until my throat is sore, literally, as I've done too often in the past, just to get back to a system as usable as I have now.

E.g., now I have my main boot partition backed up so that I can restore it. If that partition gets infected, then I will just restore my most recent backup, which has been apparently solid, stable, and secure now for about three years. I know how to do the restore and have done it and tested it. And I have two other partitions I can boot from to do the restore.

So, how would I do such things with 7, 8, ...? Will Microsoft tell me? Nope. They just want to suggest that they can solve all my problems by migrating my options in Outlook. Bummer.

Now I'm using XP to develop the .NET software for my startup. Here, XP seems fine. But I intend to go live on Windows Server. Windows 7? I have a legal copy if I need it. Windows 8, 8.1, 10, metro interface, integration with XBOX, Surface, and phones? I can't imagine why I'd ever tolerate any such nonsense. A new GUI UI? No thanks: I want command lines and scripts. Office 365? No thanks. I have a copy of Office 2003 -- with lots of patches, and that's fine with me.

Uh, if I install Windows 7 will Office 2003 install? Will I be able to get the patches for Office 2003? If not will I have to buy a new copy of Office? Will I hate the new copy? Likely.

Don't I really want to upgrade now? Nope.

0 comments

2 comments · 1 top-level

onli10y ago· 1 in thread

Drive by attacks in that context does not mean wireless. It means exactly what you think is not the case: That just by being in the Internet you are vulnerable. Exploits like http://www.computerworld.com/article/2488674/malware-vulnera... get patched in Windows 7+, but they stay as a gaping hole in your OS. Nothing you described helps just a bit against that.

> My version of Flash is a bit old and, that means that Flash never runs except when I explicitly permit it to run, and I only do that on no doubt fairly safe Web sites.

That does not help. There were flash-exploits for which the click to activate function of browsers were useless against.

> I have a copy of Office 2003 -- with lots of patches, and that's fine with me.

Office 2003 is not supported anymore as well and might contain equally big security bugs (I did not look that up). You open word documents with it, you might be infected.

If you want to stay on a secure system for years where the UI does not change, you will have to migrate to Linux with one of the custom Window Managers like Openbox.

graycatOP10y ago

Thanks for the help.

Thanks for a definition of "drive by".

The link was for a lot of versions of IE, some of which don't run on XP. I try not to use IE. Sometimes I had to use it at some Microsoft Web sites. Okay.

Mozilla will let me install a new version of Firefox, but Microsoft won't let me install a new version of IE or let me patch an old version of IE. Bummer.

I'd be reluctant to let my 2003 copy of Word open a file from an untrusted source. I do next to nothing with Word.

Occasionally I run the 2003 version of Excel: I generate the data outside of Excel using whatever software I write and then pull the data into Excel for graphing. I don't try to use Excel files from other people.

So, Flash can hurt even if I don't run it! Wow. Looks like Adobe worked really hard to help the hackers.

Does Microsoft really want the their security holes fixed?

Gee, in a big company, how can people pass around Word, Excel, and HTM files? One infected file, and many of the computers in the company can get infected.

Whatever happened to the idea that a program that reads data checks to see if the data is okay and makes sure that bad data can't cause the program to hurt anything? That was the long the implicit, expected standard, right?

If someone can send me a DOC file for Word and, reading that file, Word infects my computer, then Word is junk, and Microsoft writes junk software. Bill and Satya need to get on the case here.

Microsoft's infected toxic-ware? It's been a long time, Microsoft -- time to fix this stuff.

On time sharing, it was the case that any user could write and run any software at all with no damage to the operating system or to any other user. Why is it possible at all to run software as a user on Windows and hurt Windows? Bummer.

Microsoft, we need some guarantees, or at least strong assurances with, say, a major bounty program, that such things just are not possible. How about a bounty of $1 for the first bug and for each subsequent bug double the bounty? How 'bout that Bill? Risk your fortune or fix the bugs?

j / k navigate · click thread line to collapse