New Windows XP Zero-Day Under Attack

wiredmikey writes "A new Windows kernel zero-day vulnerability is being exploited in targeted attacks against Windows XP users. Microsoft confirmed the issue and published a security advisory to acknowledge the flaw after anti-malware vendor FireEye warned that the Windows bug is being used in conjunction with an Adobe Reader exploit to infect Windows machines with malware. Microsoft described the issue as an elevation of privilege vulnerability that allows an attacker to run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights."

Upate to the most current

[KenValderrama]

Adobe Reader - problem solved

Re:Upate to the most current

Uninstall Adobe Reader - 2 problems solved!

Re:Upate to the most current

[dreamchaser]

Upgrading the OS would be wise as well, especially since we're fast coming to the point of end of support, April 8th 2014. Windows 7 and 8.x both improved security considerable, and there are other more secure options as well such as MacOS X and the other varies flavors of *nix such as Linux distributions.

Re:Upate to the most current

[Joce640k]

Sure, Windows 7 fits on my EeePC. Not.

I'm not even sure it would fit on my old HP laptop - that's only got a 30Gb hard disk in it. Windows 7 would overflow that in no time.

(Yes, they're both used used almost every day...)

Or I can upgrade all my perfectly-good hardware, right? Do they even make pocketable little 9" PCs any more?

Re:Upate to the most current

Never have an adobe product installed in the first place - solved.

Re:Upate to the most current

[KenValderrama]

genius !

Re: Upate to the most current

[DigiShaman]

Bigger problems: At least here in the US, business are in a mode of self-preservation due to both debt and a massive restructuring of our healthcare industry. As such, being on the cusp of going out of business, I'm finding the SMB market choosing to roll the dice on being reactive vs. proactive. If the companies lose data and productivity from malware outbreak, they were soon to go under anyways. So ya, "fuck 'it'" is right.

Re:Upate to the most current

[jones_supa]

Do they even make pocketable little 9" PCs any more?

I'm still a bit upset that they stopped making those nice 8.9" and 10.1" machines. Surely they were a bit low performance but they were fun to use. Well, at least there's still the 11.6" category.

Re:Upate to the most current

I use Foxit on my windows box.

Re:Upate to the most current

[cant_get_a_good_nick]

Service Pack 2, a.k.a. when XP really became stable, was way back in 2004. SP3 was back in 2008, still 5 years ago. If you think about XP being NT2000 with a nicer GUI, then the design was set way back in 1997 or so, back when dialup was king and an AOL disk was not yet a running joke.

To those that say "well my computer works fine".. umm, no it doesn't. Your OS was designed in 1997-2001, in a relatively much safer Internet environment, and is not designed for always on persistent attacks with billions of dollars available by hacking. As much as I think Microsoft keeps people out to dry, at some point you need to update.

For good and bad (and Mavericks has some things that piss me off) the Apple model of forced upgrades has some reasoning to it.

Re:Upate to the most current

I installed Windows 7 on my Eee 901 back in the day; it ran fine.

Re: Upate to the most current

Or, they don't just want to spend the money...? These corporations are sitting on wads of cash.

Remember, MBAs run these places. EVERYTHING is a "cost", the exception being their bonuses and "shareholder returns".

Re:Upate to the most current

[mlts]

For Web browsing in a VM, it is hard to beat XP for something that takes 512 MB of RAM, 16-24 gigs of disk space (partitioned into two disks, one for the system, one for scratch space for sandboxie's sandbox.) Its footprint is so light, the VM can stay resident on a box with 6-8 gigs of memory without issue, even with running fairly larger applications like Acrobat [1], Photoshop, Dreamweaver, and Flash.

I use Acrobat for producing PDFs for long term storage, FoxIt for viewing. So far, so good.

Re:Upate to the most current

[lgw]

30GB is fine for Win 7, but you might have a lot of other stuff.

Keeping WinXP around for aging crufty hardware isn't that interesting - just throw that old worthless crap out already, this isn't the 90s where you have to hang on to the old box until you have $3000 for a new one.

OTOH, Windows is really hurting for a lightweight OS to replace XP in virtual machines. When you're trying to stack 200 virtual machines on a server, WinXP really hits a sweet spot. MS seems to have lost the ability to do "thin and lightweight" after the move to managed code.

Is WinPE good for anything here? Has anyone tried using it as a real OS?

Re:Upate to the most current

[twnth]

10" are not gone, just changed.
http://www.asus.com/in-search-of-incredible/us-en/asus-transformer-book-t100/

Re:Upate to the most current

[tepples]

Sure, Windows 7 fits on my EeePC. Not.

Then do like I did: install an Xfce-based Linux distribution and run Windows applications in Wine. Should Microsoft follow through on the rumored complete deprecation of the desktop in Windows 9, you'll be ready. Or you can install a larger SSD in your Eee PC and max its RAM.

Do they even make pocketable little 9" PCs any more?

I too mourned the end of netbooks. Tablets sold with a keyboard, such as the ASUS Transformer Book, are probably the closest successor.

Re:Upate to the most current

[jones_supa]

Nice!

Re:Upate to the most current

[mlts]

I'm in the same boat. I would love to have a full featured PC with a 7-8" screen that I can carry with me that I can use with a USB serial port for diagnosing router issues.

Re:Upate to the most current

[mlts]

There is always WinFLP (Windows Fundamentals for Legacy PCs), which Microsoft put out to compete with lightweight clients a few years back. Essentially it is a modified copy of XPe and doesn't have a number of features (no BlueTooth, etc.) that XP has. Another alternative is Windows Server 2003 which tends to be more lightweight than XP.

Re:Upate to the most current

I have a 32gb ssd. Windowds 7 would not install.

Re:Upate to the most current

[ArcadeMan]

My CNC requires a parallel port which doesn't even exists anymore and my CNC software can't run on Windows versions above XP. Are you suggesting I throw away my perfectly good CNC setup just because it's "old worthless crap"? Send me a check for $15K and I'll think about it.

Re:Upate to the most current

Dell Venue Pro 8 is, well, 8 inches and $299 running full Windows.

Re: Upate to the most current

Foxit is just as bloated as Adobe Reader.
Sumatra PDF is what Foxit was before becoming bloatware.

Re:Upate to the most current

http://en.wikipedia.org/wiki/Deprecation

Re:Upate to the most current

[couchslug]

I agree as I support my buds CNC equipment.

Of course that XP machine never needs to connect to the internet.

BTW you can ditch the direct PC-to-parallel port connection if you ever wish to. These little units work a treat and tech support was outstanding. (A card in my buds Fanuc had malfunctioned and they helped him isolate that problem though it had nothing to do with their unit.)

http://www.highlanddnc.com/

"parallel port which doesn't even exists anymore"

There are plenty of parallel and serial port cards to adapt later desktops.

You can run XP etc in a VM for security if you have a machine you want to connect to the internet, then copy the code to be transferred to a shared folder on the more secure OS for transfer however you wish.

If you have any CNC gear that still uses floppies, the cheap Gotek USB adapters are plug-and-play replacements. I fitted one to my buds EZ Trak and it works flawlessly.

Re:Upate to the most current

[lgw]

Just checked my gaming box and it's 40GB, but I know I've used VM images that were 20GB: wonder what we stripped out? Of course, for any small install it's important to not have a pagefile, and to turn off volume snapshotting, but that's the case on my gaming rig and it's still using 40GB.

Re: Upate to the most current

[unixisc]

Was it written in Java? Or Sumatra?

Re:Upate to the most current

[LoRdTAW]

It sounds like he might be running a PC based CNC system that uses a PC for control. You posted a DNC box that is for uploading programs via DNC which has always been serial. Some older PC based CNC controllers used the parallel port (especially common for stepper systems). Systems that used brushless servos typically used some type of dedicated hardware to close the servo loop and is commanded via the PC. Typically those were ISA cards with a DSP on board but also parallel based units were available.

I also support the PC based CNC systems at my place of work. The system is quite advanced and uses a real time subsystem which only supports Windows 2000/XP. One of the systems is XP and the others are Windows 2000. New software costs about 4k and depending on the drives used, may require new drives at a cost of $1700 per axis. We still have one DOS based CNC system left, an ISA/DSP card with proprietary vendor written software supported by one guy on planet earth. Since that system sees little use it is not worth to $30k+ to upgrade to a modern CNC system. And that price is just to keep the existing motors and stages, $60+k for a complete replacement.

Re: Upate to the most current

lol a software hipster.

Re:Upate to the most current

I perfectly understand about old hardware. You should know, though, that parallel port cards for desktops at least still exist for PCI, and even PCI Express slots - and they are true, full parallel ports. (If someone suggests a USB/parallel adapter, run away!) I just got one to keep an old but bullet-proof printer running on Windows 7.

As for old software, you could try a virtual machine to keep Windows XP "running" on more current hardware and avoid the hassle of keeping an ancient desktop on life-support forever. (I've found that computers that sit in the same room as CNC machines tend to need constant cleaning to keep material shavings out of the inner workings.) I know some virtual machine software can provide access to PCI hardware, although it's usually not simple to set up. I haven't tried that with a PCI parallel card. Still, if you haven't checked for alternative solutions lately, check again: some options might have opened up. The biggest problem with sticking with an ancient desktop is that if the hardware dies, you might not be able to get a replacement, and then you're stuck!

Re: Upate to the most current

[Black+LED]

I have a problem where Sumatra PDF opens certain PDFs very slowly, perhaps taking 30 seconds or more. It doesn't seem to be dependant upon the file size either, as some large PDFs open quickly while some small ones take forever and vice versa.

Re:Upate to the most current

I used to hang on to Adobe Flash Player just in case I needed it, but ever since they started packaging some piece of McAfee bloatware with updates by default, I removed it from my system. It really hasn't impacted anything, since nobody uses Flash any more.

Re:Upate to the most current

[epyT-R]

The most irrational bullshit ever. If the equipment works fine, leave it be. Changing software around just to bump the OS revision on high uptime equipment is a fool's game. THAT is idiocy.

Re:Upate to the most current

[epyT-R]

Deprecation is not always an indicator of progress, especially when 'progress' is defined subjectively.

Re:Upate to the most current

[tlhIngan]

There are plenty of parallel and serial port cards to adapt later desktops.

It's hard to believe, but yeah, there are tons of serial and parallel cards with PCIe interfaces on them. And if you have a laptop, ExpressCard serial and parallel ports exist too - and these aren't the chintzy USB ones (that use the USB port on the ExpressCard slot) - but use the real PCIe side of the slot and appear as a native port.

I'm just waiting for the Thunderbolt ones to come out as well - after all, it's also PCIe.

And I thought more modern CNCs have USB ports where you copy the file to a USB stick and then jam it into the USB port? Or floppy drives in the past?

(No, these CNCs don't hook to the PC via USB. They're standalone - you generate the file, copy it to a USB stick, and then plug the stick into the CNC's USB port and navigate to it.). I suppose the latest also support SD cards and the like.

Re:Upate to the most current

You can get avoid downloading the McAfee bundled versions if can change the user-agent of whatever browser you use to indicate it's running on a non-windows platform.

Re:Upate to the most current

[epyT-R]

Service Pack 2, a.k.a. when XP really became stable, was way back in 2004. SP3 was back in 2008, still 5 years ago. If you think about XP being NT2000 with a nicer GUI, then the design was set way back in 1997 or so, back when dialup was king and an AOL disk was not yet a running joke.

Argument from antiquity fallacy. Older designs are not necessarily inferior. Using your logic, I could make the same claims about bsd and linux, since their design tenets date back even earlier than windows NT. You also conflate GUI design with security. AOL was a joke from the beginning.. Where have you been?

To those that say "well my computer works fine".. umm, no it doesn't. Your OS was designed in 1997-2001, in a relatively much safer Internet environment, and is not designed for always on persistent attacks with billions of dollars available by hacking. As much as I think Microsoft keeps people out to dry, at some point you need to update.

So as of the last patch tuesday, do you think you're now secure? You'd be a fool to think so. The proof is in the next batch of patches due out next tuesday. It's your behavior and process that has the greatest impact on your security and not whether you're running $LATEST_VERSION. Assume you're compromised from the start, and you're more apt to back up your data regularly, and simply reimage every month or so. It sure beats depending on snake oil AV, which, like vendor patches, may or may not protect you.

The threats just manifested differently back then. It's still the same concept of a payloader and a drop. The only difference is that now payloaders are also written in javascript. If anything, it's today's up to date scriptable browsers that have caused security to get worse. If you care about security, you'll vouch for the death of javascript and similar technologies. This will do a lot more for security than making users think they're safer just because they've got the latest version of something.

Re:Upate to the most current

[The+Grim+Reefer]

Keeping WinXP around for aging crufty hardware isn't that interesting - just throw that old worthless crap out already, this isn't the 90s where you have to hang on to the old box until you have $3000 for a new one.

On one hand I agree. On the other it's a little annoying that just about any system from the last 10 years, or more, has enough power to surf the web and check email. So it would be nice to keep perfectly adequate hardware out of landfills and not piss away a couple hundred bucks on a replacement.

Re:Upate to the most current

Newer CNC machines automate alot of functions saving labor costs, which give better yieldsof products to the business! Paying a newbie 15 bucks hour is lot of money!

Re:Upate to the most current

[0123456]

10" are not gone, just changed.
http://www.asus.com/in-search-of-incredible/us-en/asus-transformer-book-t100/

Except:

1. It seems to be about twice the price of my old EeePC.
2. It's a tablet with attached keyboard, so, with an Atom stuffed inside, is likely to be even more poorly balanced than my ARM Transformer.

Chromebooks seem to be the real successor to netbooks, but the OS is a pain to replace.

Re:Upate to the most current

Do they even make pocketable little 9" PCs any more?

yes, they're just marketed as "cell phones" these days.

Re: Upate to the most current

[jones_supa]

Please do the responsible thing and file a bug report.

Re:Upate to the most current

[Luckyo]

Sadly they didn't sell all that well. I'm already dreading having to tell my mother that I won't be able to replace her beloved 10.1" EEE PC when it eventually dies. She loves the damn thing to death, and I have no idea why - it was so small and uncomfortable to use for me when I set it up but she actually get her company to pay for it and install all of her work software on it.

Re:Upate to the most current

[Luckyo]

Let's just say that I hope you don't offer those things to people actually using current EEE PCs. They don't have too many people that liked them which is why they got canceled in the first place. They are imho extremely uncomfortable to use, but I've heard a second opinion from my mother who would be ranking pissed if her current little baby EEE PC died and she found out there was no replacement. But those that did like them tend to be pretty fanatical and phone/tablet OS in the same form factor for people who need those ultra small and light work PCs is about as useful as a brick.

It my mom's case it is useful and loved because it's an extremely small factor full fledged PC that could run x86 software that fit into a reasonably large purse. Apparently a perfect work companion for a woman in her 50s that has to travel a lot for work and do a lot of work on demo floors of exhibitions and business negotiations and doesn't want to carry any extra weight if she can help it. Any non windows on x86 offering is an automatic failure here, as it wouldn't run the necessary work related software.

Re:Upate to the most current

[fabioalcor]

You'd rather create a virtual machine, map your physical parallel port to the VM (it's easy in VMWare at least), turn off the VM's network adapter and install your legacy CNC software in there. Turn it on only when you need to use the CNC. Use a secure/modern OS in the physical machine.

Re: Upate to the most current

[Black+LED]

I would, but I have already switched to a different reader.

Re:Upate to the most current

Baloney. You can choose two paths with critical systems for which you wish to preserve availability and utility:
1. Build it once and never touch it. This is fine if you keep it isolated from external change and threat (it's not on a network, for instance), and if you maintain a spare or backup configuration (hardware and software) - two is one and one is none. You have to do this, not the vendor, because the vendor has no obligation or economic incentive to sustain your point-int-time solution - their's will be progressing and responding to changes in hardware and software environments.
2. Keep it maintained and test updates - yes, you will need a spare PC or at least spare heard disk, and effort during downtime will be needed. (I'm assuming this isn't "always on" critical).

Even though I'm delighted to see people extending the lifespans of equipment, everything has a lifespan and prudent business management means you have to plan a replacement eventually, and pay the cost of maintaining it while it's in use.

Re:Upate to the most current

"hard" disk. Doh.

Re:Upate to the most current

[dreamchaser]

I find that my Asus Transformer Prime 201 is just fine for the majority of tasks, and it works with my USB serial cable. Yes, I can console into firewalls, routers, switches, etc. with my tablet, and the fact that I have the optional keyboard dock makes it all the nicer.

Re:Upate to the most current

[PrimeNumber]

I still have mine and it still runs linux just fine.

Re:Upate to the most current

[NJRoadfan]

Windows 7 and 8 will fit on a 30GB drive without a problem.

Re:Upate to the most current

[AC-x]

The elevation of privilege vulnerability isn't Adobe's fault, any program running under a limited user could get full admininstrator rights with that.

Re:Upate to the most current

[NJRoadfan]

If you are looking at desktop machines, there are motherboards being sold that still have the good old serial and parallel port headers. Laptops on the other hand...

Re:Upate to the most current

To those that say "well my computer works fine".. umm, no it doesn't. Your OS was designed in 1997-2001, in a relatively much safer Internet environment, and is not designed for always on persistent attacks with billions of dollars available by hacking. As much as I think Microsoft keeps people out to dry, at some point you need to update.

Uh, Windows NT is, in a lot of ways, designed off of VMS at its core. And there's nothing wrong with the core design, per se. The fundamental issue is the same as in *nix or any other platform: you get attacked at the surface and the surface is user apps on user libraries. No matter how much you sandbox those apps and secure the core, all you're doing is guaranteeing that the core system won't go down or be liable to being destroyed. If anything, that's a big plus for a malware writer who can instead of fearing their bots will go down can be well assured that a system that stays up will function will indefinitely.

The only real reason then to upgrade is if the user land apps and libraries aren't being security fixed for XP. At its core, an old Windows 9x machine would be just as secure*--but it'd be unstable because Windows 9x is unstable. Well, XP isn't unstable. So, the only compelling reason to move really is that Microsoft won't keep updating XP indefinitely. I can understand their reasoning--or more precisely, the desire of the engineers not to just maintain an old code base indefinitely. But, there's plenty of mainframe programmers in that boat on systems that are decades old and they're insanely secure.

So, uh, yea, upgrade but upgrade for the right reasons.

*Barring some newly discovered Win9x TCP/IP stack vulnerability or an old one that never got patched because Windows 9x was EOL or a common network driver bug (although, really, the problem is lack of WiFi support). And if those exist, most (all?) of them can be fixed just like they or similar ones were fixed int WinNT, so... Still, I wouldn't run Win9x because, again, it's unstable. And that is a design defect.

Re:Upate to the most current

[Billly+Gates]

Have you tried to install XP in the last 6 months in VMware

It has the SVCHost.exe taking 100% cpu utilization bug, updates do not work, this is what happens. It took a week to install XP with my host machine running very hot.

I finally found a fix of looking for a KB randomly for an IE update. MS support and googling had no answer to this but someone in a forum mentioned this fix after many many patches and fixits.

100% of all XP versions are impacted regardless of source as I assumed I had a bad .iso. The thing is the hardest OS to install compared to FreeBSD and other harder oses due to the amount of patches, steps, and other workarounds to get IE 6 working for myself.

I accidently lost my iso folder and I wont miss re-installing XP. I have an XP image still backed up and will gladly just upgrade my ram to use Windows 7 images instead when that nasty outdated dinosaur dies off.
 

Re:Upate to the most current

[Billly+Gates]

I think you should learn about exploits as your rant on javascript is an IE 6 issue. Modern browsers have sandboxing to prevent things from just running. You need to exploit the language, then the sandbox, and DSLR or DEP in Windows 7/8 to gain an exploit. Not impossible but much more difficult than in XP which does not have the later security defenses as it was designed in a world of AOL in a trusted network and security meant a good password.

Change can be hard and the only reason to use XP is the fear of change because you are familiar and then find a reason why not to upgrade. XP has been shown to be 600% more likely to be infected than Windows 8.

Re:Upate to the most current

[twnth]

I'm not sure that you actually looked at the item I linked to.
Asus T100 "book" is a new product, only been on the market a couple weeks (local retailers here in Alberta got their first shipment last week). Its not the old android transformer that you may be thinking of.
-10" 1388x768. maybe a smidge bigger than the EEE
-full windows 8.1 32bit (not RT), comes with Office 2013 home and student. So it'll run just about anything
-quad core modern atom processor, 2 gig ram, Intel HD graphics. Office, netflix runs just fine. BF4 won't run, but a few games might be playable (look for demo's on youtube, decide for yourself what's playable).
-comes with the keyboard, MicroSD, mini-HDMI, USB3. Ya its a tiny keyboard, but tactile buttons make it quite usable for my small hands to touch type.
-supposed to have an 11 hour battery. Haven't clocked mine yet, but haven't had to recharge during the day yet either.

32gig model cost me $400 (Canadian), so its a bit more than the EEE was back in the day, but still half the money of a Surface Pro (which doesn't come with the keyboard). Home and student goes for $150 around here, so makes it a much easier pill to swallow.

I'm still getting all my tools loaded, but this is my new always handy laptop replacement. Very much what the EEE tried to be.

Re:Upate to the most current

google WSUS... fast, easy, bullet proof

Re:Upate to the most current

[Billly+Gates]

It wont work if you have a fresh VM. It will go under as well.

The trick is to find a recent IE 6 security patch. The cause is 1000+ bug fixes buffer overflowing the database.

Re:Upate to the most current

[Billly+Gates]

Try installing XP brand new on a VM.

Hint ... it wont work. The cpu will hit 100% usage and updates wont work. MS knew about this since last July and a fix has yet to be seen. Hair pulling experience. That dinosaur takes more work than installing Solaris and FreeBSD and many many days and hours of patch after patch after fix and KB just to get it semi up to date to run IE 6 (oxymoron) to make my risk adverse customers afraid of change happy.

I wont install XP again. I am done and I had to pirate another VM with it. After April I will just upgrade my ram in my host. Adobe CS 6 products already cancelled support, IE is no longer updated, Chrome will end support soon, Games coming out no longer work on DirectX 9, and the list goes on and on. Even Windows 7 is showing its age as it takes forever with updates on a fresh install and workarounds if you need to test older IE browsers.

If it were not for Metro I would have taken the $40 upgrade as Windows 7 is 5 years old since the first RCs came out! In the old days people would laugh at you for running a 5 year old OS and many here wont even move to that yet?!

Re:Upate to the most current

I think you should learn about exploits as your rant on javascript is an IE 6 issue. Modern browsers have sandboxing to prevent things from just running.

And yet exploits are still common.

You need to exploit the language, then the sandbox, and DSLR or DEP in Windows 7/8 to gain an exploit. Not impossible but much more difficult than in XP which does not have the later security defenses as it was designed in a world of AOL in a trusted network and security meant a good password.

XP SP2+ has ASLR and DEP. Further, a long standing point of IE was that after fixing the directly exploitable bugs was using multiple bugs together to reach an exploit. And as stated above, exploits that bypass the sandbox and ASLR/DEP are in the wild. As much as it's "more work" to bypass more layers, the fundamental fact is that those layers can be bypassed pretty regularly so the barrier raised isn't nearly that much as stated. Besides that, who uses IE 6 again? And what protects you in Windows 8 if you try to run IE 6? No, you're in the same boat if you run legacy user software.

Change can be hard and the only reason to use XP is the fear of change because you are familiar and then find a reason why not to upgrade. XP has been shown to be 600% more likely to be infected than Windows 8.

Or you have a working Windows XP system that is malware free* and you don't want to (1) spend money to "fix" something that isn't broken, (2) deal with all the hassle of an upgrade (you have to plan for the worst and the worst can be very time consuming), and (3) you can be left with a system that's noticeably slower in just about operation (a clean install may fix that(*, but that's even more time consuming). As for the "600% more likely to be infected"....is that on a comparative collection of up-to-date systems or one of those things where they compare 10 year old XP systems that were infected 7 years ago and still no one has bothered to take them offline? Because I think you can get similar skewed results with Linux.

Now, there will be a time when you won't receive updates and people should prepare for that day. But, that leaves months to decide on when to do the upgrade or to switch to another platform. Personally, I'd suggest a version of *nix or *BSD that does rolling upgrades to avoid the hassle of big, bulk changes. It introduces more risk to have rolling upgrades of various packages, but then it's usually easier to deal with regular minor crises than one massive one that can leave you with weeks trying to get software packages sorted out. :( MS seems to want to go that route, actually, but then that turns in to regular upgrade fees which are unacceptable to most people. After all, it's not that most people want the new features or changes. It's that they're part and parcel of the security fixes. And addressing that point on its face looks really ugly--it almost looks like a Dilbert comic about being paid to fix bugs intentional inserted.

*Believe it or not, plenty of XP systems are malware free. It just doesn't look that way when you have millions of systems with millions of users who aren't proactive enough in updating or are just unlucky enough to be hit by a zero day exploit. If tomorrow Windows 8 was the dominant OS, you'd see the same thing in a years time on Windows 8 systems.

**Odds are good, it won't. More precisely, a clean install Windows XP SP3 system (with the latest security updates) is almost certainly faster than a clean install Windows 8.x sytem (with the latest security updates). But an upgrade usually isn't a clean install--reinstalling all your apps, getting all your settings right, making sure all the required drivers/system libs are installed, etc is a time consuming hassle. Even without all the leg work, it still takes a lot of time which people aren't very happy about--having to leave their computer on for half a day untouched just so

Re:Upate to the most current

[DMJC]

Wine is not actually a replacement for windows yet. It still cannot emulate DirectX 1-6 which is crucial for a lot of games and applications. Wine devs need to finish fixing the older parts of wine before trying to run a race against DirectX 10/11/12 The way it stands now wine is only good for a few DirectX 7-9 games.

Re:Upate to the most current

[digitalchinky]

If you already have flash installed it will periodically ask if you want to update, if you click yes, it does a drive by install of McAfee, no opt-out at all. That's pretty evil behavior.

Re:Upate to the most current

Heh, my old Aspire One 8.9 runs Fedora 19 and it gets a heavy workload daily. It's not a fast machine, but it's good for coding on the go. I don't have to build massive projects too often, thankfully.

Re:Upate to the most current

They're $50 on eBay. Sometimes they're new, too.

Re:Upate to the most current

[0123456]

In the old days people would laugh at you for running a 5 year old OS and many here wont even move to that yet?!

That's because in the old days, a 5 year old OS would suck ass. XP is no worse for most users than Windows 7, and a step up for most users from Windows 8.

Microsoft should just have called XP the final version of Windows and kept updating it, but then they couldn't charge upgrade fees.

Re:Upate to the most current

XP x64 version is built on the 2003 base. It's what you want IF you make sure you have the drivers lined up.

Re:Upate to the most current

[Billly+Gates]

Sorry I prefer progress. I like TRIM for my ssds, pin apps and websites, instant search (no more using the all programs with a mouse to find something), ribbons, HTML 5, security, no hangs, side by side SXS .dlls which dynamically link so one .dll doesn't overwite another during an app install, virtualized registry for each user with defrags and doesn't have windows rot... and with Windows 8 instant fast boot up, no memory leaks, less bloat, etc.

Windows 7 is a very superior OS. XP has tons of bugs and quirks and slows down over time. XP was never that great anyway. It became great when Vista came out and loyalists appeared who fight to the death to keep it.

My fathers computer took 5 minutes to boot and always was slow with XP. I put Windows 7 and it is fast now.

I am glad XP is coming to an end as my cell phone is more advanced and more pleasant to use and up to date over it.

Re:Upate to the most current

[machine321]

Fits just fine on my EeePC, although I upgraded the memory and drive as soon as I bought it. It actually runs quite well. Win8 won't fit though, as they artificially block installation if you don't have at least 768 pixels high.

Re:Upate to the most current

[Billly+Gates]

XP certainly has no ASLR or sandboxing. Look it up?

DEP only a few services use it on XP and the browser is not one of them. EVen Firefox and Chrome are not sandboxed due to the lack of kernel support on that ancient OS.

Dude arguing that XP is not broken is like arguing IE 6 is not broken because it runs your corporate websites fine. It most certainly is and there are tons of hacks in that html code to make it even display right that the user does not see. XP has +800 workarounds for tens of thousands of virii each time code executes which is why a 128 meg Pentium III that ran XP fast in 2001 can't run XP SP 3 at all today. You do not see them but they are there and is obvious in performance degradation.

Windows Transfer wizard takes care of moving files over.

If XP was fine then why have this article? That exploit doesn't hit Windows 7 and later now does it?

Run what you want man. To me keeping XP up and running from a fresh install is hell of a lot more of a hassle than Windows 7. Yes hardware fails and good luck trying to re-install XP. Windows update wont even work with a fresh install of XP SP 3 and will hang with 100% CPU if you try. MS has been trying to fix it since July .

You need to change water softeners and repair cars don't you? Yes your computer is more complex than a simple appliance.

Re: Upate to the most current

[FatdogHaiku]

Was it written in Java? Or Sumatra?

Caffe Verona...

Re:Upate to the most current

[machine321]

WSUS Offline may solve your problem.

Re:Upate to the most current

[ozmanjusri]

I would love to have a full featured PC with a 7-8" screen that I can carry with me that I can use with a USB serial port for diagnosing router issues.

A lot of them are made by a company in China called Hiton (sometimes anglicised to Highton) and resold with vendor branding. You can still get a variety of size and spec XP/7/Linux machines from 5 to 11" from them. Googling should bring up a few places to buy them on, or just look in Alibaba.

Asus have also just released the 1015E, which is a faily capable little 10" laptop available with Linux for $199 or Windows for $250.

http://liliputing.com/2013/05/asus-1015e-low-cost-mini-notebook-review.html

Re:Upate to the most current

[QuantumRiff]

We have some expensive pitney bowes mailing systems. We inquired about a newer computer, NOT running xp. Turns out they changed the entire print assembly for the version that runs Windows 7. Its a $20k upgrade. (also need a new controller box, old one doesn't work with WIndows 7 software (mainly the hardware dongle, apparently)..

Our brand new pitney bowes mailing system has a windows 7 computer. The techs that installed it told our senior management to never run windows update, or install antivirus on it, or it would cause problems and make the machine not work. Boy did they get pissy when I put it on its own vlan, with only access to one server, and one port on that server, to get its updated files.

Re:Upate to the most current

GP AC here. I looked around to see if Adobe had anything to say about this and I saw a post where an Adobe employee claimed that the inclusion of the McAfee software was required to fund the development of Flash Player because they provide it freely to users. It was also pointed out that users can opt-out and how they supposedly understand users' concerns about bundled crapware so they will always offer an opt-out. I can't seem to find the link now, but the way it was worded just sounded so smug and entitled. The question that comes to mind is, why not make it opt-in instead? The answer is because their original intent was to trick users into installing it.

Isn't it funny how a multi billion dollar corporation that made shitloads per software license of Creative Suite (and individual component applications therein) and distributed Flash Player (a necessary plugin for their own customers' audience) for years without the need for bundled crapware is all of a sudden "forced" to start including it; all around the same time that they discontinued Flash support on mobile devices and went to an even more expensive subscription model for their bread and butter products?

I'd definitely say Adobe is evil.

Re:Upate to the most current

[epyT-R]

Yeah I know they do. That hasn't stopped anyone from exploiting things, has it? They said the same thing about java in the 90s, then the same about .NET, and now the browser sandboxes. They've all had exploits in the past, and the safe thing to do is to assume they'll have more exposed in the future.

ASLR and DEP are hardware features that windows xp supported with sp2. My point stands: The best defenses are prudent operating procedures, not big 'update now' buttons that make people feel safe when it is not an automatic given..or worse, forced updates that may or may not protect them but also remove features that are in conflict with current business models of the vendor. How many times have you heard "But I have all the latest system updates, how could it be a virus?" or "where did that feature go?"

The rest is just ad hominem. My statements are not motivated by fear. I am sure windows 8 is more robust than XP, but they've been saying this about the newer version of windows since windows 95, and they've all been thoroughly compromised along the way. I no longer fret about it quite so much. It's just not worth it. Use what works for your workflow, operate sanely (frequent backups, regular restore of OS from known clean image), and you'll be fine. If the user's the kind of dumbass that clicks on shit without thinking first, well then he gets what he deserves regardless of which OS he runs. There is no helping him.

Re:Upate to the most current

[0123456]

Sorry I prefer progress.

Same here. And there's been very little of that in Windows since XP.

BTW, I was amused by your mention of SxS, SxS Hell is one reason I'm glad I only ever have to boot Windows for games these days. There are better operating systems for everything else.

Re:Upate to the most current

For CNC equipment, I am actually quite curious why a minimalist ISA bus cape for beaglebone doesn't exist yet.

Beaglebone has 40+ gpio pins many with pwm, and 2 with i2c.

That's enough to hard address the bus's address and data lines, then serialize the IRQ, ACK and pals over i2c with minimalist silicon. ISA bus is "abysmally slow", so it would work over the gpio pins very well I think.

That would let a BBB drive a cnc machine quite easily using some isa multio cards.
The isa bus would let many existing interface boards theoretically be useable. This is important, because some setups use custom interface cards. Couple that with a specially patched dosbox to get dosbox to play ball with the isa cape, and you have an almost ideal setup.

I have actually considered building something like this actually. Make a special driver to handle the gpio, and present a device in /dev that can be hooked by a custom compiled bochs or dosbox, so that the "hardware interrupts" generated on the bus can influence the emulation, and software in the emulator can talk with physical cards.

Re:Upate to the most current

Nothing hell about it.

If Linux supported dynamic linking you cold have multiple .rpms and .dpkgs just fine. The kernel would load the correct one and you could have for example the latest gimp without the crappy gnome 3 under Gnome 2. Or multiple versions of python. Linux can't do that today for these reasons.

I could go on too about the swapping and I/o of XP compared to Windows 7 too. Progress is quite there if you spend hours with each. I hate XP at work and the superior i5 hangs a lot while my 3 year old Windows 7 system is fast in comparison.

SSDs and SATA should not be considered exotic hardware with no support for TRIM or command multiqueing. With XP it is serial with an algorithm which swaps the hell and freezes all threading until a swap is done at a serial level and not even parallel! Yuck yes it is dated and a big upgrade if you ask me. Maybe not the Windows 98 to Windows XP level, but not that far off either under the hood.

Re:Upate to the most current

For now, you should be fine to just get rid of Adobe Reader.

But, given the lack of security support for Win XP after April, I'd probably give some good thought to throwing a *nix onto those boxen, for no other reason than that you have the ability to apply security fixes rather than getting left out in the wild with no support on a dead OS.

Go with Slack, you'll likely end up seeing a 2x-3x increase in speed over XP anyway...and the userbase/dev team entirely agrees with you on "don't update what's not broken", so there's that plus as well.

Re:Upate to the most current

Upgrading the OS would be wise as well, especially since we're fast coming to the point of end of support, April 8th 2014. Windows 7 and 8.x both improved security considerable, and there are other more secure options as well such as MacOS X and the other varies flavors of *nix such as Linux distributions.

If you pay for the license upgrade I will change anytime. ;) Sadly Linux doesn't run some vital apps like photoshop, and no Gimp is not a solution for PRINT work. (CYMK+Pantone will arrive in 2084 I guess)

Re:Upate to the most current

[noh8rz10]

just get an 11 inch mac book air. those are pretty small too.

Re:Upate to the most current

[Zibodiz]

I'm not sure I follow. If you have an XP disk with sp0, sp1, or sp2 you can install just fine (I do it semi-regularly with an sp2 disk). I've never tried with a disk that has sp3, but I wouldn't expect anything different. After install, I install sp3 from an .iso, then it updates fully to current level over the course of a couple hours, and it runs very stably. What VM software are you using, and what PC platform? I use Virtualbox in Ubuntu on both AMD & Intel machines (older dual-cores).
On another note, IE is up to version 8 for XP. I don't know of anyone that still requires v6.

Re:Upate to the most current

Could have been Win7 Starter Edition. Smaller with a bit less of a resource footprint...they pushed it out when they realized hardware distributors were throwing Ubuntu on things because they couldn't handle Win7 Home Premium...

Personally, given that most software I'd say would ever be a reason to use Windows already requires a decent amount of resources on its own (with the lightweight stuff already having perfectly capable Linux analogs available) I can't see much reason not to make the move to Linux in the first place. Maybe there's some Windows killer apps on the lower end of the resource scale, but in my experience, that tends not to be where they're found...

Re:Upate to the most current

[kthreadd]

If the machine isn't very old it's often easier to get XP x64 to run well rather than the 32 bit version.

Re: Upate to the most current

Decaf anyone?

Re:Upate to the most current

I upgraded. Airgapped the legacy XP for two applications I still use there, and swiitched to Linux for the new machine.

Re:Upate to the most current

XP certainly has no ASLR or sandboxing. Look it up?

While I never claimed XP had sandboxing, I was sort of mistaken about ASLR. Apparently MS never added ASLR to Windows XP, but Wehntrust implements it Also, technically there's sandboxie and other similar programs, but of course there's some question about how just good they are--not that MS's own sandboxing technology exactly has a stellar record.

DEP only a few services use it on XP and the browser is not one of them.

Um, by default yes. But you can enable DEP system wide (although IIRC there's a hardcoded exception for ATI/AMD drivers).

EVen Firefox and Chrome are not sandboxed due to the lack of kernel support on that ancient OS.

*cough*Sandboxie*cough* Seriously, though, the sandbox is meant to be the last line of defense. And too often it's been shown to be no defense.

Dude arguing that XP is not broken is like arguing IE 6 is not broken because it runs your corporate websites fine.

No, IE 6 is broken. Period. This new XP Zero-Day shows XP is broken. Then again, IE11 on Windows 8.1 was very recently broken too.

It most certainly is and there are tons of hacks in that html code to make it even display right that the user does not see. XP has +800 workarounds for tens of thousands of virii each time code executes which is why a 128 meg Pentium III that ran XP fast in 2001 can't run XP SP 3 at all today. You do not see them but they are there and is obvious in performance degradation.

Which aren't in Windows 8.x? Because last I checked, the whole problem with Windows Vista/7/8 incompatibilities with older Windows software (and presumably some virii) had to do with presumptions about Administrator/Power User Access, not the layers of workarounds which are still in Windows--ie, if you use Windows XP as a normal user, you're just as safe from a lot of attacks (and before you say it can't be done, it can be--it's just more annoying than Vista's UAC). But, yea, your argument is precisely why Windows 8.x is even slower because it has even more libraries and hence even more workarounds.

Windows Transfer wizard takes care of moving files over.

"Alas, the one thing that Windows Easy Transfer can't do is reinstall programs for you. Insgtead, it displays this complete list of every program that was installed on your old PC." -- Inside the Windows 7 Easy Transfer Utility. Still, I'd admit that it looks like it takes away some of the pain. But, then I think about reinstalling several games and..bleh. Could be worse, though.

If XP was fine then why have this article? That exploit doesn't hit Windows 7 and later now does it?

Nor users of the latest version of Adobe Reader, so there is that too. Further, it's not really stated why exactly the exploit works in Windows XP and not Windows 7/8, as APSB13-15 Security Bulletin seems to cover most versions of Adobe Reader and the NDProxy.sys bug would presumably be in/patched in all Windows versions? My only wild guess is that it relates to a similar Microsoft Windows Kernel NDProxy Local Privilege Escalation Vulnerability from a few years ago and that both may be prevented from being exploited by either further Windows kernel protection or a shatter attack protection.

So, you do have a point to the extent that some more of those software firewalls seem to be working. But, just being up to d

Re: Upate to the most current

[davester666]

just use emacs already.

Re:Upate to the most current

[LinuxIsGarbage]

I use PDF-Xchange. I find better performance than Foxit, and it comes with free annotation tools.

Re:Upate to the most current

[LinuxIsGarbage]

Even Windows 7 is showing its age as it takes forever with updates on a fresh install and workarounds if you need to test older IE browsers.

Just get VM's for free from Microsoft for your desired IE version and OS.
http://www.modern.ie/en-us/virtualization-tools#downloads

Re:Upate to the most current

[LinuxIsGarbage]

Minimum requirements for Windows 7 is 16GB. I forget how much it actually uses, but it will be less. Hard drive footprint of 7Starter through 7Ultimate is the same. You can do an "anytime upgrade" from starter to Ultimate if you want. Starter just disables features.

The actual story of why Starter exists is early in the Netbook era (with small 4GB SSDs, and non Aero compatible Intel 915 chipsets which themselves were part of a Vista capable lawsuit), machines like EeePC 701 physically could not run Vista, but could run XP well, and Asus was selling them with Xandros (which was a terrible distro). Acer was selling Linux Netbooks too. To keep from losing market share Microsoft had to embarrassingly extend the life of XP by selling cheap XP Home licenses for low cost PCs (with restrictions on the hardware). Eventually the Netbook market platform had standardized on Atom processors, Aero compatible i945 (or better), 160GB hard drive, but low cost XP licences drove prices down. These machines technically were more than capable of running Vista or better. So when Windows 7 came out, Microsoft wanted to kill off selling new XP licences, so to capture the low cost PC market they sold 7 Starter, again with limitations on hardware.

My father has an MSI Wind that sold with Windows XP, and I upgraded the RAM from 1 to 2GB, and the machine happily runs Windows 8. I have an EeePC 701 that shipped with Xandros that happily runs XP, though I have set up Windows 7 to run off of an external Hard drive if I wanted. I also have an AMD based MSI netbook that shipped with XP Home, that I upgraded to Windows 7 right away. It came with 200GB HDD and 2GB RAM, which technically exceeded the limitations for low cost versions of XP Home so I don't know how they managed that.

Re:Upate to the most current

[LinuxIsGarbage]

Without digging in too deep, last I checked, some "business class" desktops from Dell, HP, Lenovo could be equipped with LPT and serial ports. With laptops, you can usually configure a business class laptop with docking station to get legacy ports. Eg from Dell:

http://accessories.us.dell.com/sna/productdetail.aspx?c=us&l=en&s=eep&cs=6099&sku=331-6304
"E-Port Plus, dock adds dual digital display and legacy port support, USB 3.0"

And for anyone not in the know, USB parallel adapters are no good for anything but a printer. They do nothing for bidirectional communication used for machines like CNC.

Re:Upate to the most current

[LinuxIsGarbage]

XP has +800 workarounds for tens of thousands of virii each time code executes which is why a 128 meg Pentium III that ran XP fast in 2001 can't run XP SP 3 at all today

New updated XP will run on a PIII with 128MB RAM. Problem isn't the base OS, but newer applications are more bloated than they were in 2002, even if they run on XP (Firefox, Adobe reader, flash, any AV package, etc).

Re: Upate to the most current

"Foxit is just as bloated as Adobe Reader.
Sumatra PDF is what Foxit was before becoming bloatware."

This is even better and works through Tor:

http://view.samurajdata.se/

No application(s) to install and it's free.

Re:Upate to the most current

[Luckyo]

Oh, that's actually good to know, thanks! I looked up the transformer line, and apparently it was 100% android before this.

Frankly, I'd pay that extra just for the 768p screen. The one I bought back in the day had a 600p screen and w7 configuration windows didn't fit the vertical space in default size in for many menus, making configuration a pain.

Re:Upate to the most current

[Patman64]

For good and bad (and Mavericks has some things that piss me off) the Apple model of forced upgrades has some reasoning to it.

Wut? I ran Snow Leopard until recently and it hasn't automatically updated my computer to Mavericks. Apple doesn't force you to upgrade anything. They release new versions of APIs for new versions of the OS but that's standard practice.

Re:Upate to the most current

[Joce640k]

I installed Windows 7 on my Eee 901 back in the day; it ran fine.

You must have put in a bigger storage device. Mine is only 16Gb.

Re:Upate to the most current

Afaik there are connectors "Parallel port -> USB". You can get one of those.
Does the software not run in compatability mode on a more modern machine?

And: Is the XP machine connected to the internet or a network connected to it? If no. Good. If yes: Why?

Re:Upate to the most current

[hairyfeet]

Better yet get rid of an OS that is now FOUR versions behind, how about that?

When XP came out the average PC was a P3 of less than a GHz and 128Mb - 256Mb of RAM. You were just starting to see 512Mb machines but like the GHz systems they were pretty damned expensive. Yes XP is THAT old.

I mean we'd laugh and think somebody was nuts if they were running Android 1.0, or OS 9 right? So why would we think someone was any less nuts for running a 12 year old OS four versions behind? Because MSFT puts out patches? Those patches won't magically get rid of the brain dead ideas baked into XP like always running as admin being the default state,or how little thought had been put into the Internet being a threat, hell they didn't have the firewall on by default until SP2!

So just let the damned thing die already, okay? If you are too cheap or too poor to let go of that ancient POS that won't run any newer Windows you can grab one of dozen of distros for nothing, but XP really needs to join win9X in OS heaven. Like Win2K before it it was great in its time but that time has past folks.

Re:Upate to the most current

[Patch86]

If all you're doing is checking email and surfing the web, surely Linux would do? LXDE is lighter weight than standard XP (and I'm sure XFCE isn't far off either). If all you want is to keep hardware alive for pleasure use, there's no reason not to.

Bigger sympathy goes to people who have specific applications which are XP-compatible-only. As much as I love Wine as a project, it can still be a nightmare to get it working for anything both complicated and niche.

Re:Upate to the most current

[0111+1110]

How much does MS pay you for posts like this? Windows 7 is a shit OS compared to Linux and OS X and Windows 8 is a tablet OS. Windows 7 isn't all that bad, but it's still a bloated mess with a horrible UI. The UI of XP is superior to 7 IMO. Windows Embedded Standard 7 is actually not too bad though. Still an example of unoptimized, inefficient, sloppy coding and bloated individual components, but the fact that it's componentized at all makes it a lot less awful.

Nevertheless Microsoft is an awful software compony that deserves to die. They are the last people who could ever design a good OS. In fact they really can't afford to make an OS too good, because then they can't upsell when Windows 2014 is released. With Microsoft it's all about getting people to dump their old OSes and buy new ones. They're still hurting from the fact that XP was so user friendly and content/feature focused rather than marketing focused. Making sure that people think their old OS is bad is at least as important for sales as selling people on the idea of a new OS that does all the same things, but in a new way.

Re:Upate to the most current

[serviscope_minor]

My CNC requires a parallel port which doesn't even exists anymore and my CNC software can't run on Windows versions above XP.

You can buy single lane PCIe parallel port cards for about $30. If you pick a decent one, they act like totally bog standard parallel ports and don't require drivers etc.

I don't know if you need harware virtualisation to connect the parallel port to a VM (I suspect not, but such processors are cheap now anyway--I think AMD offers it across the range).

There's a good chance the PC will die long before the mill: a good, well maintained mill will last nearly forever. Probably worth investigating contingencies for when that happens.

Also, have you checked to see if the mill runs off g-code? Many do which makes it pretty machine independent.

Re:Upate to the most current

[0111+1110]

There are also games that don't play nice with Windows 7. Now that Intel and possibly Nvidia and AMD have stopped writing XP drivers I have to start maintaining a Legacy Box in order to run XP natively. Such a PITA, but abandoning XP is just not an option for me yet.

I don't believe in the direction that Ballmer has taken with their post-XP operating systems. Since I just did a computer upgrade and my new motherboard doesn't have XP drivers I am planning to mainly use Windows Embedded Standard 7 for my Windows OS, but when it comes to Windows I think it will be a long time before Microsoft pulls its head out of its ass and again writes a decent OS.

So I'd like to use Linux as much as possible. Only using Windows for games and Windows only applications that don't have a good equivalent in Linux. As Microsoft OSes just get worse and worse I think I may put some effort into a Hackintosh as well. It would be nice if what happened to Microsoft in the world of Tablets happens with desktops as well. They so do not deserve their market share.

Re:Upate to the most current

[0111+1110]

So why would we think someone was any less nuts for running a 12 year old OS four versions behind?

Because instead of improving their OSes Microsoft makes each version worse than the previous one. So four versions "behind" with Microsoft can translate to four versions ahead when compared to Linux or OS X. If you want Microsoft to actually improve their OS you have to go back in time so that you can rewind past all of the dumbfuckery they've done since to make things worse.

I don't know where Microsoft sees itself heading in the next decade, but if it's anything like the direction they've chosen with their post-XP OSes so far I want no part of it.

Re:Upate to the most current

[0111+1110]

If XP was fine then why have this article?

Because MS wants to sell more copies of their newer even crappier OSes. Bashing their older OSes and paying crackers to find exploits that only run in those older OSes is supposed to increase shareholder value. I bet MS has a whole bunch of XP specific exploits that they are just waiting to release as it gets closer to the XP cutoff date.

Re:Upate to the most current

[LordWabbit2]

WTF? I did this a day or two ago! No issues.
We have some legacy software which requires VS 2003 to make changes (SDK only works with 2003 and XP)
Fired up a new VM, installed XP, ran updates, installed VS 2003, installed SDK, opened solution, fixed references, build, success, made minor changes, build, succes
Done

You are forgetting about people's comfort zone. XP works, they know how to change their settings for whatever.
The drivers for their XYC device install and work
The ancient app that they use to do their books/orders/whatever work
Old office (before the ribbon bar) works, and they know it backwards
IMHO MS are being fcking stupid by trying to force people off XP by no longer supporting it. When it becomes clear that they have to upgrade because of all the vulnerabilities that have now been left open people are going to upgrade. But will they upgrade to an MS OS?
Drop support for XP when the user base has become negligible, not when there are still billions of users.

People DO NOT LIKE CHANGE (except from vending machines)

Re:Upate to the most current

[jones_supa]

Relax...have a Coca-Cola*...

The biggest problem in Windows world right now is the toy UI that Windows 8 brought. Other than that, Windows is just fine these days.

*) I'm a Coca-Cola shill

Re:Upate to the most current

Sounds like a shill post.

Win7 search sucks monkey balls. What, you mean when I use what I call the "normal" file search (WIN + F or F3) and type part of the filename then it doesn't search for files with that name? I am completely exasperated by the Win7 search. It sucks.

Second, the asynchronous file browsing offered by Explorer in Win7 is an abomination. I have constant problems browsing files, and have even deleted the wrong files as the selection shown on screen did not match the selection in the background when I hit delete. I use F5 constantly when browsing files as it is the only way to know for sure that what I see is trust worthy. And yes, this does sound like virus behaviour (screwing with the filesystem, or some low level hook) which was my thought initially. I've now seen this across a half dozen systems, 32 and 64 bit, and for about two years now. To me it appears like a fundamental fuck up on the part of Windows.

So no, don't spout your BS about Windows 7 being an all-singing all-dancing upgrade from XP because it is not.

Shill.

Re:Upate to the most current

Is there something wrong with normal Windows 7 then? It should run smoothly on almost any relatively modern PC.

Re:Upate to the most current

[Billly+Gates]

Just because they are comfortable doesn't mean it is the best OS ever made. It doesn't mean the problem must be with javascript. After all I am comfortable and hate change so I will blame something else etc.

I liked XP back in the day. I loved Linux but liked XP back in 2001. Times have changed. XP is dangerous and if you are in IT and still refuse to upgrade you are incompentent.

XP is a damn security nightmare right up there with IE 6. The grand parent is correct and it is 2013. Unfortuantely slashdot has been infiltrated by geeks claiming XP is the best ever and I call them out with their geek card.

I wont be fired if they get cryptolocker trojan and loose their documents because they like the pretty green hills and blue colors. The answer is to stay up to date.

Re:Upate to the most current

[jones_supa]

Fits just fine on my EeePC, although I upgraded the memory and drive as soon as I bought it. It actually runs quite well. Win8 won't fit though, as they artificially block installation if you don't have at least 768 pixels high.

That is not correct. Win8 will install just fine, but all the Modern UI apps will refuse to start. Which no one runs anyway.

Re:Upate to the most current

[Billly+Gates]

LOL I am a shill?

I support users and loose my own free time doing dumb workarounds for 12 year old operating systems for those who like the pretty green hills and blue colors of XP.

Windows 7 is a great OS. Not server grade like Solaris or RHES, but for a consumer OS it is lighter, quicker, stable, and hell of alot more secure.

After gnome 3 I switched back to Windows and haven't looked back. I have a CentOS VM and a FreeBSD VM for any unix stuff I want to do. With the exception of Metro I think the MS of 2013 is not the same company as 2003. IE is usable, Windows 8 is a great OS kernel wise and performs well on low end ARM hardware with Nokia phones. Xboxnone has voice activated commands.

XP gui is supperior is opinion with no facts. Windows 7 aero I can do snap side by side. I have instant search. I can move the cursor down and see preview thumbnails of everything open.

Yes I was an angry MS hater back in the day like yourself but I grew up and MS got its act on quality.

People need Windows not because they love it but they have apps. If that is you Windows 7 doesn't have the bizaare slowdowns, slow disk access that locks things, better security. I love instant search too which changed my mind on WIndows 7. I have tons and tons of files and can access them all in seconds. Hit the Windows key and type? After a week you will see the value.

XP is not user friendly. More than people got used to its reflexes. It is quite behind but people are just familiar with it.

Re:Upate to the most current

Grandparent is referring to this bug

Re:Upate to the most current

Customers are risk adverse who do not want to change.

THe issue is outlined here.

Re:Upate to the most current

[maestroX]

I downgraded to Reader 5 but that's about as low you can go.

Re:Upate to the most current

[Billly+Gates]

Well it better not be connected to the network.

If the kid intern browses facebook on it and it gets the cryptolocker virus which destroys the files your company will be SOL!

That is rational.

Re:Upate to the most current

[Billly+Gates]

Well humans tend to do the same behaviors over and over again out of habbit.

Any change whatsoever is flagged as wrong on a pyschological level. So if they are used to see the pretty green hills and blue title bar every morning they will resist and think it is the best thing ever to justify not leaving!

I should not have to fight and get modded own by people saying XP is more secure and the issue must be X or javascript. Funny this bug doesn't hit Windows 7? Why. Duh it is built more securely.

XP is slow, unpredictable, and really not that much lighter. My XP machine at work with an icore5 has its senior moments while my phenomII from 2010 is like butter with Windows 7.

People hate change and slashdotters should be ashamed of promoting and modding up unformed comments on those who hate change. Shoot I am spending more and more time on www.neowin.net instead these days. yes they are fanboys and I realize that, but they at least embrace change and see advantages and are more informed than most slashdotters sadly.

Re:Upate to the most current

[mikechant]

You and the GP are both wrong. The proper way to do it is to risk-assess and cost-benefit analyse every potential upgrade and upgrade or don't upgrade based on the results.
I work on a large number of outsourced mainframes and the decision on whether to upgrade a specific software product for a specific customer is quite complex, and often depends on such things as the software supplier's previous record (do they break things a lot at new releases, etc..), and the criticality of the software involved (crudely, how much money will the customer lose per hour if this facility is unavailable).
The result is that some products are 'frozen' at a particular release (and the risk involved with this option is recorded and reviewed regularly), some are updated occasionally with extensive pre-rollout testing (typically when the current release approaches its end of support date) and some are updated regularly in a routine fashion.

Re:Upate to the most current

[hairyfeet]

Linux is a broken mes (feel free to ask for citations or type "Linux broken (insert drivers, Pulse, X, wireless)" into the search engine of your choice) and OSX requires new hardware every couple of years as their length of support is frankly a joke.

Meanwhile I have more systems than I can count out in the field that went from XP to 7 with ZERO issues, the oldest being a circa 2005 3GHz P4 with 1.5Gb of RAM, runs Win 7 just fine. This system has run Win 7 since RTM and before that WinXP X64 again with no issues.

Ya know if you weren't a raging fanboi I'd tell you to try a version of Windows that isn't from the stone ages but its obvious you haven't used windows since XP RTM so why waste my time? Enjoy your forum hunts and "open up bash and type but the rest of the free world has better shit to do than spend our time fixing Torvalds fuckups. The article we had the other day talking about how nobody wanted to work on the kernel and the devs were getting ancient was a telling one, just shows how toxic Linux development has become. maybe when Torvalds passes google will just take the whole thing private and make something decent, until then there is a reason why MSFT can put out the most hated version since MS Bob and get more users in the first month than Linux has gotten in 20 years and that is because it "just works" which is a hell of a lot more than can be said for Torvalds plaything.

Re:Upate to the most current

[LordWabbit2]

I never said it was the best OS ever made.
I said that is what they are used to, comfortable with and unwilling to change from.
See how long you stay in business by force feeding your users with something they don't want, or in fact don't need because XP works for them.


I agree totally with what your are saying about security etc.
But if you don't give your users what they want (not NEED, but WANT) then shortly thereafter you won't have any users and it becomes a moot point
Because someone else will step in and give them what they want.


The best you can do is present to them the risks of running unsupported software etc and hope they make the right call.

Clearly you work in a cubicle farm with someone in charge making the right decisions instead of dealing with users who are paying you and refuse to change.

Re: Upate to the most current

[Desty]

I would, but I have already switched to a different reader.

...and switching to another PDF reader has somehow rendered you incapable of writing a short bug report on the SumatraPDF bug tracker? Or you just don't care enough because you've moved on and helping others is a waste of time? Even though you already spent time writing your post here instead of on the bug tracker....? Help me understand.

Re:Upate to the most current

[Dogtanian]

Afaik there are connectors "Parallel port -> USB". You can get one of those.

I can't remember if it related to "parallel to USB" or to "serial to USB" adaptors- or to both- but IIRC there can be problems related to timing et al when using one of those devices.

At any rate, it probably isn't the straightforward panacea you think it is...

Re:Upate to the most current

[machine321]

That is not correct. Win8 will install just fine, but all the Modern UI apps will refuse to start. Which no one runs anyway.

I stand corrected. I don't recall why I thought that, maybe I listened to the Upgrade Assistant. Is anything missing from the OS with Modern UI disabled? Perhaps low-resolution screens are a feature...

Re:Upate to the most current

[vandamme]

30 GB is fine for all the Linux distros I run. If I have 4 GB or RAM I take one stick out and save it as a spare.

Re: Upate to the most current

why update just for the sake of updating. if someone is happy with windows xp and it does the job they need, that doesn't make them dumb
for using it. you can tell by your statements that you are a fucktard. you want the latest and greatest shiny new toy because they make u feel warm inside. I'm glad you found a site other then /. now you can join your fellow fanbois and suck each other's cocks.

I understand updating fixes holes and brings new features and technology, that doesn't mean that it's a must. every reason u stated sounds like a bunch of selfish me me me me me bullshit points. it's not about you or your views and what you like. we are all different and want different things. that's why Torvalds "toy" OS as you call it shits on every windows distro.

you can dress up a pig,
but it's still a pig ;)

Re: Upate to the most current

[Black+LED]

It's not my responsibility and I feel I have already done my bit by letting other people know about the troubles I ran into. Sorry if you cannot understand it, but each of us have our own choices to make in life. Feel free to file a bug report yourself if you're so inclined.

Re:Upate to the most current

Have you ever managed to install Windows 7 on a 16GB drive? No, I didn't think so. I struggle to fit Windows 7 into 32GB, especially once you install a few patches. And you do patch, right? Then you need space for applications before you actually use it for anything because unlike most other operating systems, Windows is generally pretty useless out of the box (and yet takes up more space!). Although it's perfectly adequate in practice, even a 64GB SSD starts to look suprisingly small by this stage.

Re:Upate to the most current

[The+Grim+Reefer]

I agree. But there are a lot of people that bought those types of systems who have never heard of Linux, let alone being able to install and configure it. I have no idea what the driver situation is on those types of systems either.

Re:Upate to the most current

I installed the public beta of Win7 on my 8GB SSD of my Aspire One netbook. I didn't have to do anything special to get it to install either, there wasn't a whole lot of space left after, but it went on okay.

Re:Upate to the most current

[jones_supa]

I have done some testing and as far as I know, nothing is missing. The Start Screen and everything still work normally. If you plug in an external monitor, you can run Modern apps on that if you ever get a need.

Re:Upate to the most current

[toddestan]

It's the bug(?) with svchost.exe where it pegs the CPU at 100%, again. This is nothing new in the sense that this has been an ongoing thing that pops its head up from time to time in Windows XP, usually fixed by another patch. This time around, however, Microsoft seems uninterested in fixing it. It's nastier this time around because it seems that it never gets out of whatever causes svchost to peg at 100%, and Windows Update never completes. Not to mention that it seems more crippling to the system almost as if svchost.exe is running at a higher priority level than before.

You'll see it on any Windows XP system that's somewhat behind on patches whenever Windows update runs. This includes the XP image that Microsoft provides for XP Mode in Windows 7, as well as systems running XP on bare metal. A system or VM that is used regularly and has been kept up to date on patches doesn't seem to show the problem. The only way to get rid of it for sure is to disable Automatic Updates and never run Windows Update manually, leaving the system at whatever patch level its currently at. A few people have reported some luck applying certain patches manually and then being able to run Windows Update to get the rest, but these solutions don't seem to work in all cases.

Re:Upate to the most current

[toddestan]

Windows will automatically create a page file that's about the size of your ram. It can also create a hibernation file that is also the size of your ram. If you're running a larger amount of ram this can chew up a non-negligible amount of disk space. Since VMs tend to get by with less ram, this should result in a smaller image.

Re:Upate to the most current

[toddestan]

Have you ever dealt with systems like that? If it isn't broken, don't fix it. Especially since updating the systems can be quite expensive. And it's not like the software is ever going to wear out - it will keep on working the same for the lifetime of the equipment. So what if it's Windows XP? Spending money to update the system so that it can run the shiniest new OS to do the exact same task as before is just a waste.

Of course, I've always thought it kind of strange that this kind of stuff uses Windows anyway, as opposed to something that's truly embedded. I understand why, because commodity PC hardware is cheap, it's easy to find programmers to create Windows software, plus the customers usually know how to use a Windows PC. On the downside though, the PC hardware is often a weak link with a low lifetime compared to the rest of the machine, and you get the idiot users who think that because it's running Windows it's no different than any other PC in the office.

Re: Upate to the most current

[Desty]

Although I do submit bug reports whenever possible, I can't file one for you because I don't have the PDF files you've experienced the bug with. You clearly understand what's going wrong and when, since you've explained it well in your original post here.

Re:Upate to the most current

Sounds like PEBKAC. You are just an idiot and you don't understand computers.

Re:Upate to the most current

I saw something about that. Apparently it has something to do with having to parse which updates mark others obsolete or as prerequisites or whatever.

Re: Upate to the most current

Coffee puns!

Re: Upate to the most current

[Tarlus]

Butterflies.

Re:Upate to the most current

[Tarlus]

Ya know if you weren't a raging fanboi

...followed by a "raging fanboi" rant. Classy.

You throw Torvalds' name around a lot but you don't really seem to know who he is or what he does, do you?

Re:Upate to the most current

[hairyfeet]

I bring citations, you bring bullshit so step up or STFU. as for Torvalds, you mean the same guy that acts like a spoiled 14 year old halo player and who has kept a 40+ year old driver model because of politics?

Yeah i know EXACTLY who he is, he is the guy that has been holding Linux back this past decade. I'll say of Linus what RMS said of Jobs "I won't be glad he's dead but I'll be glad he's gone" and in my case DAMN glad he's gone, maybe some actual innovation and progress will happen at the kernel level instead of a bunch of old farts holding everything back and running everyone not their age off.

Remember kids.

Remember kids, use a free software PDF reader.

Re: Remember kids.

Drop your pdf into a browser woth in built pdf reader? Too simple?

They Didn't save this?

[cant_get_a_good_nick]

Hmm, a bug that gets admin rights.... If I were sufficiently evil I would have saved this until April when there's no chance of it being patched ever.

Re:They Didn't save this?

[SgtChaireBourne]

Who's to say there aren't other, better things saved up for April? If they've managed to fritter away their window to migrate to GNU/Linux, well they'll have fun in April.

Funded by Microsoft Marketing?

Windows 8.x best Marketing tools, XP EOL and new exploits.

Of course it has the side effect of delivering some to Apple, Google, Linux and BSD as well. Not to mention the largest effect being to increases in technical jobs related to the switchovers for all that software and hardware.

Too Bad

[Oysterville]

Too bad Windows XP won't be supported much longer. Once that happens, it would be a...shame if something were to happen to that PC. If you upgrade to Windows 8, Microsoft will surely protect you.

Re:Too Bad

Because your cellphone, tablet, or Macintosh enjoyed 13 years of support from initial release (and 7 years after being replaced by the next version).

Re:Too Bad

[Billly+Gates]

Too bad my Ford XT won't be supported much longer with modern airbags and security fixes from cars a century later. It would be a shame if something were to happen to my car ... greedy FORD

Re:Too Bad

Don't worry. I'm sure your Ford will have suffered some kind of catastrophic fire damage long before that happens.

Re:Too Bad

[Barlo_Mung_42]

I know it was supposed to be funny but this is in fact the reality we face. MS isn't going to support a 13 year old OS forever. Exploits will still be found after they stop supporting it. Conspiracy types will claim MS planted them but it would be even crazier if the last bug was patched on the day they cut support. That isn't going to happen.
If you are using your system for professional work and it's still running XP it has paid for itself many times over. Upgrading is a cost of business. A responsible company / organization plans for it. This has been a long time coming so don't act all surprised now.
If your company relied on a machine and the belts started squeaking after you'd already adjusted them several times I think you would buy a new belt and be ready to put it on. Or better yet, buy the belt and put it on proactively. It would be irresponsible to wait for the belt to break and then look flabbergasted that such a thing could happen. Meanwhile your work comes to a standstill.

Re:Too Bad

[Patch86]

I wonder idly how many zero-day exploits have been discovered by the bad guys and are being kept in the bank waiting for April. Are we going to see a sudden explosion of exploits mid next year, as everyone makes their move in the knowledge that security updates won't be forthcoming?

Re:Too Bad

[Tarlus]

But Adobe won't.

Ummm, why should it not?

It's not like bugs are unheard of and are impossible to fix in software.

The OS still works fine.

Microsoft needs to decide whether they are going to let XP go public domain, as per contract on copyright, or to continue to support it.

After all, if they stop supporting it, can I get my money back? No? Why? "Because you've had use of the software"? Well, they've had use of my money, so we're all square on that count.

Re:Ummm, why should it not?

Microsoft needs to decide whether they are going to let XP go public domain, as per contract on copyright, or to continue to support it.

You have a hilariously mistaken idea of how copyrights work.

Re:Ummm, why should it not?

[cant_get_a_good_nick]

How many bugs are in Windows XP? You don't know, no one knows. Someone needs to do work to figure that out. Some geek needs to spend time to figure out the attack surface and see what breaks. How do you fix it? A harder question, how do you fix it without causing more problems? I've got nearly 15 years of code and machines that support XP. If you don't test, and this breaks, i'm going to be angry at Microsoft. Oh, and this is a Zero day. So I need to be FAST and RIGHT. That doesn't come cheap.

Are you going to pay for that? Are you going to pay for the geeks to fix the holes? If they don't get money, they can get money by selling these exploits to others. Are you going to pay for the matrix of testing? Think of the millions of different PCs there are. Any code change costs hundreds of thousands of dollars to test. You don't get that for free.

A bug by definition is a problem. If you admit there are bugs, you are, in effect, admitting that the OS does not work fine. You just have expectations that they will be fixed before they bite you. Either that, or maybe there's some acceptable level of infestation you're good with on your computer. That may be fine, but don't expect all other users to have the same level of comfort with it.

I don't get that last comment. If you have an old car, and the engine wears out after 10 years, you don't get the money back from GM. You either pay for the repair, or you ride the bus.

Re:Ummm, why should it not?

It's not like bugs are unheard of and are impossible to fix in software.

The OS still works fine.

The reason Vista was such a huge rewrite is because Windows XP's codebase is such a pile of spaghetti and outdated kludges/workarounds/and digital duct tape. Want to install it from a USB stick? Not without a third party app. Want to install raid drivers during initial setup? Hope you still have a floppy drive or nLite.

Microsoft needs to decide whether they are going to let XP go public domain, as per contract on copyright, or to continue to support it.

Unless you've been living under a rock for the past year or more, they HAVE decided what they're doing with it. On April 8, 2014, the update and activation servers are going dark. That's it. Game over. The End. They're NOT releasing a patch to disable activation and they're NOT releasing another service pack or update pack. You won't be able to do a fresh install without cracking the activation and you won't be able to get the 150 or so updates since SP3 without using a third party update pack. Do not pass GO, do not collect $200.

I doubt we'll go through the same thing with people hanging on to Vista for dear life on April 11, 2017 but I can already hear the same whining for Win 7 on January 14, 2020.

Re:Ummm, why should it not?

[LinuxIsGarbage]

Unless you've been living under a rock for the past year or more, they HAVE decided what they're doing with it. On April 8, 2014, the update and activation servers are going dark. That's it. Game over. The End. They're NOT releasing a patch to disable activation and they're NOT releasing another service pack or update pack. You won't be able to do a fresh install without cracking the activation and you won't be able to get the 150 or so updates since SP3 without using a third party update pack. Do not pass GO, do not collect $200.

I doubt we'll go through the same thing with people hanging on to Vista for dear life on April 11, 2017 but I can already hear the same whining for Win 7 on January 14, 2020.

I have heard nothing indicating that they are planning on shutting down activation servers. This (recent) article agrees http://www.windowsobserver.com/2013/09/17/will-microsoft-turn-off-the-windows-xp-activations-servers-after-official-support-ends-in-april-2014/

After XP End Of Support, Windows XP will remain on MSDN and TechNet for customers who still need to activate and re-activate XP (there aren’t new retail copies). We don’t have a date to share around when activation will be shut off, but it will be on for the foreseeable future.

As a precedent, Microsoft released a "sunset" version of Money Plus when they shut down activation servers for it. Adobe did similar for CS2.
http://www.microsoft.com/en-ca/download/details.aspx?id=20738

When usage rates drop below 1-5% they'd probably consider sunsetting activation. Right now XP has between 10-25%.

You will be able to get all updates to date, but they won't release new ones. As a precedent, last time I tried you could update Windows 98 to July 2006 state (when support for Windows 98 was stopped).

Wait until May 2014

I'm quite surprised they didn't wait until May 2014 to start exploiting this, i imagine there will be a flood of zero days the very next day after microsoft stops supporting XP.
I just hope the multi-billion euro company i work for finally gets round to upgrading by then.
Windows xp, adobe acrobat 5 & 8, IE 8 and the oldest (barely) working laser printers left in britain...great place.

Alternatives to Flash?

[tepples]

Never have an adobe product installed in the first place - solved.

So other than Flash or Edge Animate, what's a good program for creating vector animations?

Re:Alternatives to Flash?

notepad

Re:Alternatives to Flash?

[ArbitraryName]

Synfig.

Re:Alternatives to Flash?

Export to video and upload to YouTube

Re:Alternatives to Flash?

burma shave

Re:Alternatives to Flash?

[AReilly]

HTML5/WebGL/etc not doing it for you? They say it's all the rage.

Personally, I prefer X11R5 or DisplayPostscript, but these wheels have to be re-invented every so often, in case "round" stops being the right answer...

Re:Alternatives to Flash?

Those are specifications, not vector animation software. Your comment is like telling someone who wants a recommendation for a video editor to go use h.264.

Re:Alternatives to Flash?

Logo has been out for a long time now.

Re:Alternatives to Flash?

[tepples]

HTML5/WebGL/etc not doing it for you?

So what graphical editor that exports to HTML5/WebGL is any good? In other words, SWF is to Adobe Flash as HTML5/WebGL is to what non-Adobe product?

Re:Alternatives to Flash?

[noh8rz10]

i do all my graphic layout in ppt. they have vectors and shapes too. also, cool animations.

Re:Alternatives to Flash?

[philip.paradis]

Flash is on its last legs. You need to start moving to HTML5 based solutions. A Google query for "HTML5 animation editor" will yield a wealth of options.

Re:Alternatives to Flash?

Shift key broken?

Re:Alternatives to Flash?

[squiggleslash]

The geekworld keeps claiming that. And yet turn Flash off, and your browser seems to be unable to watch 75% of the videos out there, including 75% of what's on Youtube after you've gone to youtube.com/html5 and "turned on" the amazing innovative feature of using your browser's built-in video player (WTF Google? Why is this not default? You know HTML5 contains backward compatible fall-back options, right?)

I predict that in two years time Flash will still be installed on almost every desktop and still be used on a regular basis by most desktop users.

Re:Alternatives to Flash?

[tepples]

And yet turn Flash off, and your browser seems to be unable to watch 75% of the videos out there, including 75% of what's on Youtube after you've gone to youtube.com/html5

Probably because a video's uploader or copyright claimant wants to block viewing on devices that cannot securely present advertisements to the viewer. It's the same reason you get "Not available on mobile".

WTF Google? Why is this not default? You know HTML5 contains backward compatible fall-back options, right?

Probably because some browsers claim to support HTML5 video but then end up having a defective implementation.

Re:Alternatives to Flash?

[Desty]

Depends what you're trying to do. What about Inkscape and Blender?

Re:Alternatives to Flash?

[tepples]

Depends what you're trying to do.

Let's take French Erotic Birthday and We Drink Ritalin and Badgers as a baseline. Or probably Smash Bros. Murder.

Does Inkscape do animation, or is it only for stills?

Re:Alternatives to Flash?

[Black+LED]

Tepples, Try Synfig. I saw it mentioned here and gave a quick test. It might be what you are after.

Re:Alternatives to Flash?

[Black+LED]

Inkscape doesn't handle animation, but it is quite a good piece of software. I like it more than the commercial stuff that is out there. That said, you can always design in Inkscape and pull your SVGs into something else for animation. I primarily work with 3D engines and modeling, so I haven't had the need.

Re:Alternatives to Flash?

[philip.paradis]

The GP asked about vector animation, not embedded video. These are different things; you can make videos of vector animations, but you can also have vector animations presented and controlled as fully accessible trees of objects in the DOM. Why are you talking about videos?

It's worth noting the GP's response to your post is quite accurate, however.

Upgrade would be unwise

Upgrading or patching XP would be unwise at this stage because any update would probably be accompanied by subtle cripple-ware.
Simple solution: uninstall Adobe fatgware and install SumatraPDF instead. Also results in a much improved PDF experience.

Gosh....

[hazeii]

Oh, I see, a ramping-up of press releases about 'exploits' against XP prior to the cut-off date.

Didn't see that coming.

Re:Gosh....

Oh, I see, a ramping-up of press releases about 'exploits' against XP prior to the cut-off date.

Didn't see that coming.

Yes. We have a winner.
Headline = XP is totally insecure now! Scare! XP ZERO DAY!!!

Actual problem = Adobe Reader has a zero day.

Thank you slashdot, your shill status is affirmed.
: (

Re:Gosh....

[Billly+Gates]

Yeah it is the press releases THATS IT.

XP never had any security issues and I do not want to change and I am familiar with it so it must be the press releases.

Re:Gosh....

[Gavagai80]

Ramping up? There's been news about an XP exploit every week since XP was released in 2001.

Useless exploit, just gives admin to a local user.

[ReekRend]

Per TFA, this exploit is dumb and unconcerning. It just lets a standard user perform admin operations, no remote exploit of any kind. There have always been many ways for a standard user to get admin on any OS, the most trivial being physical access.

Linux

of course Linux will fit in there...

Re-buying peripherals

[tepples]

A lot of companies own multi-thousand-dollar PC peripherals with no NT 6 (Windows Vista/7/8) driver, and the peripheral's manufacturer has either gone out of business or deliberately chosen not to make new drivers for old but still working hardware. When companies have to re-buy expensive peripherals, the manufacturer makes more money.

Re:Useless exploit, just gives admin to a local us

[Joe_Dragon]

so all you need to due is use this to install that remote exploit app.

Would be funny if the attacker could

[future+assassin]

wipe windows and install Linux on the machine.

Re:Would be funny if the attacker could

[DMJC]

All they need to do to make this happen is find a memory point in windows, where Linux can be injected so it overwrites the kernel and boots linux after enough of the root filesystem has been written to disk. I'm surprised noone has tried to do this before.

Re:Would be funny if the attacker could

[Geizh]

This would be devastating to Linux's reputation.

Re:Would be funny if the attacker could

[jones_supa]

I'm surprised noone has tried to do this before.

It might be possible, but it's probably extremely tricky to get it work just right.

Re:Would be funny if the attacker could

That's actually pretty easy to do. You can replace the Windows boot loader with GRUB and make it boot a file container with a Linux distro in it.

Headline: Be afraid

Article: Yea if you have this combination of software and are running a 12 year old OS...

beta.slashdot.org

[BringsApples]

Man, I guess they were testing or something, but for a while, "slashdot.org" was redirecting to "beta.slashdot.org". All I could really make out was this "New Windows XP Zero-Day Under Attack" Headline and thought that something was wrong with either my PC or the site.

But maan that new layout sucks balls. I hope they don't go through with it.

Re:beta.slashdot.org

[BringsApples]

That link isn't what I meant to link to. It was supposed to go to http://beta.slashdot.org./

Re:beta.slashdot.org

[drinkypoo]

They probably will. That's strikingly like the shitty, unfeatured mobile interface.

Re:beta.slashdot.org

[jones_supa]

It's funny how the mobile interface is significantly more heavyweight and clunkier to use than the desktop version.

Re:beta.slashdot.org

[Reziac]

Only way I've found to make the 'new' beta interface readable is to turn off CSS entirely. Puts it back to 1998, but at least then I can see everything, and don't have to adjust the fucking font for EVERY SINGLE PAGE (for some reason it doesn't stick otherwise).

Bloat

[tepples]

Export

Export from what, if not Flash?

to video

I tried that. The encoded video was 10 times bigger than the SWF, which counts against the viewer's monthly download cap, and had no means for interactivity.

Re:Bloat

[khellendros1984]

Then again, Youtube videos play on more devices than Flash animations do and don't require installation of a plugin of waning relevance. Mobile devices, which tend to have a more restricting bandwidth cap than most users' home Internet connection, would also be the least likely to be able to play the animation in swf form. The answer of which one is better would really depend on your audience, I suppose, but Flash is becoming more and more of a niche filler instead of a first choice for content delivery.

Re:Bloat

[tepples]

Youtube videos play on more devices than Flash animations do

Not always. I often get "The content owner has not made this video available on mobile" on my Nexus 7.

and don't require installation of a plugin of waning relevance.

Nor do they offer the slightest bit of interactivity. What's the multi-platform successor to Flash games?

Mobile devices, which tend to have a more restricting bandwidth cap than most users' home Internet connection

Except for PC users on satellite Internet. Besides, let me repeat this the third time: Even if one plans to export the animations to YouTube, in which non-Adobe program should one create them in the first place?

Re:Bloat

[khellendros1984]

Not always. I often get "The content owner has not made this video available on mobile" on my Nexus 7.

You know what you never see on your Nexus 7? Flash. Well....unless you don't upgrade to Kitkat, track down the apk and install it manually. That's not going to be a very popular option.

Nor do they offer the slightest bit of interactivity. What's the multi-platform successor to Flash games?

In spirit? Phones and mobile, produced using multi-platform game engines. I see people passing around goofy phone apps the way that they used to pass around goofy Flash games. As the closest-related technology? HTML5.

Except for PC users on satellite Internet.

Again, like I said, it depends on your audience. Honestly, I've never met anyone with satellite internet. Still, HughesNet seems to offer some plans with some decent caps at decent prices (given what the service is).

Even if one plans to export the animations to YouTube, in which non-Adobe program should one create them in the first place?

Why would it have to be a non-Adobe program to create the animation? My problem's more with Flash/SWF than Adobe products. Edge produces HTML5 content, and is the Adobe product that's meant to succeed Flash. If you'd rather ditch Adobe products completely, from what I understand, there are alternatives.

Re:Bloat

[tepples]

In this post, Anonymous Coward wrote:

Never have an adobe product installed in the first place - solved.

In this post, khellendros1984 wrote:

Why would it have to be a non-Adobe program to create the animation?

Because the point of this exercise was to test the plausibility of Anonymous Coward's stipulation of an Adobe-free world.

If you'd rather ditch Adobe products completely, from what I understand

The first article recommends Synfig. The second article recommends an Adobe product, which doesn't count. The third article recommends Hype and MotionComposer, both of which require switching to a Mac. So, Synfig.

Re:Bloat

[Black+LED]

That may be so, but it still doesn't solve the question of which software he should use to design and export the animation from in the first place.

Re:Bloat

[khellendros1984]

Do you know how I know you didn't read the whole thread? The discussion between Tepples and myself went on after the post you replied to.

Re:Bloat

[Black+LED]

Yes, I did read the entire thread and saw you wildly diverging from the question he asked.

Re:Bloat

[khellendros1984]

The discussion shifted. They tend to do that. I was always responding to at least a portion of Tepples' previous post (usually, whichever part seemed more interesting to talk about at the time).

Re:Useless exploit, just gives admin to a local us

[phantomfive]

Truly remote exploits are getting rarer and rarer. These days it usually takes two (or more) exploits, an exploit to become a local user, and a permission escalation exploit to become admin.

M$ evil plan?

Has anyone else considered that M$, in their desire to get all the XP users to buy a new version of Windows, may continue the illegal and immoral tactics they started with oh so many years ago? I remember when they encrypted the part of Windows that caused false message to disparage competing software. It wouldn't surprise me in the slightest if they expose (or even plant) some exploits and then release them to the wild after they drop support, and follow it up by more relentless FUD. They are, in my opinion, an evil company.

Re:M$ evil plan?

They'd get sued into oblivion by their core buisness customers. Don't forget this is America we're talking about here.

Re:M$ evil plan?

[Barlo_Mung_42]

No, that would be stupid. Why do you conspiracy types always take the easy route? If they stop supporting XP and the best and brightest malware creators suddenly can't find any holes to exploit would be a more compelling conspiracy. That would mean MS has been doing it all along just to maintain an entire industry dedicated to fixing them (not to mention under the table kickbacks from the virus writers guild).

Obviously MS isn't going to patch the *last* hole on the day they cut support. So your conspiracy is self fulfilling and lazy.
Try harder. I hear BG is interested in space travel. I'm sure you can find some alien connection there or something more interesting than this.

Re:M$ evil plan?

[Patch86]

Headline: "Millions of Microsoft Windows XP users vulnerable to thieves and hackers!"
Headline: "Hospital equipment and industrial control units running older Microsoft software vulnerable to cyber terrorists!"
Headline: "Microsoft users victim of massive organised attack, company does nothing to help!"

Even if Microsoft's position is justified (and considering that they've been supporting the OS for 13+ years, I tend to think it is), there's no way their reputation comes out well from any of those stories. All people hear is "Microsoft software is unsafe". Hell, many (most?) users probably don't even realise what an OS is. My mum certainly didn't- when I asked her a few years ago how she was getting on with her new Windows 7 laptop after years of using XP, the response I got was "Do you mean something was different?".

Re:M$ evil plan?

[Reziac]

My question is... if only a small percentage of users are still running WinXP, and largely because they can't afford to upgrade, what makes them an attractive target? They're less likely to have a nice fat pipe to exploit, either.

When did you last see an exploit aimed at Win98, hmmm??

Re:M$ evil plan?

[Patch86]

To a given value of "small percentage". StatCounter tells me that XP is still ~20% of web users putting it in the #2 slot; that's more than Win8, more than Mac, more than any of the Mobile OSs. And more than Windows 98, for the record.

And if you think XP usage correlates with poverty, I suspect I can find a stronger one- I suspect it correlates very strongly (and negatively) with computer literacy. People on XP will be people who aren't very web savvy, wouldn't know a virus if it bit them on the crotch, and are probably more prone to social engineering scams ("You''re infected with a virus! Click here and enter your credit card details to fix it!"). I'm thinking botnet heaven.

And do you know what else it will correlate with? Very expensive equipment. XP is notoriously entrenched in industrial control equipment, and in medical equipment. And that's areas where you aren't going to just buy a new one because the software is old.

Re:M$ evil plan?

[Reziac]

My observation is that it goes the other way -- computer literacy tends to go along with older OSs, while the gotta-upgrade auto-update crowd usually knows the least. Your clients may vary. :)

I knew someone who was still hoarding XT motherboards as late as 1995, because their workplace's very expensive industrial machinery ran off XTs and wouldn't speak to anything newer. So, yeah, that's a problem. But I wouldn't think these constrained setups are usually open to the whole world, maybe not even connected at all.

Re:Useless exploit, just gives admin to a local us

I don't know if you're joking, I suspect you are, but for the benefit of the following readers I'll explain.

Here's how it works. User is tricked into accessing an infected pdf which contains code to elevate the user's privileges. the infected document's code downloads further exploits to root-kit the box. Right now the exploit is in a pdf, but infected websites are sure to follow.
If it's out there, and it has a picture of a puppy (or, in the USA, the word "free"), some user will click on it.

If you read the TFA, then you know it also is a Server 2003 bug as well.
Privilege elevation exploits are a nightmare for Terminal Server and Citrix boxes because it is a conduit for installing tools (using the admin rights) to grab other users' credentials and to continue from there to own the entire environment.

Server 2003 as well

Did the submitter RTFA, or just submit as soon as (s)he saw the words "XP exploit" somewhere?

It's not mentioned, in the Slashdot article, but it's also a Server 2003 bug.
https://technet.microsoft.com/en-us/security/advisory/2914486
This means Server 2003 Terminal Servers and Citrix boxes.

Re:beta.slashdot.org crummy web sites

The beta looks like digg or tekzilla. I quit them because they're a swift pain to navigate.

Hey people, there's a reason the drudge report gets a billion hits a month.

You're a fucking moron.

that's only got a 30Gb hard disk in it

Perfectly good hardware.

Right.

Sorry, I just had this conversation with a plebian friend who was impressed by my spare hardware from 2006.

No, youre 30Gb hard disk system is not "perfectly good" hardware.

In a little over a month, it'll be 2014.

What the fuck are you thinking? How fucking archaic is your shit hardware that you have a 30GB drive? On what fucking planet do you believe your ancient, dust-covered shit is "perfectly good"?

It fucking isn't. It isn't even fucking good for a modern Linux distribution, so stow your "LOL IS PELL MICROSOFT WITH A DOLLAR SIGN LOLOLOL" faggotry.

Killed Windows Update for XP long ago

I have been waiting for Microsoft to issue a poison pill update to XP in order to kill off the XP code-base and force users to buy ($$$) 7 or something else OS Microsoft.

Here it is!

7 is a worse bitch than XP for sure!

I do not own 7 or any thing other than XP Microsoft and for good reason and my XP is sandboxed so as not to have any hope of infecting any of the other machine I administer. !!!

I administer UNIX and I keep a 'Japan' MS XP laptop for my educational purposes. Snicker snicker.

QED

 

Steambox One

[tepples]

So games are your argument. For one thing, an Eee PC has the Intel "Graphics My Ass" integrated GPU that isn't really intended for heavyweight 3D gaming, and Wine runs a lot of the 2D games. For another, Wine isn't needed for any game that is ported to Linux, and once the Steambox One ships next year, video game publishers that want money will commission Linux ports.

Foxit is no longer what it used to be

Foxit has became yet another bloated PDF reader with craps you don't need, SumatraPDF FTW.

Re:Useless exploit, just gives admin to a local us

[ReekRend]

If you already have the ability to access a user account on a target machine, it has always been trivial to get root if that is the goal. ALWAYS. Even moreso with Windows. You glossed over "the infected document's code downloads further exploits", but that would actually be the exploit that matters. This is not that. Also if you've got regular users in your physical environment that are determined to hack permissions then you're screwed anyway.

Re:Useless exploit, just gives admin to a local us

[ReekRend]

What are you talking about? This exploit doesn't force any code to run, it *allows* a user, of their own intention, to get root. If you've got a user who's willing to install anything you want then the system is already screwed.

Too old, too late

XP is about to be thrown in the trash. It can no longer have such things as zero-day bugs. They are now end of life bugs.

Re:Useless exploit, just gives admin to a local us

[something_wicked_thi]

No, it is not trivial to go from a non-root user to a root user, at least in a properly secured system. That requires local root exploits such as these. This is the whole basis for running daemons as non-privileged users. Even if Apache has an exploit, if it's running as a dedicated, non-privileged user, you can't get root on the system.

Local root exploits are serious, though obviously not as serious as a remote remote exploit. It's also true that they are usually easy to come by on unpatched systems. But your claim that it's trivial to go from a non-privileged user to a privileged one is incorrect.

Your ideas about security are wrong, and you are missing the first rule of holes: when you find yourself in one, stop digging.

windows XP?

what's that? I grew up with Windows 7 and 8.

Backdoor like bugs

With Windows, it's amazing how many years backdoor like bugs exist before being patched.

Re:Backdoor like bugs

[Elbart]

Can't fix the backdoors the NSA is still using.

Plug-ins

[tepples]

You know what you never see on your Nexus 7? Flash. Well....unless you don't upgrade to Kitkat, track down the apk and install it manually.

What changed in 4.4, other than Android Browser dropping plug-in support? Nexus 7 never had Android Browser anyway, and I was under the impression that Dolphin and Firefox still supported Flash Player as long as the apk was installed. I don't have my Nexus 7 with me right now to test though.

In spirit? Phones and mobile, produced using multi-platform game engines.

So how should hobbyist game development continue in the era of requiring a particular desktop platform $99 per platform per year store fees (source: Apple and Microsoft web sites)? You need a Mac, an iPod touch, and a $99 per year subscription to develop for iOS; you need a Windows PC, a Windows Phone device, and a 24-month service contract (there's no Windows Pod touch) to develop for Windows Phone.

Re:Plug-ins

[khellendros1984]

What changed in 4.4, other than Android Browser dropping plug-in support?

Apparently, Google removed some deprecated APIs; I'm not sure of the details. There is someone who released a modified version of Flash yesterday that will work in the Dolphin Jetpack browser (link), so saying that you "can't" use flash on a newer device is no longer strictly true. Saying that it's completely "unsupported" (both by Google and Adobe) seems to be accurate, though.

So how should hobbyist game development continue in the era of...

"Hobbyist" development never meant "free" development. You've always had to buy the computer, keep it fairly up-to-date, buy your development environment (unless you worked in something with a free compiler/interpreter), etc. A hobbyist is more likely to work with what they have (since, yes, they're more likely to want to minimize costs). For instance, someone without a cellphone (or uninterested in mobile development) might start playing with WebGL and HTML5 for a desktop's browser (or work in a compiled language, like I do).
Android has the lowest barrier to entry to develop at the hobby level, with free, multi-platform tools, including a system emulator and non-cell devices of various descriptions and price points.
Apple provides free development tools, as long as you're not planning on releasing to the App Store. A hobbyist can develop on their own device. Of course, that requires either a Mac or the knowhow (and disregard of EULAs) to set up an OSX VM.
For Windows Phone, Microsoft offers AT&T and T-Mobile phones with no contract. Microsoft also provides a phone emulator in the development kit. Of course, you'd need a copy of Windows in the first place, and apparently Microsoft wants you to pay a subscription to even be able to transfer the app to a physical device. Then again, Adobe software has always needed a Windows or MacOS system to run on, anyhow.

So, Android seems like the cheapest solution. If I were a wannabe mobile app developer starting with nothing, I'd buy a cheap PC, a cheap Android tablet or personal video device (OK, so just the cheapest that should be able to run what I want to write), and work from there.

Re:Plug-ins

[tepples]

buy your development environment (unless you worked in something with a free compiler/interpreter)

By the time I learned C, the DJGPP distribution of GCC for MS-DOS had become available. So yes, I feel entitled to a platform that allows someone to port an existing Free development environment. Windows Phone, iOS, and the consoles do not.

Apple provides free development tools, as long as you're not planning on releasing to the App Store.

This is true of development of OS X applications, not of development of iOS applications. At last check, Apple "wants you to pay a subscription to even be able to transfer the app to a physical device." Running a program that you compiled on an iOS device that you own costs $99 per year.

A hobbyist can develop on their own device.

This is true of OS X, not of iOS, unless you're referring to Codea or Pythonista or the like.

Re:Upate to the most current...

[vandamme]

Linux Mint. 3 problems...maybe more... solved.

They could fix it, but grandma wouldn't like it

[atomicxblue]

Ever notice how all this malware tries to run in kernel mode? Seems to me that if installing software were password protected it would fix this; Not the type that pops up a window that most people tend to ignore and just click it to get off the screen as fast as possible. People won't like being forced to put in their password to install that latest game, though.

easy end to the melodrama

[cundare]

Just update Reader to the latest build & keep using XP, problem solved, according to the article.

News article with a purpose...

[Trax3001BBS]

I see this as MS scare tactics to get people to update from XP, XP is bad, XP must not be used.

Last month I started getting hit by none Genuine Win7 alerts, then I lost my Internet, yet everything was fine.
I'd load Mint and had Internet access. Install another Win7 and the same thing, My IP is marked.

Not sure what gave me away, a new ASUS modem, Google being my DNS or Comodo which downloaded a ton of stuff
before I noticed and put a halt to it; or any number of MS collaborators.

This is just a BS item, proper hex and your ok. Hirens boot cd with MiniXP is now public domain MS has given up on XP.

Re:News article with a purpose...

[Trax3001BBS]

or Comodo which downloaded a ton of stuff
before I noticed and put a halt to it;

I should note download is what I did, they uploaded it to me, not that they grabbed any data from me.
Just wanted to set that straight.