arent deprecated os safer?

[apoyusiken]

who would target windows xp?

[Levent]

Just because its old doesnt mean its obsolute. There are still PLC related stuff out there that runs XP.

[whispous]

A very common misconception about "having your computer hacked" is this idea that a person is targetting you/your machine specifically.

 

The reality is that automated systems across the world are collectively probing millions of endpoints per second without human guidance, looking for systems that are not secured against known exploits.

 

Every single hour of every single day, reachable systems are prodded by bots attempting to gain access - indiscriminately.

 

Your ancient, un-updated, unpatched OS is going to be infected in ways that antivirus software can't stop because fundamentally, the OS's newly found problems are simply not fixed.

[Needfuldoer]

Old software has known security exploits that aren't going to be patched, even if they were patched in later versions of "the same" software. It only gets "safer" when it's so obsolete that nothing modern can run on it anymore.

 

Mac OS 9 is immune from modern viruses because it's been dead for 23 years and doesn't have binary compatibility with modern OSes. At most it's an asymptomatic carrier that can pass viruses by sharing files. That doesn't make it safe by a long shot, because it doesn't support modern encryption. The best encryption it can muster can be broken by a modern computer in seconds.

 

There's still quite a bit of software out there that can run on XP, and a lot of known exploits against the latest patches to both the base OS and the frameworks commonly installed on it.

[Eviljuche]

In 2017 there was an attack that exploited Windows XP(also Vista's and 7's but those got fixed easily)'s newly found vulnerability and because half of the planet's ATMs and government systems and industrial machinery were running XP, it hit the planet so hard that Microsoft had to make a security update for it even though they dropped its support years ago.

 

Targeting deprecated systems is such a goldmine for hackers

 

https://en.wikipedia.org/wiki/WannaCry_ransomware_attack

[TudorFinalBosz]

If the OS is BASIC 2.0 running on Commodore 64, it's 100% safe.

 

[Lurking]

14 minutes ago, TudorFinalBosz said:

If the OS is BASIC 2.0 running on Commodore 64, it's 100% safe.

Bad example. Because that C64 is not running a modern auto shop. Do you know how much internet connection all the car manufacturer scanners and diagnosis tools need? Many tools also need internet. Any modern shop pays a lot of subscription fee to get access to all that and all that requires internet to connect to the car manufacturer (and supplier) specific servers. and this won't go away with EVs. and all the multimedia/self-driving features etc. 

 

in addition, a modern car shop has online booking system for customers, online sales, invoicing, payment and so on. Have yo been in the modern World lately? When my car is in the shop, I get a video sent to my phone the mechanic took to record what they found and what needs to be done. Show me how a C64 is doing that safely. 

 

If that one shop truly uses a C64, it isn't doing anything a MODERN shop does. It may work like in 1980 where you call the shop for an appointment and a secretary enters your data in the C64. and maybe it prints you a matrix-invoice. But that is all it does. Even if you work on classic cars only, you still need modern appointment, invoicing, payment, updating of information etc. 

 

That article is from 2016 and it was outdated then. Hence it was a special article. I'm sure someone made it work, but when C64 came out, no normal user had network anyway. But plenty of viruses existed regardless. It wasn't safe then, it isn't safe now. 

[OddOod]

6 hours ago, Levent said:

There are still PLC related stuff out there that runs XP.

Which is why threat actors are still developing novel attacks for them

 

6 hours ago, apoyusiken said:

who would target windows xp?

 You're kidding, right?
https://www.cybersecurity-help.cz/vdb/microsoft/windows/XP/

[Eigenvektor]

4 hours ago, apoyusiken said:

who would target windows xp?

The better question is: who is still running Windows XP?

 

As long as there are systems connected to the Internet that use XP, hackers/bots will try to exploit them. 

 

Even if you, as an individual, aren't interesting to hackers, their bots aren't going to discriminate.

 

Maybe the system contains information that could help exploit other systems. Maybe it'll simply be useful as another bot. In either case, any system that can be exploited will be exploited.

[David A. Tatum]

8 hours ago, Eigenvektor said:

The better question is: who is still running Windows XP?

 

A bit off topic, but the answer to that is:  Big tech conferences.  I can't find it right now, but there was a story a few months back about how a major tech conference (I think it was CES?  Something like that) was caught still using Windows XP to run its digital signage.

 

More on topic:  Those signs were not on the internet, however.  Windows XP or other deprecated operating systems are often vulnerable to the same things that Windows Vista, 7, 8, 8.1, 10, and 11 are vulnerable to... but they have none of the patches or other security features implemented to protect those later versions of Windows from those vulnerabilities.  It may be that hackers/malware authors aren't targeting XP specifically, but they have no reason to specifically exclude those deprecated Operating Systems from their malware, either.  That said, it's perfectly safe to use a deprecated operating system... as long as you don't connect it to the internet, and expose it to all of that malware that has been created using exploits that were discovered long after the last security update for it was released.

[Eigenvektor]

3 hours ago, David A. Tatum said:

A bit off topic, but the answer to that is:  Big tech conferences.

Have you never heard of a rhetoric question?

 

~edit: as I said above, any compromised machine is useful. Whether it provides access to vulnerable infrastructure, contains valuable information for further exploits or simply as yet another member in a botnet.