F-Secure Points Angry Finger at Microsoft, Wants Windows XP to Die Already

36

Comments

+ Add a Comment
avatar

pheight

So how's this for an idea? Why not just open-source the code and make everyone happy? 9.9

avatar

Bullwinkle J Moose

It cannot be done

You are not allowed to see how the Government Spyware Operation works

XP needs to be killed to prevent the sheep from bypassing Government surveillance because XP was created before Windows was turned into a Spyware Platform and certain versions can be secured from Government attacks if you know what you are doing

This is why the 90-day "Trial" copies of Windows 8 and 8.1 can still be Installed, activated and updated without actually paying for Windows 8

Microsoft and the U.S. Government would rather let you to run a free copy of the newer Spyware Platforms and let you simply restore an unactivated backup every 90 day (or more with rearm feature) so that you will use the spyware platform instead of letting you secure your own computer with secure copies of XP without the activation malware

Adding SP3 turns secure copies into basically an "Alpha" version of future Windows Spyware Platforms

Vista was essentially a "Beta" version, and the first real Spyware Platform was Windows 7

Installing earlier versions of Security Essentials would create a backdoor to bypass the Windows firewall in XP and update the software just fine even though it was blocked in the firewall

SP3 also backdoors secure versions of XP

YOU ARE NOT ALLOWED TO USE A SECURE OS IN ANY COUNTRY!
(Free or otherwise)

If you refuse to be spied upon, then you are a suspect to be spied upon!

See how that works?

You are not allowed to spy on those who spy on you or you are a Criminal

You may not control "their" future the way they control yours or you are a Criminal

You are not allowed to game the system and make the Laws up as you go as they are doing or "You" are a Criminal

You are not allowed to make their crimes public or "You" are a Criminal

So, in the Interests of National Security, (theirs / not yours) do as they say without question and go fight and die in the wars they create to defend their right to keep what they have already stolen from you and all those who came before you

Be a good little slave and remember.....
OPEN SOURCE IS EVIL and must be destroyed for the good of your Dictators!

They killed the Kings, overthrew the Kingdoms and destroyed Empires so they could act as thousands of Kings from behind the scenes, thinking that we would never find them, but blindly follow them to "Our" demise (Not theirs)

How Ironic!

I feel so guilty for not blindly following them to my death....
I'd better go to Church and confess my sins to those who would never confess their's to me

avatar

NSain

everybody keeps talking about the hardware costs. Don't forget that there are plenty of companies that use specialized software that might not be able to run on anything newer than xp. so besides the cost of new hardware that might be needed, don't forget to calculate the cost of rewriting software to work on newer operating systems.

avatar

RichardM333

I use a Duplus DUP-35 Hard Drive Power Switch / Selector sold at Sidewinder Computers for $26.99. The switch fits in a 3.5" bay. I have XP on one drive for older software and Windows 7 on the other drive.

avatar

TheRyGuy

"F-Secure isn't real pleased with Microsoft's handling of XP", as opposed to "fake please"? Adverbs, my friend. Adverbs.

avatar

PCWolf

Most Single Core XP Machines cannot be upgraded & must be discarded. If F-Secure wants XP gone that Badly, it should offer to pay for the replacement of all those XP machines they want gone.

avatar

bpstone

Depending on company, migration may make financial sense. It may not be practical for some small businesses. Those who can afford it should. This is especially true when these systems are handling their clienteles' highly sensitive information.

avatar

bpstone

These companies who still use XP are costing themselves in the long run. Those who purchased additional support are buying temporary time. Outdated software allows malicious individuals to take advantage of holes into their system. An updated security suite is only good as the known malware definitions it has. All security is in layers regardless which OS is being used: BSD, Linux, OS X, UNIX, Windows and et cetera. Thankfully some of the tedious tasks can be and or are automated. Software cannot fix human stupidity. A website admin can infect a company’s user base by failing to put in place the necessary security measures as well as continually maintain it; such as requesting the latest updates and penetration testing. There are a few unnamed I can think of who have chosen to switch over to Red Hat. A smart choice in my opinion.

avatar

Renegade Knight

I don't see how they are costing themselves. If the tool works and works well. Keep using it. Spend your money on things that matter more. It's that simple.

avatar

maxeeemum

F-Secure ........... aaaahh? ............ F-Secure ........ Who? ....... Is this news???

avatar

Ghost XFX

So, F-Secure gave MS the Evil Monkey treatment...

It's whatever, I suppose. Some of the biggest companies in the country are still using XP.

avatar

ram1220

There are other AV solutions out there that are still supporting XP. Some even free. No thank you Mr. F Secure.

avatar

boidsonly

How dare us users not make their job any easier - the nerve of us.

I like my XP machine; it gets used as a gaming machine.

avatar

Bullwinkle J Moose

I'm giving F-Secure's chief security researcher Mikko Hypponen 48 hours to prove XP is insecure!

My banking details are once again on my desktop

I am running SP2 without ANY Microsoft Critical Updates

All I have for security is an aftermarket firewall, a free antivirus (NOT F-Secure) Malwarebytes Anti-Exploit and Driveshield

If you can post my banking details at this site or link to them in the next 48 hours, YOU WIN!

You can hire, bribe or blackmail as many Russian Hackers, Israeli Hackers, NSA Hackers or Chinese Military Hackers as needed to get these banking details AND you have my permission to do so!

But when you fail, lets publicly discuss why you really want XP dead shall we?

We can start by examining who it really was that sporked the BIOS on so many computers right at the factory

Let's all join in a refresher of what transpired and what these criminals are now telling us

http://arstechnica.com/security/2013/10/meet-badbios-the-mysterious-mac-and-pc-malware-that-jumps-airgaps/

http://www.theregister.co.uk/2011/09/14/bios_rootkit_discovered/

http://www.darkreading.com/vulnerabilities---threats/bios-bummer-new-malware-can-bypass-bios-security/d/d-id/1139823?

http://www.informationweek.com/government/cybersecurity/nsas-malware-heroics-questioned-by-security-experts/d/d-id/1113108

and finally, from the NSA >

http://resources.infosecinstitute.com/nsa-bios-backdoor-god-mode-malware-deitybounce/

YES, these articles are all related and I DO HAVE THE UNEDITED Video showing the kill switch in operation on an INTEL Motherboard!

XP and LINUX are prevented from booting OR installing with the sporked BIOS but Windows 7 and 8 boot and install just fine!

Now tell me again how it was those Evil Chinese Hackers that want us all to run Spyware Platform 7 & 8 when you morons start a war to keep what you have already stolen

We're listening!

Well.......I am anyway!

CMON now, I'm not even running this XP box as admin so it should be easy, right?

Any other lying cheating criminals wanna play?

The clock is ticking.....

Prove that my XP box is insecure or shut the hell up already

avatar

MrHasselblad

If you were able to post a valid contract with (also) valid identifying information (including, but not limited to) your ip address and all...

Then we'll talk, and I personally assure you that I personally know someone easily capable of getting through.

Plus one seems to be forgetting, not only are you limiting yourself with a trivial outdated operating system, but also a very limited software *type of firewall*. It's not like it is a REAL firewall such as a Barracuda or better.

Also, if one is so sure that nobody can get through, also post if to more publicly viewable websites; even ones such as Facebook. Why not also present the offer to groups such as Hak5, capable of hacking you within seconds - and not 48 hours

avatar

Bullwinkle J Moose

The NSA have my IP address and other identifying info as well as other groups listed in my post

If I were limiting myself with a trivial outdated operating system and a very limited software *type of firewall*, these groups should already have my banking data

But they don't

Whats the holdup?
The clock is still ticking

Hak5 and any other group is welcome to try as the Seconds turn to hours

They can all find me if they are what they say they are, or what you "think" they are

avatar

LatiosXT

Why are you saying "come at me bro?" here? Why not go to a hacking group and say that?

Issuing a challenge to hack you in a website where hackers almost never visit (or care) is like issuing a racing challenge to a bunch of geriatric slugs.

So really, your words have no meaning here. Just more rabble to add to the pile.

avatar

bpstone

The majority of cyber criminals (aka Black Hats) are not interested in individuals. While illegal, it is a business. It makes no sense to target a single person. The only exception is if you happen to be high-profile.

avatar

MrHasselblad

@bpstone...

Please feel welcome to look up the definitions on different levels of hackers.

I've already hacked Google Chrom and been paid to do it - by Google. I've also done paid BlueHat. By definition on my resume I'm a GrayHat.

ALL of those items are completely legal; having nothing to do with being a cyber criminal.

Add to that... A majority of true cyber criminals are basically untraceable; using items *such as* TOR and a version of wireless that completely blocks them from being directly traced.

avatar

bpstone

You are going far off-topic. This article was never about legal hacking. I think everyone here knows I am talking about criminals. Aka = "also known as." Not: "only known as." If you knew anything at all about me, I fully know what the differences are. Your comment smells like a troll wrote it. Spam away. It does not bother me.

avatar

Bullwinkle J Moose

"Why are you saying "come at me bro?" here? Why not go to a hacking group and say that?"
------------------------------

Cool story Bro, but Not Relevant!

YOU or anyone else are free to notify whatever group you like so YES, they could read the challenge if "you" want them to

Besides, regardless of which groups I notify, you would just come back after 48 hours and complain that I missed the one group who could easily bypass my security, so notify them yourself

F-Secure can be notified as well if you believe they are not getting the message, and you still have 24 hours to notify them

Better Hurry though....
The clock is ticking!

avatar

LatiosXT

Okay, here you are http://tinyurl.com/ohukawd

avatar

Bullwinkle J Moose

yawn
banking details are still here
where's them hackers

avatar

LatiosXT

How about you run as an admin, open up IE8, and start going on every warez and phishing website you can think of.

Oh and disable the firewall, you won't need that.

avatar

EdgeTrigger

How about you disable your firewall and go there with IE on your Windows 8 garbage OS?

OK, I go to Warez sites more than once a week. I run XP sp3 (with firewall enabled) and browse with Opera. All is well, lets see been doing that for many years.

oh by the way, used to use Microsoft Security Essentials as my AV, but since they stop updating switch to AVG, lots of other options out there.

avatar

LatiosXT

I bet if I said I did all that, you wouldn't believe me anyway.

This is more of a jab at if you think your defenses are so secure, then go wade into dangerous territory yourself rather than say "come at me bro". In an unrelated but related example, I'm running my relatively high-end gaming rig (with an overclocked CPU) with a 450W PSU where the rest of the PC building world seems to always suggest 600W for a similar setup. So far it's worked beautifully.

avatar

EdgeTrigger

I wish all these businesses being strong armed into spending billions would consider Linux. Why not? Both ways are going to be costly, but with Linux your free from Microsoft. You may have to run emulators or what have you, but I think it can be done. Microsoft is a joke these days with their Windows 8 garbage interface and Xbox 1 no game trade in policy. They need to get back to giving the customer what they want or someone else with the chops will, like Google.

avatar

Nurface

@F-Secure's chief security researcher Mikko Hypponen Another security person blind to actual impact OS has on Manufacturing and Business Industries that rely on equipment(PLC & HMI) Imagine a business that has 1400 locations and has to upgrade every Manufacturing System due to Microsoft XP = Cost millions if not billions. Siemens and Rockwell along with other Manufacturing solutions would love to see those checks written.

avatar

spyderz343

Honestly I have seen what happens when we rely on these business to catch up. Currently my largest issues are on these unsecure manufacturing devices running their unpatched builds of xp that have been filled with virus's and malware. They beacon out, they telnet sweep, exfiltrate data and then some. If I could nuke all of those devices in one shot my network would be secure but the specific developers/manufactures say if I add av, patches or any type of lock down it breaks their devices. Many of these companies make specific plat forms with out any thought of security. I have had vpn requests for systems to be add with all ports open. really all ports, you don't know your ports or you cant limit the ports? this is whats killing security, lax programmers with no understand/care of security. That's why our systems are infected and that's why xp needs to be dropped and die.

avatar

MrHasselblad

If a business cannot afford a trivial upgrade since the dates that Microsoft XP was published in; and then up to present - then that business should not be in business.

Show us all the real numbers. Sure you mentioned fourteen hundred locations, but how many computers? Is it limited to just 1,400 total computers or significantly more.

Here's some interesting math...

1400 (locations) multiplied by $700 per computer. So imagine that one, with those types of purchasing numbers one cold get truly incredible discounts; so that $700 per computer buys an above average business computer - all with current operating system OPTIONS and all. Btw that multiplied number comes out to a total of $980,000 - nowhere near millions yet.

Or a bit more math...

Four thousand computers total (all brand new), still the significant mass purchase discount, all at five hundred a piece (still doable, especially for the average business) still comes out to exactly two million.

Again, if a business has fourteen hundred locations and cannot afford it, then the competition certainly could run with that one - and win at doing it

avatar

MAIZE1951

I don't think Microsoft can just turn off old Microsoft operating systems as F-Secure seems to want as that would open Microsoft up to an multitude of lawsuits, although they might be able to prevent the reinstallation of old operating systems by refusing to reactivate them.

avatar

Bucket_Monster

"Why didn't [businesses] take up to this two years ago? It's surprising how slow governments are and also large companies everywhere. [It's] going to take a while to get rid of this headache and I can't wait."

Yep, where's that money going to come from? Do you plan on paying for it? It's not like businesses can pull a rabbit out of their hat and upgrade their entire system (at least not all of them). I'm actually shocked this guy didn't even take into account the logistics or economics.

avatar

misterz100

The same way they upgraded to XP before? If anything its easier now, the technology has gotten easier and better with PCs for offices cheap and small for much more power than they used to have in the past, they had ample warning.

avatar

dbqfan

If Win8 wasn't such a joke maybe these companies would make the upgrade. Microsoft is trying to please the tablet crowd and is forgetting that business people use computers also. I still use WinXP on some of our computers and Win7 on the rest. Win8 in not in our future and never will be. Microsoft made a mistake by dropping the security updates for XP. They are trying to force us into switching to Win8.

avatar

misterz100

Windows XP was supported longer than any other OS. Why keep spending money on something 14 years old? I wouldn't even keep a car that long. You can easily stay with windows 7, nobody is forcing windows 8 on you, every-time an OS comes out its been this way.

avatar

LatiosXT

Why didn't businesses and governments take this up? Because it costs money. And as long as businesses and governments can still do their job with XP, they probably won't upgrade.

I don't mind if they still use XP as long as it's not for a security critical task and is exposed to the wild. If it gets the job done, it gets the job done and upgrading could make it worse.