Comment Limited user privilege escalation? Tell me how. (Score 1) 137
"You have to consider local, internal attacks..."
If you know of an attack that works against a Windows XP limited user, please mention it. It is likely it could be fixed without Microsoft's support.
"XP is dead. It's lifespan is over."
Software doesn't die. Are you saying that, after literally thousands of bug fixes, Microsoft had still not fixed all the vulnerabilities in Windows XP? That's certainly possible; Microsoft makes more money if there are vulnerabilities, since people pay full price for the next version of the operating sytstem.
"we had major difficulty getting drivers for things as simple as SATA controllers for it"
SATA add-on cards.
"If you have ANY significant number of XP machines, it's time to pay the pittance that an entirely new machine would cost"
That's not the problem. The real cost is in all the configuration and teaching people to use new computers. There are programs, lots of them, that don't run on Windows 7.
"And Windows 10 is expected to be free..."
I'm guessing that Windows 10 will be "free" because it will force a lock-in to Microsoft's methods.
"If you have a "network", especially a business one, of any description, you are negligent in sticking on XP now."
What is particularly vulnerable about XP on a network? We use a software firewall on each computer, Windows 7 or XP, and everyone operates as a limited user.
"You can't secure XP. ... there's no real thing as a limited user in XP because it's basically a cinch to demonstrate privilege escalation using any number of pieces of bog-standard software on XP..."
Look at this video of a "privilege escalation": Windows XP local privilege escalation. It's total nonsense. One of the comments: "When you try this without administrator rights you get an error: Access is denied."
If you know of an attack that works against a Windows XP limited user, please mention it. It is likely it could be fixed without Microsoft's support.
"XP is dead. It's lifespan is over."
Software doesn't die. Are you saying that, after literally thousands of bug fixes, Microsoft had still not fixed all the vulnerabilities in Windows XP? That's certainly possible; Microsoft makes more money if there are vulnerabilities, since people pay full price for the next version of the operating sytstem.
"we had major difficulty getting drivers for things as simple as SATA controllers for it"
SATA add-on cards.
"If you have ANY significant number of XP machines, it's time to pay the pittance that an entirely new machine would cost"
That's not the problem. The real cost is in all the configuration and teaching people to use new computers. There are programs, lots of them, that don't run on Windows 7.
"And Windows 10 is expected to be free..."
I'm guessing that Windows 10 will be "free" because it will force a lock-in to Microsoft's methods.
"If you have a "network", especially a business one, of any description, you are negligent in sticking on XP now."
What is particularly vulnerable about XP on a network? We use a software firewall on each computer, Windows 7 or XP, and everyone operates as a limited user.
"You can't secure XP.
Look at this video of a "privilege escalation": Windows XP local privilege escalation. It's total nonsense. One of the comments: "When you try this without administrator rights you get an error: Access is denied."