Tuesday, April 29, 2014

What can Windows XP users do to get out of the monthly security Hell they are in?

Microsoft's "Patch Tuesday" - releasing all security updates on one day each month - was needed so that IT organizations could manage the patching process.  It let them spend one day a month updating things rather than 10 days a month doing it, and so operationally, it was a Very Good Thing Indeed.

The problem is that security is a game of action leading to reaction.  A good defense will challenge the offense to up their game.  We've seen this, that "Patch Tuesday" has led to "Hack Wednesday" the following day as new exploits are unleashed to maximize the time until Microsoft patches their software.

We're seeing this continue, and expect it will continue because of institutional forces (IT likes Patch Tuesday and won't want to change).  The problem for Windows XP users is that each month will see a new round of Hack Wednesday exploits added to the old Hack Wednesday exploits.  Assuming 3-4 critical vulnerabilities each month, in a year XP users will have fifty critical vulnerabilities for which there will never be patches, and for which there are known exploits circulating.

You may as well just give your credit card numbers to the Bad Guys now and get it all over with.

So what can XP users do?  As it turns out, Tin Can Assassin has blazed the trail for you.  Starting from more or less no knowledge, he's become a Linux Padawan.  His is a journey described from a beginner's perspective.  Go take a look.

UPDATE 29 April 2014 14:51: Tin Can Assassin has an updated post on his Linux experiences.  Worth a read.


Old NFO said...

MAC... Seriously... Don't give Microcrap another penny.

Ratus said...

It's not scraggly.


TinCan Assassin said...

That. Is. Awesome!

I'm going to have to scrounge up an internets for that one, Ratus.