I should have been more specific about my question. I am not challenging the assumption that one needs to eliminate XP. My client is a small non-profit who relies on donated machines when they are available. The plan at this point is to use Terminal Services Sessions with Wyse thin clients and do all processing on the server. This allows me to maintain one OS and permits swapping Wyse terminals between users at will. The point at which this scheme breaks down is when a vendor insists that they will only accept connections from a browser runnng on Windows 7 or Windows 8. It is my impression that Windows 7 is a subset of Server 2008 and Windows 8 is a subset of Server 2012. I suspect that web programmers need to keep this in mind when they write code to accept or reject a connection based on browser and OS combination.
What I set out to do was find who or what controls what browser and operating system configurations are accepted for connection by the GFS.com site. The GFS technical people seem to have an inflated understanding of the role of the SSL certificate. Ultimately I need to help them correct that understanding. I suspect that inspection of their site code by someone who knows web programming would reveal what their criteria is. I have done very little with web programming. Can someone point me to a good starting point for this issue? Thanks, Joe On Wed, Jul 30, 2014 at 12:23 PM, Ken Dibble <[email protected]> wrote: > > This is happening today, every day. Even if you refuse to believe it. >> > > All of which is equally applicable to every other Windows OS, and is a > greater threat because there are more of them in use today, in toto, than > there are of XP. People don't patch Vista or Win 7 or Win 8 either. They > don't patch IE on those OSes, and idiots keep writing new web-based > software that won't work on more secure browsers. They don't keep their > anti-malware software up to date on those new OSes either. Nothing has > magically changed about this going from Win XP to a newer OS. > > MS OS security is not "improving" as a whole; they just continue to fix > what they can identify as broken as a result of demo or real attacks. Every > day somebody figures out a new way to attack a new OS, and then that has to > be fixed. The newer the OS, the more people are trying to attack it. > Relatively fewer people are figuring out new attacks for old OSes. How many > people do you think are working on new ways to attack Windows 2000 today? > How many people will be working on new ways to attack Windows XP in 2 > years, as compared to today? > > Anything can be hacked; any security can be broken (just ask the NSA); > nothing is safe. That is true today, and it will be true five, ten, and > twenty years from now, for Windows and any other OS. The fact that some OS > designs are harder to crack than others is irrelevant. If the motivation to > crack it is high enough, it will be cracked. There is no magic design "fix" > that entirely removes the danger. It can't be done. > > Today the bad guys aren't script kiddies goofing around to impress their > friends. They are organized criminals, rogue governments, and terrorist > organizations. They are principally looking to steal money, and > secondarily, to develop options to damage or destroy critical IT > infrastructure. Malware development costs them money, and they play the > percentages. If a "hack" doesn't offer those opportunities in a big way, > they don't spend time on it. > > Older OSes are safer from current malware development than newer OSes, > because the motivation to break newer OSes is much greater, because it is > more remunerative in those two ways, than the motivation to attack older > OSes. This isn't rocket science; it's common sense. > > And the extent to which people do not keep their OS, browser, and > anti-malware software up to date does not vary between OSes. So this source > of problems is constant; it is not greater for XP than for 8.1. And there > is more Vista, 7, and 8.1 combined running today than XP. Again, common > sense. > > Last time we had this discussion, I cited overwhelming evidence from the > web that Android phones are the biggest target for current malware. I don't > remember what the percentage was then, but as of January of this year, it > was 99%: > > http://www.v3.co.uk/v3-uk/news/2323418/android-and-java- > top-security-targets-for-malware-and-hacks > > Java applications are also strong targets according to this article, but > that's not OS-dependent. > > > Ken Dibble > www.stic-cil.org > [excessive quoting removed by server] _______________________________________________ Post Messages to: [email protected] Subscription Maintenance: http://mail.leafe.com/mailman/listinfo/profox OT-free version of this list: http://mail.leafe.com/mailman/listinfo/profoxtech Searchable Archive: http://leafe.com/archives/search/profox This message: http://leafe.com/archives/byMID/profox/CABQeDnWnh7c6Ty6wpBJ0Uz3vKveE7RuWXfTe-zjKzR=kaqm...@mail.gmail.com ** All postings, unless explicitly stated otherwise, are the opinions of the author, and do not constitute legal or medical advice. This statement is added to the messages for those lawyers who are too stupid to see the obvious.
