Jump to content
ncodex

Stop providing support for Windows XP

Recommended Posts

Greetings,

While we do always recommend users still running XP upgrade to at least Windows 7, the oldest OS version still supported by Microsoft and to get the full functionality out of Malwarebytes as well since many of the technologies in Malwarebytes, particularly in the Premium version, are not supported on older operating systems (especially XP) due to a lack of modern APIs and other core OS functionality that make many of these new features and technologies possible (such as ransomware protection and certain aspects of web protection).

That said, we do still officially support XP for Malwarebytes so we still support users running the older OS because we realize that many, especially in the business world and individuals who simply cannot afford a new system are stuck with it for the time being (unless they want to make the change to Linux; something not everyone is prepared to do, especially if they aren't technically inclined).

Another factor to consider is the fact that many of the protection technologies in Malwarebytes Premium, especially the anti-exploit component, are designed to protect systems from precisely the kinds of vulnerabilities and security holes that exist in older operating systems like XP (as well as newer, as of yet unpatched and/or unidentified vulnerabilities in more modern operating systems like Vista, 7, 8/8.1 and Windows 10).  This is the primary reason we still stand by XP, because we know that we can protect it from the vast majority of modern threats that target the older operating system (most of which rely on exploits, something we're very good at stopping with our signature-less, behavior based anti-exploit technology).

If/when the time comes that continuing to support Windows XP is no longer a realistically viable option due to difficulty in coding our components to be compatible with it, I am sure that things will change.  And of course if we find that no one is using XP any longer, likewise we will then move on from it as well in all likelihood.  But until that day comes, and as long as we are confident that we can provide adequate protection for the older operating system, we will continue to support it and its users.

Share this post


Link to post
Share on other sites

While I do understand your viewpoint, I still believe that Windows XP should no longer be supported by Malwarebytes. 

Malwarebytes Exploit Protection cannot replace an OS level zero day patch in any way. At this point, am I able to get a Windows 98 laptop and ask you why I have malware and why Malwarebytes wont install on it?

Also, I've meant to stop providing support on the forums, for all related problems and questions. Not the program itself.

I see It as a waste of resources and time to help stubborn people who wont migrate from outdated operating systems.

Edited by ncodex

Share this post


Link to post
Share on other sites

Actually, yes it can replace an OS level zero day patch.  This is the entire purpose of the anti-exploit technology built into Malwarebytes and the reason it was created in the first place, because zero-day exploits became a prevalent threat and source of infection across all operating systems and web facing software, so to attempt to combat this trend the anti-exploit technology was developed to protect systems and software from it, and because of the way it works, with many of the exploit behaviors it prevents being very generic in nature, it is thus able to stop a massive number of in-the-wild and as of yet undiscovered exploits for both old and new software, including Windows XP.  It isn't ideal, and of course there likely are areas of the OS which aren't as secure as they are in newer Windows versions which might not be shielded by the anti-exploit technology in Malwarebytes, but the vast majority of those used to target systems and software by malware authors, regardless of the OS, are covered by the anti-exploit technology in Malwarebytes.

As for Windows 98, since Malwarebytes doesn't currently support that OS, that would be our answer.  The reason is simply because Malwarebytes is not compatible with Windows 98.  Thus the answer to you regarding XP is that it is still designed to be compatible with it and so we do continue to support it, at least for now.  I'm sure the time is coming that we won't any longer, but today is not yet that day.

You can see it as a waste of resources if you wish, however not everyone who isn't willing to migrate to a newer Windows version is doing so out of stubbornness.  Not everyone can afford a new PC, and most hardware that old isn't capable of running any newer version of Windows.  You have to remember that back in the heyday of XP, a system with an old Pentium 4 processor and around 512MB~1GB of RAM was considered "decent", but a system with those specs won't be capable of running Windows Vista, 7, 8/8.1 or Windows 10, but gets by just fine running XP.  Besides, it is our time and resources to spend as we choose.  Many of those who help out here on the forums are volunteers, and if they see fit to help individuals still running Windows XP then that is their business.  As for Malwarebytes continuing to officially support it, I've already addressed that several times.  I understand that you don't find that stance to be acceptable, and that is your business, but at least for now that is the way it is.

I'm certain that it won't be long before Windows XP is no longer supported by the Malwarebytes software, but even when that day comes, I'm sure that as long as there are individuals who know the OS and how to work on it who hang around on the forums here, people running XP will still be able to come here for help.  You might argue that we aren't doing them any favors and that we should turn them away, refusing to assist them unless they get onto a newer version of Windows, but it's better for everyone the fewer infected systems there are on the net, regardless of which operating system they're running, and since the vast majority of modern threats still infect XP just as they do newer Windows versions (a distinction that isn't true of Windows 98, and a person running that OS or one older would actually be pretty much immune to most malware found on the web today) and most software still runs the same as it does on newer operating systems (with the exception of drivers, of course) so in many ways it's not so different from working on a newer version of Windows.  Besides, anyone who sees someone show up still running XP will most likely continue to recommend that they do what is necessary to get onto a more modern version of Windows, be it upgrading the OS if their hardware supports it (which isn't likely, but still possible in some cases) or purchasing an entirely new system and migrating their important files and documents over to it and locating equivalent software which they require for their daily computing activities.

One other thing I'll mention here because I find myself in a similar position to some of the hardcore XP holdouts.  I'm still running Windows 7 and have absolutely no plans to upgrade and even refused Microsoft's "free" offer to install Windows 10 when that was going on (to the point of removing/blocking all of their telemetry updates and GWX) because I've used the newer Windows versions (8, 8.1 and 10) and have found that it does not suit my needs and doesn't fit my computing style or my lifestyle, nor my personal security and privacy requirements (an ironic statement perhaps, given the age of my operating system, but I've been immune to many of the recent outbreaks and exploits that plagued even newer operating systems simply because of measures I take when setting up my system in order to lock it down and optimize its performance).  Even when the day comes that 7 is no longer officially supported by Microsoft, which is only a couple of years off at this point, unless they are then offering an operating system that I find to be usable and suitable to my needs and expectations, I most likely will not upgrade.  I'm currently running on hardware that Microsoft doesn't even officially support outside of Windows 10 and had to use a third party tool to allow me to install Windows Updates because of it.  There's no legitimate reason for this policy beyond Microsoft's desire to force everyone onto their new OS and economic ideology of software as a service and exploiting users as a potential financial commodity in the form of telemetric data collection and embedded advertising; a practice I refuse to participate in based on my own principles and the belief that it is unethical and no better than any PUP that Malwarebytes removes due to the inclusion of adware and/or spyware.  Google is much the same, so I block all of their ads and tracking protocols/servers as well as I do all of the other advertisers and tracking servers I can via various means (browser plugins, a HOSTS file which now contains over 1 million entries and various other tools and system/software modifications).  It has been more than 10 years since any of my systems has been infected with any form of malware.  The closest I've come has been the occasion PUP that was bundled with something else, and even then most of the time I was fully aware of the PUP's presence and either prevented it from installing during setup, or stripped it out of my system immediately following its installation.  I haven't had any successful exploit attempts or phishing attacks and I haven't been scammed out of any money or unwittingly exposed any of my personal or financial information.  This is no accident and isn't only due to the security of running a "modern" operating system.  It's because of a combination of the way I configure my system, my own usage habits and the layers of software I use to protect it, which includes Malwarebytes.  If Malwarebytes were to stop supporting Windows XP today, there would be a lot of users out there at far greater risk of infection because of it, and this is why whenever the decision to drop XP is finally made, it will have to be a decision which is very carefully considered and weighed because vendors like Malwarebytes within this industry who still choose to support the aging operating system take on a great responsibility to attempt to secure an operating system which as you say is very vulnerable to attack at this point, but that doesn't mean it's not worth trying.

Now, besides all of that, I believe the greatest consideration is the number of businesses still using XP on their systems as well as specialty hardware.  This is a serious issue which was highlighted during the recent Wannacry/WannaCrypt0r/EternalBlue ransomware/exploit incident/outbreak.  Surveys were done shortly after the event and they found that the majority of affected businesses/systems still hadn't patched themselves with the update that Microsoft released for the SMB vulnerability that allowed the infection in and to spread across their networks.  There is a major issue with the way that businesses handle patching, and at the heart of it are IT admins who are stuck running out of date systems for compatibility and a lack of resources to test updates before rolling them out, and these are precisely the kinds of organizations who should be using the kind of anti-exploit technology offered by Malwarebytes because Malwarebytes 3 Premium users were immune to Wannacry at hour 0 before anyone had ever even seen it or heard of it.  To me this sounds like an ideal reason to continue to support XP, at least for a while yet while these industries work out their migration plan to newer hardware and software, and if more of them were using Malwarebytes, the impact of this incident would have been much smaller.  So to me, that indicates that there is a great need, at least for the time being, for Malwarebytes to continue to support the aging OS, in addition to the need for these organizations to come up with a feasible plan to get off of the old OS and hardware and migrate to a more secure, modern operating system.  Unfortunately many of these industries use special hardware and/or software which requires XP and simply will not work on a newer OS, even inside a virtual machine running XP.  This means that the providers of their software/hardware required for their work must get the job done quickly of providing a new, and hopefully cost-effective solution so that they can allow their clients to migrate off of the old OS.  But both logistically as well as financially, there is a lot to consider here, and it's a much larger question than a single user running a single laptop that still has Windows XP on it, and for now at least, these organizations need some kind of protection against these threats, and thanks to the fact that it is still supported, Malwarebytes fits the bill, or at least gets them much closer and at a far lower cost than migration to an untested, newer OS/hardware combination.

Edited by exile360

Share this post


Link to post
Share on other sites

As I already have said, I have opened this topic to recommend stopping support for users on this forum. Not stop the program for functioning entirely on these outdated operating systems.

I really can't get your point here. I can understand governments, hospitals and even schools using Windows XP for old devices so that they will still work, but I definitely do not see any person using a 512mb computer in 2018, to the point where even YouTube can't be opened. Even if there are such people, they should migrate to a more secure OS such as Puppy Linux which does provide security updates and can be supported on low-end systems.

I understand that you're an expert and that you're usually very careful, but most of the people that come here do "please help i use Windows XP and i opened a file and now my system is entirely screwed", and they didn't even use Malwarebytes prior to that. This behavior should be discouraged and these users should be encouraged to move to a new operating system. Especially because operating systems such as Windows 10 are more resilient against any kinds of malware, especially when Microsoft managed to stop Wannacry within 14 minutes of it's outbreak on Windows 10. I honestly don't see Malwarebytes protecting any customer that fast on any operating system, especially if an outbreak happens during a weekend.

You can't deny that Windows 10 and other operating systems aren't more resilient to malware than Windows XP. Take Meltdown and Spectre vulnerabilities for example. Windows XP has no patches for them, yet you claim that Malwarebytes Exploit Protection can protect against such vulnerabilities. It's not ethical for Malwarebytes to protect against such vulnerabilities, and most likely, it will fail.

The only thing that I can understand are government entities using Windows XP to support some older devices, but even then, the government should have more than enough funds to support better technology. Even then, those computers should not be connected to the internet.

Share this post


Link to post
Share on other sites

I believe you may be missing the point of these forums.  They are here to primarily support the users of Malwarebytes software, this means that as long as the software supports XP, so must the users running that OS here on the forums.  We do encourage them to upgrade to a newer OS; you're speaking as though we pretend that everything is just fine for them to continue to use an OS which is no longer supported by MS and no longer receives any security updates, but we don't.  We tell them the risks and make it clear that we cannot guarantee that they will not get infected and aren't vulnerable to attack, even if running Malwarebytes 3 Premium and a full, up-to-date XP-compatible antivirus.

As for this mythical inexperienced user you mention who downloads and runs some random file that turns out to be an infection (Trojan, I'm guessing based on the description?), that's not typically who we see running XP these days, and when it is someone like that, they do tend to listen to us when we present the risks.  In fact I've seen several cases where a user showed up on XP asking for assistance and we helped them, all the while encouraging them to find a way to migrate onto newer hardware/a modern OS, and many times I've seen where these very users have returned later on with a new system running the current version of Windows per our recommendation.  Had we simply turned them away and refused to help, they might have gone elsewhere to a site where they aren't so responsible as to recommend that users upgrade to a new version of Windows and might have ended up sticking with XP for much longer.  I'd rather help them now as well as give them good advice.

As for the Wannacry vulnerability, we had it covered 10 minutes, 10 days and 10 weeks before the attack thanks to the signature-less tech built into Malwarebytes.  It didn't require any reaction from us to have that threat covered.  As many benefits as there are to running a modern operating system with all the new security features, you must also realize that malware authors seek profit and therefore they target specifically the most commonly installed OS, which means that many modern threats aren't even targeted at XP and won't even infect it because they're designed specifically to go after systems running Windows 7/8/8.1 and 10.  They're designed to get around User Account Control and other security features built into post-XP Windows versions, and they are designed to exploit Edge and newer versions of Chrome, Firefox and Internet Explorer.

As for weekends etc., there are Researchers on duty full time at Malwarebytes 24 hours a day, 7 days a week, 365 days a year (366 on Leap Year) because we know that malware doesn't sleep, so neither do we.  Their response times to new threats are very fast.

With regard to Spectre and Meltdown, we do not claim that our software protects against exploits of these vulnerabilities, but if we did, then there would be nothing "unethical" in stating as much, because it would be true, though to my knowledge there have been exactly 0 in-the-wild threats which have targeted these vulnerabilities other than one or two harmless "test exploits" (POCs, likely designed to probe and see what is possible in prep to possibly design a real threat sometime in the future).  So I don't understand your statement here about saying that it's not ethical to claim we can protect users from most vulnerabilities, because it's true.  Telling the truth is not unethical, lying is.  The most common vulnerabilities exploited by malware today come in the form of either browser/plugin exploits, or exploits of office/document viewing software (MS Office, Adobe Reader etc.) and these are all programs and plugins that we protect, both with targeted, specialized exploit prevention measures as well as broader exploit behavior based detection/prevention capabilities.  Malwarebytes also includes several components which harden vulnerable web facing software against many kinds of exploits so that they are shielded as though they were "patched", rendering them immune to many forms of attack.

Again, you keep pretending like we encourage users to stick with XP, which is not the case.  We encourage anyone not running a supported, up-to-date OS to update/upgrade (even if, for example, they're running Windows 7 RTM, we encourage them to at least install SP1 as well as any Windows Updates).  We do the same for browser plugins and other software.  If we see their browser is out of date, we tell them to get the latest version.  If Adobe Flash is out of date, we tell them to remove it and install the latest version.  If we see that Java is installed, we advise that they remove it completely, or at least install the latest version and keep it up to date if they require it.  We don't just fix their problem, seeing that they're vulnerable and send them on their way and I find it very presumptive on your part to pretend as though we did.  That's not what goes on here, especially when an infected user is dealing with one of our malware removal specialists.  They know how people get infected, and they advise them on the best course of action after cleanup to secure their system, whether it is patching their OS and software, or even installing a newer version of Windows because we don't want them to get infected and we do feel responsible for providing appropriate advice to the users that come here for help.  We aren't saying that it is OK to stick with XP forever and even before it was no longer supported by MS we were frequently advising users to install a newer OS if they could or to get a more modern system because we know that in many ways newer versions of Windows are more secure, but you speak as though we're encouraging people to stick with XP and claiming it's perfectly safe, but that is absolutely not the case.  We just aren't turning them away and refusing to help them, and if that's what you have a problem with you're free to say so, but please stop pretending that it's anything else.  We are not encouraging people to continue to use Windows XP.

Edited by exile360

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.