On Saturday, May 31, 2014 10:04:30 AM UTC-5, Mayayana wrote:
| Instincts may tell you not to trust HB...but logic says otherwise.



It's not a matter of trust, faith, or logic. XP is no longer

supported. XPE is not the same thing. Microsoft has no

reason to make sure XPE patches are compatible with XP.

They do, on the other hand, have motivation to create

a situation of, "Woops! Well we did tell you not to use

the XPE patches."

Support and no support is a big difference. With support

they promise not to break compatibility. With no support

there's no promise of any kind. If they release an XPE

patch incompatible with XP and it destroys your install,

that's your problem.





| Many ppl with businesses use their PC for everything: surfing;

bookkeeping; payroll and such...

| M$ agreed to continue updating Windows embedded AND Windows XP for those

folks



They didn't "agree" to. They're selling support contracts,

starting at $250,000/year, at about $200/year per PC.

So yes, they're still making patches for XP. But those are

not the patches you're downloading with this hack. The fact

that there are people paying for support is all the more

reason for MS to break XP with XPE patches.



And as has been mentioned already in this thread:

What's the value in taking the risk? You shouldn't be

allowing IE online in the first place. How many other

patches are likely to be relevant? Just about any

vulnerability is likely to be coming through IE. A few

may also come through MS Office, which is a good

reason not to use that. But if you're not using MS

software online there's little to worry about. (I haven't

got an MS patch since SP3 and I'm not worried.)



*This month's patches are not even relevant.*



This month's patches are a good example, as

HomeGuy lists them. One is for IE. (Again, no one should

be using IE online. All the more so if you're running

Vista or earlier, because MS doesn't even have a

version of IE for those systems anymore. IE is not a

browser in the normal sense. It's best viewed as a

Windows component that is vulnerable if connected

online.)



The other 2 patches are for privilege elevation.

For the vast majority of people using XP there's no

such thing as privilege elevation. They're already running

without restrictions! So those patches are meaningless.



One patch deals with .Net remoting. There's

no reason to even install .Net if it's not needed by some

program. There's certainly no reason to let it run remotely.

That's as risky as installing Java and letting it run through

your browser. Even if you've done all that, all that's at risk

is privilege elevation, which is almost certainly meaningless

on your PC.



The other patch is for a bug that allows

someone who has already logged on locally to go from

lackey mode (common user restrictions) to Admin mode

by running particular code. All of the code that's running

on your XP machine right now is almost certainly in Admin

mode. Nobody runs XP in lackey mode. In fact, in many

cases there are no restrictions possible. My XP is installed

to FAT32 file system, as many copies of XP were. Only

an NTFS file system allows for user restrictions. IF you

have XP installed on NTFS, and IF you have kids who you've

set up with a restricted user account, then they *could*

bypass those restrictions if they can figure out how to

run the hack. Is that worth risking your system for?

Some other rhetoric: http://betanews.com/2014/05/26/how-t...xp-until-2019/