Originally Posted by Vagrant Storm
The fact that they did this with Windows 2000, Windows ME, Windows 98,...ect and the world did not explode?
I also find it hard to believe that there will many exploits found in Windows Vista+ that will actually carry over into XP. Most of the exploits found in the newer OS's are due to the increased functionality built into them. Heh, and a lot of those are from Internet Explorer updates.
but aside from IE updates that can versions 7 and lower...has there even been an update for XP since shortly after SP3 came out? Any one know when the last XP update was rolled out?
You're discounting the fact that the transition from Win98, et al. to XP was facilitated by a generational leap in hardware and an economy that supported such an investment. Meanwhile, XP is triple-entrenched - in terms of actual performance from Word and Outlook, most small businesses have little incentive to upgrade that old P4 to something new, and many lack the resources - or at least pretend they are so broke that they can't possibly afford a modern replacement for that old Gateway 2000. Lastly, many businesses run industry-specific or custom software designed to run on XP, with either lapsed support or the developer is out of business entirely.
In most cases, the upgrade plan is like this - this is the year the CEO gets a new Windows 8 laptop. The department manager gets the CEO's old Win7 machine. The department underling gets the department manager's old XP machine. The underling's older XP machine goes to the receptionist. The receptionist's even older XP machine gets put in the lunch room so people can check out the weather report while on break. The most vulnerable machines keep getting pushed to the most vulnerable fringe where social engineering exploits are most likely to be successful. And they're running XP with IE8 and unpatched Java and so on.
The misconception is, if the machine on the fringe is compromised it will only take out that machine. I've seen some obfus variations that come in via email, muck up mapped drives, then try to make their way back through any machine connected to that mapped drive. In one case, the resulting cleanup took 24 hours worth of labor, at 195.00 an hour, plus 2 hours of lost productivity to 24 users. All because the company involved was too cheap/broke/lazy to spend 680.00 on a bottom-rung HP desktop for their new receptionist.