When an OS is out of support, when a vulnerability is found, it’s not fixed. Those vulnerabilities probably exist in newer operating system, but no one has found them and if they are found they will be fixed.
A zero day vulnerability can sell for millions because they are so hard to find. If you find one and know where to look, you can sell the knowledge. Just to give you an idea of how hard they are to find. So an older OS, in addition to being out of support, also has had more time to find these issues.
Older operating systems have known vulnerabilities that will never be patched, and bad actors constantly scan IP addresses looking for these vulnerabilities.
Newer systems will not have those vulnerabilities, and any vulnerabilities they do have are not well known yet. So newer systems are not so easy to attack.
But this *did* happen back in the day. For example, there was a time during the Windows XP era that you were essentially unable to install basic Windows XP and then patch it up to service pack two, as the lack of any firewall meant the system would be compromised before you could get the service pack installed.
Three major things:
1. The longer ANY software exists, the more time folks have had to find exploits and refine their use. So if there’s a flaw in older software, it’s more likely to be known, and easy to exploit.
2. Once software stops being supported, any new vulnerabilities don’t get fixed. That means hackers can do whatever they want with those flaws, and they’ve got every reason to go looking for them. Every compromised system is a chance to make a lot of money.
3. Some DID happen that easily “back in the day”! But remember: XP launched August 2001, over 20 years ago. 4chan didn’t exist. Youtube didn’t exist. Facebook didn’t exist. Much of what we call “the internet” today just *didn’t exist.* Information spread more slowly, resources weren’t as easy to come by, and computers were (much) slower. Just because it’s easy *for us now* doesn’t mean it was necessarily easy for people back then.
Since no one has actually explained it like you’re five, here’s my take.
Cybersecurity experts and hackers are essentially at war. For simplicity sake, lets call them “good guys” and “bad guys”.
The good guys build a new tank and the bad guys try to figure out how to destroy it.
So bad guys build a new missile that can tear through the tanks armor and the good guys make new armor and outfit all of the tanks with it.
Then the bad guys design a new type of explosive that can get through the new armor and the good guys design a new defense to protect it. They go back and forth like this for a few years until the tank is pretty much maxed out.
So the good guys roll out a new tank with a better design, fewer flaws, and more defenses and start a new generation of trying to beat each other.
Eventually, the good guys stop upgrading their old tanks because it’s not worth it and most have been decommissioned anyway.
So now any good guys who use old tanks are SOL.
That’s it.
After a while, patching old OSs isn’t worth it.
I worked in a factory’s IT department for a few years so I have direct experience with this. For starters, windows XP is still supported. Microsoft publicly stopped supporting it around 2005-2007 but it’s support simply was sent to a separate devision if Microsoft that handles industrial computing.They still have small upgrades today.
It actually has very few network security issues since it has been poked and proded for over twenty years and any vulnerabilities are either patched or known and secured.
Windows XP is used in everything from factories, air traffic control centers and train station terminals. It’s cheap, cost effective, easy to repair and replace and well documented. The biggest advantage of the OS is that you can restore it from backup very easily and swap out the entire client in minutes.
Working at a printing factory I often went to a broken station with a refurbished unit and swapped the entire station out in minutes. As soon as the new device hit the network the network admin. took over. I would then take damaged unit back to the IT workshop and rebuilt it and stored it with about twenty other spare units. At the industrial level most IT work is break/fix and refurbishing old tech.
a few things i want to point out about this video:
1. in this video, they’re not simply connecting to the web and are getting infected. they are manually disabling stuff the would otherwise protect them.
2. there’s a frame whereit shows they looked up “xp sp3 wor” which makes it atleast suspicious as to whether or not they were manually installing a worm
3. regardless to the previous two – windows xp exploits and weaknesses were very common. whenever something is popular, it attracts people with bad intentions looking for an easy payday, or ones that are just bad for the sake of being bad. the takeaway of this video shouldn’t be that being online is inherently dangerous, it should be to use the recommended security tools and measures that are given within the operating system and keep your system up to date with updates that routinely fix new vulnerabilities that were discovered.
Latest Answers