| Instincts may tell you not to trust HB...but logic says otherwise.
It's not a matter of trust, faith, or logic. XP is no longer
supported. XPE is not the same thing. Microsoft has no
reason to make sure XPE patches are compatible with XP.
They do, on the other hand, have motivation to create
a situation of, "Woops! Well we did tell you not to use
the XPE patches."
Support and no support is a big difference. With support
they promise not to break compatibility. With no support
there's no promise of any kind. If they release an XPE
patch incompatible with XP and it destroys your install,
that's your problem.
| Many ppl with businesses use their PC for everything: surfing;
bookkeeping; payroll and such...
| M$ agreed to continue updating Windows embedded AND Windows XP for those
They didn't "agree" to. They're selling support contracts,
starting at $250,000/year, at about $200/year per PC.
So yes, they're still making patches for XP. But those are
not the patches you're downloading with this hack. The fact
that there are people paying for support is all the more
reason for MS to break XP with XPE patches.
And as has been mentioned already in this thread:
What's the value in taking the risk? You shouldn't be
allowing IE online in the first place. How many other
patches are likely to be relevant? Just about any
vulnerability is likely to be coming through IE. A few
may also come through MS Office, which is a good
reason not to use that. But if you're not using MS
software online there's little to worry about. (I haven't
got an MS patch since SP3 and I'm not worried.)
*This month's patches are not even relevant.*
This month's patches are a good example, as
HomeGuy lists them. One is for IE. (Again, no one should
be using IE online. All the more so if you're running
Vista or earlier, because MS doesn't even have a
version of IE for those systems anymore. IE is not a
browser in the normal sense. It's best viewed as a
Windows component that is vulnerable if connected
The other 2 patches are for privilege elevation.
For the vast majority of people using XP there's no
such thing as privilege elevation. They're already running
without restrictions! So those patches are meaningless.
One patch deals with .Net remoting. There's
no reason to even install .Net if it's not needed by some
program. There's certainly no reason to let it run remotely.
That's as risky as installing Java and letting it run through
your browser. Even if you've done all that, all that's at risk
is privilege elevation, which is almost certainly meaningless
on your PC.
The other patch is for a bug that allows
someone who has already logged on locally to go from
lackey mode (common user restrictions) to Admin mode
by running particular code. All of the code that's running
on your XP machine right now is almost certainly in Admin
mode. Nobody runs XP in lackey mode. In fact, in many
cases there are no restrictions possible. My XP is installed
to FAT32 file system, as many copies of XP were. Only
an NTFS file system allows for user restrictions. IF you
have XP installed on NTFS, and IF you have kids who you've
set up with a restricted user account, then they *could*
bypass those restrictions if they can figure out how to
run the hack. Is that worth risking your system for?