24
1
According to the answer on another post, we should not have been receiving any more updates for Windows XP.
But I am receiving updates:
Is this indicative that my system is bugged or compromised (some malicious program trying to trick me into clicking "Download" which downloads their software)?
Pacerier
Posted 2014-05-24T15:53:46.093
Reputation: 22 232
18
Both answers given say it, but I don't consider them clear enough. This lead me to add an answer of my own, just to clarify things.
Microsoft stopped providing updates for Windows XP since april 1st 2014. The updates excluded are security hotfixes for Windows XP and updates to Microsoft Security Essentials.
The Windows Update functionality won't stop, but no updates that fix security leaks in Windows XP will be patched, meaning that the longer you use Windows XP the bigger the chances are that your pc becomes infected with spyware and a hacker can take over your pc installing randsomware and other crap.
Especially old pc's had a problem because updating to a newer OS meant that it just would not be possible due to the performance. Luckily, since the recent Windows 8.1 update, if you install Windows 8.1 32 bit (given that you have less than 4 GB of ram) it will actually perform better than Windows XP will. I experienced this first hand myself when I was forced to update my old pc. Not to mention that a full install of Windows 8.1 requires less free diskspace than Windows XP does.
LPChip
Posted 2014-05-24T15:53:46.093
Reputation: 42 190
6From your answer: "The updates included are security hotfixes for windows xp", and later: "no updates that fix security leaks in windows xp will be patched". Aren't those opposite? – gronostaj – 2014-05-24T20:56:01.407
@gronostaj you're right. I meant the updates excluded are... I'll edit my post. – LPChip – 2014-05-24T21:00:19.930
1To be clear, you can still download old updates, but new ones will generally not be produced. – Michael Hampton – 2014-05-25T19:03:25.547
1@LPChip, that's still unclear. Are they providing updates to security fixes or not? The second paragraph seems to say it is, but the third says otherwise. – Keavon – 2014-05-25T19:31:55.320
@Keavon they don't. Microsoft excluded support for updates as "security hot fixes" and "Microsoft Security essentials". So no hotfixes and virus definition updates. (MSE will actually say that Windows XP is unsupported and that you are unprotected) The scanner works, but no new definitions are downloaded for the anti-virus technology. – LPChip – 2014-05-25T20:11:19.217
Windows Malicious Software Removal Tool - May 2014 appears (from its name only) to have been released after support ended. Wouldn't that contradict this answer? – Daniel Beck – 2014-05-26T10:43:49.723
2@danielBeck Windows Malicious Software is not Microsoft Security Essentials, so no. – LPChip – 2014-05-26T12:14:08.070
27
The updates shown on your screenshot are not Windows XP updates. They are related to .NET Framework, Office 2007, Office 2010 and the Malicious Software Removing tool that's why you're receiving it.
I don't think your system is compromised (at the moment) but I strongly advise you to upgrade it to at least Windows 7 because Windows XP is no longer supported.
Chris
Posted 2014-05-24T15:53:46.093
Reputation: 1 315
7
The key thing to understand is that no NEW updates will be released for Windows XP after the EOS date. All previous updates will still be made available, so check the release date of the updates you're seeing. They should all be prior to the EOS date with the exception of the update for IE related to CVE-2014-1776. I'm not sure if the Windows Malicious Software Removal Tool qualifies as an update but what you're seeing is legitimate, as shown here in the Applies to section:
https://support.microsoft.com/kb/890830
Additionally, I would find it very hard to believe that malware could inject itself into the Automatic Updates engine and masquerade as an update advertised alongside legitimate updates.
joeqwerty
Posted 2014-05-24T15:53:46.093
Reputation: 5 259
1Well the update dates in the screenshot above clearly shows May 2014 which is after EOS... – Pacerier – 2014-05-24T16:19:23.213
Yes, which is why I clearly stated that I wasn't sure whether or not the Windows Malicious Software Removal Tool qualifies as an update, but the KB clearly states that it applies to Windows XP. – joeqwerty – 2014-05-24T16:22:26.673
1"Additionally, I would find it very hard to believe that malware could inject itself into the Automatic Updates engine and masquerade as an update advertised alongside legitimate updates." That sounds like a brilliant idea for malware writers. I'm sure it can be done too. Why not? – Brandon – 2014-05-25T03:08:55.787
Updates are signed with a certificate. You'd need to retrieve the private key somehow. I do believe there was a case of it being successfully brute forced to deliver malware, though. – kirb – 2014-05-26T08:22:22.870
@JourneymanGeek, Which "leading VFX" company are you at?
– Pacerier – 2015-04-12T18:04:22.830Place called double negative. – Journeyman Geek – 2015-04-12T23:31:15.843
1The notice I received from Microsoft said that although they are no longer providing updates for Windows XP, they are going to continue to provide security updates. – L.B. – 2014-05-25T01:58:04.220
9The real question is why you are still using Windows XP? – Cole Johnson – 2014-05-25T21:32:41.537
If a malicious program was trying to trick you into installing their software, it wouldn't look like a native window. If it was a native window, why would the malware bother asking you to install their software? – Cole Johnson – 2014-05-25T21:33:59.007
3@ColeJohnson I agree that malware wouldn't ask for permission to install but the idea that malware doesn't try to look like native windows is dangerously wrong. It does try to look like native windows, to mislead people into using it, just like phishing emails try to look like actual emails from eBay/PapPal/your bank. – David Richerby – 2014-05-26T12:33:45.950
@ColeJohnson, The real question is why there are still tons of people using Windows XP... http://gs.statcounter.com/press/less-than-a-week-to-go-and-xp-remains-worlds-second-most-popular-operating-system
– Pacerier – 2014-05-27T11:56:36.677All 4 of those updates are for other Microsoft products. Microsoft before the April date say WMSRT updates would continue. – Ramhound – 2014-05-27T23:04:12.830
1I'm still getting those updates as well on my dad's XP system - I'd guess OS updates are gone, but stuff like .net will keep being updated – Journeyman Geek – 2014-06-18T11:14:13.433