Eh. On XP there's no SEHOP or ASLR.
Search the web for "ASLR bypass". Tons of results. The first was discovered within a few months after Vista's release, IIRC.
That's kind of a big issue and sandboxing won't help.
A well-constructed third-party sandboxing program can add a great deal to your overall defense-in-depth.
A few hours ago, a friend complained about the behavior of an installer. So I ran the installer inside Sandboxie, to observe said behavior, then closed the sandbox, which empties it and leaves no traces behind.
XP has been vetted by hackers, good and bad, for almost eleven years, something no other OS from MS can say. (None has been supported for that long.)
I mean, sure, it's been vetted in that hackers have been killing it for a decade now. But it's not like anything has changed since SP1/2 in terms of security. Just patches to vulnerabilities that will always exist.
Did you not read what I said? Click the links yourself -- the number of serious security issues in XP has been declining over time. Which is what one would expect.
It was Swiss cheese at first, but look at the recent Patch Tuesday updates: *None* unique to XP, while a couple applied to V/7. The ones that did apply to XP (and V/7) were .NET-related, and other components that are not OS core (required) components.
Backwards compatibility = cross-OS exploits.
You're talking about forward compatibility. Back-comp means that on XP, I can run an app from Win 98. Or on Win 7, I can run XP apps (and possibly exploits). You're talking about an exploit (app) written for a future version, not a previous one. XP doesn't have a compatibility mode for Vista/7 programs.
If the above is not true, then why did MS, publicly and at risk of considerable embarrassment, declare that these vulns applied only to Vista/7?
They may attack libraries or components that XP *doesn't have*.
Bad guys tend to target new (anything), because the new one is usually the one with the most undiscovered flaws.
Bad guys go after market share and easy targets. XP has large market share and it's an easy target.
And yet, there are few new critical exploits for it, as said above.
Go ahead, attack me. It's a Federal crime, a felony, but so long as it's totally benign, I agree not to press charges. (but no such waiver if you cause any harm, either to the system or to me. Make a pop-up that says "Pwned!", but does *nothing else*.)
Both UAC and NS rely on a lot of user-based decisions, which is why I'm not a big fan of NoScript-like solutions.
As opposed to the vendor making decisions for the user?
What do you have that's as effective as NS, but requires substantially fewer decisions?
I don't know the details of NoScripts XSS protection
Then should you be criticizing NS? Here, I'll point you right there: XSS FAQ
AFAIK, Firefox does not presently have XSS protection (in stable releases), and IE's attempts at XSS protection
were a joke, actually introducing new XSS vulns in IE
Whereas NS XSS protection has been vetted, refined, and tweaked for more than five years
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:18.104.22.168) Gecko/20120306 Firefox/12.0