Hi, Have you had any experience with WinXP Embedded? I am considering it for a new kiosk-like project, for a FLASH based device, but I am mostly concerned about the security aspect. Tipically, WinXP requires regular updates in order to be kept one step ahead the current exploits. Is it safe to keep it unpatched instead? Regards, Legrandin
WinXP
Started by ●August 3, 2008
Reply by ●August 3, 20082008-08-03
On Sun, 03 Aug 2008 09:34:02 -0500, Legrandin <dawpeelsiq@farifluset.mailexpire.com> wrote:>Hi,>Have you had any experience with WinXP Embedded?>I am considering it for a new kiosk-like project, >for a FLASH based device, but I am mostly concerned >about the security aspect.>Tipically, WinXP requires regular updates in order >to be kept one step ahead the current exploits. >Is it safe to keep it unpatched instead?Only if there is no removable media and no network connection. What applications do you need to run? If you just need it to run a web browser, you'd be better off with a linux kernel, featherweight window manager, and minimal web client.
Reply by ●August 3, 20082008-08-03
AZ Nomad <aznomad.3@premoveobthisox.com> wrote:> If you just need it to run a web browser, you'd be better off with a > linux kernel, featherweight window manager, and minimal web client.If you want to buy a complete system Montavista specialise in embedded Linux, http://www.mvista.com/. I've seen far too many airport and railway displays with blue screens of death on them and far too many ATMs and ticket kiosks with modal error dialog boxes on them to ever think Windows is a good idea in an embedded situation. Not to mention the Windows based self service checkouts at my local 24 hour Tesco which reboot themselves at 1am every day. -p -- "Unix is user friendly, it's just picky about who its friends are." - Anonymous --------------------------------------------------------------------
Reply by ●August 3, 20082008-08-03
Paul Gotch schreef:> AZ Nomad <aznomad.3@premoveobthisox.com> wrote: >> If you just need it to run a web browser, you'd be better off with a >> linux kernel, featherweight window manager, and minimal web client. > > If you want to buy a complete system Montavista specialise in embedded > Linux, http://www.mvista.com/.If you are using standard off the shelf PC hardware (probably the cheapest choice in this case), you are better of with a more mainstream distribution. Our experience is that Montavista is rather slow with supporting new PC hardware. The PC platform and the typical applications on run on the PC platform does not appear to be the main focus of Montavista.> I've seen far too many airport and railway displays with blue screens of > death on them and far too many ATMs and ticket kiosks with modal error > dialog boxes on them to ever think Windows is a good idea in an embedded > situation.Yeah, also Linux is not that a great choice in the reliability department, have seen more kernel panics than I care to remember. On the upside not many exploits will work on a Linux based solution.
Reply by ●August 3, 20082008-08-03
Legrandin schreef:> Hi, > > Have you had any experience with WinXP Embedded? > > I am considering it for a new kiosk-like project, > for a FLASH based device, but I am mostly concerned > about the security aspect. > > Tipically, WinXP requires regular updates in order > to be kept one step ahead the current exploits. > Is it safe to keep it unpatched instead?It depends on the nature of your device, but you will never be absolutely safe, certainly not with Windows XP, even if you do update regularly. But you could improve safety a lot when let your application run under a user account with minimum privileges, optionally in a sandbox (e.g. http://www.sandboxie.com). You could also use a less popular OS to reduce the chance you device gets affected by some kind of exploit.
Reply by ●August 3, 20082008-08-03
On Sun, 03 Aug 2008 21:39:06 +0200, Dombo <dombo@disposable.invalid> wrote:>Paul Gotch schreef: >> AZ Nomad <aznomad.3@premoveobthisox.com> wrote: >>> If you just need it to run a web browser, you'd be better off with a >>> linux kernel, featherweight window manager, and minimal web client. >> >> If you want to buy a complete system Montavista specialise in embedded >> Linux, http://www.mvista.com/.>If you are using standard off the shelf PC hardware (probably the >cheapest choice in this case), you are better of with a more mainstream >distribution. Our experience is that Montavista is rather slow with >supporting new PC hardware. The PC platform and the typical applications >on run on the PC platform does not appear to be the main focus of >Montavista.>> I've seen far too many airport and railway displays with blue screens of >> death on them and far too many ATMs and ticket kiosks with modal error >> dialog boxes on them to ever think Windows is a good idea in an embedded >> situation.>Yeah, also Linux is not that a great choice in the reliability >department, have seen more kernel panics than I care to remember. On the >upside not many exploits will work on a Linux based solution.Name some. I've found that the only time I get a kernel panic is when I try to overclock my hardware. I've been using linux for 9 years haven't had a kernel panic outside a hardware issue yet. Last bunch of kernel panics I had was in '03 with a motherboard that had the dreaded defective caps. No OS could survive such hardware.
Reply by ●August 4, 20082008-08-04
On Sun, 03 Aug 2008 12:12:30 -0500, AZ Nomad <aznomad.3@PremoveOBthisOX.COM> wrote:>On Sun, 03 Aug 2008 09:34:02 -0500, Legrandin <dawpeelsiq@farifluset.mailexpire.com> wrote: >>Hi, > >>Have you had any experience with WinXP Embedded? > >>I am considering it for a new kiosk-like project, >>for a FLASH based device, but I am mostly concerned >>about the security aspect. > >>Tipically, WinXP requires regular updates in order >>to be kept one step ahead the current exploits. >>Is it safe to keep it unpatched instead? > >Only if there is no removable media and no network connection.And if you after all use some kind of network connections, use only client (active) mode and use a hardware firewall with only those ports open that are used by the application connect requests. Use numeric IP addresses in the connect requests. Paul
Reply by ●August 4, 20082008-08-04
"Paul Gotch" <paulg@at-cantab-dot.net> wrote in message news:VWi*Nfyjs@news.chiark.greenend.org.uk...> AZ Nomad <aznomad.3@premoveobthisox.com> wrote: >> If you just need it to run a web browser, you'd be better off with a >> linux kernel, featherweight window manager, and minimal web client. > > If you want to buy a complete system Montavista specialise in embedded > Linux, http://www.mvista.com/. > > I've seen far too many airport and railway displays with blue screens of > death on them and far too many ATMs and ticket kiosks with modal error > dialog boxes on them to ever think Windows is a good idea in an embedded > situation. > > Not to mention the Windows based self service checkouts at my local 24 > hour > Tesco which reboot themselves at 1am every day.Well, there's a design flaw already. Surely they need to reboot a random times of the day to even out the network load. Peter
Reply by ●August 4, 20082008-08-04
On Sun, 03 Aug 2008 09:34:02 -0500, Legrandin <dawpeelsiq@farifluset.mailexpire.com> wrote:>Hi, > >Have you had any experience with WinXP Embedded? > >I am considering it for a new kiosk-like project, >for a FLASH based device, but I am mostly concerned >about the security aspect. > >Tipically, WinXP requires regular updates in order >to be kept one step ahead the current exploits. >Is it safe to keep it unpatched instead? > >Regards, > >LegrandinInteresting answers so far. I have used both XP Embedded and Linux in simiar situations. Regardless of what anyone here claims to be better, both need to be patched for vunerablilities if they are to be network attached. Leaving an unpatched OS is plain stupid and a security risk. In saying that, a lot of functionality can be switched off in EMbedded XP meaning there is a lot less requirement for patching. Same goes for linux. The security aspect is relevant to both linux and windows.
Reply by ●August 4, 20082008-08-04
"Paul Gotch" <paulg@at-cantab-dot.net> wrote in message news:VWi*Nfyjs@news.chiark.greenend.org.uk...> I've seen far too many airport and railway displays with blue screens of > death on them and far too many ATMs and ticket kiosks with modal error > dialog boxes on them to ever think Windows is a good idea in an embedded > situation. > > Not to mention the Windows based self service checkouts at my local 24 > hour > Tesco which reboot themselves at 1am every day.What a generally ignorant thing to say. These are examples of bad drivers in the first instance, bad application code in the second instance, and preemptive coverup of likely leaky RAD systems in the third instance. None of these are problems of the OS. Are you claiming that Linux is somehow immune to development errors?