Fair enough on the security comments, but what they instead said is “on 29th August we will f**k you”, which will lose them a massive number of users who don’t run XP – because most people are basically decent, have civilised values, and will have their noses pushed out of joint.
If Google is more than half smart, and they probably are, they will see this as an opportunity to eat DB’s lunch. They already examine all Gmail and Google Drive material (including deleted Gmail emails) for statistical trends and having the DB clientele will enhance that.
All this talk of TLS security vulnerabilities is crazy. If you are worried about the relative weakness of TLS 1.0 vs 1.1 when accessing your Dropbox account, then whatever the files are that you are worried about, probably don’t belong on there.
People tend to get hung up on vulnerabilities that would take a lot of effort to exploit, while not bothering to take other simple security measures like switching on two factor authentication.
Besides, there are numerous embedded TLS 1.2 implementations that Dropbox could incorporate into their product if they don’t want to rely on the underlying XP implementation. I’d be surprised if they don’t have that already.
So still struggling to see the justification for dropping support except a) just can’t be bothered any more or b) Microsoft gave them some cash to do so.
Peter wrote:
Fair enough on the security comments, but what they instead said is “on 29th August we will f**k you”, which will lose them a massive number of users who don’t run XP
No it won’t. The users who aren’t running XP probably couldn’t give a damn.
There is a web site that provides an overview of the most used OS and browsers
By supporting Windows 7, 8, 8.1 and 10, Dropbox cover 76.68% of the market. Adding OS X to this, they cover 86.06%. Add Vista to that… but it’s not much used I think. Probably part of the “Other” category.
Windows XP represents 7,5%.
Which is, for internet connected computers, 7.6% too many…
It’s not so simple.
Behind a NAT router your vulnerability to “the internet” is zero, even with win95.
So what are the REAL threats?
Browsing dodgy websites especially porno ones, with any browser especially an old one.
Email, with MS Outlook, especially an old version. Targeted by 99% of virus writers, along with IE.
Email, with infected attachments. Your ISP should be filtering close to all of the really obvious ones e.g. executable email attachments. I use Messagelabs for email filtering which at £450/year is not cheap but it is excellent (you can get 10 email accounts processed for that).
On a LAN with infected computers especially if you have not set up a username and password. The other computers can include guests who stay at your house and use your wifi 
The same people can also access all your network drives, BTW
Kids using the computer.
Kids using the computer.
Kids using the computer.
At a stretch, instant messaging, with people with infected computers who send you attachments.
At a stretch, an old PDF reader, opening an infected PDF.
All the above can be greatly alleviated by the use of AV software. Unfortunately some of this sw causes undesirable side effects so I disable certain weird features.
So if you use a computer for serious stuff and browse only known good websites (PHP-BB based forums e.g. certain uk flying sites have been infected many times) and if you dont use Outlook, and don’t let kids use your computer at all, and use AV software to scan files, HTML and email, you have eliminated probably 99.9% of the risks.
I have never had any PC infected.
One of my sons had 13 trojans… I set up a separate wifi AP for my kids, with ports 137-139 iirc blocked ie no LAN visibility. Basically only 80 and 443 open.
As with so much, one cannot make simple statements.
Corporate arrogance or the real world?
Microsoft themselves ended support for Windows XP on April 8th, 2014 …
So, your dropbox app has been living on borrowed time.
Peter wrote:
Behind a NAT router your vulnerability to “the internet” is zero, even with win95.
Not really with drive-by browser exploits and zero day exploits (that won’t be fixed) in libraries that ship with the operating system, and malware being found even on legitimate sites. WinXP is on borrowed time. The PCI-DSS has already had one go at getting rid of the versions of TLS still supported by XP, and will do so again (next time, successfully), and eventually Firefox, Chrome et al. will no longer support XP (why should they, when it falls behind desktop Linux in number of users and the software vendors have to go through increasing contortions to support it) and you’ll find you won’t be able to even visit an https site let alone pay for something with a credit card using XP.
How exactly would you penetrate NAT inbound without conning the user to open a channel for you?
By inserting something into the flows which are already open. For example e-mail, HTTP… What about your Android phone? You are downloading and installing applications from the Play Store. How do you know they are not malicious? Have you installed Android software from other sources than Play Store? Have you ever installed software downloaded from the Internet? Even reputable software repositories can contain software which has been modified with malicious intent. Do you always check the bundles’ signatures? How do you know your favourite web site has not been hacked and someone inserted some malicious code?
What you are basically saying is that since you are a careful driver you will never have an accident. But all of us know that the risk always exists.
