Comment by mubou
9 days ago
No, in XP you were essentially logged in as root 24/7 (assuming it was your machine), and any program -- including your browser -- was running as root too. I remember watching a talk about how stupidly easy it was to write rootkits for XP. "Drive-by viruses" were a thing, where a website could literally install a rootkit on your machine just by visiting it (usually taking advantage of some exploit in flash, java, or adobe reader). Vista flipped it, by disabling the admin account, so that in order to do something as admin you needed to "sudo" first. That alone put a stop to tons of viruses.
I used to work in the security team at a financial institution that was still running XP until around 2017.
We got to a point around 2015 where drive-by exploit kit developers just weren't targeting XP and IE8 anymore. Phishing landing pages would roll through all the payloads they had and silently exit.