• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 351
  • Last Modified:

Security holes with Windows XP after April 8

A client has a WinXP computer running an obsolete program he needs for his business and can't easily replace. He wants to keep using this machine for that purpose only past April 8. While he won't surf the net, the computer and program is used primarily from his home office via Logmein. He does also need to use it in person in the office.

Question: how (in)secure is this? I've told him if it is not used on the Internet he would be safe. If the only active connection is a Logmein connection, does that give him any security?

Thank you.
0
Bruce Corson
Asked:
Bruce Corson
  • 3
  • 3
  • 2
  • +1
3 Solutions
 
web_trackerCommented:
You are right if the user will not be surfing the internet he should be pretty safe. But the truth is he is still connected to the internet, there small probability that someone could hack into the system since it is still connected online. The thing is this media hype is more over rated than it should be after all Microsoft is trying to scare people into buying a new operating system. There are thousands of computers if not millions, who do not install the regular updates and have not been installing the updates for years, yet they have not been infected. Just because M$ will not be creating any more updates to patch the holes in their operating system I am not going to say the system is no longer safe to use.

I would make sure that your friend keeps his firewall turned on and have a good antivirus application installed and updated regularly and I think your friend should probably be okay.
0
 
nobusCommented:
just for your info :
all my friends - where i installed XP SP3 on - i disabled the updates, and never had a problem
it is very rare (though possible) that a normal user get's infected.
but then -  he can get infected - even on a win7 system, so protection is never 100%

what you best do is ensure you have a working SP3 system(i would use a fresh install + all programs) - then make an image of this -  in case you run into problems.
then you can easily return to a working system.

even better : buy a second disk drive, and image the disk to that one -  then you have only to switch disk drives! - up and running in 10 minutes max.
0
 
serialbandCommented:
I mostly agree with nobus.

If he's not surfing the net or using email on that system, he'll be mostly safe.  Most modern infections require users to install them.  The modern OS has the systems locked down tighter than it once was.  Logmein is only as secure as the SSL implementation that it uses.  As long as he keeps that updated, he should be secure enough.



@nobus
If they surf the internet with javascript, java, and/or flash plugins turned on, they may already infected.  If they download "warez", they're certainly infected.  It really depends on their level of activity and the kind of sites they visit.  Most people don't visit the "iffy" sites, so you're right that normal people don't usually get infected.  The modern trojans and viruses try to be less "intrusive" to remain active for much longer.  I've found viruses on people's systems quietly sending out packets, but the user never noticed any slowdown.  These days, the slowdowns happen when there are multiple infections competing for the same resources.  It's now a money making process, so they want to keep as many of those systems running as possible.  The infections are very low profile now.  A single vendor's virus scanner isn't sufficient to catch everything.

At larger corporations, you have security teams that scan the systems and they frequently catch systems as they get infected and identify them to the local group admins.  The users never even know they've been infected and the systems frequently show no symptoms, other than the packets detected by the security team.  5 years ago, that wouldn't quite be the case.  Now that we have multiprocessor and multicore systems, a single virus or trojan isn't going to take down your system anymore.  They're still mostly single processor programs, and on a 16 GB multithreaded quad core system, the virus won't even register a blip in CPU & RAM usage anymore.  They're also powerful enough that they don't need to write data to disk much.  There's plenty of RAM to play around in.  They can also detect when users are on the console and sleep.

There may be many viruses, trojans, and worms that are not detectable by modern virus scanners.  Flame, the precursor to stuxnet, was largely undetected for a few years.  Just because your virus scanner says it's clean, doesn't mean that it is.

The old 90s viruses had the goal of disabling your system.  That's no longer the case anymore.  You can be infected now and just not know it.  The ones that cause problems now are usually older types that still exists and the virus scanners can catch those.  The newer stealthier infections may not be detectable for many years.  That may be just fine for most people if youtube or the online game continues to run.  Ignorance can be Bliss.
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
nobusCommented:
serialband,  good info, thanks.
how do you detect  if people's systems quietly sending out packets?
0
 
serialbandCommented:
You'd need an IPS or IDS at the border, basically a 2nd device that's dedicated to detecting them.  They're usually expensive and you'd also need someone to observe the logs and messages.  It's not a panacea, as evidenced by the Flame trojan.  It's why most home users still get infected more frequently.  It's either not affordable, or requires technical expertise, or both.

It's only really necessary if they visit non-major sites or if they visit the major sites after a major problem.  Usually, the big sites like CNN, or Facebook, etc... detect problems very quickly.  You're not likely to get infected by them.  I don't find it necessary to scan peoples systems if that's all they do.  It's frequently the same people that get infected over & over.  Fortunately, they aren't the majority.  If they have a history of getting viruses or being trojaned, those are the ones you have to  keep an eye on.

I worked at a place where the security group sends out a notification for the local group admins to check whenever infected systems got on the corporate network.  It was frequently home systems that got brought in for the day.  I'd only really worry if the user visits porn & "warez" sites with all their javascript, java, and flash plugins enabled.  It's why I also tell people to find the original source author's download site rather than download aggregators, especially happy puppy, an old "warez' site.  There's a "sysadmin" that I once worked with that loved downloading from them and kept getting infected.  The security group sent our group emails about his systems.  We were required to run virus scans through group policy, but the scans didn't detect them, so he was forced to reinstall or be blocked by the network group.  When I started, I uninstalled all the cracked warez he put on the systems and replaced them with legally purchased and open source products and made it a policy in the group.  The guy was/is a character.

The best bet is to prevent it is by not visiting those sites and by installing flashblock, adblock plus, and https everywhere on firefox.  If the user is also technically savvy enough (e.g. can read those error messages and use search engines properly), I'd also install noscript.  You're still not going to catch everything, but it goes a long way in prevention.


Security is a process, not a product.
0
 
nobusCommented:
you're barking up my tree - exactly what i think
0
 
Bruce CorsonAuthor Commented:
I gave most points to web-tracker because his answer was what I needed, but I gave points to others as well because it was a great conversation from which I learned a lot. Thank you to all.
0
 
web_trackerCommented:
Thanks for awarding me the points, I was glad to help.
0
 
serialbandCommented:
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

  • 3
  • 3
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now