Solved

Security holes with Windows XP after April 8

Posted on 2014-03-12
9
340 Views
Last Modified: 2014-05-01
A client has a WinXP computer running an obsolete program he needs for his business and can't easily replace. He wants to keep using this machine for that purpose only past April 8. While he won't surf the net, the computer and program is used primarily from his home office via Logmein. He does also need to use it in person in the office.

Question: how (in)secure is this? I've told him if it is not used on the Internet he would be safe. If the only active connection is a Logmein connection, does that give him any security?

Thank you.
0
Comment
Question by:Bruce Corson
  • 3
  • 3
  • 2
  • +1
9 Comments
 
LVL 18

Accepted Solution

by:
web_tracker earned 400 total points
ID: 39925388
You are right if the user will not be surfing the internet he should be pretty safe. But the truth is he is still connected to the internet, there small probability that someone could hack into the system since it is still connected online. The thing is this media hype is more over rated than it should be after all Microsoft is trying to scare people into buying a new operating system. There are thousands of computers if not millions, who do not install the regular updates and have not been installing the updates for years, yet they have not been infected. Just because M$ will not be creating any more updates to patch the holes in their operating system I am not going to say the system is no longer safe to use.

I would make sure that your friend keeps his firewall turned on and have a good antivirus application installed and updated regularly and I think your friend should probably be okay.
0
 
LVL 91

Assisted Solution

by:nobus
nobus earned 50 total points
ID: 39926058
just for your info :
all my friends - where i installed XP SP3 on - i disabled the updates, and never had a problem
it is very rare (though possible) that a normal user get's infected.
but then -  he can get infected - even on a win7 system, so protection is never 100%

what you best do is ensure you have a working SP3 system(i would use a fresh install + all programs) - then make an image of this -  in case you run into problems.
then you can easily return to a working system.

even better : buy a second disk drive, and image the disk to that one -  then you have only to switch disk drives! - up and running in 10 minutes max.
0
 
LVL 27

Assisted Solution

by:serialband
serialband earned 50 total points
ID: 39926958
I mostly agree with nobus.

If he's not surfing the net or using email on that system, he'll be mostly safe.  Most modern infections require users to install them.  The modern OS has the systems locked down tighter than it once was.  Logmein is only as secure as the SSL implementation that it uses.  As long as he keeps that updated, he should be secure enough.



@nobus
If they surf the internet with javascript, java, and/or flash plugins turned on, they may already infected.  If they download "warez", they're certainly infected.  It really depends on their level of activity and the kind of sites they visit.  Most people don't visit the "iffy" sites, so you're right that normal people don't usually get infected.  The modern trojans and viruses try to be less "intrusive" to remain active for much longer.  I've found viruses on people's systems quietly sending out packets, but the user never noticed any slowdown.  These days, the slowdowns happen when there are multiple infections competing for the same resources.  It's now a money making process, so they want to keep as many of those systems running as possible.  The infections are very low profile now.  A single vendor's virus scanner isn't sufficient to catch everything.

At larger corporations, you have security teams that scan the systems and they frequently catch systems as they get infected and identify them to the local group admins.  The users never even know they've been infected and the systems frequently show no symptoms, other than the packets detected by the security team.  5 years ago, that wouldn't quite be the case.  Now that we have multiprocessor and multicore systems, a single virus or trojan isn't going to take down your system anymore.  They're still mostly single processor programs, and on a 16 GB multithreaded quad core system, the virus won't even register a blip in CPU & RAM usage anymore.  They're also powerful enough that they don't need to write data to disk much.  There's plenty of RAM to play around in.  They can also detect when users are on the console and sleep.

There may be many viruses, trojans, and worms that are not detectable by modern virus scanners.  Flame, the precursor to stuxnet, was largely undetected for a few years.  Just because your virus scanner says it's clean, doesn't mean that it is.

The old 90s viruses had the goal of disabling your system.  That's no longer the case anymore.  You can be infected now and just not know it.  The ones that cause problems now are usually older types that still exists and the virus scanners can catch those.  The newer stealthier infections may not be detectable for many years.  That may be just fine for most people if youtube or the online game continues to run.  Ignorance can be Bliss.
0
 
LVL 91

Expert Comment

by:nobus
ID: 39926982
serialband,  good info, thanks.
how do you detect  if people's systems quietly sending out packets?
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 27

Expert Comment

by:serialband
ID: 39927561
You'd need an IPS or IDS at the border, basically a 2nd device that's dedicated to detecting them.  They're usually expensive and you'd also need someone to observe the logs and messages.  It's not a panacea, as evidenced by the Flame trojan.  It's why most home users still get infected more frequently.  It's either not affordable, or requires technical expertise, or both.

It's only really necessary if they visit non-major sites or if they visit the major sites after a major problem.  Usually, the big sites like CNN, or Facebook, etc... detect problems very quickly.  You're not likely to get infected by them.  I don't find it necessary to scan peoples systems if that's all they do.  It's frequently the same people that get infected over & over.  Fortunately, they aren't the majority.  If they have a history of getting viruses or being trojaned, those are the ones you have to  keep an eye on.

I worked at a place where the security group sends out a notification for the local group admins to check whenever infected systems got on the corporate network.  It was frequently home systems that got brought in for the day.  I'd only really worry if the user visits porn & "warez" sites with all their javascript, java, and flash plugins enabled.  It's why I also tell people to find the original source author's download site rather than download aggregators, especially happy puppy, an old "warez' site.  There's a "sysadmin" that I once worked with that loved downloading from them and kept getting infected.  The security group sent our group emails about his systems.  We were required to run virus scans through group policy, but the scans didn't detect them, so he was forced to reinstall or be blocked by the network group.  When I started, I uninstalled all the cracked warez he put on the systems and replaced them with legally purchased and open source products and made it a policy in the group.  The guy was/is a character.

The best bet is to prevent it is by not visiting those sites and by installing flashblock, adblock plus, and https everywhere on firefox.  If the user is also technically savvy enough (e.g. can read those error messages and use search engines properly), I'd also install noscript.  You're still not going to catch everything, but it goes a long way in prevention.


Security is a process, not a product.
0
 
LVL 91

Expert Comment

by:nobus
ID: 39928575
you're barking up my tree - exactly what i think
0
 
LVL 1

Author Closing Comment

by:Bruce Corson
ID: 39928794
I gave most points to web-tracker because his answer was what I needed, but I gave points to others as well because it was a great conversation from which I learned a lot. Thank you to all.
0
 
LVL 18

Expert Comment

by:web_tracker
ID: 39930167
Thanks for awarding me the points, I was glad to help.
0
 
LVL 27

Expert Comment

by:serialband
ID: 40035892
0

Featured Post

Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

Join & Write a Comment

This article describes how to use the timestamp of existing data in a database to allow Tableau to calculate the prior work day instead of relying on case statements or if statements to calculate the days of the week.
The article will include the best Data Recovery Tools along with their Features, Capabilities, and their Download Links. Hope you’ll enjoy it and will choose the one as required by you.
This video demonstrates basic masking and how to edit the mask to reveal the desired image.
This video demonstrates how to use each tool, their shortcuts, where and when to use them, and how to use the keyboard to improve workflow.

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now