[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now


Security holes with Windows XP after April 8

Posted on 2014-03-12
Medium Priority
Last Modified: 2014-05-01
A client has a WinXP computer running an obsolete program he needs for his business and can't easily replace. He wants to keep using this machine for that purpose only past April 8. While he won't surf the net, the computer and program is used primarily from his home office via Logmein. He does also need to use it in person in the office.

Question: how (in)secure is this? I've told him if it is not used on the Internet he would be safe. If the only active connection is a Logmein connection, does that give him any security?

Thank you.
Question by:Bruce Corson
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
  • 2
  • +1
LVL 18

Accepted Solution

web_tracker earned 1600 total points
ID: 39925388
You are right if the user will not be surfing the internet he should be pretty safe. But the truth is he is still connected to the internet, there small probability that someone could hack into the system since it is still connected online. The thing is this media hype is more over rated than it should be after all Microsoft is trying to scare people into buying a new operating system. There are thousands of computers if not millions, who do not install the regular updates and have not been installing the updates for years, yet they have not been infected. Just because M$ will not be creating any more updates to patch the holes in their operating system I am not going to say the system is no longer safe to use.

I would make sure that your friend keeps his firewall turned on and have a good antivirus application installed and updated regularly and I think your friend should probably be okay.
LVL 93

Assisted Solution

nobus earned 200 total points
ID: 39926058
just for your info :
all my friends - where i installed XP SP3 on - i disabled the updates, and never had a problem
it is very rare (though possible) that a normal user get's infected.
but then -  he can get infected - even on a win7 system, so protection is never 100%

what you best do is ensure you have a working SP3 system(i would use a fresh install + all programs) - then make an image of this -  in case you run into problems.
then you can easily return to a working system.

even better : buy a second disk drive, and image the disk to that one -  then you have only to switch disk drives! - up and running in 10 minutes max.
LVL 30

Assisted Solution

serialband earned 200 total points
ID: 39926958
I mostly agree with nobus.

If he's not surfing the net or using email on that system, he'll be mostly safe.  Most modern infections require users to install them.  The modern OS has the systems locked down tighter than it once was.  Logmein is only as secure as the SSL implementation that it uses.  As long as he keeps that updated, he should be secure enough.

If they surf the internet with javascript, java, and/or flash plugins turned on, they may already infected.  If they download "warez", they're certainly infected.  It really depends on their level of activity and the kind of sites they visit.  Most people don't visit the "iffy" sites, so you're right that normal people don't usually get infected.  The modern trojans and viruses try to be less "intrusive" to remain active for much longer.  I've found viruses on people's systems quietly sending out packets, but the user never noticed any slowdown.  These days, the slowdowns happen when there are multiple infections competing for the same resources.  It's now a money making process, so they want to keep as many of those systems running as possible.  The infections are very low profile now.  A single vendor's virus scanner isn't sufficient to catch everything.

At larger corporations, you have security teams that scan the systems and they frequently catch systems as they get infected and identify them to the local group admins.  The users never even know they've been infected and the systems frequently show no symptoms, other than the packets detected by the security team.  5 years ago, that wouldn't quite be the case.  Now that we have multiprocessor and multicore systems, a single virus or trojan isn't going to take down your system anymore.  They're still mostly single processor programs, and on a 16 GB multithreaded quad core system, the virus won't even register a blip in CPU & RAM usage anymore.  They're also powerful enough that they don't need to write data to disk much.  There's plenty of RAM to play around in.  They can also detect when users are on the console and sleep.

There may be many viruses, trojans, and worms that are not detectable by modern virus scanners.  Flame, the precursor to stuxnet, was largely undetected for a few years.  Just because your virus scanner says it's clean, doesn't mean that it is.

The old 90s viruses had the goal of disabling your system.  That's no longer the case anymore.  You can be infected now and just not know it.  The ones that cause problems now are usually older types that still exists and the virus scanners can catch those.  The newer stealthier infections may not be detectable for many years.  That may be just fine for most people if youtube or the online game continues to run.  Ignorance can be Bliss.
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

LVL 93

Expert Comment

ID: 39926982
serialband,  good info, thanks.
how do you detect  if people's systems quietly sending out packets?
LVL 30

Expert Comment

ID: 39927561
You'd need an IPS or IDS at the border, basically a 2nd device that's dedicated to detecting them.  They're usually expensive and you'd also need someone to observe the logs and messages.  It's not a panacea, as evidenced by the Flame trojan.  It's why most home users still get infected more frequently.  It's either not affordable, or requires technical expertise, or both.

It's only really necessary if they visit non-major sites or if they visit the major sites after a major problem.  Usually, the big sites like CNN, or Facebook, etc... detect problems very quickly.  You're not likely to get infected by them.  I don't find it necessary to scan peoples systems if that's all they do.  It's frequently the same people that get infected over & over.  Fortunately, they aren't the majority.  If they have a history of getting viruses or being trojaned, those are the ones you have to  keep an eye on.

I worked at a place where the security group sends out a notification for the local group admins to check whenever infected systems got on the corporate network.  It was frequently home systems that got brought in for the day.  I'd only really worry if the user visits porn & "warez" sites with all their javascript, java, and flash plugins enabled.  It's why I also tell people to find the original source author's download site rather than download aggregators, especially happy puppy, an old "warez' site.  There's a "sysadmin" that I once worked with that loved downloading from them and kept getting infected.  The security group sent our group emails about his systems.  We were required to run virus scans through group policy, but the scans didn't detect them, so he was forced to reinstall or be blocked by the network group.  When I started, I uninstalled all the cracked warez he put on the systems and replaced them with legally purchased and open source products and made it a policy in the group.  The guy was/is a character.

The best bet is to prevent it is by not visiting those sites and by installing flashblock, adblock plus, and https everywhere on firefox.  If the user is also technically savvy enough (e.g. can read those error messages and use search engines properly), I'd also install noscript.  You're still not going to catch everything, but it goes a long way in prevention.

Security is a process, not a product.
LVL 93

Expert Comment

ID: 39928575
you're barking up my tree - exactly what i think

Author Closing Comment

by:Bruce Corson
ID: 39928794
I gave most points to web-tracker because his answer was what I needed, but I gave points to others as well because it was a great conversation from which I learned a lot. Thank you to all.
LVL 18

Expert Comment

ID: 39930167
Thanks for awarding me the points, I was glad to help.
LVL 30

Expert Comment

ID: 40035892

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Developer portfolios can be a bit of an enigma—how do you present yourself to employers without burying them in lines of code?  A modern portfolio is more than just work samples, it’s also a statement of how you work.
Have you ever run into that annoying problem where the computer won't boot?  Wouldn't it be great if you had a tool that would make that disk boot again?  I have found one tool that works more often than not ...
Viewers will learn how to use the Hootsuite Dashboard.
The viewer will learn how to successfully download and install the SARDU utility on Windows 7, without downloading adware.

649 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question