Security holes with Windows XP after April 8

Posted on 2014-03-12
Last Modified: 2014-05-01
A client has a WinXP computer running an obsolete program he needs for his business and can't easily replace. He wants to keep using this machine for that purpose only past April 8. While he won't surf the net, the computer and program is used primarily from his home office via Logmein. He does also need to use it in person in the office.

Question: how (in)secure is this? I've told him if it is not used on the Internet he would be safe. If the only active connection is a Logmein connection, does that give him any security?

Thank you.
Question by:Bruce Corson
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
  • 2
  • +1
LVL 18

Accepted Solution

web_tracker earned 400 total points
ID: 39925388
You are right if the user will not be surfing the internet he should be pretty safe. But the truth is he is still connected to the internet, there small probability that someone could hack into the system since it is still connected online. The thing is this media hype is more over rated than it should be after all Microsoft is trying to scare people into buying a new operating system. There are thousands of computers if not millions, who do not install the regular updates and have not been installing the updates for years, yet they have not been infected. Just because M$ will not be creating any more updates to patch the holes in their operating system I am not going to say the system is no longer safe to use.

I would make sure that your friend keeps his firewall turned on and have a good antivirus application installed and updated regularly and I think your friend should probably be okay.
LVL 92

Assisted Solution

nobus earned 50 total points
ID: 39926058
just for your info :
all my friends - where i installed XP SP3 on - i disabled the updates, and never had a problem
it is very rare (though possible) that a normal user get's infected.
but then -  he can get infected - even on a win7 system, so protection is never 100%

what you best do is ensure you have a working SP3 system(i would use a fresh install + all programs) - then make an image of this -  in case you run into problems.
then you can easily return to a working system.

even better : buy a second disk drive, and image the disk to that one -  then you have only to switch disk drives! - up and running in 10 minutes max.
LVL 29

Assisted Solution

serialband earned 50 total points
ID: 39926958
I mostly agree with nobus.

If he's not surfing the net or using email on that system, he'll be mostly safe.  Most modern infections require users to install them.  The modern OS has the systems locked down tighter than it once was.  Logmein is only as secure as the SSL implementation that it uses.  As long as he keeps that updated, he should be secure enough.

If they surf the internet with javascript, java, and/or flash plugins turned on, they may already infected.  If they download "warez", they're certainly infected.  It really depends on their level of activity and the kind of sites they visit.  Most people don't visit the "iffy" sites, so you're right that normal people don't usually get infected.  The modern trojans and viruses try to be less "intrusive" to remain active for much longer.  I've found viruses on people's systems quietly sending out packets, but the user never noticed any slowdown.  These days, the slowdowns happen when there are multiple infections competing for the same resources.  It's now a money making process, so they want to keep as many of those systems running as possible.  The infections are very low profile now.  A single vendor's virus scanner isn't sufficient to catch everything.

At larger corporations, you have security teams that scan the systems and they frequently catch systems as they get infected and identify them to the local group admins.  The users never even know they've been infected and the systems frequently show no symptoms, other than the packets detected by the security team.  5 years ago, that wouldn't quite be the case.  Now that we have multiprocessor and multicore systems, a single virus or trojan isn't going to take down your system anymore.  They're still mostly single processor programs, and on a 16 GB multithreaded quad core system, the virus won't even register a blip in CPU & RAM usage anymore.  They're also powerful enough that they don't need to write data to disk much.  There's plenty of RAM to play around in.  They can also detect when users are on the console and sleep.

There may be many viruses, trojans, and worms that are not detectable by modern virus scanners.  Flame, the precursor to stuxnet, was largely undetected for a few years.  Just because your virus scanner says it's clean, doesn't mean that it is.

The old 90s viruses had the goal of disabling your system.  That's no longer the case anymore.  You can be infected now and just not know it.  The ones that cause problems now are usually older types that still exists and the virus scanners can catch those.  The newer stealthier infections may not be detectable for many years.  That may be just fine for most people if youtube or the online game continues to run.  Ignorance can be Bliss.
Migrating Your Company's PCs

To keep pace with competitors, businesses must keep employees productive, and that means providing them with the latest technology. This document provides the tips and tricks you need to help you migrate an outdated PC fleet to new desktops, laptops, and tablets.

LVL 92

Expert Comment

ID: 39926982
serialband,  good info, thanks.
how do you detect  if people's systems quietly sending out packets?
LVL 29

Expert Comment

ID: 39927561
You'd need an IPS or IDS at the border, basically a 2nd device that's dedicated to detecting them.  They're usually expensive and you'd also need someone to observe the logs and messages.  It's not a panacea, as evidenced by the Flame trojan.  It's why most home users still get infected more frequently.  It's either not affordable, or requires technical expertise, or both.

It's only really necessary if they visit non-major sites or if they visit the major sites after a major problem.  Usually, the big sites like CNN, or Facebook, etc... detect problems very quickly.  You're not likely to get infected by them.  I don't find it necessary to scan peoples systems if that's all they do.  It's frequently the same people that get infected over & over.  Fortunately, they aren't the majority.  If they have a history of getting viruses or being trojaned, those are the ones you have to  keep an eye on.

I worked at a place where the security group sends out a notification for the local group admins to check whenever infected systems got on the corporate network.  It was frequently home systems that got brought in for the day.  I'd only really worry if the user visits porn & "warez" sites with all their javascript, java, and flash plugins enabled.  It's why I also tell people to find the original source author's download site rather than download aggregators, especially happy puppy, an old "warez' site.  There's a "sysadmin" that I once worked with that loved downloading from them and kept getting infected.  The security group sent our group emails about his systems.  We were required to run virus scans through group policy, but the scans didn't detect them, so he was forced to reinstall or be blocked by the network group.  When I started, I uninstalled all the cracked warez he put on the systems and replaced them with legally purchased and open source products and made it a policy in the group.  The guy was/is a character.

The best bet is to prevent it is by not visiting those sites and by installing flashblock, adblock plus, and https everywhere on firefox.  If the user is also technically savvy enough (e.g. can read those error messages and use search engines properly), I'd also install noscript.  You're still not going to catch everything, but it goes a long way in prevention.

Security is a process, not a product.
LVL 92

Expert Comment

ID: 39928575
you're barking up my tree - exactly what i think

Author Closing Comment

by:Bruce Corson
ID: 39928794
I gave most points to web-tracker because his answer was what I needed, but I gave points to others as well because it was a great conversation from which I learned a lot. Thank you to all.
LVL 18

Expert Comment

ID: 39930167
Thanks for awarding me the points, I was glad to help.
LVL 29

Expert Comment

ID: 40035892

Featured Post

Forrester Webinar: xMatters Delivers 261% ROI

Guest speaker Dean Davison, Forrester Principal Consultant, explains how a Fortune 500 communication company using xMatters found these results: Achieved a 261% ROI, Experienced $753,280 in net present value benefits over 3 years and Reduced MTTR by 91% for tier 1 incidents.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Workplace bullying has increased with the use of email and social media. Retain evidence of this with email archiving to protect your employees.
In this article, you will read about the trends across the human resources departments for the upcoming year. Some of them include improving employee experience, adopting new technologies, using HR software to its full extent, and integrating artifi…
This is used to tweak the memory usage for your computer, it is used for servers more so than workstations but just be careful editing registry settings as it may cause irreversible results. I hold no responsibility for anything you do to the regist…
Finding and deleting duplicate (picture) files can be a time consuming task. My wife and I, our three kids and their families all share one dilemma: Managing our pictures. Between desktops, laptops, phones, tablets, and cameras; over the last decade…

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question