Kitz ADSL Broadband Information
adsl spacer  
Support this site
Home Broadband ISPs Tech Routers Wiki Forum
 
     
   Compare ISP   Rate your ISP
   Glossary   Glossary
 
Please login or register.

Login with username, password and session length
Advanced search  

News:

Pages: [1] 2

Author Topic: Security or Brainwashing ?  (Read 3888 times)

JGO

  • Reg Member
  • ***
  • Posts: 729
Security or Brainwashing ?
« on: September 20, 2017, 09:17:28 AM »

I've just seen a news item saying Manchester City Police are still using some computers on Windows XP !  shock horror !!

Is there any internet security risk with a computer not connected to the web or is the worry not security but non-conformity ? ! 
Logged

broadstairs

  • Kitizen
  • ****
  • Posts: 3697
Re: Security or Brainwashing ?
« Reply #1 on: September 20, 2017, 09:23:19 AM »

If any computer is not connected to the net then that is not a risk, however it is still at risk if it is connected to anything else or anyone is allowed to plug anything into it (USB stick, SD card, CD/DVD etc or an external HDD). If that cannot happen then I see no risk.

Stuart
Logged
ISP:Vodafone Router:Vodafone Wi-Fi hub FTTP

JGO

  • Reg Member
  • ***
  • Posts: 729
Re: Security or Brainwashing ?
« Reply #2 on: September 20, 2017, 10:15:18 AM »

Agreed - but this isn't peculiar to XP .
Logged

broadstairs

  • Kitizen
  • ****
  • Posts: 3697
Re: Security or Brainwashing ?
« Reply #3 on: September 20, 2017, 10:19:38 AM »

I frankly dont see what conformity has to do with it. If it runs the job they need without issue and is completely isolated then what problems are there? None that I see. If it works then dont fix it....

Stuart
Logged
ISP:Vodafone Router:Vodafone Wi-Fi hub FTTP

niemand

  • Kitizen
  • ****
  • Posts: 1836
Re: Security or Brainwashing ?
« Reply #4 on: September 20, 2017, 11:29:59 AM »

If someone finds a way to cross the air gap you're likely buggered whatever.
Logged

Bowdon

  • Content Team
  • Kitizen
  • *
  • Posts: 2395
Re: Security or Brainwashing ?
« Reply #5 on: September 20, 2017, 11:51:28 AM »

A while back I was helping the police with some footage from my cctv cameras, and they asked if they could have a copy.

They give me a usb stick to put the video file on.

I wondered if my computer had been infected with a virus that was able to jump to the usb stick, then they plugged it in their computers, it might have caused a virus to jump to their computers.

Of course my computers are clean. But if they are giving usb sticks out to collect evidence, I've heard they are doing it more and more these days as more people have cctv and dashcam cameras, it opens the risk of a usb stick virus infection.
Logged
BT Full Fibre 500 - Smart Hub 2

broadstairs

  • Kitizen
  • ****
  • Posts: 3697
Re: Security or Brainwashing ?
« Reply #6 on: September 20, 2017, 12:08:21 PM »

If someone finds a way to cross the air gap you're likely buggered whatever.

Yes but even running W10 you are not immune from that. Plus I suspect their XP system may well not be mission critical.

A while back I was helping the police with some footage from my cctv cameras, and they asked if they could have a copy.

They give me a usb stick to put the video file on.

I wondered if my computer had been infected with a virus that was able to jump to the usb stick, then they plugged it in their computers, it might have caused a virus to jump to their computers.

Of course my computers are clean. But if they are giving usb sticks out to collect evidence, I've heard they are doing it more and more these days as more people have cctv and dashcam cameras, it opens the risk of a usb stick virus infection.

There are ways of checking USB devices prior to plugging them into a mission critical system which I hope the Police would be using.

Stuart
Logged
ISP:Vodafone Router:Vodafone Wi-Fi hub FTTP

kitz

  • Administrator
  • Senior Kitizen
  • *
  • Posts: 33881
  • Trinity: Most guys do.
    • http://www.kitz.co.uk
Re: Security or Brainwashing ?
« Reply #7 on: September 20, 2017, 01:00:07 PM »

I seem to recall that a lot of organisations (ie NHS) were still running XP due to software not being compatible to newer versions of windows.  I think one of the things mentioned was software to run either MRI or CT scanners.


MS are currently continuing to support XP but only for those organisations who pay for the additional service.
The patch for the ransomware attack was apparently made available in March for those MS customers who were still paying for additional support.  The same patch was released free to newer operating systems via the usual Windows Update.

Hopefully AV will protect from the usual viruses, the problem with wannacry is that it exploited a realatively new found bug (March > May) and as the first of its type which could actually spread, the virus definition pattern was not detected by most AVs.  Wannacry was also able to avoid usual AV hueristic scanning, which is why some of us run the likes of CryptoPrevent in addition to AV. I think I posted a link earlier this year from the makers of CryptoPrevent which stated that it was able to detect and put a halt to wannacry.   I guess in future the advanced AV suites will start including & implementing a specific ransomware detector as part of the package.     

The organisation still using XP that surprised me most was Telefonica - because of the nature of their business, but there were a couple of overseas banks also caught out. :/   
Logged
Please do not PM me with queries for broadband help as I may not be able to respond.
-----
How to get your router line stats :: ADSL Exchange Checker

Oldjim

  • Reg Member
  • ***
  • Posts: 242
Re: Security or Brainwashing ?
« Reply #8 on: September 20, 2017, 01:30:46 PM »

Quote
MS are currently continuing to support XP but only for those organisations who pay for the additional service.
The patch for the ransomware attack was apparently made available in March for those MS customers who were still paying for additional support.  The same patch was released free to newer operating systems via the usual Windows Update.
Not correct as it was made available for all XP users. The only difference is that for those the Windows Update didn't pick it up and it needed to be installed manually https://www.microsoft.com/en-us/download/details.aspx?id=55245
This was dated 15th May 2017
They also issued a patch for Office 2003 at thec same time - I know as I installed both of them on my wife's computer just before a complete rebuild (which means a completely new machine with Windows 10 installed) and the XP machine consigned to a shelf as non of the components could be reused except the hard drive which actually wasn't needed as the new one had a 240GB SSD which more than met her requirements.
« Last Edit: September 20, 2017, 01:37:55 PM by Oldjim »
Logged
Jim
Plusnet

Chrysalis

  • Content Team
  • Addicted Kitizen
  • *
  • Posts: 7382
  • VM Gig1 - AAISP L2TP
Re: Security or Brainwashing ?
« Reply #9 on: September 20, 2017, 05:53:35 PM »

Using an up to date operating system is only "part" of security, its one single layer, usually one would expect in a proper security locked down situation to be many layers, its entirely possible e.g. a Windows XP system can be more harder to exploit than a Windows 10 system.

Whilst newer operating systems will have more "known" security vulnerabilities patched, they also have new features which are possible attack vectors, and not every single vulnerability gets patched, some might be not patched as they not known to the public and some will be 0 day.

In addition as mentioned XP is still supported if you willing to pay for the support, its "inclusive" support that has ended.
Logged

Dray

  • Kitizen
  • ****
  • Posts: 2361
Re: Security or Brainwashing ?
« Reply #10 on: September 20, 2017, 05:57:58 PM »

XP is still supported as "Windows Embedded POSReady 2009" which will continue to receive updates until April 9, 2019. See http://www.zdnet.com/article/registry-hack-enables-continued-updates-for-windows-xp/
Logged

sevenlayermuddle

  • Helpful
  • Addicted Kitizen
  • *
  • Posts: 5369
Re: Security or Brainwashing ?
« Reply #11 on: September 20, 2017, 06:48:48 PM »

Far too much media negativity about running old OS versions.   I guess it's an easy topic on which journalists can declare themselves to be 'experts' without fear of being proven stupid.

I seem to recall, despite all the 'shock horror, windows XP' hype around the recent NHS ransom ware it turned out XP systems were immune to that attack, they weren't infected and they didn't propagate it.   That was by accident rather than design, it was meant to hit XP, but it didn't work - but clearly, plenty of other vulnerable systems aside from XP...
Logged

j0hn

  • Kitizen
  • ****
  • Posts: 4093
Re: Security or Brainwashing ?
« Reply #12 on: September 20, 2017, 07:32:42 PM »

It was the XP systems that were affected with the NHS.
Logged
Talktalk FTTP 550/75 - Speedtest - BQM

sevenlayermuddle

  • Helpful
  • Addicted Kitizen
  • *
  • Posts: 5369
Re: Security or Brainwashing ?
« Reply #13 on: September 20, 2017, 08:12:19 PM »

It was the XP systems that were affected with the NHS.

Yes, the expert IT journalists told me that too.   But never believe anything a journalist tells you, regardless of their proclaimed expertise.   :)

https://www.theregister.co.uk/2017/05/31/windows_xp_probably_too_primitive_to_spread_wannacrypt/
Logged

j0hn

  • Kitizen
  • ****
  • Posts: 4093
Re: Security or Brainwashing ?
« Reply #14 on: September 20, 2017, 10:42:08 PM »

It may not have spread it, but it was definitely the XP machines that were infected and caused most of the NHS issues. That's despite the fact that NHS digital sent the patch to all local NHS trusts 2 months prior. Having such a segmented computer system run by each local trust, for a National Health Service is a bit of a joke.
Logged
Talktalk FTTP 550/75 - Speedtest - BQM
Pages: [1] 2
 

anything