Kitz Forum
Announcements => News Articles => Topic started by: JGO on September 20, 2017, 09:17:28 AM
-
I've just seen a news item saying Manchester City Police are still using some computers on Windows XP ! shock horror !!
Is there any internet security risk with a computer not connected to the web or is the worry not security but non-conformity ? !
-
If any computer is not connected to the net then that is not a risk, however it is still at risk if it is connected to anything else or anyone is allowed to plug anything into it (USB stick, SD card, CD/DVD etc or an external HDD). If that cannot happen then I see no risk.
Stuart
-
Agreed - but this isn't peculiar to XP .
-
I frankly dont see what conformity has to do with it. If it runs the job they need without issue and is completely isolated then what problems are there? None that I see. If it works then dont fix it....
Stuart
-
If someone finds a way to cross the air gap (https://en.wikipedia.org/wiki/Air_gap_(networking)) you're likely buggered whatever.
-
A while back I was helping the police with some footage from my cctv cameras, and they asked if they could have a copy.
They give me a usb stick to put the video file on.
I wondered if my computer had been infected with a virus that was able to jump to the usb stick, then they plugged it in their computers, it might have caused a virus to jump to their computers.
Of course my computers are clean. But if they are giving usb sticks out to collect evidence, I've heard they are doing it more and more these days as more people have cctv and dashcam cameras, it opens the risk of a usb stick virus infection.
-
If someone finds a way to cross the air gap (https://en.wikipedia.org/wiki/Air_gap_(networking)) you're likely buggered whatever.
Yes but even running W10 you are not immune from that. Plus I suspect their XP system may well not be mission critical.
A while back I was helping the police with some footage from my cctv cameras, and they asked if they could have a copy.
They give me a usb stick to put the video file on.
I wondered if my computer had been infected with a virus that was able to jump to the usb stick, then they plugged it in their computers, it might have caused a virus to jump to their computers.
Of course my computers are clean. But if they are giving usb sticks out to collect evidence, I've heard they are doing it more and more these days as more people have cctv and dashcam cameras, it opens the risk of a usb stick virus infection.
There are ways of checking USB devices prior to plugging them into a mission critical system which I hope the Police would be using.
Stuart
-
I seem to recall that a lot of organisations (ie NHS) were still running XP due to software not being compatible to newer versions of windows. I think one of the things mentioned was software to run either MRI or CT scanners.
MS are currently continuing to support XP but only for those organisations who pay for the additional service.
The patch for the ransomware attack was apparently made available in March for those MS customers who were still paying for additional support. The same patch was released free to newer operating systems via the usual Windows Update.
Hopefully AV will protect from the usual viruses, the problem with wannacry is that it exploited a realatively new found bug (March > May) and as the first of its type which could actually spread, the virus definition pattern was not detected by most AVs. Wannacry was also able to avoid usual AV hueristic scanning, which is why some of us run the likes of CryptoPrevent in addition to AV. I think I posted a link earlier this year from the makers of CryptoPrevent which stated that it was able to detect and put a halt to wannacry. I guess in future the advanced AV suites will start including & implementing a specific ransomware detector as part of the package.
The organisation still using XP that surprised me most was Telefonica - because of the nature of their business, but there were a couple of overseas banks also caught out. :/
-
MS are currently continuing to support XP but only for those organisations who pay for the additional service.
The patch for the ransomware attack was apparently made available in March for those MS customers who were still paying for additional support. The same patch was released free to newer operating systems via the usual Windows Update.
Not correct as it was made available for all XP users. The only difference is that for those the Windows Update didn't pick it up and it needed to be installed manually https://www.microsoft.com/en-us/download/details.aspx?id=55245
This was dated 15th May 2017
They also issued a patch for Office 2003 at thec same time - I know as I installed both of them on my wife's computer just before a complete rebuild (which means a completely new machine with Windows 10 installed) and the XP machine consigned to a shelf as non of the components could be reused except the hard drive which actually wasn't needed as the new one had a 240GB SSD which more than met her requirements.
-
Using an up to date operating system is only "part" of security, its one single layer, usually one would expect in a proper security locked down situation to be many layers, its entirely possible e.g. a Windows XP system can be more harder to exploit than a Windows 10 system.
Whilst newer operating systems will have more "known" security vulnerabilities patched, they also have new features which are possible attack vectors, and not every single vulnerability gets patched, some might be not patched as they not known to the public and some will be 0 day.
In addition as mentioned XP is still supported if you willing to pay for the support, its "inclusive" support that has ended.
-
XP is still supported as "Windows Embedded POSReady 2009" which will continue to receive updates until April 9, 2019. See http://www.zdnet.com/article/registry-hack-enables-continued-updates-for-windows-xp/
-
Far too much media negativity about running old OS versions. I guess it's an easy topic on which journalists can declare themselves to be 'experts' without fear of being proven stupid.
I seem to recall, despite all the 'shock horror, windows XP' hype around the recent NHS ransom ware it turned out XP systems were immune to that attack, they weren't infected and they didn't propagate it. That was by accident rather than design, it was meant to hit XP, but it didn't work - but clearly, plenty of other vulnerable systems aside from XP...
-
It was the XP systems that were affected with the NHS.
-
It was the XP systems that were affected with the NHS.
Yes, the expert IT journalists told me that too. But never believe anything a journalist tells you, regardless of their proclaimed expertise. :)
https://www.theregister.co.uk/2017/05/31/windows_xp_probably_too_primitive_to_spread_wannacrypt/
-
It may not have spread it, but it was definitely the XP machines that were infected and caused most of the NHS issues. That's despite the fact that NHS digital sent the patch to all local NHS trusts 2 months prior. Having such a segmented computer system run by each local trust, for a National Health Service is a bit of a joke.
-
From El Reg
It doesn't mean that XP was mysteriously protected by its love of BSOD
XP was very stable and certainly not known for its love of BSOD. The whole reason XP was so popular was because of its stability and why it was continued to be used in preference to the later Vista. It was previous operating systems that got Windows the BSOD reputation.
Vista was a damp squib. I have several Vista reg keys somewhere that were never really used (Bought a Vista MC licence when ordering the hardware to build a media server. Vista MC did not play nice with some of the hardware and I eventually put XP on and it was fine. I also bought a Medion PC that came with Vista because it sold as a package cheaper than I could buy the hardware for and build myself. First thing I did was remove Vista and put XP on it.)
Windows XP with Service Pack 2 – No infection
Windows XP with Service Pack 3 – Random blue-screen of death (BSOD) but no infection
Windows 7 64 bit with Service Pack 1 – Infected after multiple attempts
Windows Server 2008 with Service Pack 1 – Could not replicate infection, but reported exploited
Yet the public at large saw XP machines with the ransomware screen. It's not just the NHS, but train announcement systems etc right in public view for all to see displaying the ransomware screen.
Have I missed something here, because if XP machines were supposedly not infected, then why were so many of them not in the BSOD cycle but instead proclaiming for all to see that they were locked down due to the WannaCry infection and demanding a ransom? :-\
-
I travel by train quite a lot, as do other folks I know. I have yet to meet anybody, at first hand, who I trust to speak the truth, and who spotted ransomware on a station display. By 'trust to speak the truth' I obviously exclude all journalists.
Also, put yourself in the shoes of the malware authors. All Software has bugs and vulnerabilities, and there is no reason to think that new software has any fewer bugs than software written a decade ago. There's always going to be a plentiful supply of nice juicy vulnerabilities in recent software, not yet reported in the field, be it Windows, Linux or Apple. If you were in it for the money, why focus on an ancient OS like XP when there are just as many vulnerabilities in newer versions of the OS, and far more people running these versions?
-
You may have a valid point as I havent really been tracking any new developments that much over the past couple of months. At the beginning it was assumed they were XP machines because thats what we were hearing about the NHS machines.
Kapersky has done a detailed breakdown of infected PCs - 98% of which were unpatched versions of Win7
(https://cdn.arstechnica.net/wp-content/uploads/2017/05/wcry-win7-800x465.jpg)
The full report by Kryptos can be viewed here (https://blog.kryptoslogic.com/malware/2017/05/29/two-weeks-later.html)
I've not read it all, only scanned, but just look how many of the infected PCs were from China :o :o
I can't help but wonder if there is some sort of link there. China is massively infamous for using pirated versions of Windows therefore less likely to have Win updates installed despite the patch being released several months earlier.
-
98% of which were unpatched versions of Win7
Ah yes, unpatched. I am certainly ready to believe that some big organisations may well be not up to date with patches. But with that I can sympathise.
When I worked for a living, as a software developer, there was often an ongoing battle between IT departments that wanted to use their admin privileges to enforce updates, and developers finding ever more creative ways to stop the updates from installing. ::)
For we all knew perfectly well the havoc that a flawed update can cause, especially on a critical day such as when a major release build was in progress. Of course we understood the risks and would generally try the updates at some later point. I can equally well imagine a less techie office manager, who's suffered in the past from a disastrous update, being reluctant to let them happen again...