Many of you will have heard by now that Support for Windows XP Ends on April 8, 2014. Since then, many of the Business Customers I have talked to have moved, or are in the process of moving, their organizations from Windows XP to modern operating systems like Windows 7 or Windows 8. In fact, I have been helping two large organisations; Legal & General and Brighton & Hove Council do just that.
There is a sense of urgency because after April 8, Windows XP Service Pack 3 (SP3) customers will no longer receive new security updates, non-security hotfixes, or online technical content updates. This means that any new vulnerabilities discovered in Windows XP after its “end of life” will not be addressed by new security updates from Microsoft. Still, I have talked to some customers who, for one reason or another, will not have completely migrated from Windows XP before April 8. I have even talked to some customers that say they won’t migrate from Windows XP until the hardware it’s running on fails.
This of course is a major issue as the newer versions of Windows will mean in a large number of cases for Home Users a New PC as their old one just won’t be powerful enough to run Windows 7 or 8. For the majority of my Home Users and Small business Customers this is a valid argument, especially in the current financial climate. One important thing to note is that your computer will not stop working and providing you take all your usual precautions then your computer will continue working into the future.
But what is the risk of continuing to run Windows XP after its end of support date? One risk is that attackers will have the advantage over defenders who choose to run Windows XP because attackers will likely have more information about vulnerabilities in Windows XP than defenders. Let me explain why this will be the case.
When Microsoft releases a security update, security researchers and criminals will often times reverse engineer the security update in short order in an effort to identify the specific section of code that contains the vulnerability addressed by the update. Once they identify this vulnerability, they attempt to develop code that will allow them to exploit it on systems that do not have the security update installed on them. They also try to identify whether the vulnerability exists in other products with the same or similar functionality. For example, if a vulnerability is addressed in one version of Windows, researchers investigate whether other versions of Windows have the same vulnerability.
But after April 8, 2014, people that continue to run Windows XP won’t have this advantage over attackers any longer. The very first month that Microsoft releases security updates for supported versions of Windows, attackers will reverse engineer those updates, find the vulnerabilities and test Windows XP to see if it shares those vulnerabilities. If it does, attackers will attempt to develop exploit code that can take advantage of those vulnerabilities on Windows XP. Since a security update will never become available for Windows XP to address these vulnerabilities, Windows XP will essentially have a “zero day” vulnerability forever. How often could this scenario occur? Between July 2012 and July 2013 Windows XP was an affected product in 45 Microsoft security bulletins, of which 30 also affected Windows 7 and Windows 8.
Some of the people I have discussed this scenario with are quick to point out that there are security mitigations built into Windows XP that can make it harder for such exploits to be successful. There is also anti-virus software that can help block attacks and clean up infections if they occur. The challenge here is that you’ll never know, with any confidence, if the protection you have can actually be trusted because attackers will be armed with public knowledge of zero day exploits in Windows XP that could enable them to compromise the system and possibly run the code of their choice. Furthermore, can the system’s APIs that anti-virus software uses be trusted under these circumstances? For some customers, and to be honest most home users, this level of confidence in the integrity of their systems might be okay, but for Business Users this might not be acceptable.
As for the security mitigations that Windows XP Service Pack 3 has, they were state of the art when they were developed many years ago. But we can see from data published in the Microsoft Security Intelligence Report that the security mitigations built into Windows XP are no longer sufficient to blunt many of the modern day attacks we currently see. The data available on malware infection rates for Windows operating systems indicates that the infection rate for Windows XP is significantly higher than those for modern day operating systems like Windows 7 and Windows 8.
This new data shows us that the predominate threats that individuals and organizations face are now much different than they were when Windows XP Service Pack 3 was released. Turning on the Windows Firewall in Windows XP Service Pack 2 and later operating systems forced attackers to evolve their attacks. Rather than actively targeting remote services, attackers now primarily focus on exploiting vulnerabilities in client applications such as web browsers and document readers. If these are kept up to date then this will lessen the areas that are vulnerable.
In addition, attackers have refined their tools and techniques over the past decade to make them more effective at exploiting vulnerabilities. As a result, the security features that are built into Windows XP are no longer sufficient to defend against modern threats. It’s a bit like having a burglar alarm and going away for a few days and you have that nagging doubt that you might have left a window unlocked and until you get home you will never know if you are safe.
So you might ask am I updating my own systems and the answer is that yes, over the coming months I will be upgrading all my own systems to Windows 7. I have chosen this version of Windows over Version 8, because in my opinion it is far superior. Windows 8 is great if you have a Tablet PC or a Touch Screen but for most people who don’t they will find it unwieldy and somewhat annoying. Windows 8 can be reset to be more like Windows 7 – with a start button for instance, by using Windows 8.1 – but I don’t like it personally. If you want some personal advice relating to your own systems then please contact me either by telephone, e-mail, or send me a message through my contact page.
Here are some Computer related tips and hints that you might find helpful.
Hot weather and Computers:
Computers run faster the colder they are and over time, they collect dust and other particles from the air which can reduce the cooling effect of the fans. One result of this is the paste that help keeps your processor cool dries out and this can heat up the system. We recommend turning off your computer and taking the side panel off, using a dry, clean paint brush give the inside a good clean. Do not be tempted to use a vacuum cleaner on the inside as this has been known to send a static electric charge through a computer and to fry some of the more delicate components and thus your computer will be no more.
Laptops are trickier as they have vents in various places and it is not recommended that anybody but a trained engineer take them apart. When using a laptop try to keep an air gap under the laptop and do not rest it on your knee or any other material as it will suck fibres into the cooling system which will bung it up.
If you are concerned, then call me and we can arrange to clean of your system and fix any other issues you may have.
iPhone, iPad, Samsung, HTC, Blackberry and Other Smart Phone and Tablet repairs:
We have managed to source some quality parts for the modern smartphones, ranging from screens to some internal components and we can fix some of the more annoying, but not fatal, issues that these devices have at prices lower than the manufacturers charge.
For more information give me a call.
Web Sites and Domain Names
- As some of you already know we offer a web site design, build and hosting service at a very reasonable rate, typically sites start from £150.00 and this could be time to ask us to look at your web presence, if you have one, and get a quote for a makeover.
- A good website will help drive business to your site and our design service includes Search Engine Optimisation and many other tools to help you appear further up the Google rankings without any extra monthly fees.
For more information call me for a free appraisal and quote.
The Government is talking about bringing in Internet Pornography Filters and there is a lot of sense in what they are saying but it might get watered down as most policies do over time as vested interests get involved. The government says the filters are needed to ensure children are spared the “corroding” influence of pornography. It hopes the filters will stop children inadvertently seeing images or visiting websites their parents do not want them to see.
How will this change the web browsing experience?
Computer-based filtering systems are notorious for being simultaneously too strict and too lax. Studies of filters on some UK ISPs have shown that well-known porn sites go unblocked while education sites about sexually transmitted diseases or sexual health are inaccessible. The filtering system run by some of the UK’s mobile operators are regularly criticised for blocking legitimate sites. It is also not clear what effect it will have on children and young people if they go looking for pornography or other sensitive subjects. Studies suggest the filtering systems can be fooled quite easily and present no real obstacle to anyone that can use a search engine.
How are people reacting?
Many organisations and people are wary of the policy. ISPs say they should not be seen as moral arbiters and that it is up to parents to police and oversee the web browsing habits of their children. In addition, digital rights activists criticise the fact that filtering lists are not exposed to scrutiny. They fear that the lists of “sensitive” subjects will be expanded to gradually stifle dissent. They point to filtering systems in other countries that were started with an expressly moral purpose but were subverted for more political ends.
What can be done now?
However there is a way you can protect your children now – by replacing your Router with a Cyberoam Netgenie System. Cyberoam NetGenie – the smart wireless router with family protection features offers a unique age-wise Parental Control feature that ensures children’s online safety by allowing access to online content that is suitable for their age. Equipped with an advanced web filter that categorizes millions of websites into 72+ categories, NetGenie allows parents to control and manage children’s online activities by age-group, time schedule and category of website or application. Parents also get Internet activity reports of children at home along with security reports of their entire network. NetGenie secures and shares Internet connectivity across all Internet-access devices like desktop, laptop, PDA, smartphones, tablets, Gaming Consoles, Smart TV etc., & supports ADSL 2+, Cable and 3G connectivity – all from one box.
We can Supply, Install and Configure your NetGenie so for more information give me a call.
The Vobfus virus is good at infecting all the machines on the same network, say researchers
Two computer viruses that collaborate are proving hard to clean from infected PCs, Microsoft research suggests.
The pair of viruses foil removal by regularly downloading updated versions of their malware partner.
The novel versions are usually unknown to anti-virus programs which let the malicious programs persist.
Once present on a PC, the viruses let thieves take over a machine so it can be mined for saleable data or used to send spam or to attack other machines.
The close relationship between the two viruses was revealed in a blogpost by Microsoft malware research Hyun Choi.
Mr Choi said that the two Windows viruses, known as Vobfus and Beebone, were regularly found together. Vobfus was typically the first to arrive on a machine, he said, and used different tactics to infect victims. Vobfus could be installed via booby-trapped links on websites, travel via network links to other machines or lurk on USB drives and infect machines they are plugged into.
Once installed, Vobfus downloaded Beebone which enrolled the machine into a botnet – a large network of infected machines.
After this, said Mr Choi, the two start to work together to regularly download new versions of their partner in cybercrime.
This, he said, was a powerful mechanism that helped it keep a foothold on infected machines.
“In the case with Vobfus, even if it is detected and remediated, it could have downloaded an undetected Beebone which can in turn download an undetected variant of Vobfus,” he said.
“The two threat families are intrinsically related,” wrote Mr Choi, adding that the “cyclical relationship” had helped Vobfus become a persistent problem since 2009 when it first appeared.
Defeating the two viruses was tricky, he said, because Vobfus was so good at travelling via networks. As well as keeping software up to date he recommended disabling the “autorun” feature on Windows machines as Vobfus exploits this when it arrives via USB drives. In addition, he said, people should be wary of clicking links on external websites to avoid falling victim to booby-trapped URLs.
From the BBC Website Click Here for Full Story