The BDR

The
Broadcasters' Desktop Resource

... edited by Barry Mishkind - the Eclectic Engineer    

GatesAir

1/16/14

Microsoft Windows End of Service Information

Today, Microsoft announced that they would continue anti-malware updates for the XP Operating System through July of 2015 - previously announced as happening in April of this year. This will not include OS updates and security fixes, but does give many users less panic in deciding when and how to upgrade their systems.

Whether another extension will happen next year is not guaranteed, although there is word that Microsoft is planning to release Windows 9 in that timeframe.

Should you get rid of all your XP systems and software before April - or next year? This is a decision that must be made by considering the use of the individual computers and software. Obviously, if you are using something that will only work on XP, and it is on a closed network, you might feel relatively safe. But, do read on.

WHAT IT ALL MEANS

We all know that a computer, unprotected by any firewall, will be attached in about 15-20 seconds on the Internet. Using a firewall or NAT will give some protection, but as hackers discover "exploits" they can attack computers from many directions. Microsoft has worked to close the holes used by these exploits - but as operating systems age, such fixes stop being made.

Four years ago Microsoft issued announcements of the End of Service for several of their Operating Systems  (Windows 2000, Vista, XP SP2 ... see below). Security and other updates were terminated.

Users could still use the OSs, but any new security holes identified by hackers would remain "open." Fortunately for most users, the end of service means many people transition and hackers, in general, move on as well, since they want to infect the most machines. But that might not be so true this time.

As of this date (January 2014), XP accounts for nearly 20% of all PC OS usage. In Africa it is 33%, China 51%. Microsoft would like to see this drop to 10% or less, but there are many reasons for people to hang on to XP - familiarity, ease of use, cost, etc.

One class of computers that may not be in danger are those on closed networks. Automation programs, for example, do not need every update, if they have no contact with the outside world. Since it might be hard or impossible to find a current machine that will run your software or sound cards, you could potentially run the automation for years, until the computer finally just dies.

There will definitely be companies trying to support XP users, with alternative software solutions to bypass the most hackable applications - like Internet Explorer - that will help users keep XP going a bit longer.

DO THINK CAREFULLY

At the same time, while the old addage "it is isn't broken, don't fix it" might apply, if an application is considered "Mission Critical," it is a decision that must be made carefully.

The main reason is that all it takes is one infected flash drive to be inserted into the automation system network - and everything on the air could come to a halt. Or worse.

Think not? A few years back, a cluster at one major radio company started to lose control of its consoles - they were among the first digital units, relying upon a closed network. Unfortunately, the manufacturer itself had provided an update diskette with a virus.

In the course of time, hundreds of infected files were created, eventually bringing the network and consoles down.  It took some detective work, a hurried diskette from the manufacturer, and a lot of time to clean out the system.

An unprotected XP machine attached to the Internet could quickly

QUITE A LOT OF XP

As mentioned, one in five computers around the world still use XP. So do some 95% of ATM machines. Some experts feel that this large number of potential targets, along with Microsoft's stated termination of support, means that by finding and readying exploits to activate in April, they will reach vulnerable machines around the world.

Some third party companies will likely offer some help - largely reminders to not put XP machines on the Internet. But even persons careful about what URLs they follow may find a driveby attack from an infected web site could quickly kill their machine - or expose their confidential data.

So ... what to do is your choice. Check with your IT folks, the manufacturer of any software you are using, and consider the best approach ahead.

 


GatesAir


---PREVIOUS INFORMATION

2/28/10

Stations and clusters using Microsoft Windows might want to check around the facility to make sure which versions of Windows are in use.

Starting in April, several versions of the operating system will no longer receive support from Microsoft.

While this may not be of major interest for computers that are not on a network and are running well, those older units that do connect to the LAN or Internet will not receive security updates from Windows Update.

If your shop has any of these Windows versions in use, this would be a good time to make sure you have the most recent security patches before the end date.

The versions that will fall off the update train are:

  • Windows Vista RTM (original with no Service Packs (SP))
    Support ends April 13th.
  • Windows XP SP2, Windows 2000, Windows Server 2000
    Support ends July 13th.

For those of you running Windows XP with SP3 - that will still be supported. This means that if you are running XP with SP2, this might be a very good time to install SP3 if you plan to use the computer for any LAN or Internet activity.

Additionally, on July 13th, Windows Server 2003 will change from what MS calls "Mainstream Support" to "Extended Support" - which essentially means the end of no-charge incident response, warranty coverage, and design changes and feature requests.




 

Home - Opt-in Newsletter - Tech Mailing lists - Contact - Help