1

With the EOL for Windows XP having come and gone, I’m buttoning up the last few machines on our network that are still running XP. We have some QC monitoring systems that are running on XP and are on the network, so I reached out to the company that provided/is responsible for them. (The computers are part of the machinery, and run specialized software) I asked what their plan is for addressing EOL and here is the response:

Our systems are secured without updates happening to them. The end of life for XP should not be an issue. Our latest system is using win 7 though. It should be of no worries.

Now, before I come unglued on this guy for such a BS response, I wanted to double check and make sure I’m not missing something. My opinion is that if it’s XP and it is online (these computers require internet access) then it’s a risk. Period. Or am I missing something here?

11 Spice ups
2

Companies are paying for extended support from Microsoft, as well as some AV vendors (McAfee I think is one.) Most of those companies are going to be banks though…

1 Spice up
3

They are at risk unless you are one of the few companies that paid Microsoft millions for extended support.

If those systems do not need internet access cut them immediately. Otherwise I would ask the QC company how they intend to guarantee safety on an operating system without support from Microsoft.

4 Spice ups
4

It’s your network, not his. If you want XP off, then XP is to come off.

4 Spice ups
5

Seen a TV commercial for PC Matic last night. They claimed that there’s no reason to replace your XP just because of EOL. Just install our software and it will make your computer completely safe from all viruses and you could run your XP for many more years.

2 Spice ups
6

The following statement is only my opinion!

Well that is a loaded question. It really depends on how it is built, what it uses for connection and so forth. Did you know Most ATM machines (at least in the US) still use xp? but there is a difference. ATM’s are highly secured, use dedicated lines, and didn’t always get updated with MS updates anyway.

Did you know that a lot of electronic slot machines still use Windows 98? Same story, secure machines, specialty connections, etc.

Now… your QC monitoring systems. Are they built on the same principal? dedicated lines or use, no or extremely limited internet access, specialty security software? I f yes, then they will likely be ok. But if you can get to a desktop and surf on it, or download and install google earth, or a new virus scanner, without a herculean effort, then I would say they are not safe.

But again, that’s just the way I see it.

7 Spice ups
7

Wow. that is such a BS response. I cant wait to see the replies on this thread.

1 Spice up
8

Just to clarify a little further. The machines are XP Pro and connect directly into my wired network and have full internet access for using TeamViewer. There is nothing special about the connection on my end, and to the best of my knowledge, there is nothing extraordinary about the computers other than the QA software that runs on them.

2 Spice ups
9

Even using an ATM protocol, regardless of the operating system is still susceptible to man in the middle attacks, right?

2 Spice ups
10

If they don’t touch your network and contain no information of ANY value then sure leave them on.

1 Spice up
11

Sorry, i worded that poorly. They connect directly our wired network to obtain internet access. They are not on the domain though.

12

If possible I would put them on their own segregated VLAN. Domain or no you do not want them communicating with anything on your network.

6 Spice ups
13

If it is on YOUR network, get them off. Why take the chance? The cost to replace is far less than the cost of a data leak.

14

I highly doubt your vendor is putting money up for extended life support, I’d yank it off my network if it were me. Surely their software will run on windows 7, have them reload the machine. I would have let that vendor have it, I bet my paycheck whoever you spoke with has never “popped a box” before, and doesn’t understand how easily it can be done. Especially on an outdated version of XP.

pull the plug

2 Spice ups
15

I can’t simply pull them off. They run very important QC functions and all of that is audited by several of our customers. Coca-Cola, Proctor and Gamble, etc…you don’t mess with companies like those if you want to keep their business.

16

If that’s the case wouldn’t the audit also include security?

3 Spice ups
17

Direct connection to the internet meaning public IP or they or accessabile via NAT translations? Or direct connectiong meaning they are just sitting on your LAN obtaining DHCP or static private IP? If they are sitting with a direct connection to the internet (publicly accessible) I strongly feel it’s just a matter of time (if not already) that they are owned…

1 Spice up
18

I have considered doing this, but it would be a PITA. We have quite a few domain computers that access these computers for remote reporting and such. Definitely doable, but I’d rather not.

19

Is the IP address they are using on the qc computers an internal one, or are you giving them one of the ones issued from your ISP?

20

Great minds think alike. I have already emailed our QC manager to get in touch with our auditors to inquire from that angle.

1 Spice up