Computer Security: Bye, Bye, Windows XP security... Welcome infections!

Rest in peace, Windows XP. Since your birth on 25 October 2001, you have struggled hard to survive this harsh Internet world. You fell prey to “Melissa”, “Sasser” and “Conficker”, and brought CERN its last large-scale infection with “Blaster” in 2004. 

 

After being upgraded to “SP2”, you discovered software development lifecycles, regular “Patch Tuesdays” and a local firewall that rejected everything by default. In the end, you outlived your weird brother “Vista” and survived as the ugly duckling cousin to the beautiful Mr. Mac. But all your ups and downs are over now. On 8 April 2014, you were given your very last security updates. These life-sustaining measures will be stopped now. Game over.

From now on, you are a zombie: presumed dead, but still kept running by your master/owner/user. They might not even understand that you now pose a risk to them. Viruses and worms are on the prowl, hunting for any Windows XP system still connected to the Internet. Unprotected and naked, you are now an easy target for infections.* Web browsing and opening emails becomes Russian roulette with you.

It's best if your master gives you a facelift, and upgrades you to Windows 7 (or to Windows 8.1). Alternatively, your master might disconnect you from the Internet (see http://network.cern.ch, select Upgrade and uncheck “Internet Connectivity” at the bottom of that page), or, even better, from any network at all (just cut the cable). Putting you on a separated and isolated network would do, too. There you can wait for your retirement… along with your friends, Windows 95/98/NT/2000 and Windows server 2003, as well as your arch-enemies CERN Scientific Linux 3 or 4 and MacOS pre-version 10.6 (“Snow Leopard”). They shouldn’t be here anymore either. Go away!


* Even if many anti-virus vendors, including Microsoft, will continue to provide anti-virus signature files, you'll still be a zombie. Only you'll be a zombie wearing body-armour with some weak spots.


Check out our website for further information, answers to your questions and help, or e-mail Computer.Security@cern.ch.

If you want to learn more about computer security incidents and issues at CERN, just follow our Monthly Report.


Access the entire collection of Computer Security articles here.

by Computer Security Team