Your browser is obsolete!

The page may not load correctly.

  • add to favourites
    Add to Bookmarks

Old OS are getting rusty

Read: 715 Comments: 3 Rating: 7

An operating system (OS) is a necessity in our digital era. When choosing an OS, we factor in its usability, stable operation, predictability, and performance. So long as it works, that’s good enough for us! That's why many people are reluctant to upgrade the platform and applications they use. And that’s quite understandable, especially if the new versions consume more system resources and offer only a few new features.

Problem number one is that the obsolete protocol used by WannaCry in its attack is also being used in file sharing and large logistic networks. Well, some places have managed to upgrade to newer versions. But that requires a lot of effort and can cause a cascade of failures since all previously adopted workarounds become inapplicable. But simply disabling SMB can cause trouble. One obvious problem: having to manually attend to 150 devices—of different brands and with different firmware and different control interfaces—because there is no way to access them all remotely from a single control center. And one would also need security department authorisation to access system-critical settings on each device.

https://habrahabr.ru/company/croc/blog/329434

In their turn, OS developers can't maintain older versions indefinitely. That involves paying programmers, who could otherwise be engaged in important projects, to design workarounds that would make their software operational on older hardware and to review code no one even remembers. In short, it’s expensive.

As a result, companies regularly discontinue support for older OS and, specifically, cease to release security updates for them.

Because of the WannaCry outbreak, Microsoft made an exception and rolled out security patches for its unsupported OS, namely Windows XP, Windows Server 2003 and Windows 8. But the patches only resolve the EternalBlue security issue; no patches that would thwart other vulnerability exploits (e.g. EnglishmanDentist, EsteemAudit and ExplodingCan) were released. According to Microsoft, those exploits won't work under the Windows versions it still supports and, therefore, systems running Windows 7 and later do not run the risk of coming under attack. Meanwhile, users who prefer Windows XP and other outdated versions should brace themselves for WannaCry-2. Maybe then the patches will be released.

EsteemAudit exploits a Remote Desktop Protocol (RDP) vulnerability on Windows Server 2003 / Windows XP computers.

Windows XP still accounts for 7% of the OS currently in use. Experts estimate that over 600 nodes hosting over 175 million websites, still run Windows Server 2003.

http://www.securitylab.ru/news/486268.php

#Trojan.Encoder #ransom #extortion #Data_Loss_Prevention #encryption_ransomware #vulnerability #Trojan #patch #Windows

Dr.Web recommends

Unsupported OS and applications are like time bombs. No matter how user-friendly our old applications are, alas, if we want to sleep soundly (many people don't turn off their computers before going to bed, and if a worm outbreak occurs, they can wake up in the morning to see a ransom demand), they must be discarded.

But what can you do if you can’t upgrade to a newer version?

  1. Install an anti-virus. It won't patch unknown loopholes, but malware won't be able to run in the system.
  2. Delete the software you don't use and shut down unnecessary services. Fewer programs offer fewer targets for a potential attack.
  3. Configure the firewall—create a list of applications that are allowed Internet access and close ports that aren't being used, such as the one that by default facilitates remote access.
  4. Back up important information regularly.

Rate this issue and receive Dr.Weblings! (1 vote = 1 Dr.Webling)

Sign in and get 10 Dr.Weblings for sharing the link to this issue via social media.

[Twitter]

Unfortunately, due to Facebook's technical limitations, Dr.Weblings cannot be awarded. However, you can share this link with your friends for free.

Tell us what you think

Leave your comment on the day of publication and get 10 Dr.Weblings, or get 1 Dr.Webling for a comment posted any other day. Comments are published automatically and are reviewed by a moderator. Rules for leaving comments about Doctor Web news items.

To leave a comment, you need to log in under your Doctor Web site account. If you don't have an account yet, you can create one.

Comments