Go Back   Tech Support Forum > Security Center > General Computer Security

User Tag List

Security Update Question

This is a discussion on Security Update Question within the General Computer Security forums, part of the Tech Support Forum category. Hi, Since Windows 7 reached its end of support life last week I have a question. Where I work many


Like Tree4Likes
  • 1 Post By britechguy
  • 1 Post By britechguy
  • 1 Post By Gary R
  • 1 Post By britechguy
Reply
 
Thread Tools Search this Thread
Old 01-19-2020, 07:42 PM   #1
Registered Member
 
Join Date: Sep 2017
Posts: 16
OS: Windows 10



Hi,



Since Windows 7 reached its end of support life last week I have a question. Where I work many of our desktop computers and laptops are running Windows 7 and most have Internet access, so I'm thinking any Desktop PC or Laptop will need to be upgraded to Windows 10. With running Windows 7 we run the risk of malware entering the PCs with no security updates. To make sure I'm understanding, is the statement below correct?


There are two different kinds of updates; software updates and security updates. Software updates are from the manufacturer (Dell, Toshiba, Galaxy, Acer, etc.) and is a new, improved, or fixed version of the same software which replaces the older version. Such as, updating to the latest version of a printer driver. Security updates, also known as patches, are from the Operating System (Linux, Microsoft, Google, Apple, etc.) and are designed to secure weaknesses in the coding of the operating system or software program, so as to block any threats.



When the security updates expire for a PC or tablet, basically its the updates for the Operating System, is this correct? The PC or tablet will still receive updates for the installed software, such as a printer or sound driver.


I questioned about the PCs that were running Windows 7 and our IT guy stated that these PCs were never used for internet access so there wasn't any point in upgrading to Windows 10. I'm thinking this is not the case. I checked one of the computers last week and I was able to access the internet... he thinks because the PC is only used for the software for that workstation, that there isn't any danger of an attack. This PC can still be infected with malware, correct? I'm thinking it could still enter through the network and find the PC that doesn't have the security patch.



Thanks,
Lynn
SunWers is offline   Reply With Quote
Sponsored Links
Advertisement
 
Old 01-19-2020, 08:56 PM   #2
Windows Tech Team
 
Join Date: Dec 2019
Location: Staunton, VA
Posts: 318
OS: Windows 10 Pro, 64-bit, Version 1909



Your understanding is basically correct, but also has some flaws.

There is, as you've said, a distinct difference between operating system updates and application program updates. You are also correct that once an operating system is no longer receiving updates, of any type, but particularly security updates, it is more likely to be subject to unwanted intrusions/compromises. It is very, very unwise to ever run an unsupported operating system (whether Windows or not) in contact with cyberspace.

Application software updates and driver updates may, and I emphasize may, still come in if you have applications that auto-update and/or a manufacturer provided driver updater installed. If either is not the case, you likely won't have either, at least under Windows prior to Windows 8.1. Both Windows 8.1 and Windows 10 try to handle driver updates through Windows Update.

If you have a machine that is truly what they call air gapped, that is it has absolutely no direct nor indirect ability to connect to the internet, then it really doesn't matter what operating system it runs, as virtually all attack vectors (with the exception of those ported in on something like USB drives) come from cyberspace.

I cannot imagine any business setting wanting to keep any computer on an unsupported OS except under very exceptional circumstances, and certainly those would include cutting it off from all connection to the internet. I find it jaw-dropping that any IT professional would brush off potential security issues from a machine having an unsupported OS so cavalierly.

If you have the option to upgrade them, and you still do, at no cost via an in-place upgrade then that's the thing to do. If you have an odd machine that will not upgrade to Windows 10 due to hardware incompatibility, it's really time to replace it anyway.

Also, security updates are in no way limited to operating systems, though it certainly is the case that way more of them are made in that sphere than in the application program sphere. But vulnerabilities can be found in application programs, and many have been exploited over the years, and when they are identified security patches are also made to applications.
SunWers likes this.
__________________
It is better to be hated for what you are than to be loved for what you are not.
~ André Gide
britechguy is offline   Reply With Quote
Old 01-19-2020, 09:23 PM   #3
Registered Member
 
Join Date: Sep 2017
Posts: 16
OS: Windows 10



Quote:
Originally Posted by britechguy View Post
Your understanding is basically correct, but also has some flaws.

There is, as you've said, a distinct difference between operating system updates and application program updates. You are also correct that once an operating system is no longer receiving updates, of any type, but particularly security updates, it is more likely to be subject to unwanted intrusions/compromises. It is very, very unwise to ever run an unsupported operating system (whether Windows or not) in contact with cyberspace.

Application software updates and driver updates may, and I emphasize may, still come in if you have applications that auto-update and/or a manufacturer provided driver updater installed. If either is not the case, you likely won't have either, at least under Windows prior to Windows 8.1. Both Windows 8.1 and Windows 10 try to handle driver updates through Windows Update.

If you have a machine that is truly what they call air gapped, that is it has absolutely no direct nor indirect ability to connect to the internet, then it really doesn't matter what operating system it runs, as virtually all attack vectors (with the exception of those ported in on something like USB drives) come from cyberspace.

I cannot imagine any business setting wanting to keep any computer on an unsupported OS except under very exceptional circumstances, and certainly those would include cutting it off from all connection to the internet. I find it jaw-dropping that any IT professional would brush off potential security issues from a machine having an unsupported OS so cavalierly.

If you have the option to upgrade them, and you still do, at no cost via an in-place upgrade then that's the thing to do. If you have an odd machine that will not upgrade to Windows 10 due to hardware incompatibility, it's really time to replace it anyway.

Also, security updates are in no way limited to operating systems, though it certainly is the case that way more of them are made in that sphere than in the application program sphere. But vulnerabilities can be found in application programs, and many have been exploited over the years, and when they are identified security patches are also made to applications.

Thank you, this is exactly what I was thinking. I'm going to suggest the upgrade Tuesday for the PCs running Windows 7. I just wanted to confirm that I was, for the most part, thinking correctly. We even have a few PCs that are running Windows XP. I have suggested upgrading those for a couple weeks now and it has been brushed aside by our IT guy because if we upgrade these PCs to Windows 10, this means having to purchase a whole new PC. The PCs are also needing updates for the software that is run at these workstations but we cannot update them because one requirement is, Window 7 and above. His explanation is that these workstations never use the internet. I feel even though they never use the internet... if the PCs have internet access they are still vulnerable. We have 12 plants and all PCs are on the same network. My thinking is if one of those PCs that does access the internet, for what ever reason, could get infected with malware and then spread through the network to other PCs that do not.
SunWers is offline   Reply With Quote
Sponsored Links
Advertisement
 
Old 01-19-2020, 09:30 PM   #4
Windows Tech Team
 
Join Date: Dec 2019
Location: Staunton, VA
Posts: 318
OS: Windows 10 Pro, 64-bit, Version 1909



You really need to hire some outside IT consultants.

You also need to ditch, immediately if not sooner, any XP machines still in use. If there's something you have that will not run later than XP, then look for a replacement for that software and, in the meantime, immediately ensure that any XP machine does not have any connection, direct or indirect, with the internet.

What's funny, though, is that in my opinion the XP machines are likely safer than the Windows 7 ones are, and I'll tell you my reasoning. When operating systems go out of support, in the immediate aftermath is when there is a huge flurry of activity by nefarious actors looking to find and exploit vulnerabilities that will not be patched. But as time goes by, the numbers of those machines decreases radically and there is a cost-benefit analysis made in terms of payoff for effort. Hackers don't do this for fun (or most of them don't anyway) but for potential ill-gotten gains. Machines still running recently out of support OSes, such as Windows 7, will number in the millions over the next several months, at least, and the kinds of data on those machines has the potential to be a juicy target. Anyone looking for a payday tomorrow isn't going to be hunting for the XP needle in the cyber-haystack, but will be looking to do the cyber equivalent of a "smash and grab" on as many Windows 7 machines as they can manage to get to.

You have a lot of accidents just waiting to happen, and it is not a matter of if, but when.
SunWers likes this.
__________________
It is better to be hated for what you are than to be loved for what you are not.
~ André Gide
britechguy is offline   Reply With Quote
Old 01-19-2020, 09:55 PM   #5
Registered Member
 
Join Date: Sep 2017
Posts: 16
OS: Windows 10



Quote:
Originally Posted by britechguy View Post
You really need to hire some outside IT consultants.

You also need to ditch, immediately if not sooner, any XP machines still in use. If there's something you have that will not run later than XP, then look for a replacement for that software and, in the meantime, immediately ensure that any XP machine does not have any connection, direct or indirect, with the internet.

What's funny, though, is that in my opinion the XP machines are likely safer than the Windows 7 ones are, and I'll tell you my reasoning. When operating systems go out of support, in the immediate aftermath is when there is a huge flurry of activity by nefarious actors looking to find and exploit vulnerabilities that will not be patched. But as time goes by, the numbers of those machines decreases radically and there is a cost-benefit analysis made in terms of payoff for effort. Hackers don't do this for fun (or most of them don't anyway) but for potential ill-gotten gains. Machines still running recently out of support OSes, such as Windows 7, will number in the millions over the next several months, at least, and the kinds of data on those machines has the potential to be a juicy target. Anyone looking for a payday tomorrow isn't going to be hunting for the XP needle in the cyber-haystack, but will be looking to do the cyber equivalent of a "smash and grab" on as many Windows 7 machines as they can manage to get to.

You have a lot of accidents just waiting to happen, and it is not a matter of if, but when.

Thank you so much for all your help. I agree, we do need an outside IT consultant. The guy we have now is a contractor from a company who contracts IT management. I've been working here for a few months as a CAD operator. I have a degree in TSM but I graduated almost 4 years ago. I have been ask to become IT over our main office, once I get someone trained for CAD. So I'm working at trying to get back up to speed. I think my promotion will eventually lead to his replacement. They are gradually working me in on different projects. So he hasn't been the best at sharing information with me... so this is one reason I've been reaching out here. So any pointers or suggestions would be greatly appreciated! I have been looking back through all my old textbooks and researching every issue that I've ran accross. I want to do the best I can do.


-Lynn
SunWers is offline   Reply With Quote
Old 01-19-2020, 11:16 PM   #6
Moderator
Security Team
 
Gary R's Avatar
 
Join Date: Jul 2008
Posts: 554
OS: W8.1 x64, Mint Cinnamon 19.2 x64, MX Linux x64



One little point on the matter of XP, and whether it's safe to use because of its antiquity.

When a malware writer writes malware, it's usually written to exploit a particular weakness, which may or may not be OS specific. Many exploits will work on multiple OS versions, so any unpatched OS will be vulnerable to it.

Since XP is no longer being patched, then it is vulnerable to these type of infections.

Remember also that most infections "doing the rounds" are autonomous, and may have been circulating totally unattended for years. They don't get tired, they don't stop looking. If they don't get removed from circulation, they'll continue looking for machines that are vulnerable to their exploit.
__________________
Gary R is offline   Reply With Quote
Old 01-20-2020, 03:12 AM   #7
Windows Tech Team Moderator
Hardware Tech Team Moderator
 
Join Date: Aug 2008
Location: INDIA
Posts: 2,904
OS: Windows 10 | CentOS | Manjaro



Lynn, you need to get them all upgraded to Win10 if they're on the same network.

Even if one pc is capable of going on the internet, you become vulnerable if that pc is part of the same intranet(local network)..

Like Gary said, some malware just keep floating around until they find a host with the vulnerability...
__________________


tristar is offline   Reply With Quote
Old 01-20-2020, 09:34 AM   #8
Registered Member
 
Join Date: Sep 2017
Posts: 16
OS: Windows 10



Thanks to everyone for all your input, I'm going to start working on some changes.


Thanks Again,
Lynn
SunWers is offline   Reply With Quote
Old 01-22-2020, 05:38 AM   #9
Registered Member
 
Join Date: Nov 2012
Posts: 2
OS: windows xp



Greetings, I am continuing to run Windows XP on two PC's and Windows 7 on two others. I do not rely on Microsoft Security Essentials or Defender on either. For Windows XP I use Webroot and for Windows 7 I use Malwarebytes. I may not get the updates anymore but these two programs have served me well. My Windows XP has slowed down a bit but still functions well and I still use the XP related programs I always enjoyed. We will see if Windows 7 holds up as well. I have had no internet issues from being either XP or 7. I still wish they had simply evolved XP instead of making these continued leaps.
garbonious is offline   Reply With Quote
Old 01-22-2020, 06:36 AM   #10
Moderator
Security Team
 
Gary R's Avatar
 
Join Date: Jul 2008
Posts: 554
OS: W8.1 x64, Mint Cinnamon 19.2 x64, MX Linux x64



Going online with an unsupported OS is just about the simplest way to pick up an infection there is ........... period.

There may be individuals who still go online with XP and who have not yet been compromised, but they are living in a fool's paradise if they believe it is safe.

If your OS is not being patched, then it is vulnerable. Your AV programs do not protect you against vulnerabilities in your OS, because that is not what they are designed to do.
britechguy likes this.
__________________
Gary R is offline   Reply With Quote
Old 01-22-2020, 01:34 PM   #11
Registered Member
 
Join Date: Feb 2012
Location: Sebring, Florida
Posts: 55
OS: Asus Notebook Windows 10, 2-Customs Windows 7 Pro / Ubuntu


Send a message via Yahoo to LouMjr

Sorry to say I am staying with Windows 7 Pro on my base machine. Yes I know Microsoft support has stopped. I do not like Windows 10 for various reasons, ie: black screens after windows updates, MBR not at as simple to repair as on 7, I can go on and on on how many re-writes I have done this past year alone) although I do run it on two other computers, plus Ubuntu. Security?If you're on the internet all Microsoft OS are vulnerable.
LouMjr is offline   Reply With Quote
Old 01-22-2020, 06:27 PM   #12
Registered Member
 
Join Date: Mar 2007
Location: nowhere
Posts: 51
OS: Linux



I concur with the above post about ditching XP. I would also upgrade (FREE) the Win7 machines to Win10.
But, if you are sick of M$, I would personally install Linux on everything and never look back.
I have been running Linux Mint (Cinnamon and MATE) x64 for many years and it's smooth sailing.
Of course you would need a Linux IT guy to keep it going, just like M$ IT support.

I don't offer IT support for any OS anymore, totally burnt-out after 40 years.
DeadToad is offline   Reply With Quote
Old 01-29-2020, 01:55 PM   #13
Registered Member
 
Join Date: Apr 2008
Location: Everett, Washington
Posts: 7
OS: Windows 10 64-bit



Quote:
Originally Posted by Gary R View Post
Going online with an unsupported OS is just about the simplest way to pick up an infection there is ........... period.

There may be individuals who still go online with XP and who have not yet been compromised, but they are living in a fool's paradise if they believe it is safe.

If your OS is not being patched, then it is vulnerable. Your AV programs do not protect you against vulnerabilities in your OS, because that is not what they are designed to do.
Gary may well be right about what he's said, but accessing the net with XP is all but impossible as XP useable browsers can't use most net sites, and, I, personally, will NEVER stop using XP on my computers which operate offline. Windows7 was little more than a slightly modified XP with someone's idea of a prettier face, and Windows10 is a giant bloody mess.
iouzero is offline   Reply With Quote
Old 01-30-2020, 02:51 AM   #14
Windows Tech Team Moderator
Hardware Tech Team Moderator
 
Join Date: Aug 2008
Location: INDIA
Posts: 2,904
OS: Windows 10 | CentOS | Manjaro



IMO, Windows 10 is one of the most stable OS i've seen of MS, and runs error free, I don't think I've ever got a single BSOD in Win 10 Home computer.
__________________


tristar is offline   Reply With Quote
Old 01-30-2020, 07:18 AM   #15
Windows Tech Team
 
Join Date: Dec 2019
Location: Staunton, VA
Posts: 318
OS: Windows 10 Pro, 64-bit, Version 1909



Quote:
Originally Posted by tristar View Post
IMO, Windows 10 is one of the most stable OS i've seen of MS, and runs error free, I don't think I've ever got a single BSOD in Win 10 Home computer.
Almost same here. I have had two machines that had BSODs, but they were very rare events. The fact that I know this shows how few there have been since the advent of Windows 10 in 2015.

I've been using PCs since the DOS days, and Windows 10 is, without doubt, the best version of Windows that's ever been from both functionality and stability perspectives.

I'm getting way fewer calls for service related to BSODs from clients as well.
tristar likes this.
__________________
It is better to be hated for what you are than to be loved for what you are not.
~ André Gide
britechguy is offline   Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 09:07 AM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts