TR Forums

whm1974 wrote:

I thought Silverlight was dead and MS had quit supporting it.

Languages/frameworks like Silverlight never really die. Ned's example of Silverlight is just one of many where stuff has lingered on long past its official expiration date. Just look at how long it's taking to kill Flash which was always a little funky even when it was well-maintained, and is almost universally hated now.

Hawkwing74 wrote:

I got *upgraded* to that last year from Win XP. Still on IE 8 which means many things do not work. Have to use Chrome except for a few internal apps.

Not unusual for business. So many corporate apps (not in house but purchased) are not supported well with modern operating systems.
Many of our plant controls still require XP SP2 (SP3 breaks them).

We are Win7 rolling out Win10 but there are issues. A lot revolving around Excel plug ins.

Arvald wrote:

Not unusual for business. So many corporate apps (not in house but purchased) are not supported well with modern operating systems.
Many of our plant controls still require XP SP2 (SP3 breaks them).

We are Win7 rolling out Win10 but there are issues. A lot revolving around Excel plug ins.

How does that work when these types of viruses may compromise XP or Win7 systems? Are the viruses blocked at the corporate firewall?

Hawkwing74 wrote:

How does that work when these types of viruses may compromise XP or Win7 systems? Are the viruses blocked at the corporate firewall?

At this point I'd hope that they're airgapped from production networks.

Captain Ned wrote:

Hawkwing74 wrote:

How does that work when these types of viruses may compromise XP or Win7 systems? Are the viruses blocked at the corporate firewall?

At this point I'd hope that they're airgapped from production networks.

At my last job, they had Windows 2000, XP, Vista, 7, and 8 (before 8.1) all on the same network. And the highly trained managers would scream at us for not getting Outlook 2010 installed on A windows 2000 machine. Running a P3, and 256MB ram, with cute 20GB drives. Our CTO finally had enough and blocked the switch ports to Vista machines and back. He basically forced them to update to newer hardware/software. The only reason they still had these machines was because "they still run".

And I have come across companies with a blend of Server 2000-2016 hosts/vms. Some run some super important legacy programs, and others still exist because "upgrading costs money". Well...when the data is encrypted or lost because of these machines, that costs more than a server!

ClickClick5 wrote:

Captain Ned wrote:

Hawkwing74 wrote:

How does that work when these types of viruses may compromise XP or Win7 systems? Are the viruses blocked at the corporate firewall?

At this point I'd hope that they're airgapped from production networks.

At my last job, they had Windows 2000, XP, Vista, 7, and 8 (before 8.1) all on the same network. And the highly trained managers would scream at us for not getting Outlook 2010 installed on A windows 2000 machine. Running a P3, and 256MB ram, with cute 20GB drives. Our CTO finally had enough and blocked the switch ports to Vista machines and back. He basically forced them to update to newer hardware/software. The only reason they still had these machines was because "they still run".

And I have come across companies with a blend of Server 2000-2016 hosts/vms. Some run some super important legacy programs, and others still exist because "upgrading costs money". Well...when the data is encrypted or lost because of these machines, that costs more than a server!

Not to mention that time is money and new and faster hardware and better software can increase productivity enough to more then pay for the upgrades.

A predominant medical 3d digital imaging company had their licensing server hit. The software won't run until it checks in with the licensing server so all the medical offices that use this software for their imaging application are dead in the water.

Hawkwing74 wrote:

Arvald wrote:

Not unusual for business. So many corporate apps (not in house but purchased) are not supported well with modern operating systems.
Many of our plant controls still require XP SP2 (SP3 breaks them).

How does that work when these types of viruses may compromise XP or Win7 systems? Are the viruses blocked at the corporate firewall?

The systems are not day to day use systems. They are only for interfacing to the controls.
Also they usually do not connect to the external network except when an external update is required from the vendor.

To note for our company we are up to date on all virus checkers and force our users to be up to date.
We are not vulnerable on the worm side of the whole thing. The firewall, email scanning and AV should catch the whole thing, so that leaves PICNIC errors...

It is the outliers like said WinXP machines that cannot be updated and can get out of date due to not being on all the time that are at risk.

We're on top of patching Windows generally, not to mention McAfee had updates to catch it (hopefully) out right away. What we did scramble around though, is digging out any infrequently used machines that hadn't reported back to the WSUS in a few months and make sure they were up to date. The ones that still haven't hit the network we've blacklisted the MAC addresses on our NAC appliance. We also have a FireEye appliance, and so far no reports.

Arvald wrote:

Hawkwing74 wrote:

I got *upgraded* to that last year from Win XP. Still on IE 8 which means many things do not work. Have to use Chrome except for a few internal apps.

Not unusual for business. So many corporate apps (not in house but purchased) are not supported well with modern operating systems.
Many of our plant controls still require XP SP2 (SP3 breaks them).

We are Win7 rolling out Win10 but there are issues. A lot revolving around Excel plug ins.

Is that due to a new version of Office? We're just in the early stages of getting Windows 10 in our environment, and will likely be going from Office 2010 to 2016.

captaintrav wrote:

We're on top of patching Windows generally, not to mention McAfee had updates to catch it (hopefully) out right away. What we did scramble around though, is digging out any infrequently used machines that hadn't reported back to the WSUS in a few months and make sure they were up to date. The ones that still haven't hit the network we've blacklisted the MAC addresses on our NAC appliance. We also have a FireEye appliance, and so far no reports.

In a very similar technology busy as you. We didn't black list stuff but we did all of the rest. McAfee did release an emergency dat files on Friday, but I think at that point the researcher had already sinkholed the malware. Prior to that they had guidance on how to stop it via manual intervention with registry rules. What I really wish we could get to is AppLocker. A friend rolled it it before and said it wasn't that hard even with citrix and the like. That would stop so much malware because most of it runs in temp files.

Losergamer04 wrote:

captaintrav wrote:

We're on top of patching Windows generally, not to mention McAfee had updates to catch it (hopefully) out right away. What we did scramble around though, is digging out any infrequently used machines that hadn't reported back to the WSUS in a few months and make sure they were up to date. The ones that still haven't hit the network we've blacklisted the MAC addresses on our NAC appliance. We also have a FireEye appliance, and so far no reports.

In a very similar technology busy as you. We didn't black list stuff but we did all of the rest. McAfee did release an emergency dat files on Friday, but I think at that point the researcher had already sinkholed the malware. Prior to that they had guidance on how to stop it via manual intervention with registry rules. What I really wish we could get to is AppLocker. A friend rolled it it before and said it wasn't that hard even with citrix and the like. That would stop so much malware because most of it runs in temp files.

AppLocker is so worth it. Its caught umpteen malware attempts for us when drive-by malware installs or malvertisements are exploiting zero day flash exploits for instance to drop executables and try to execute them from the user's profile. There is some weaknesses in AppLocker that have been documented, but so far I haven't seen anything really clever enough to try and circumvent AppLocker. Probably because it's so much easier to focus on easy targets. I am grateful to work for an organization that is smart enough and resolved enough to have no local administrator rights for anyone outside IT, and only then very few cases (ie, the developers don't have local admin rights outside of their development environments on VMs), and commit to AppLocker even though it can be a fair amount of work to maintain rulesets.

captaintrav wrote:

Is that due to a new version of Office? We're just in the early stages of getting Windows 10 in our environment, and will likely be going from Office 2010 to 2016.

it is Office 2010. I don't think we have tried 2016.
Many of the plug ins are not yet certified for 2016.

One issue we see is Excel just freezes.