Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unpatched OS with up to date AV


  • Please log in to reply
12 replies to this topic

#1 monks

monks

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:40 AM

Posted 29 July 2012 - 04:14 PM

Hi folks. Strictly from a malware perspective, how safe would you consider an unsupported version of Windows (i.e no security patches released by MS)running an up to date AV software?

Thanks!

BC AdBot (Login to Remove)

 


#2 Animal

Animal

    Bleepin' Animinion


  • Site Admin
  • 35,905 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Where You Least Expect Me To Be
  • Local time:03:40 AM

Posted 29 July 2012 - 04:49 PM

What version of Windows? What AV? Based on what kind of browsing habits? Any antimalware apps like MalwareBytes or SpywareBlaster et. al.? A lot of variables left unanswered. But in general I would say quite low on a safe scale. With the general description you have provided.

The Internet is so big, so powerful and pointless that for some people it is a complete substitute for life.
Andrew Brown (1938-1994)


A learning experience is one of those things that say, "You know that thing you just did? Don't do that." Douglas Adams (1952-2001)


"Imagination is more important than knowledge. Knowledge is limited. Imagination circles the world." Albert Einstein (1879-1955)


Follow BleepingComputer on: Facebook | Twitter | Google+

#3 monks

monks
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:40 AM

Posted 29 July 2012 - 05:05 PM

Thanks for the reply, Animal. I should have included more detail. This is a Windows Server 2K3 SP1 on an intranet with no connectivity to the internet, AV is McAfee 8.5 with up to date signatures, no antimalware apps. I believe the up to date AV may be creating a false sense of security, as no new security patches are being applied on the OS. Still, from a virii perspective, it may be relatively safe.

#4 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:09:40 PM

Posted 29 July 2012 - 06:41 PM

Hi -
Just my personal, but if the computer connects to other systems that in turn do have internet connections, I feel that you do need an Antivirus at minimum
Any active infection can spread via a computer that is connected to it and has outside connection also.
This also applies to any USB Flash Drive stick inserted from another computer with internet connection.

I think if the OLD unit is only ever used as a typewriter to produce documents, it may be OK, but not connected to other computers that access internet at all
My (again personal) idea would be to update the $10 Windows Server 2K3 SP1 to a more recent (even second-hand) model.
All others will add their own opinions to this also -

Thank You -

#5 rotor123

rotor123

  • Moderator
  • 8,094 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Jersey
  • Local time:06:40 AM

Posted 29 July 2012 - 09:11 PM

My question is how can it be running up to date virus signatures with no Internet.

You still need backup(s). If you get hacked and the backup is connected all could be lost.
As noknojon said if any of the other computers are connected to the internet, there are Viruses that can spread through the network.

Roger

Fortune Cookie says: Fortune not Found: Abort, Retry, Ignore?

Sent from my All-In-One Desktop. Perfect for Internet, Not for heavy usage or gaming however.

How Does a computer get Infected? http://www.bleepingcomputer.com/forums/t/2520/how-did-i-get-infected/
Forum Rules,    The BC Welcome Guide

167 @ June 2015


#6 monks

monks
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:40 AM

Posted 30 July 2012 - 04:18 PM

Thanks everyone for your input.

@noknojon/rotor123: AV signatures are updated via the intranet (other servers have connectivity to the internet). I guess what I am struggling with is: how exposed is the server to virii/trojans if the AV is up to date and running? Does the lack of security patches make the server much more vulnerable to malware with the AV running?

Thanks!

#7 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:09:40 PM

Posted 30 July 2012 - 05:10 PM

Hi -
Any single Antivirus program that "may" be updated is usually not enough protection from infections. - Please scan our Malware Removal area -
Nobody has yet asked if you have a Firewall installed and updated, or any other security programs with your McAfee 8.5 (considered basic)

The now non-supported (by Microsoft) operating system will not be getting security updates and patches required to keep it fully safe / secure
It was for this reason I valued it at $10 (maximum) for work purposes, and added that a better updated system would be preferred

Even the most up to date and secure computer is still, to some extent, able to be infected with the many new infections developed every day
As it is a work based computer, this makes it even more of a risk, as you would keep data on it that you would not want to lose -

I must compare it to a large truck on the highway, and ask if you would feel safe if it only had 3 nuts on each wheel and has not had an oil change for 10 years ?

Is there a reason why you do not wish to upgrade this system to a more recent version, or are you just happy waiting for it to break (and it will) -

Thank You -

#8 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:09:40 PM

Posted 30 July 2012 - 05:16 PM

Please read this release from McAfee based on their 8.5 version

Date: August 3, 2010
Subject: End of Support (EOS) for McAfee VirusScan Enterprise 8.5i

McAfee VirusScan Enterprise
McAfee VirusScan Enterprise (VSE) 8.5i (including supported patches), the AntiSpyware Enterprise 8.5i plug-in, and McAfee Installation Designer (MID) 8.5 will reach EOS on December 31, 2011.

McAfee shall not provide support for this version of the product and its related components beyond this date.
McAfee strongly recommends that customers who are still using McAfee VirusScan Enterprise 8.5i make provisions to migrate to the latest version of the product by this date.

EDITED to add heading -

Edited by noknojon, 30 July 2012 - 05:18 PM.


#9 monks

monks
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:40 AM

Posted 30 July 2012 - 07:24 PM

@noknojon: Thanks much for all the info. As I stated in one of my previous posts, I do think the server is not secure. Your additional info and thoughts really reinforce my belief. I also agree that upgrading to a supported OS version is critical, especially for a work environment. I also think is that these kind of scenarios may lead to a pretty common confusion, i.e having an updated AV makes your computer safe, having a FW makes your browsing safe. All those products are essential for safe computing, but if not used/configured correctly, they just create a false sense of security. Thanks everyone again for input.

#10 monks

monks
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:40 AM

Posted 30 July 2012 - 07:25 PM

BTW, I cannot make the decision to upgrade the OS. I would have done it already if I could :)

#11 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:09:40 PM

Posted 30 July 2012 - 09:11 PM

BTW, I cannot make the decision to upgrade the OS. I would have done it already if I could

Print this topic out, and leave it sitting on a bosses desk with a lot of Highlighting on it -

Best we can do for you ...................

#12 dwomack

dwomack

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:San Diego, CA
  • Local time:03:40 AM

Posted 31 July 2012 - 11:45 AM

One thing I'm not sure has been mentioned but can also be an issue: Removal media like CDs and Flash Drives can also be carriers for infection. Plugging something in that you THINK is safe could infect your computer as much as an insecure server and lack of Windows updates.

I'm definitely with noknojon. Print this out, highlight the hell out of it and leave it on your bosses desk and perhaps even the IT director/SysAdmin as well.

#13 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:09:40 PM

Posted 31 July 2012 - 06:06 PM

Thanks for the support dwomack , and I did touch on this at Post #4

>> This also applies to any USB Flash Drive stick inserted from another computer with internet connection. <<

Regards -
EDIT - Post # changed -

Edited by noknojon, 31 July 2012 - 06:07 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users