Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Security Windows IT

FBI Issues Warning Over Windows 7 End-of-Life (zdnet.com) 151

The Federal Bureau of Investigation sent a private industry notification (PIN) on Monday to partners in the US private sector about the dangers of continuing to use Windows 7 after the operating system reached its official end-of-life (EOL) earlier this year. From a report: "The FBI has observed cyber criminals targeting computer network infrastructure after an operating system achieves end of life status," the agency said. "Continuing to use Windows 7 within an enterprise may provide cyber criminals access in to computer systems. As time passes, Windows 7 becomes more vulnerable to exploitation due to lack of security updates and new vulnerabilities discovered. "With fewer customers able to maintain a patched Windows 7 system after its end of life, cyber criminals will continue to view Windows 7 as a soft target," the FBI warned. The Bureau is now asking companies to look into upgrading their workstations to newer versions of the Windows operating system.
This discussion has been archived. No new comments can be posted.

FBI Issues Warning Over Windows 7 End-of-Life

Comments Filter:
    • It's not just that they're unpatched now, but that they'll continue to remain unpatched, no matter what security issues come to light. Well, you know, unless MicroSoft caves on some particularly bad problem again.
      • by taustin ( 171655 )

        Well, you know, unless MicroSoft caves on some particularly bad problem again.

        You mean, like the particularly bad problem of shoving their new browsers down people's throats?

  • by ledow ( 319597 ) on Wednesday August 05, 2020 @09:21AM (#60368983) Homepage

    "The Bureau is now asking companies to look into upgrading their workstations to newer versions of the Windows operating system"

    Support ended in January and only NOW are you looking at upgrades?

    That's your problem, right there, and from the horse's mouth - the people trying to tell you to upgrade are no further ahead than those people they're telling.

    • Re:Sigh. (Score:4, Interesting)

      by PPH ( 736903 ) on Wednesday August 05, 2020 @09:32AM (#60369003)

      no further ahead than those people they're telling

      I'll bet that the FBI still has some XP systems sitting around.

      • Re:Sigh. (Score:4, Insightful)

        by edis ( 266347 ) on Wednesday August 05, 2020 @09:54AM (#60369067) Journal

        I have one NT 4.0 still doing its appliance job. As an admin, I find Win7 more professional and under control. It is solid.
        Recall Windows 8, to get picture how priorities have changed since - Win 10 user interface is ever changing, eternally scrollable crap.

        Today I had to resend couple of invoices, which I do once every month. Got web interface of Outlook 365 to handle that. It used to be so simple - find last mailing in Sent, make a copy into Drafts, edit to your pleasure, send. Not anymore. Evolution of MS mail client is such advanced, as to make items in Drafts uneditable, even if you have figured out how to copy your item into Other folders, from then Drafts. They are rock solid, no way to change. Again, in Drafts. You have to go compose new message, then copy and paste your subject, receiving party, your content, each separately. Like a child.

        I will upgrade to Win 10 for my client. My own Windows instance is going to stay Win 7 as long, as possible. Insecurities, they are everywhere - just newer ones for Win 10.

      • Fry's was running WinXP a year ago in their stores.

  • 11 years old. (Score:5, Insightful)

    by dmay34 ( 6770232 ) on Wednesday August 05, 2020 @09:27AM (#60368993)
    It's hard to believe that Windows 7 is 11 years old and companies are still using it. To put that into perspective, few companies will keep their company vehicles in service that long. Your company should consider moving to an IT upgrade cycle at least as frequent as your vehicle cycle.
    • Your company should consider moving to an IT upgrade cycle at least as frequent as your vehicle cycle.

      MOD! PARENT! UP!

      First time a car analogy could actually be useful.

      Of course, cars get more mechanical wear and tear than servers (or software) do, and there are some very direct safety implications of said wear and tear. But still a valid analogy to convince the C-Suites of the need of allocating budget for replacement and lifecycle.

      • by Anachronous Coward ( 6177134 ) on Wednesday August 05, 2020 @10:12AM (#60369117)

        First time a car analogy could actually be useful.

        That's not true. And somebody, somewhere, has a car analogy to illustrate why.

        • California is still using the DMV software from decades ago. It sucks, but the fact that it's still viable is fairly amazing. AFAIK it's all still on an IBM mainframe of some sort. I've never worked there, thankfully. I have worked for the county of Santa Cruz, which was an IBM shop with real glass terminals at the time, though they were generally next to PCs at my site... Which were also IBMs :)

    • Re: 11 years old. (Score:5, Informative)

      by OrangeTide ( 124937 ) on Wednesday August 05, 2020 @09:36AM (#60369013) Homepage Journal

      It's not unusual for a machine shop to have tools that are 30 years old.

      Clearly old hardware deserves and old operating system. And if your tool, a computer, is not under and new demands it will perform satisfactorily for many years. Buying a More powerful computer doesn't necessarily translate into higher productivity of your requirements are not cutting-edge.

      • Re: 11 years old. (Score:5, Interesting)

        by ArchieBunker ( 132337 ) on Wednesday August 05, 2020 @09:45AM (#60369031)

        My old job had several CNC machines that were sent programs via an ancient Mac SE. Imagine doing CAD work on a 9" monochrome screen. The problem was the Mac had some custom scripts that translated the CAD output to the machine code. Easier to buy eBay parts than upgrade that mess.

        • Comment removed based on user account deletion
          • by cusco ( 717999 )

            Windows XP was really liberal in how hardware drivers could access the kernel, there are a ton of MRI machines out there that will never work with anything else.

            There is a sawmill in Oregon that still runs on punch cards.

      • by dmay34 ( 6770232 )

        It's not unusual for a machine shop to have tools that are 30 years old.

        Yes... but your band saw probably isn't nearly as susceptible to ransomware as Windows 7 is. But, hey, if you just need a very basic computer that is disconnected from the internet, Win 7 is great and the FBI isn't talking about you.

      • by sjames ( 1099 ) on Wednesday August 05, 2020 @09:52AM (#60369059) Homepage Journal

        But it is unusual for people to try to slip in bar stock designed to damage older tools.

      • by AmiMoJo ( 196126 )

        It's not unusual for a machine shop to have tools that are 30 years old.

        Yeah but then how are tool makers going to sell them new ones? Tools need to last about 5 years, with forced obsolescence at 10.

        Tools aren't like hit songs where you can keep collecting the royalties for a century or more! Wait... Can we do that? Can we make you rent your tools? Adobe make it work...

        - Big Tool Mfg. Co. CEO Richard Head

        • Re: 11 years old. (Score:4, Insightful)

          by OrangeTide ( 124937 ) on Wednesday August 05, 2020 @11:06AM (#60369301) Homepage Journal

          Yeah but then how are tool makers going to sell them new ones? Tools need to last about 5 years, with forced obsolescence at 10.

          That's how phone marketing works. Mainly because we let them do this to us.

          Tools aren't like hit songs where you can keep collecting the royalties for a century or more! Wait... Can we do that?

          SaaS is great for business, bad for consumers. It's all designed to empty our bank accounts.

        • > Tools aren't like hit songs where you can keep collecting the royalties for a century or more! Wait... Can we do that? Can we make you rent your tools?

          Don't worry, scummy John Deere already claimed farmers don't own their tractors [wired.com] under the DMCA. General Motors claims locking people out helps innovation! /s

      • Machine shop tools are unlikely to get a ransomware virus that will lock them until you pay bitcoins to a scammer to unlock your shop. But then again, I bet modern shop tools like CNC machines could totally get a virus.
        • Machine shop tools are unlikely to get a ransomware virus that will lock them until you pay bitcoins to a scammer to unlock your shop.

          And Windows 10 will be the new target, not changing the fact that a computer is more work to use and secure.

      • Exactly. I do a lot of work with analytical chemistry instrumentation. I fought quite a bit with the IT guys at my organization as they had a view like the GP. Instrumentation is often relevant for decades. I am not going to throw out a $250k instrument because it uses software that only works on an EOL operating system. And I'm not going to subject my instrument to pointless operating system migrations just to support the Microsoft upgrade model. IT needs to help us mitigate the risk while considering our
        • IT needs to help us mitigate the risk while considering our particular business needs. Otherwise, I'll do their job for them, and not as well.

          Indeed. When corporate IT departments get above themselves, forgetting what they're there for and mandating enterprise-wide policies that make their lives easier but don't necessarily help the staff they are there to support, it's really no better than when a vendor like Microsoft tries to impose new ways of working that aren't in its customers' interests. Corporate IT's job is to tell the vendor to take a hike at that point, not to ask, "How high?"

          • I'm completely with you. In another adventure with the IT department, we migrated to Gmail business from an internal solution. It was a mess. IT hadn't even considered the implications of us discussing manufacturing trade secrets, patent preparations and contract negotiations over an externally hosted platform. The rest of the organization is under strict change control so it was baffling to witness their lack of foresight.
            • If it makes you feel any better, I once had to explain to a client's law firm why sending confidential details via unencrypted email might not be a great idea. Maybe they were confident that if anything leaked, there would be sufficient legal remedy available not to worry about it, but that seems like a rather optimistic approach compared to just having proper security in the first place...

            • Dear lord, this has happened at my work except it's the online outlook instead of gmail.
              Result is, half the people with computers still running windows XP can't use their versions of outlook and whatever to access the mail as it uses some newer tls standard... .and the web interface runs atrociously slow on old boxes.
              I hate the Richard that came up with the idea, all because M$ promised them there's no cost to it. (now, of course. In a decade's time...) Ugh.
      • by antdude ( 79039 )

        My former client was still using Windows XP SP3 for their old specialized printers. My dentist finally dumped it a few years ago, but was still using W7 as of Feb. 2020. :/

    • Plenty of companies took a very long time to upgrade from XP to 7 and then they saw the shitshow of 8 and stayed with 7. I'm still using it for a desktop but eventually plan to move it to a VM.

      • Some say it runs better as a VM. Golden images, and secure the data, which is what ransomware is really all about.

    • Maybe you run a small business and don't want the risks that come built into Windows 10?

      The high-end editions of 10 are very different to the lower-tier ones in this respect, and Pro is now a lower-tier edition.

      It is entirely possible that for some businesses, staying on 7 for now and taking other steps for security would be a reasonable policy.

      • by dmay34 ( 6770232 )
        I don't see how this differs from my vehicle analogy. Small businesses are more likely to keep their company vehicles longer too. If your company plan is to milk value out of your tools as long as possible, then that's fine. But it's on you.
        • Re: (Score:3, Informative)

          That's the thing, though: it's not about "milking value". It's about the new version being actively worse in important ways.

          If you deal with any sort of confidential data or work to important deadlines, how can you possibly do so responsibly (not to mention comply with legal and regulatory obligations in many cases) if you're using a system that can be changed without your consent and that uploads data from your systems in ways you can't turn off?

          In Enterprise world, these are non-issues, because even Micro

          • for small businesses and independent professionals, the traditional market for the Pro edition, 10 is a train wreck for the same reasons it always has been.

            For all the reasons, plus more reasons. Microsoft has really screwed the pooch with this forced update crap. If they were more competent and/or the job was easier (because the multitudes of PCs do still vary quite a bit in behavior) then perhaps they could get away with it without alienating people, but the fact that they've had so much trouble with the updates causing problems is the real clincher that will irritate people into seeking other solutions to their computing needs.

            • Remember back when M$ had everyone download their stupid windows 10 installs forcibly? My uncle was using a sim card with prepay credit to access the internet and basically, it ate him like 60 bucks overnight. We kept joking that if we were in the USA this would probably be grounds for a lawsuit.
      • Maybe you run a small business and don't want the risks

        I do run a small business, and I don't want the risks. I use LInux.

        • So do we. Also Apple gear, and various mobile platforms. But sometimes, you need to run software that is Windows-only, or if you're in software development maybe you need to build and test something you write yourself on Windows, so you can't always just ignore Microsoft's platform either.

          So then you get into whether you have to have 10, and if so, how you secure it properly, i.e., under your control and not Microsoft's. The fact that doing so means hitting a fast-moving target and requires external measure

    • by k6mfw ( 1182893 )

      I still use my Win7 PC I got for $100 from Weirdstuff Warehouse, works great. I have the Windows Firewall activated but that's about it. I have to admit I don't keep up with computer security stuff that much, soooo much news of systems getting hacked it becomes like car crashes. So many occur almost none are news exception of really bad accidents that block the freeways for hours.

      I also have couple XP, one for online the other is not. This has various programs I probably cannot put on newer PCs. Even if I

    • by Joviex ( 976416 )

      It's hard to believe that Windows 7 is 11 years old and companies are still using it.

      It's unusual to use technology that works?

      How are the wheels on your car, or the knife in your kitchen drawer? Obtuse much?

      • My buggy-whip is still working properly despite all the teasing from the "you're a Luddite" crowd.

        • by Joviex ( 976416 )

          My buggy-whip is still working properly despite all the teasing from the "you're a Luddite" crowd.

          And congrats to you and your dead horse?
          Being anathema to change isn't a reason for non-change, and change itself doesn't preclude you from doing what you have done.
          That sounds like two obtuse logics rolled into one.

    • Everything has it's place. If you have an appliance that isn't networked, what does it matter how old the software is? You don't fix what isn't broken.

      If you have a 20 year old car that's paid off and you only use it for going to the doctors and the grocery store, it has 80k on it, does it really need replacing? I would say absolutely not because it's still running perfectly fine while full filling your needs.

      P.S. That 20 year old car is also a 96' Chevy Camaro. The old guy that owned it bought it just befo

    • You get the new car, and you drive it around. Done.

      When you upgrade your systems, your business workflows break all over the place. If you just "jump in" to the upgrade your whole business can crash into a brick wall! You have to upgrade it a piece at a time with the option to roll back really quickly if suddenly something unexpected breaks, and then you need to pull people off their regular work to investigate why it broke and re-design whatever-it-was, sometimes rifling through scripts (or whatever) th

    • by Calydor ( 739835 )

      That's not quite fair, is it? If your company acquires a fleet of ... let's say Mercedes in 2000, they might very well choose to replace worn out vehicles with a newer year but same model Mercedes - a car that is essentially the same as the old one but with improved safety features, a small change to the angle of the neck rest etc.

      Patches. Updates. Not a whole new look for the car.

  • by bobstreo ( 1320787 ) on Wednesday August 05, 2020 @09:31AM (#60368999)

    If the Chinese released something like Windows 10, there would be widespread panic, fear and confusion. And probably a lot of orange tweets.

    I tried it for 2 days, got a bunch of updates, hated it, and installed Linux.

    • Where I used to work I read about all the problems with it, how it spied on you (so-called 'telemetry'), and so on, then had it literally forced on me (IT literally bricked the computer remotely that I was using) and spend about a week 'sanitizing' it as much as I could, installing things like Classic Shell to make it usable, and so on. When it came to finally putting together a more modern desktop system for myself at home to upgrade from a single-core and Windows XP, it was Ubuntu. Screw Microsoft and the
  • WARNING (Score:5, Insightful)

    by drinkypoo ( 153816 ) <drink@hyperlogos.org> on Wednesday August 05, 2020 @09:43AM (#60369025) Homepage Journal

    If you don't upgrade to Windows 10, we won't have access to all the data on your system through Microsoft and their Telemetry system, and then we won't be able to keep you SAFE.

  • by jfdavis668 ( 1414919 ) on Wednesday August 05, 2020 @09:45AM (#60369027)
    Not enough of them around to make it worth while for anyone to find a way to hack in.
    • Vista is just Windows 7 with less attention paid to it and more memory consumption. There's no way it's more secure than 7.

  • The Windows update servers for Windows XP and Vista has been shutdown this week, not being able to get any updates at all. If you still have XP boxes connected to the internet in 2020 you should hand in your geek card.
  • by kackle ( 910159 ) on Wednesday August 05, 2020 @09:52AM (#60369063)
    It's the devil you know versus the devil you don't. Aren't most hacks these days from web ads and email phishing anyway?
    • Phishing is common, of course. It's very much not the only threat. I see many malware documents and malware links coming in email each day. Pdfs, zip files, and Microsoft Office documents. If it's a .xls or .doc file rather than .xlsx or .docx, it's probably malware.

      As you mentioned, various JavaScript-borne attacks are big. You seem to think/imply that old unpatched copies of Windows are immune to web-based attacks? Quite the opposite. When you say "hacks these days from web ads", that means "exploit In

      • No, not immune, just not "automatically more flawed".

        (Micro-rant:) The natural human assumption is that newer is better nearly 100% of the time, but experience has shown me it's closer to 60% as no one seems to consider the unintended consequences of the new. (Granted, I'm speaking more generally, not just about software.) Every few months on Slashdot you see the "new" is even killing people now as we rely more and more on the software gods.
        • > The natural human assumption is that newer is better nearly 100% of the time, but experience has shown me it's closer to 60%

          Newer is certainly not automatically better. Though of course engineers try to make things better, not worse, with each version.

          This discussion is not about better. Maybe somebody likes Windows 95 because it's simpler. That's better, by their definition of better. Fine. We're not talking about better.

          Each month, Microsoft releases about ten fixes for various security issues.

          • by kackle ( 910159 )

            I have a database with THOUSANDS of Windows 7 vulnerabilities.

            Well, good; you're the person to ask then (this is not an argument, it's a genuine question): Can an attacker remotely enter a (say, Windows 7) machine without the end user's involvement, as over a network?

            • Yes.

              The mean time to compromise for unpatched Windows instances launched in AWS is measured in *minutes*, not even hours.

              Assuming the machine is doing something on the network, has a port open in or out - if it's shutdown, perhaps has the power supply removed, it's significantly safer.

              • by kackle ( 910159 )
                I guess the devil is in the details. Why would an incoming port be open? That sounds dangerous to me (though I'm a coder, not an IT guy).
                • > Why would an incoming port be open? That sounds dangerous to me (though I'm a coder, not an IT guy).

                  I take it you don't do web apps?
                  Or ever work on remote machines?

                  For "internet connected" to mean anything, you have to have ports open - in, out, or both. If you're making web requests out, I can put a malicious payload in those. Maybe on a web page or in an email. If you're providing any kind of service - NTP, web, mail, DNS, whatever, I can send exploits that way.

                  For example there are exploits again

                  • by kackle ( 910159 )
                    I see what you're saying. The typical end-user then, like grandma, won't typically have such a vulnerability, I assume. If that's true, then I'd also assume that the majority of the people would not have such an issue.
                    • Only if "the typical user" doesn't use the internet.
                      No web pages, no emails.

                    • by kackle ( 910159 )
                      Doesn't that client software open ports for itself, use them and then close them?
                    • Yep, it opens a connection, retrieves the malware-laden page from the unpatched WordPress site, tuen closes rhe connection. The dropper then opens a connection to dowoad the stage 2 malware.

                    • by kackle ( 910159 )
                      So is that a client software issue then or is the OS itself at fault?
                    • You seem to want to believe that Microsoft releases fixes for several security issues on the second Tuesday of every month just for fun - that OS-level security problems don't matter.

                      Yes. See the second half of this post:

                      https://slashdot.org/comments.... [slashdot.org]

                    • Just to give you a taste, here are the 20 security holes in Windows 7 that Microsoft patched on the February 2020 patch Tuesday. (You'd have to buy this patch). It was a typical month, with 20 security holes fixed by the February patches.

                      https://www.tenable.com/plugin... [tenable.com]

                      Two are particularly interesting. One is in the media playing library. With that, playing a video (such as on a web page) let's the attacker run arbitrary code on your system. The second is a privilege escalation to kernel mode. Combinin

                    • by kackle ( 910159 )

                      the ability to reformat your hard drive, when you play the video.

                      What if I WANT to reformat while watching a video? Sounds like a feature to me! Sincerely, Microsoft Market Department.

                      Thanks for the back-and-forth; I learned some stuff! On the other hand, hackers aren't bothering to attack my XP machines. :)

                • Let me make it even simpler:

                  If people can use the machine, people can use the machine. And I am people. If people can use it in some way, I can use it - ans probably not in the way you intended.

                  Ps you mentioned you're a developed.
                  Can you do me a favor and read over the OWASP top ten one more time. I've been doing dev for about 20 years, developing security-related software and systems. It's good for me to be reminded of those things from time to time.

                  • by kackle ( 910159 )
                    Thanks for the tip; I've never heard of it. I typically do non-connected, embedded firmware work. I think I'd go nuts if I had to deal with all you deal with. :)
            • by SirSlud ( 67381 )

              Ask every 6 months and the answer will be "yes, and it's even easier now"

          • Newer is certainly not automatically better. Though of course engineers try to make things better, not worse, with each version.

            Except of course where DRM is involved, where they spend most of the time making things not work. And wherever money is involved, because "making things better" means to make more money (I.e. better for the developer, not the end user.) Those two exceptions rarely come up though, right??

        • by SirSlud ( 67381 )

          If you know this, lots of people know this. The natural human assumption is not that newer is better nearly 100% of the time. History is basically littered with conflict that revolves around newer vs older.

          • by kackle ( 910159 )

            The natural human assumption is not that newer is better nearly 100% of the time. History is basically littered with conflict that revolves around newer vs older.

            I guess I accidentally exaggerated; it seems that's the mode today, with "vintage enthusiasts" being outliers. I have to look no further than this website's home page to see a kerfuffle over Tesla's in-car touchscreen, for example.

  • by RitchCraft ( 6454710 ) on Wednesday August 05, 2020 @10:33AM (#60369181)
    The FBI should be warning Microsoft to fix Windows 10. This should be a wake up call for M$. After all this time so many people and companies refuse to use Windows 10 Spyware Edition. When I need to upgrade a system beyond Windows 7 I take the Linux route. Windows 10 is a hot mess.
  • ... backdoors.

    Or disclosing vulnerabilities.

    Not that we were disclosing vulnerabilities in the first place.

  • Windows 7 is not Windows 98. It was understandable that Microsoft would not be able to keep patching 16-bit and 16/32-bit operating system in perpetuity. But Windows NT, XP, 7, and 10 are all just Windows NT.

    For the sake of national security, Microsoft needs to switch to an annual subscription sales model for its operating systems the way it is already transitioning to for Office.

    • by Merk42 ( 1906718 )
      Subscription? What? Then I'll have to pay for someone to do work?! Nonsense! Once you write any piece of software, you are beholden to support that software, for free, FOREVER!
  • by spongebob232323 ( 1061346 ) on Wednesday August 05, 2020 @11:23AM (#60369381)
    Rocking Windows 7 Extended Security Updates (ESU) here. Looks like ZDNet article being ignorant on purpose. I would love to upgrade my old PC, but why? Its a i7 Sandy Bridge running at 4.8 Ghz and my graphics card is a NV 2080 (previous card burned up). New processors are like 30% faster per core. High core count processors have until recently came with a big drops in core frequency and having 16+ cores (vs 4) doesn't really help many apps.
  • Is it really the place of the FBI, or any law enforcement organization for that matter, to be making recommendations about what operating system you should be running on your computer? I think not.
  • by Merk42 ( 1906718 ) on Wednesday August 05, 2020 @12:24PM (#60369571)
    Nevermind the fact that Windows 7 was supported longer than most, if not all, versions of any other OS.
    Saying "Linux" is disingenuous as "Windows" is still supported too.

    Speaking of Linux, nowhere does the FBI say you must start using Windows 10, only that you stop using Windows 7. Change to an updated version of BSD for all they care.
    • At this point CP/CMS is probably more secure than Windows, what with all the "telemetry' and random crap. /s
  • FBI gives this warning now that they are done using all the exploits.

Ocean: A body of water occupying about two-thirds of a world made for man -- who has no gills. -- Ambrose Bierce

Working...