Hi Tom,

I'm a Unix and research computing generalist, not a Windows security specialist--we have fewer than five Windows machines in our department, so I don't need to be too up on Windows specific issues, however….


On Jul 17, 2013, at 6:46 AM, Tom Fine <[log in to unmask]> wrote:

> 1. if I have an XP system that works right now, as-is, if I disconnect it from the network and put up the XP firewall to max settings, can I keep the Norton antivirus static, too, under theory that there's no way for viruses to get in via the network?

Yes, but…. There's plenty of other ways for malware to get on a system. For example, for some time a prime vector of malware has been hidden inside PDF files, so if you're putting newly infected PDF files on these systems, even if not directly from the network, there's definitely potential infections. And if you're *not* updating your anti-virus definitions, new viruses won't be caught by the old anti-virus.

I believe there are ways to download antivirus definitions online and then update the anti-virus definitions offline, but it's not something I'm up on.


> 2. if I re-format a USB fob before I insert it in the XP machine, will that assure that no viruses will get in via that port?

Unfortunately not quite so simple. Malware can be hidden on a USB key in ways that a simple format (which basically only destroys the directory structure but not the underlying data) can work around. I don't know the state of Windows XP formatting, but if there's a method that overwrites 1s and 0s to the key (which will take a lot longer) not just trash the directory, that would be preferable. And even then there's likely malware that can hide and avoid the overwriting--hopefully you just won't get that.


> 3. does XP, Norton or any other common Windows software have known "expiration dates," where the software will stop working because it's been too long since the last "update" or "upgrade"?

Don't know. It's become more common that more recent software wants to "phone home" periodically via the network to see if it's authorized and you're not running an unauthorized copy. However, that wasn't true when XP began since Net connectivity wasn't nearly so ubiquitous, so that would be less common with XP era programs (but perhaps not entirely unknown). For example, most anti-virus works as a subscription to the virus database that requires a periodic renewal--will the underlying program stop working if the database isn't renewed?


> Keep in mind, I still use Office 2000, Publisher 2003, MapInfo from back in the Windows NT era, and Quark 5 (circa 2003 or so). We don't want to "upgrade" any of this because it's made for a very smooth workflow with zero learning curve for 10+ years. In the studio, I have no need for interwebs connection on the workstations, it's just a convenience. In fact, the main DAW is not connected so as to avoid anti-virus software and the like. I run only Soundforge 11 the vast majority of the time on that computer, with a couple of other small programs (mainly the Foobar player). That computer actually could migrate to Win7, but I don't see a need.

If no new data is moving in and out of your machines and they're not connected to the Internet you should be safe, but… as mentioned, even seemingly innocuous files like PDFs can hold hidden malware.

Also, if you haven't already, you'll want to stockpile WinXP compatible hardware. Hardware dies, newer hardware is likely not to have XP drivers available (plus the only way to get those drivers will likely be via the network), so you'll want the older stuff that you know works with your software.

And finally, if you do have to replace a machine/motherboard/hard drive, can you reinstall the OS and old software you need onto the "new" vintage hardware? Nowadays a lot of software installs are tied to the specific hardware it's installed on. That wasn't so common in the XP era, but you'll want to make sure that *your* software isn't one of the exceptions… Or if it is, stockpile some installable copies (or perhaps whole systems with all your software already installed and working) so you don't end up in a situation where everything installs except, say, Quark.

Some reading this may think I'm being overly cautious to the point of paranoia, but I'm literally paid to be that way. It's kept me working for the last couple of decades. :-)

Arthur




>
> -- Tom Fine
>
> ----- Original Message ----- From: "Arthur Gaer" <[log in to unmask]>
> To: <[log in to unmask]>
> Sent: Tuesday, July 16, 2013 4:11 PM
> Subject: Re: [ARSCLIST] Audio workstation recommendations?
>
>
>> Well, if you moved to Macs you could run WinXP in a virtual machine (Parallels Desktop, my preference, or VMWare Fusion) on the Macs themselves and thus still have access to the XP software running on a "real" WindXP operating system.
>>
>> There's still the danger that the virtual XP could have security compromises as well. At least the virtual machine isn't sitting directly on the network and you can throw up various levels of protection between the virtual XP and the outside world as well. You can also create frozen images of a known working system/software combination, so if the machine ever does get infected with malware or otherwise get trashed, you can roll back to a known working set OS/software combination.
>>
>> All that being said, I wouldn't count on using WinXP within a Mac virtual machine as a reliable way to do high quality audio and other real time sorts of operations. There's just way too much going on between that older OS and its virtual access to the actual Mac hardware to depend on that working to professional standards. Though for less hardware dependent and real time applications, like MS Office, etc it seems to work just fine.
>>
>> Arthur
>>
>> On Jul 16, 2013, at 3:38 PM, Tom Fine <[log in to unmask]> wrote:
>>
>>> Yes, agree about being FORCED to "upgrade" when Microshaft stops doing security updates. At both the studio and my other company, we're not sure what we're going to do, but we already know we'll now have to budget lots of money for needless computer changes in 2014. There is very serious thought and talk about just moving to Mac, the idea being that Microsoft has now diverged from our best interests. What we'll do about legacy XP software is anyone's guess.
>>>
>>> -- Tom Fine
>>>
>>> ----- Original Message ----- From: "Arthur Gaer" <[log in to unmask]>
>>> To: <[log in to unmask]>
>>> Sent: Tuesday, July 16, 2013 2:28 PM
>>> Subject: Re: [ARSCLIST] Audio workstation recommendations?
>>>
>>>
>>>> Hi Tom,
>>>>
>>>> If you or anyone is still using WinXP you should really try to be rid of it within the next nine months. That's when Microsoft will remove all support, which most importantly means security support, for XP:
>>>>
>>>> http://www.microsoft.com/en-us/windows/endofsupport.aspx
>>>>
>>>> "After April 8, 2014, there will be no new security updates, non-security hotfixes, free or paid assisted support options or online technical content updates..."
>>>>
>>>> If anyone's XP equipment talks to a network in any way, you'll want to replace it, upgrade the OS, or keep it entirely disconnected from the Internet from that time forward. I can only imagine the security holes the hacker community is keeping in their pockets until April 9, 2014. You really don't want to find out what those might be.
>>>>
>>>> Personally I'm also a big advocate of Macs as well, enhanced security being one significant benefit.
>>>>
>>>> On Jul 16, 2013, at 1:21 PM, Tom Fine <[log in to unmask]> wrote:
>>>>
>>>>> To be honest, if I had the funds to get rid of all the legacy WinXP aspects of my studio, I'd go Mac today.
>>>>
>>>> Arthur Gaer
>>>> [log in to unmask]
>>>>
>>>> Senior Systems Manager
>>>> Harvard University
>>>> Department of Mathematics
>>>> Science Center
>>>> 1 Oxford Street
>>>> Cambridge, MA 02138
>>>> 617-495-1610
>>>>
>>
>>