Slashdot Mirror
Ask Slashdot: Should We Expect Attacks When Windows 2003 Support Ends?
kooky45 writes: On July 14th 2015, Microsoft will stop supporting Windows 2003. If your company is anything like mine then they're in a panic to update Windowns 2003 systems that have been ignored for years. But what will happen to Windows 2003 systems still in use after the cut-off date? Company Security warns us that the world will end, but they said the same thing when Microsoft stopped supporting Windows XP -- and yet we survived. Did you experience an increase in successful attacks against XP shortly after its support ended, or expect to see one against Windows 2003 this time round?
No.
Religous speak to God. Insane are spoken to by God. When all shut up, one can finally hear Shostakovich in peace
If within your corporate firewall you are having targeted attacks ... you might want to look at that.
If you have machines you think could be especially vulnerable, you should probably be looking to harden them at least some.
And if you have apps which are running on legacy stuff, you should be looking to upgrade, or see what hardening you can put around them (like put it behind a proxy or something).
Just like before they go EOL, they're still your machines, and you're still ultimately responsible for them.
I suspect most companies have been trying to plan around this for a while. And if they haven't ... well, then someone isn't taking responsibility for such things and you have other problems.
It's not like this is coming out of the blue.
Lost at C:>. Found at C.
It's windows. You should expect it to be attacked in the highlands and the lowlands, near and far, to and fro, hither and yon... You should be expecting attacks right now, and you should also be expecting attacks after support ends.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
block your 2003 machines from the network if you plan to keep them. That is what our security people will do.
The date for end of support for 2003 has been known for like 10 years so there has been enough time to prepare for it.
IT security is not about "what can we get away with". It is about being ready before the bad people strike. And they will. And you may not even notice.
What do you think the more likely explanation is ... the lazy tech people have said "oh, that'll be fine, what could possibly go wrong?" ... or that management has said "we have no money for such things, and we need to maximize executive bonuses this quarter"?
My experience, with anything legacy anywhere, is it's often business decisions which leave legacy stuff doing important stuff, and it's business decisions why nobody can replace it. In a few cases, the sheer magnitude of replacing the system could significantly strain the company because it's an incredibly expensive undertaking.
So, the people who expect to keep their jobs? Well, they're probably doing exactly what they've been told, and have already made this objection to management.
People who like to blame the technical people for this usually don't know what the hell they're talking about.
Lost at C:>. Found at C.
Nah - they'll just firewall the crap out of them and not allow Internet access... just like they do with aging Solaris 8.x and AIX 5.x boxen.
Seriously - there are probably untold hordes of NT 4 servers still grinding along out there.
Quo usque tandem abutere, Nimbus, patientia nostra?