Worth it to upgrade Corporate XP PCs?

Microsoft Windows xp professional w/serv...
July 8, 2010 at 13:24:52
Specs: Windows XP
I run IT for a small business and am currently working on the IT 5yr. outlook. We have about 8 comptuers that function as control stations for various machine set-ups all running XP Pro. My question is once MS cuts all XP support in 2014 will those comptuers be that much of a security risk? If all I need to do is print from them could I not just delete the DNS and gateway for each comptuer to disconnect it from the internet and still allow it to access the LAN to print?

See More: Worth it to upgrade Corporate XP PCs?

Report •

July 8, 2010 at 14:53:54
Why are they on the internet now? If just being controllers for machines it makes no sense to have them on the internet.

What are xp patches for? Bug fixes and security fixes.

If your network is behind a good firewall and your control pcs are not on the internet you should be just fine.

Report •

July 8, 2010 at 15:50:11
They're on the internet now because that's they way they were when I got to the company. I don't have a "real" firewall installed on the network, but I have a linksys wrt54gl which has SPI. So it sounds like with the internet turned off on those computers i shouldnt be concerned about getting a virus via the network. I don't even need virus protection for those computers then.

Report •

July 8, 2010 at 16:05:56
If you don't have a real firewall, like a sonicwall that has subscriptions for AV/Spam/etc then you have minimum protection.

All that has to happen is one of the user pcs gets infected to infect the rest of the network.

You also need to understand the game has changed. Malware/virus is just the first assault to get hacker tools installed.

Hackers would use your controllers hard drives for storage and to launch attacks on the internet. This has happened with hospital equipment.

I would suggest your review your security requirements as part of your 5 year plan.

I would keep those pcs AV up-to-date though I would take them off the internet asap.

Report •

Related Solutions

July 8, 2010 at 16:10:58
All the PCs have up to date AV. But if I take them off the internet it's not possible to keep them up to date then. Is sonicwall what you would recommend?

I understand that the game has changed which is why I have all the computers up to date with AV and windows home server backing them up so if they do get infected I can roll them back. I also periodically run boot-time deep scans.

So would I still need some type of AV still installed with them off the internet? How would that work without the internet? Will AV companies keep releasing updates for XP machines?

Report •

July 9, 2010 at 13:02:10
There are other choices such as untangle's firewall and many other linux/bsd based firewalling solutions. Best practices are a group of tasks that tend to protect your data. Learn and use as many as possible.

As to the upgrade, I'd say it may be more your value on data and time. XP can still be OK if all best practices. Read up on Windows 7 and even if your systems would benefit from the upgrade. You should have purchased the upgrades though when they were selling for $40. (I did)

Look at your programs too to see if they may also be part of a security or other data security issue.

Simple things tend to help a lot. Limit user rights.Backup plans.

I support the 'Everybody Draw Mohammed Day'. A religion doesn't deny my freedom.

Report •

July 9, 2010 at 13:36:09
I am confused. The purpose of an edge firewall is to prevent attacks from the outside. If they stop putting out updates to Windows XP to prevent Zero Day Attacks that come from with in "People Browsing the Web", edge routers do very little to prevent these kind of attacks because they only block packets leaving the LAN but do noting to prevent things getting installed on the computer by a user browsing to a page that is taking advantage of an exploit. The firewall could stop a bot installed on the machine from executing a DDOS attack on another network but if the bot was just a simple keylogger that creates an email sends it to a host someware then you would need a firewall that had a IPS deep packet inspector on it which would slow things way down which is really more than a firewall it is an IPS.

If you could get your users use to Windows VISTA or better Windows 7 then it would be a better solution. It is one I think we all have to face. I only have 2 Vista boxes in our network and the rest are XP because the users hate the new GUI in VISTA. They will just have to get use to it just like they did when going from 98 to XP.

Report •

Ask Question