Say Goodbye to Windows 98, Windows 2000, and XP sp1

There are still plenty of law firms using Windows 98 as their workstation operating system. I understand. It still works. If it ain’t broke, why fix it? Well, here are a few reasons:

1- Public and technical support for Windows 98, Windows 98 SE (Second Edition), and Windows ME (Millennium Edition) formally ends on July 12, 2006, the scheduled day for security patches in July.

2- Microsoft revealed recently that the company is moving away from patching serious security problems with Windows 98. It stated that fixing an identified serious flaw in Windows Explorer was not feasible on the old versions of Windows. But experts predict it won’t be long before they stop doing feasible work, too.

3- Microsoft’s recommendation is for Windows 98 customers to protect those systems by placing them behind a perimeter firewall that filters traffic on TCP Port 139. This will block attacks attempting to exploit the Windows Explorer flaw. But you probably won’t be receiving future helpful advice from Microsoft on this old operating system in the future.

4- With security support ending, the company is again urging users to upgrade to a newer, more secure version, such as Windows XP Service Pack 2, as soon as possible. Note that support for Windows XP SP1 ends on October 10, 2006.

Microsoft is wisely investing its time and programming power in shoring up its defenses for current versions of their products. Microsoft just issued 12 security advisories and updates for them for products from PowerPoint to Windows to Exchange Server.

One of the Microsoft Office patches will cover a zero-day vulnerability in Microsoft Word that has already been exploited in targeted attacks.

This zero-day flaw is being used in an active exploit by sophisticated hackers in China and Taiwan, according to warnings from anti-virus researchers. The exploit arrives as an ordinary Microsoft Word document attachment to an e-mail. However, when the document is launched by the user the vulnerability is triggered to drop a backdoor with rootkit features to mask itself from anti-virus scanners.

The e-mail was written to look like an internal e-mail, including signature. It was addressed by name to the intended victim and not detected by the anti-virus software. When the .doc attachment is opened, it exploits a previously unknown vulnerability in Microsoft Word and infects a fully patched Windows system.

The backdoor is programmed to call back to a server in China to report information about what the infected system looks like. In addition to providing reconnaissance, the backdoor can connect to specified addresses to receive commands from the malicious attacker.

Finnish anti-virus vendor F-Secure said a successful exploit allows the attacker to create, read, write, delete and search for files and directories; access and modify the Registry; manipulate services; start and kill processes; take screenshots; enumerate open windows; create its own application window; and lock, restart or shut down Windows. The malicious file caused Microsoft Word 2000 to crash.

Ok, folks, it comes down to this. Yes there are lots of bells and whistles that the newer operating systems have, but you may consider the greater ease of use and reliability nothing more than a convenience not worth paying for. Especially when you factor in the additional hardware requirements to support them. If we were ONLY talking about bells and whistles I’d agree with you.

But we’re not talking just bells and whistles. We’re talking security. Serious security flaws which will no longer be fixed. We’re also talking about a lack of support. If it crashes, you’re on your own. And that includes all the suite applications as well.

Can you really risk being suddenly unable to use your documents or computer? Can you really risk having your secure information copied and sent to some remote site in China or Taiwan without your knowledge or consent?

It’s time to bite the bullet. Stick a fork in your computer’s USB port, because it’s done cooking. Oh, and when you get your new computer, don’t forget to adequately clean the hard drive of the old to ensure that what you’ve erased cannot be recovered using easily accessible utilities. And keep in mind also the restrictions on tossing old computers in the trash. Negotiate (buy) a return/recycle of your old computer when you buy a new one.


To return to the main page of the blog, click here. To return to the blog Index, click here.

WordPress Themes