Tag Archives: update

The End of Windows XP

Twelve years ago, Microsoft released Windows XP. After 3 Service Packs and well over 300 updates, Microsoft ended their official “Mainstream Support” for Windows XP on April 14, 2009 and it entered the “Extended Support” cycle for Windows XP. On April 8, 2014, Microsoft will end their “Extended Support” cycle for Windows XP closing the final chapter on one of the most successful operating systems in the history of computing.

Windows XP was so successful that it took nearly 30 months for their Windows 7 operating system to overtake the global Windows XP install base. Today Windows XP still enjoys an install base of ~35% or roughly 800 million of the world’s computers.

What  does  the  end  of  the  “Extended  Support”  cycle  for  Windows  XP  mean  moving forward?  The  Mainstream  Support  life  cycle  allowed  Microsoft  to  release  “hotfixes”, security  updates  and  provide  direct  commercial  and  end-user  support.  The  “Extended Support”  cycle  moved  the  product  into  only  receiving  security  updates  to  the  product and ended all other support. While Microsoft has made some allowances in the past for profound security-related issues for products outside of their Support Lifecycle system, on April 8, 2014, Microsoft will no longer be providing any new updates to Windows XP, including “hotfixes”, service packs or security updates.

This will expose Windows XP users to a myriad of new and evolving security, malware and virus threats. Microsoft Security Intelligence Report volume 14 (PDF) reports the following infection rates by operating system and service pack for the fourth quarter of 2012. While Windows XP Service Pack 3 has made a significant reduction in the amount of security vulnerabilities and infections on the XP platform, XP still leads the pack in infection rates across all Windows operating systems. The combination of large user base with lack of security patches leaves a large target on the venerable operating system.

To mitigate the risk moving forward, users must begin the transition from Windows XP when and where possible. The best option would be moving towards the latest operating system, Windows 8, as it is the most secure and reliable system Microsoft has yet to produce. That might not be an option for many people, so the next best option would be Windows 7. Between Windows XP and Windows 7 was Windows Vista, however, Vista is not an option as it is also nearing the end of its support life cycle.

Infection Attack Vectors Q4 2012

Infection Attack Vectors Q4 2012 by Operating System

If Windows XP must be used, for whatever reason, then a hardened security presence on the system must be maintained and updated regularly. There are many anti-virus, anti-malware and firewall software options available from Microsoft and third party vendors – both free and paid. The number of unprotected or under-protected Windows XP systems moving forward could create a ticking time bomb if left unchecked and unprotected.

We are urgently recommending the following actions be taken when and wherever possible:

  • Upgrade. Windows Vista and 7 will still be supported for a few years and Windows 8 even longer.

If you must continue to use Windows XP:

  • Make sure your copy of Windows XP is running Service Pack 3.
  • Stop using Microsoft’s Internet Explorer entirely. Use only a currently updated and supported web browser like Mozilla Firefox. Access to Internet Explorer can even be fully removed via the “Windows Components” feature in Add/Remove Programs.
  • Stop using Microsoft’s Outlook Express entirely. Use only a currently updated and supported email client like Mozilla Thunderbird or better yet a web-based email client.
  • Uninstall the Java runtime environment from your computer unless you absolutely cannot live without it.
  • Install a supported anti-virus client. Keep it updated and do a full system scan weekly.
  • Make sure Windows Firewall is enabled or use the one that comes with your 3rd party security software.
  • Limit your installation of programs off the internet to only trusted sites from trusted companies.

DHCPatriot 5.3.0 has been released

Arguably the most important new feature in this build is the floating IP support implemented with Virtual Router Redundancy Protocol (VRRP). This is the last piece of the puzzle in making the DHCPatriot completely high availability.DHCPatriot logo

Previously, the router would need to be changed to force authentication traffic to one DHCPatriot device or the other in the case of outage. Using VRRP allows a third IP address to “float” between the two devices. This allows the router to be configured to force authentication traffic to this third IP address. The IP address never goes down as long as at least one DHCPatriot device is functional.

Other enhancements in this version include: Searchable Option 82 information that is stored with the sessions; Template based configuration of static address definitions in standard DHCP for quick configuration of ONT networks, for example; Optional protection of the authentication page against automated clients via a simple math problem; Checking stored credentials against the RADIUS server during an un-suspend operation; Optionally send RADIUS ALIVE (interim-update) packets upon DHCP client lease renewal; Optional RADIUS forwarding to external devices that need a RADIUS accounting stream.

Patch notes for this release:

  1. Floating IP (VRRP) implemented. It is now possible to add a third IP address to the DHCPatriot system that will float between the two devices. This IP address should be used with the captive portal page and possibly as the destination address when administrating the machine. Restrictions to using VRRP are that the DHCPatriot system devices must both be in the same subnet and the floating IP must be in that same subnet as well.
    empty_pixel
  2. Optional simple page for protecting the database from being accessed by pre-auth / unauthenticated automated clients such as Weatherbug. This page asks a simple math problem before proceeding to the actual authentication page for pre-auth users. The page has no images and no database access. Automated clients such as Weatherbug will not answer the question and proceed to the login page. Continue reading

DHCPatriot version 5.2.1 has been released

DHCPatriot logo

This is a maintenance with bug fixes only. Only DHCPatriot systems experiencing the bugs repaired in this release will receive this software. All of the fixes from this release will of course be in version 5.3.0.

Release notes:

  1. Added hardware support for the 2013-1 model of DHCPatriot system.
  2. Gave space on startup to launching programs so that they don`t all launch simultaneously. This should help with some freeze-up on startup problems.
  3. Added diagnostic software that will allow us to access hardware information in the field.
    Continue reading

DHCPatriot update 5.2.0 released!

DHCPatriot logoDHCPatriot update 5.2.0 has been released. Patch notes for this release.

  1. It is now possible to add fully qualified domain names to the DHCPatriot
  2. Force lower case usernames now works from the admin form. Previously it only worked from the customer facing authentication page.
  3. ISC DHCP version 4.2.4-P1 is now the core dhcp server. This release contains bug fixes as well as some refinements.
  4. Sticky IP notes are now possible. Notes can be included with a sticky IP assignment so that it can be remembered why it was done.
  5. Exclude IP notes are now possible. Notes can be included with an excluded IP so that it can be remembered why it was done.
    Continue reading

DHCPatriot update 5.1.2 released!

DHCPatriot logoDHCPatriot update 5.1.2 has been released. Patch notes for this release.

  1. Added firewall rules to place a limit on the number of connections that can be opened by a single client machine to the web authentication page. The limit is 20 hits in 10 seconds. It works like this: once a client opens his 20th connection in 10 seconds, he cannot open anymore. If he continues to try during the time that he cannot open more connections, this counts as well. The client machine will need to wait and not open any more connetions until 10 seconds has passed. It is unlikely that clients with a virus infection opening large amounts of web page ports will be able to get to the authentication page.
  2. Changed MaxRequestsPerChild to 1024 from 0 in the web server. This will allow running servers to exit after serving a certain number of pages as per manufacturer recommendation.
  3. Removed text wrapping from all textareas to prevent inconsistancies with visual wrap versus storage of actual data.
    Continue reading

DHCPatriot 5.1.0 Update has been released!

DHCPatriot logoFirst Network Group, Inc is proud to announce the latest software update to our flexible and powerful DHCPatriot.

Version 5.1.0 of the software, freely available to all equipment covered under our maintenance and health plan, features a great number of new features, requested additions and paves the way further for support for IPV6 technology.

To review the features of this release please review our primer document for this update located at here.

We will be contacting DHCPatriot owners over the coming days to arrange a time to install version 5.1.0 on your DHCPatriot system.