Archive for the ‘Security’ Category

End of Life: Windows XP

Tuesday, July 16th, 2013

Microsoft will end the extended support cycle for Windows XP on April 8, 2014. This means that after this date no more security patches or maintenance updates will be released by Microsoft. For all practical purposes, Windows XP will be dead after this date.

We at the Physics Department are going to face some problems when XP reaches its end of life:

  • Our client computer network is directly exposed to the Internet, thus we depend on a continuous availability of operating system patches. Furthermore we are bound to ETH’s Acceptable Use Policy for Telematics Resources (BOT), which orders every system owner to install OS upgrades to avoid security issues. Since for Windows XP no more security patches will be available after April 9, 2014, from then on it is not possible to fulfill the BOT requirements and to ensure overall system security. Running Windows XP connected to the ETH network will become a security issue after the April 8, 2014 and will not be tolerated by ETH’s network security.
  • A network scan unveiled several dozen Windows XP machines still connected to our client computer network. One reason may be that measurement instrument controller software still depends on that version of Windows. Also old hardware might be in use which does not run well with a newer operating system.

Regarding these facts, we would like to ask you to start analyzing your Windows XP machines and the dependencies and reasons of the existence of this operating system. The following points provide some steps and hints about the process to eliminate or upgrade current Windows XP machines.

  • Check whether there are Windows XP machines still in use in your computer ecosystem and analyze whether a software or hardware component really depends on this version of Windows.
  • In case your Windows XP installation is needed to control specific lab equipment and you are locked to this OS version, please check with the manufacturer of the equipment whether new software or drivers are available or a hardware upgrade allows to migrate this Windows XP computer to a newer version of Windows.
  • If an upgrade to a newer Windows release generates extra cost, now would be a good time to spend this money to keep your systems and equipment up to date and to have a stable environment without running into IT security concerns in the near future.
  • Please draw up any possible cost to the 2014 budget so new hardware/software can be ordered prior to the end of life date of Windows XP and the system can be upgraded in advance.
  • If you face a situation in which it is not possible to upgrade to a higher version of Windows for technical or financial reasons, please contact us. We can help you analyze your specific situation and can try to find particular solutions to isolate your Windows XP installation from the network or maybe find a way to upgrade to a higher OS release.

You are welcome to contact us in any case of questions or concerns relating the Windows XP end of life topic. We can provide help to migrate away from Windows XP as swift as possible so you can keep your systems secure and stable.

Please note that after April 8, 2014, Windows XP will not be tolerated on the ETH network and we will be required to enforce this rule.

Sophos Antivirus False Positives ‘Shh/Updater-B’

Wednesday, September 19th, 2012

Sophos Anti-Virus may tell you that a virus named ‘Shh/Updater-B’ has been detected on your Windows computer. Please ignore this alert messages! Sophos accidentially sent out a bad virus defintion database last night which causes the virus scanner to detect the above mentioned virus in several legitimate programs on your system. We take action to update Sophos with a fresh and functional database. Thanks for your patience.

Update 10:20 21-09.2012: Sophos aknowledged the problem and issued new definition update to solve the false postive detection problem. ISG D-PHYS managed Windows machines are no more affected by this iusse. If you still encounter problems on your self-managed Windows machines running Sophos refer to the following knowledge base article which may be a good entry point to find help:

http://www.sophos.com/en-us/support/knowledgebase/118311.aspx

Temporary SMB access restriction

Wednesday, April 11th, 2012

Last night a security problem was detected in the SMB server software we use for our group and home shares. In order to protect your data and our systems, we

temporarily restrict access to our group and home shares to the ETHZ IP address range

until security updates are available. If you’re outside the ETH network and need to access your data, use VPN. We expect the updates to be released later today or tomorrow and will then go back to world wide access.

Emergency reboot of Ubuntu workstations

Friday, September 17th, 2010

On Friday, September 17, at 22:00,  we will have to extraordinarily reboot our 64-bit Ubuntu workstations in order to deal with a nasty security issue. We’re sorry for the short notice but we’ve been unpleasantly surprised by this just as much as you have. If you’re reading this in time, please save all your data and log out if you can. Please note that also the terminal servers plimpy, plompy, plempy and plumpy (yes I know..) are affected. Thank you.

Nearing End of Life support for Windows 2000 and Windows XP SP2

Monday, March 8th, 2010

On July 13th 2010, Windows 2000 Server/Professional and Windows XP Service Pack 2 will no longer be supported with security updates by Microsoft.

Machines running these operating systems should be upgraded to newer versions like Windows 7 or Server 2008 if they are directly connected to the D-PHYS network.

The IT Use Policy of ETH does not allow systems without an active patch cycle to be connected to the ETH network.

Please make sure that all computers running any of the affected operating systems have been migrated by July 13th 2010. The same also applies to even older systems like Win 9x or NT 4.0 of course.

More information about Microsoft Support Lifecycle can be found here.

Short maintenance downtimes of Terminal, Mail and Authentication Server

Friday, December 4th, 2009

There will be a semi-urgent maintenance reboot of our mail server and our terminal server “plimpy” today, Friday, 2009-Dec-04, at 6pm. So if you are using one of our thin clients, please save your work and log out before 6pm. Expected downtime durations: approximately 15 minutes for the terminal server “plimpy” and approximately 30 minutes for the mail server.

Additionally there will be a restart of our LDAP authentication database at the same time. This can cause logins on managed workstations or connections to file servers to fail temporarily, but should take no more than a minute or so.

Update, 7pm: Maintenance over. All systems back to normal. Terminal server was back in time, mail server needed a file system check so the downtime took slightly longer than expected. LDAP restart was a matter of seconds.

Microsoft Security Bulletin for November 2009

Wednesday, November 11th, 2009

Last night Microsoft has released the Security Bulletin Summary for November, 2009.
If Automatic Update is not activated yet, then you must visit Microsoft Update to install the Security Updates.

Linux Kernel Update

Friday, October 23rd, 2009

We installed new linux kernels for our systems and the machines need to be rebooted to run the new kernel. We will reboot the D-PHYS Linux Workstation “plimpy” this evening after 06:00 pm, not all the workstations. Please log out this evening before you go home, save all unsaved work and don’t start any long running jobs.

The terminal server “plimpy” is affected as well, please save all your open documents and log out from your LTSP terminal. Thank you.

Microsoft Security Bulletin for October 2009

Wednesday, October 14th, 2009

Last night Microsoft has released the Security Bulletin Summary for October, 2009.
If Automatic Update is not activated yet, then you must visit Microsoft Update to install the Security Updates.

Microsoft Security Bulletin for September 2009

Wednesday, September 9th, 2009

Last night Microsoft has released the Security Bulletin Summary for September, 2009.
If Automatic Update is not activated yet, then you must visit Microsoft Update to install the Security Updates.