Wow, you all make this sound like the Y2K crisis, and we all know how that turned out :). -- dkm At 3/21/2014 11:33 AM Friday, David Graff wrote: >If you're continuing to run XP systems, it would be a good idea to disable >autoplay on them. Users with local admin rights plus a mis-click on an >autorun popup can hose the system really quickly. Microsoft has a FixIt >utilitie to do the job, along with registry and group policy methods: > >http://support.microsoft.com/kb/967715 > >Autoplay is a dangerous feature and we disabled it across the board, not >just on XP systems. > >On Thu, 20 Mar 2014 16:23:36 +0000, Bosman, Don <[log in to unmask]> >wrote: > > >Sneaker net and thumb drives will be your attack vectors. > >If a researcher finds it expedient to have data moved faster than you can >accommodate them, they are likely to improvise. > >Keep the anti-virus and anti-malware up to date. > > > >You've probably seen the same tales that I have, about security researchers >leaving spyware infected thumb drives in the parking lots for security >conscious workers to find. And how every one of the drives was plugged in to >see what was on it. > > > > > >Don Bosman > >Information Technologist > >MSU Libraries > >366 W. Circle Drive - Rm.W441 > >East Lansing, MI 48824-1048 > >517-884-0873 > > > > > > > > > >-----Original Message----- > >From: David McFarlane [mailto:[log in to unmask]] > >Sent: Thursday, March 20, 2014 12:16 PM > >To: [log in to unmask] > >Subject: Re: [MSUNAG] Desktop Replacement Policy and XP Mitigation > > > >Probably irrelevant to most here, but... > > > >We have several Windows XP systems used in research labs for running >ongoing experiments, using software that until recently did not work well >under Vista/7, and in any case changing computer configuration in the middle >of a research study could affect the results, so we continue to run them. >But we do not use those computers for browsing the internet, and typically >have the network disabled (even physcially), so I think that makes them >pretty safe even without updates. As I understand it, most exploits depend >on user behavior anyway, so under some circumstances XP systems will be safe >regardless of updates. Or am I wrong there? > > > >-- dkm