Unsupported Operating Systems
Why does my operating system matter?
Systems using WindowsXP or other unsupported operating systems cannot meet Stanford security requirements and should be eliminated, upgraded or replaced. Check this list to see when support for your Operating System will end.
But why does the operating system itself matter to the security of a computer or network?
A system is "unsupported" when the developer is no longer issuing any software patches or security updates. (For WindowsXP, that happened on April 8, 2014.) From that point on, the operating system is stagnant. It may be working fine until that point, but...
...soon, the computer can no longer meet security requirements. Outdated system software is itself in violation of the security requirements because it cannot support encryption or possibly additional applications needed for security.
As other technology advances beyond the capabilities of the hardware and the operating system, an outdated machine will cease to be able to run other vital software: anti-virus updates, software patches, other applications running on the machine. The hardware itself, as it ages, will become more difficult to use and more costly to repair.
Eventually, an obsolete system becomes vulnerable to attack in a number of ways. Phishing emails are the most common cause of compromise. No recent antivirus updates means that the system is still vulnerable to viruses that may be circulating, but from which newer systems are protected. A lack of recent software patches means that hackers can directly attack the system, by exploiting known and still-existing bugs in the operating system. And even without any network connections, web, or email access, a machine can still be compromised by an embedded virus on any external device such as an external hard drive or USB stick. Perhaps even the hardware itself may be vulnerable to compromise.
Even if it feels like you've been running your system normally, an expired operating system can still result in a compromised system. You may not even notice it's happened.
Consequences of Compromise
Vulnerable to Attack:
If a machine has been compromised, it means an unauthorized person has access to the University's private information and to your own private information as well, and they can steal that information to use for their own purposes. Unpublished research data and other valuable information is at risk. So are your login credentials, for the Stanford networks but also potentially for your bank or other sites which you personally access.
Leaves Others Vulnerable:
If your computer has been compromised, attackers may use that foothold to gain entry to Stanford's wider network, or they may use your computer as part of a botnet, sending spam or perpetrating other attacks. You may not even be aware that it's happening.
What's your best solution?
If your computer can be upgraded from an unsupported operating system, by either upgrading the software or replacing the hardware, that's what you should do! By keeping your computer up to date and compliant with Stanford security guidelines, you are protecting the University, your colleagues, and yourself.
Upgrading the operating system from WindowsXP is free for Stanford-owned computers; for more information, visit the Essential Stanford Software page.
If, however, your system is too difficult to upgrade—if it's running prohibitively expensive specialized research equipment or software—please work with IRT Security to help you place it on the WinSecure Network to compensate for the risk of continuing to use it. That way, you can continue to run your vital system as it is, but with the added protection of a more secure network that can help insulate your system from the outside world as well as from other devices on the Stanford network.