Windows 7 End of Life (Jan 14, 2020)
Windows 7 was introduced in July 2009. After more than 10 years, Microsoft will no longer be providing updates to protect it against hackers. This leaves it very vulnerable to attacks from the internet and somewhat vulnerable, to attacks from insertion of infected media, like USB memory sticks.
UBC Information Security Standard #07 says;
“The Device must run a version of its operating system for which security updates continue to be produced and are available. If this is not possible, see the Vulnerability Management standard for compensating controls. If the Device is University-owned, software updates must not be impeded, and no unauthorized changes may be made to the Device.”
The only alternative offered is in Information Security Standard #14 (Vulnerability Management), which says;
“Where the system is at end of life and security-related updates and patches are no longer available from the vendor, then you must either upgrade the system or implement compensating controls approved by the CISO.”
At the very least Windows 7 computers should not be connected to the internet in any way and the connection of external media, like USB memory sticks should be restricted.
Year End Computer Ordering
There is a supply shortage of Intel computer processors, that is expected to persist until Summer 2020. Major computer manufacturers are estimating lead times of up to 10 weeks. If you are planning to purchase computers before the fiscal year end, it is recommended that you place orders early, to avoid delays and charges in the next fiscal year.
Email from Santa Ono
Some of our department members have received an e-mail, purporting to be from Santa Ono, that asks you to open its attachment. It most likely contains a computer viral load. Indicators of it’s potential to be a virus include, e-mail sent from a generic non-UBC address, implied sense of urgency, signature line is not UBC standard and unusual distribution method. Please do not open e-mail like this. If you are concerned that it might be real, send a new e-mail (not a reply) to the apparent sender, to check if they sent it.