At a previous job, we had to deal with scientific equipment (oscilloscopes, at the like) running on Windows XP (in the lat 2010’s). On the positive side, we were able to kick them off the network entirely. On the downside, nearly every single one of them was infected with Conficker and we’d get alerts when the operators used USB drives to move data between the equipment and the production network. By the time I left, we’d gotten a few of the devices reloaded with a factory image and then turned off autorun, but I’m sure the problem is still widespread. And, of course, upgrading beyond Windows XP wasn’t possible and applying OS hardening to the devices was a pipe dream. There should be a special place in Hell for the management of companies which create these sorts of devices. They are happy to charge vast amounts of money, but do fuck all to ensure the security of them.
In 2010? Last year I left a place that was running them on XP, and they “had to be connected” for “printing” reasons. I raised the flags, they did what they wanted. Whatever.
The thing I enjoy about these sort of devices is when it inspires the manufacturer to actually optimize their software so it will run on the weakest, cheapest hardware. It doesn’t always happen, but sometimes I’m amazed on what people can do with things like < $1 microcontrollers.
Because it’s cheap enough to put a whole thin client PC inside the box instead of building custom hardware, so of course it can run
DoomSteam.At a previous job, we had to deal with scientific equipment (oscilloscopes, at the like) running on Windows XP (in the lat 2010’s). On the positive side, we were able to kick them off the network entirely. On the downside, nearly every single one of them was infected with Conficker and we’d get alerts when the operators used USB drives to move data between the equipment and the production network. By the time I left, we’d gotten a few of the devices reloaded with a factory image and then turned off autorun, but I’m sure the problem is still widespread. And, of course, upgrading beyond Windows XP wasn’t possible and applying OS hardening to the devices was a pipe dream. There should be a special place in Hell for the management of companies which create these sorts of devices. They are happy to charge vast amounts of money, but do fuck all to ensure the security of them.
In 2010? Last year I left a place that was running them on XP, and they “had to be connected” for “printing” reasons. I raised the flags, they did what they wanted. Whatever.
The thing I enjoy about these sort of devices is when it inspires the manufacturer to actually optimize their software so it will run on the weakest, cheapest hardware. It doesn’t always happen, but sometimes I’m amazed on what people can do with things like < $1 microcontrollers.