LabVIEW
Silverlight Security Risk
@santo_13 wrote:
If we talk of obsolete and unsupported software, I know many semiconductor giants who still use 50+ year old iron ATE testers that have old CRT monitors (not even grayscale, monitor displays in green), I think they run some sort of DOS or UNIX.
I think you would be hard pressured to find anyone who still can maintain them, not to speak about hacking them! 😁 Besides, back then a network card cost a real fortune (and so did computers) and it is highly unlikely that such a system would/could be connected to a network that can somehow be connected to the Internet even if one really wanted to. Most likely if it has any connection to another system it is by electrical wires and/or maybe an RS-232 connection, or more likely a TTY current loop serial interface.
As to the original issue, if that IT departement really wants to make its policy true, they would have to forbid Windows altogether, and every other OS too. There are everywhere old dogs buried that nobody has looked at anymore in many many years. Not because they are super safe, but simply because nobody uses them anymore. Are they vulnerable? Quite likely! Are they a big risk? Really depends if you are paranoid or not.
A few examples?
- DDE (yes it's still in every Windows computer, and has a security model that simply doesn't exist)
- (D)COM (still used in everything ActiveX, and even partly in .Net, but most of its complex security configuration was and is so obscure that nobody deals with it anymore, which very well can mean that its configuration easily opens doors of the size of an airplane hangar without anyone noticing, except hackers of course)
And Linux isn't really better or any other computer for that matter.
I'd recommend uninstalling Silverlight on a test machine and seeing what breaks. I recently did an install on a lab machine of some test software with DAQmx drivers and NI-MAX and it didn't automatically install Silverlight, which means it at least thinks it can do SOME things without it.
I had to install Silverlight to connect to and configure a network cDAQ chassis, but if you're not using those then you might wind up OK. I don't know if the regular DAQmx stuff uses Silverlight but it's worth a shot, especially if negotiating with your IT is a giant nightmare.
