Advice Request Are older computers a security risk ?

[jetman]

I have an old Fujitsu Windows laptop from 2012. It has an Intel i5 from that year and 8GB of RAM. I upgraded the drive to a SSD.

This PC runs the latest version of Windows 10 and is fast enough for browsing and office activities.

My question is whether the PC is a security risk ? The operating system has the latest security patches applied and the applications are up to date. However, does the dated hardware make the system vulnerable to attack ? For instance, on my 2018 laptop I see Windows update downloading Intel drivers etc, but my 2012 laptop doesn't seem to have similar updates. Furthermore, the 2018 laptop often has BIOS updates applied (via the Lenovo updater) whereas the older Fujitsu PC doesn't.

I was thinking the older laptop is prone to the Spectre and Meltdown bugs. Maybe some other things as well.

Any thoughts ?

 

[DDE_Server]

no i think no problem . just Enable secure boot. convert your hard to GPT " if not by default and i think it GPT as it is SDD . pick decent AV or just use windows defender with configure defender + Practice Safe habits
make sure to update BIOS setting to latest frame-ware. be careful and choose the right one from your manufacturer official website before flashing it and you are OK to go

 

[Antus67]

I have a older laptop and as indicated in above thread make sure you have a decent AV and updates which apply, good to go

 

[ForgottenSeer 85179]

You should harden your old Intel CPU against Sidechannel attacks with the Manage_Speculative_Execution_Protection_Settings tool

 

[DDE_Server]

Also update it with any patch available against Meltdown/spectre

 

[Zero Knowledge]

However, does the dated hardware make the system vulnerable to attack ? For instance, on my 2018 laptop I see Windows update downloading Intel

Yes is the short answer. You have to be careful with old hardware because there are no driver/firmware updates to fix known vulnerabilities. Bluetooth is notorious for security issues and older versions before v5 (even v5 has issues) are vulnerable to attacks. Wifi is another attack vector. Bios/firmware another issue. It goes on and on sadly. The only saving grace is that Intel has released microcode updates for cpu's since sandy bridge but how long they will continue doing that for future security bugs is anyone's guess.

 

[roger_m]

Yes is the short answer. You have to be careful with old hardware because there are no driver/firmware updates to fix known vulnerabilities. Bluetooth is notorious for security issues and older versions before v5 (even v5 has issues) are vulnerable to attacks. Wifi is another attack vector. Bios/firmware another issue. It goes on and on sadly. The only saving grace is that Intel has released microcode updates for cpu's since sandy bridge but how long they will continue doing that for future security bugs is anyone's guess.

Some older hardware does continue to get driver updates. Most likely the PC manufacturer will only provide updates for a short period of time, but often the actual hardware manufacturers will continue to provide updates for at least a few years.

 

[Stopspying]

You should harden your old Intel CPU against Sidechannel attacks with the Manage_Speculative_Execution_Protection_Settings tool

Good recommendation.

 

[jetman]

Yes I will try this- thanks for the tips.

I will also check out the tool available at the excellent grc.com which looks for Spectre and Meltdown vulnerabilities.

 

[Zero Knowledge]

Some older hardware does continue to get driver updates. Most likely the PC manufacturer will only provide updates for a short period of time, but often the actual hardware manufacturers will continue to provide updates for at least a few years.

True to a certain extent. Driver updates maybe but firmware/bios updates no. You would be lucky to have 2 year old drivers for most computers/laptops these days. The only way you are getting driver updates is through WU and even then they are out of date.

 

[roger_m]

True to a certain extent. Driver updates maybe but firmware/bios updates no. You would be lucky to have 2 year old drivers for most computers/laptops these days. The only way you are getting driver updates is through WU and even then they are out of date.

That's not entirely true. There are sources other than Windows Update for drivers, such as directly from the driver manufacturer, or indirectly with driver update software. The computer I using right now is 8 years old, but some of the drivers were released recently. The audio driver was released two months ago. The video and Ethernet drivers were both released late last year.

If you just get driver updates from the computer manufacturer, then often they only provide updates for about 6 months or so (but sometimes a bit longer for business computers) and then just concentrate on newer models.

The BIOS in my laptop was released only a few months ago. But it is a business laptop which means it does get better support than consumer model laptops do.

 

[Zero Knowledge]

You are in the minority though. Business laptops are a different beast. Consumer laptops have 6 months maximum of driver support.

The main problem as I see it is the oem's own pre-installed software because it is riddled with bugs. I can only assume this is done on purpose and the excuse it is a mistake/bug is trotted out every time to give them wiggle room to say that no it's not a backdoor it's a genuine mistake. You seriously telling me the people who code the rubbish pre-installed are that dumb and negligent? Your telling me they don't know about secure coding concepts or buffer overflows or remote code vulnerabilities or local privesc vulnerabilities?

 

[ForgottenSeer 85179]

Yes I will try this- thanks for the tips.

I will also check out the tool available at the excellent grc.com which looks for Spectre and Meltdown vulnerabilities.

Remember that the tool isn't up2date. You should use my posted tool which check for all known settings, as it use the Microsoft Powershell script which you can use for testing (testing only) too.

 

[roger_m]

You are in the minority though. Business laptops are a different beast. Consumer laptops have 6 months maximum of driver support.

Not really. They have about 6 months of support from the computer manufacturer, but they usually get continued support from the individual device manufacturers, for at least a few years.

To give some more examples, I just fired up one of my old laptops which is 14 years old and is running the current build of Windows 10. Windows runs quite fast, which is surprising considering it has one of the slowest Core 2 Duo processors released. While some drivers are very old, the audio and Ethernet drivers, were both released this year.

On another 13 year old laptop, which is also running Windows 10.
The touchpad driver was released in 2017.
The Bluetooth driver was released in 2013.
The video driver was released in 2012.

All of these drivers are the OEM ones, rather than generic ones from Microsoft.

As previously mentioned, while Windows Update is not a good source of up to date drivers, you can manually download updated drivers from OEMs, or do it automatically with driver update software.

 

[Zero Knowledge]

I see your point. It's not as bad as I put it, sorry for rambling on.

Can I ask what driver updater and what website you use to update drivers?

I struggle to find updated Realtek audio drivers. Realtek has no driver downloads for sound any more.

 

[roger_m]

I see your point. It's not as bad as I put it, sorry for rambling on.

Can I ask what driver updater and what website you use to update drivers?

I struggle to find updated Realtek audio drivers. Realtek has no driver downloads for sound any more.

I use driver update software rather than websites, unless there is a specific driver that is not found by driver update software. In which case I Google the Hardware Id to find a driver. I generally find that driverscape is a good source of drivers. Just be aware that first download link on any page is actually a link to download driver update software.

After doing a clean install of Windows, I use DriverAssist. It's not free, but it has a very large database of drivers and usually finds more drivers than other driver update software. They no longer provide a link to the trial version on their website, but it is listed at Softpedia and they have a link to download the trial version from the publisher's website. Because of the large amount of drivers, it does a very good job of finding drivers for devices that other driver software miss and finding the proper OEM drivers to replace generic Microsoft ones. As such, I find it very useful to run it after doing a clean install of Windows. I regularly buy and sell computers and as a result I am regularly doing clean installs of Windows. However, It's not a program I generally recommend, as it's not free and you have to buy a monthly subscription.

Driver Booster is very good, except that it now heavily pushes one of their other products Advanced SystemCare and you get popups which show how many issues you can fix if you install it. But aside from that, it has decent sized driver database, does a very good of finding the correct drivers for devices and even the free version offers a lot of functionality.

DriverHub is free and is also pretty good, but you need to pay attention when installing it, to opt out of installing unwanted extras.

DriverEasy is a good choice too. But the free version is very limited, with slow download speeds and manual installation of drivers.

As a result of using driver update software, the Realtek HD Audio driver on my computer, is only two months old.