Ohio Section Journal – The Technical Coordinator – February 2020 edition

One of the responsibilities of the Technical Coordinator in the Ohio Section is to submit something for the Section Journal. The Section Journal covers Amateur Radio related things happening in and around the ARRL Ohio Section. It is published by the Section Manager Scott – N8SY and articles are submitted by cabinet members.

Once my article is published in the Journal, I will also make it available on my site with a link to the published edition.

You can receive the Journal and other Ohio Section news by joining the mailing list Scott has setup. You do not need to be a member of the ARRL, Ohio Section, or even a ham to join the mailing list. Please sign up!

If you are an ARRL member and reside in the Ohio Section, update your mailing preferences to receive Ohio Section news in your inbox. Those residing outside the section will need to use the mailing list link above.
Updating your ARRL profile will deliver news from the section where you reside (if the leadership chooses to use this method).
Go to www.arrl.org and logon.
Click Edit your Profile.
You will be taken to the Edit Your Profile page. On the first tab Edit Info, verify your Email address is correct.
Click the Edit Email Subscriptions tab.
Check the News and information from your Division Director and Section Manager box.
Click Save.

Now without further ado…

Read the full edition at:

Jeff Kopcak – TC

DSCF5081 K8JTKHey gang,

Well. Windows 7 reached end-of-life on January 14, 2020. Systems didn’t meltdown. Internet is still running. The world didn’t end. Reaching “end of life” in Information Technology verbiage means the vendor no longer supports the software (or hardware in other cases), won’t provide security updates, and won’t fix bugs or problems. End-of-life (often abbreviated “EOL”) also implies there is a more recent version or iteration that is supported for those things mentioned above. Supported as opposed to the developer throwing in the towel or the company going out of business where there are no updates for other reasons. Windows 7 was my favorite version of Windows – the look and feel was nice, functionally made sense, and it was fast. Reality is that computers running Windows 7 will continue to work as they always have, but start considering alternatives.

No: Windows 7 will not stop working, you don’t need to run out and buy a Windows 10 computer, your files won’t be removed, past Windows 7 updates won’t be pulled from Windows Update, ISPs won’t disconnect you from the Internet for using Windows 7, caches of Windows 7 exploits will not be unleashed.

As with all past Microsoft operating systems, patches and updates will be available on their website and through the Windows Update service for all EOL operating system versions. An install of Windows 2000 can still receive all updates until it went EOL. No updates will be available to implement the latest in encryption enhancements, support newer hardware or protect from newer exploits found in the OS. One thing to note about Windows 7 is there were updates to the Windows Update process during its lifetime. You will run into problems updating a fresh Windows 7 install through the regular Windows Update process.

Your ISP won’t disconnect you for using older versions of Windows. The company you work for will most likely update your machine if it hasn’t been done already. This depends on license and support agreements with Microsoft or reseller. Most companies actively replace equipment to comply with those agreements, replace depreciated assets, and keep equipment current as a way to mitigate exploits that propagate through older operating system configurations.

Yes: you need to stop using Internet Explorer, you can still get the free upgrade from Windows 7 to Windows 10 (for now), you can dismiss the full page Windows 10 update nag screen, you need to patch Windows 7, extended patches from Microsoft are available for a fee, there are third-party alternative patching systems; software, devices, and browsers will continue to work, most programs will still support Windows 7 – at least in the short term.

For the love of all that is holy, stop. using. Internet Explorer. Not only is it riddled with bugs and security flaws, Microsoft keeps flailing round with standards even in Microsoft Edge, which is never a good sign. Chrome is the market leader at over 80% and reports suspected security issues to Google for mitigation or blocking in the browser. However, if you’re not a fan of “the Goog” knowing everything you view on the Internet or heavy-handed implementations in the name of security, alternatives are: Firefox the favorite with Linux users, the privacy focused Brave browser, or Opera if you want to be a one-percenter.

Microsoft offers extended patching (with associated fees) for Windows 7, usually for corporate customers. Consumers can get in on the action but they make it very complicated. Third-party patching is available through companies such as 0patch. The service is free for personal use and non-profit educational use. There are good reviews and many recommendations to use this service. Using these services requires a certain level of trust leaving the responsibility of fixing complex programs to a third-party – because we all know Microsoft has NEVER had problems getting their updates right.

Early Microsoft Windows 10 free update notification aimed at tricking the user into installing software they don’t want, similar tactics are used by spyware authors

The nag screen which recently started (re)appearing for Windows 7 users, reminding them to upgrade, can be dismissed. Click the text that says “Don’t remind me again” – and it actually seems to work as opposed to the weird mind games that were played during the initial push after Windows 10 was launched. Displaying this message raised awareness and reminded users about the impending DOOM of end-of-life. Continuing to offer the free upgrade is an incentive for moving users to a supported OS. Netmarketshare shows Windows 7 utilization is still around 25-30% or about 1-in-3 computers still runs Windows 7.

I was contacted by Jeff – KA8SBI who felt there was a lot of F.U.D. about Windows 7 EOL in the media and he is content using his Windows XP machine. He pointed out “A lot of security flaws have been in the browser.” A small number of browsers still support XP. Anti-malware and anti-virus programs still offer older operating system support as well.

Here’s the argument against running old and outdated crap on the Internet. I am of the school of thought that if you’re connecting any device to a larger network (ie: the Internet), that device (computer, Raspberry Pi, router, switch, server, security camera, TV, printer, DVR, repeater, hotspot, phone, car) must have currently supported operating systems and software. It is each user’s responsibility on the network to be good citizens, follow best practices, and not act as a conduit for spreading malware and exploits. The most effective way to do this is by keeping devices updated and current.

The argument can be made that ‘manufacturers force consumers to buy new devices by not providing any updates.’ Everyone wants their stuff cheap and buying cheap crap leads to these problems. Manufactures barely break-even on most devices let alone leave any extra for updates beyond initial device release. Consumers want to use the device well beyond its serviceable life too. A report released by the Commerce Department outlined things manufactures should do to reduce the number of attacks. It made some good points but was mostly vague [updated link for the report].

Jeff’s point about third-party anti-virus and anti-malware programs that still support XP is a valid one and will help. I stopped and don’t recommend using third-party anti-virus because they were found to downgrade the security of an encrypted session, like ones established during financial transactions, interacting with health care providers, or really almost all Internet communications today.

Remember, though, nothing is ever 100% secure. Secure just means there are no known vulnerabilities – until a researcher or hacker finds one. To Jeff’s point about the flaws being in the browser, the number that exist in the underlying operating system and supporting technologies including OS kernel, .NET framework, Office, database engines, media players, and graphics interpreters are just as important. Microsoft has never completely rebuilt Windows from scratch which is why vulnerabilities often apply across all versions of Windows. It’s the same underlying computer code. Search for stories about important Windows patches. It will often include some verbiage like ‘affects all versions of Windows.’ Some exploits are deemed so bad that Microsoft actually went back and patched some EOL versions, like XP. That does not mean there are no other vulnerabilities because there is no patch. Microsoft is not spending resources on an 18-year-old piece of technology. Non-patched issues still make a system vulnerable and less secure overall.

Ransomware is malware that encrypts files of importance on a system. That is things like downloads, programs, documents, PDFs, spreadsheets, pictures, movies, intellectual property, databases, or public records on local and network attached storage devices. Encryption renders these files unreadable and unusable. The malware then demands a ransom payment to obtain the decryption key and restore files to their usable state. Ransomware is lucrative for the bad guys because no one has effective backups of their data. Various companies, schools, health care, manufacturing, oil and gas, infrastructure, and municipalities have all been infected with ransomware and often pay the ransom. It is an economic trade-off between how much of a payment are the bad guys demanding versus time and effort it would take to restore their systems. Do a search for “ransomware attack” in your favorite search engine and browse the stories to get an idea of the scope and effectiveness of ransomware.

One thing that caused me pause around the details of the ransomware attack on the Georgia Department of Public Safety was a comment about the communication systems being affected. Believe it or not, their old radio system was still functional. This got me thinking about the radio system that covers the state of Ohio or regional systems and how they could easily be taken offline because of this type of attack. I have no knowledge of any instances where these systems were involved in such an attack – this is simply theoretical. As evidenced by the news story, it’s realistic to believe these attacks can take down a state-of-the-art radio communications system. Could be due to a targeted attack, a single computer where someone clicked a malicious link, someone viewed an infected attachment in a dispatch center, or even because of an infected authorized vendor or reseller of radio equipment for the system. Target anyone? It was an HVAC vendor that was compromised which lead to Target’s massive credit card breach. How many public service agencies still have their old/analog communication systems functional to fall back on if something like this took place?

Ransomware infections are utilizing and spreading through the EternalBlue exploit and BlueKeep exploit. EternalBlue, in particular, is present in all versions of Windows (see?) back to Windows 95!! It targets and attacks weak configurations of the SMB (Server Message Block) protocol used for sharing files, printers, and devices between hosts on a network. Microsoft has patched all versions back to Windows XP, even though XP is EOL. Win95, Win98, WinNT, and Win2000 were never patched and won’t be patched. The EternalBlue vulnerability still exists in fully patched systems running those operating systems.

Impending DOOM

I will keep using Windows 7 in the shack and as my Virtual Machine OS when I need a Windows VM. It will get replaced eventually. The reason I replace it will probably come due to loss of functionality, loss of application or hardware support for a particular program or device I want to use. Firefox was noted for supporting older operating systems. However, after 3 years of extended XP support, Firefox dropped support due to low usage and significant development time being devoted to working around issues in the operating system instead of providing enhancements on supported platforms. Sooner-than-later Windows 7 support will be dropped in favor of more recent and supported platforms.

Don’t have to jump ship on Windows 7 now unless there is a specific reason. Maybe a new computer device purchase is imminent, which will include Windows 10. Or if it’s desired to still use the old machine, maybe consider a move to a supported version of Linux!

Windows 7 is dead, long live Windows 7!

2020 ARRL Great Lakes Convention

The Great Lakes Division Convention and Hamfest 2020 sponsored by the Toledo Mobile Radio Association will be here soon. It is a two-day event with ARRL Great Lakes Convention Forums on Saturday, March 14, 2020 followed by the Toledo Hamfest on the 15th. I’ve been asked to give two presentations back-to-back on Saturday. Tentatively, the first on the Raspberry Pi and how it became a popular device with makers followed by NBEMS philosophy. I’m very proud of both presentations. The NBEMS philosophy has been presented as training in the Ohio Section and adopted by other ARES groups in other Sections. Details, locations, times, and tickets are all available on the convention’s website. Hope to see you there!

Thanks for reading and 73… de Jeff – K8JTK