End of product support for Microsoft Windows XP
Information SINUMERIK PCU 50 – End of product support for Microsoft Windows XP.
The extended product support for Windows XP will end on April 8, 2014 – Microsoft will no longer provide security updates, hotfixes or free support as of this date. To ensure the continued protection of your SINUMERIK PCU with Windows XP against possible viruses, spyware and other malware, we recommend that you use the SINUMERIK PCU 50.5 with Windows 7 and SINUMERIK Operate.
If due to technical reasons Windows XP systems must continue to be used in connection with HMI Advanced or SINUMERIK 840D, the following combination of security measures may be of avail:
- Use of whitelisting
Whitelisting protection mechanisms ensure that only trusted programs and applications are executed on a SINUMERIK PCU. They prevent the execution of impermissible software and changes to installed applications.
Based on the SINUMERIK PCU 50.3 with Windows XP and HMI Advanced, the compatibility of the software McAfee Application Control has been tested.
- Antivirus software
All known antivirus software vendors have announced that they will continue to provide new signatures for Windows XP, however, only for a limited time. This means that during this transitional period, new virus signatures for the detection of malware will continue to be provided. An up-to-date virus scanner with the latest signatures will continue to help minimize the risk of becoming infected with viruses or Trojan horses. The virus scanner may be bypassed completely, however, due to unpatched vulnerabilities in the operating system itself.
- Separate network structures/cell protection
We recommend the use of Windows XP systems in a separate network in order to protect the production network. This structuring can minimize the risk of the computers becoming infected.
- Use of firewalls/proxy server
Access from outside to the SINUMERIK PCU can be restricted/prevented by integrating security modules with a firewall such as the Scalance S6xx from SIMATIC NET. If data must continue to be transferred from the isolated Windows XP network to a higher-level system, this can be implemented via an additional proxy computer with an up-to-date Windows operating system and two separate network cards with firewall.
- Ghost images
In the event of an infection, it is helpful if Ghost images of the configured SINUMERIK PCU are available so that they can be restored.
We expressly point out that these measures represent only part of a professionally worked out and implemented security concept. For the secure operation of Siemens products and solutions, it is necessary to take suitable preventive action (e.g. cell protection concept) and integrate each component into a holistic, state-of-the-art industrial security concept. Third-party products that may be in use should also be considered. For more information about industrial security, visit http://www.siemens.com/industrialsecurity.