LabVIEW

cancel
Showing results for 
Search instead for 
Did you mean: 

Silverlight Security Risk

We are close to up to date with Labview 2020 SP1.   Silverlight support ends next month(Oct 2021) and we can not run unsupported software.  It is a security risk.   I need to remove it NOW.   What is going to break?  I read that MAX will and that is not good.  What are my options?  We have a full SSP and will go that route is no quick answers here.

Thanks

Message 1 of 15
(300 Views)

Hi Bob,

 


@bobausttex wrote:

What are my options?  We have a full SSP


Talk to the Tech support!

Best regards,
GerdW


using LV2016/2019/2020 on Win8.1/10+cRIO
0 Kudos
Message 2 of 15
(282 Views)

I was poking around because of your post and it seems pretty murky.  I think NI owes us a sticky at the top of this forum explaining exactly what will happen.

Bill
CLD
(Mid-Level minion.)
My support system ensures that I don't look totally incompetent.
Proud to say that I've progressed beyond knowing just enough to be dangerous. I now know enough to know that I have no clue about anything at all.
Humble author of the CLAD Nugget.
Message 3 of 15
(281 Views)

@bobausttex wrote:

We are close to up to date with Labview 2020 SP1.   Silverlight support ends next month(Oct 2021) and we can not run unsupported software.  It is a security risk.   I need to remove it NOW.   What is going to break?  I read that MAX will and that is not good.  What are my options?  We have a full SSP and will go that route is no quick answers here.

Thanks


I think it's time for you to have a long talk with your IT department or whomever set this arbitrary rule.

 

In my company we have a lot of "corporate security policies" that we have to follow on our desktop workstations. For instance I can create an executable in LabVIEW but I CAN NOT run that executable on my desktop workstation. When they tried to force that on our lab computers we protested because that would mean we would be unable to do our jobs. 

 

In the end we worked out an agreement with corporate IT. We now have two classes of computers "workstations" that are connected to the corporate network and must adhere to all corporate security policies. We also have "lab computers" that are NOT allowed to ever connect to the corporate network. The Engineering department is responsible for all maintenance, troubleshooting, and etc. "Someone will hang" if any of them get infected with a virus or malware. We have a physically separate network that has it's own internet connection in the lab. But these lab computers are NOT connected to that network unless we need to download something. 

========================
=== Engineer Ambiguously ===
========================
0 Kudos
Message 4 of 15
(273 Views)

Our rules are set by a higher power.  One that does not negotiate the rules.

0 Kudos
Message 5 of 15
(267 Views)

@bobausttex wrote:

Our rules are set by a higher power.  One that does not negotiate the rules.


Then you can't do your job, end of story.

 

That should be enough to start negotiations. 

========================
=== Engineer Ambiguously ===
========================
Message 6 of 15
(265 Views)

@RTSLVU wrote:

@bobausttex wrote:

We are close to up to date with Labview 2020 SP1.   Silverlight support ends next month(Oct 2021) and we can not run unsupported software.  It is a security risk.   I need to remove it NOW.   What is going to break?  I read that MAX will and that is not good.  What are my options?  We have a full SSP and will go that route is no quick answers here.

Thanks


I think it's time for you to have a long talk with your IT department or whomever set this arbitrary rule.

 

In my company we have a lot of "corporate security policies" that we have to follow on our desktop workstations. For instance I can create an executable in LabVIEW but I CAN NOT run that executable on my desktop workstation. When they tried to force that on our lab computers we protested because that would mean we would be unable to do our jobs. 

 

In the end we worked out an agreement with corporate IT. We now have two classes of computers "workstations" that are connected to the corporate network and must adhere to all corporate security policies. We also have "lab computers" that are NOT allowed to ever connect to the corporate network. The Engineering department is responsible for all maintenance, troubleshooting, and etc. "Someone will hang" if any of them get infected with a virus or malware. We have a physically separate network that has it's own internet connection in the lab. But these lab computers are NOT connected to that network unless we need to download something. 


I don't think it's arbitrary.  Think about why Windows 7 is now a security risk.  Because it's (mostly) unsupported, it doesn't get most of the critical security updates.  The same thing goes for any unsupported software.  What if someone hacks Silverlight?  No support equals no security patch.

Bill
CLD
(Mid-Level minion.)
My support system ensures that I don't look totally incompetent.
Proud to say that I've progressed beyond knowing just enough to be dangerous. I now know enough to know that I have no clue about anything at all.
Humble author of the CLAD Nugget.
Message 7 of 15
(264 Views)

@billko wrote:


I don't think it's arbitrary.  Think about why Windows 7 is now a security risk.  Because it's (mostly) unsupported, it doesn't get most of the critical security updates.  The same thing goes for any unsupported software.  What if someone hacks Silverlight?  No support equals no security patch.


I have computers in our lab that still run Windows XP.

 

We DO NOT connect them to the internet.

 

Pretty simple and secure.

========================
=== Engineer Ambiguously ===
========================
0 Kudos
Message 8 of 15
(261 Views)

@RTSLVU wrote:

@bobausttex wrote:

Our rules are set by a higher power.  One that does not negotiate the rules.


Then you can't do your job, end of story.

 

That should be enough to start negotiations. 


Where I work, if we can make a case for it, requests of this nature are usually granted on a case-by-case basis.

Bill
CLD
(Mid-Level minion.)
My support system ensures that I don't look totally incompetent.
Proud to say that I've progressed beyond knowing just enough to be dangerous. I now know enough to know that I have no clue about anything at all.
Humble author of the CLAD Nugget.
0 Kudos
Message 9 of 15
(260 Views)

If we talk of obsolete and unsupported software, I know many semiconductor giants who still use 50+ year old iron ATE testers that have old CRT monitors (not even grayscale, monitor displays in green), I think they run some sort of DOS or UNIX.

 

I think NI may or may not have a fix for the Silverlight obsolescence but in the meantime, if the lab computers that you mention are of high importance for the company's operations than the security threat, they obviously have to provide an exception of some kind.

-Santhosh
Semiconductor Validation & Production Test
Soliton Technologies
NI CLD, CTD
LabVIEW + TestStand + TestStand Semiconductor Module (2013 - 2020)
NI STS for Mixed signal and RF
0 Kudos
Message 10 of 15
(161 Views)