Ooops....put XP box on-line!

[pmv]

Powered up an old XP PC (it dual boots in XP and linux, for a handful of things that need one or other of those, including DVD games I never got round to playing before windows 10 updates broke securom! though I _still_ haven't played them even with the xp box, probably will never get round to it!). But I failed to notice it was still connected to the router from when it was last booted in linux- it's not supposed to ever go on-line in XP mode. Oops. Only realised when I went to shut it down after an hour or so and it said it had to install eleventy-zillion windows updates.

How risky is that likely to be? Are there bad guys hanging around ready to immediately jump on any defenseless XP system that pops up on-line?

 

[VirtualLarry]

How risky is that likely to be? Are there bad guys hanging around ready to immediately jump on any defenseless XP system that pops up on-line?

I don't know, in your particular case, but honestly, yeah, they could be.

I remember coming back home from vacation one time, and turning on my XP-based HTPC, and seeing a bunch of Windows Updates, and ignoring that, and then having the fun of command-prompt windows flying up on my screen, while I was browsing, and generally getting completely 0wn3d.

I nuked-and-paved immediately. Lesson learned.

I still get nervous, when I boot Windows 10, and see black squares flash up like Command Prompt windows, it seems that Windows 10 has serious vulnerabilities too? Or Windows apps updates use Command Prompts during their update process? Still gives me the willies. I may be totally compromised already.

 

[VirtualLarry]

Just think, people, Windows 7 PCs won't be safe to go online with after Jan. of next year (2020) either!

 

[UsandThem]

The last time I used XP (probably around 2003), I went to reinstall XP and forgot to unplug my LAN cable.

Upon install, I immediately started getting all sorts of spam popups and other things going on. This was before I even attempted to use the PC.

XP hasn't received any updates for 5 years (outside of the surprising May 2019 update). It's not that there's "bad guys" waiting and looking for XP machines, it's all the scripts, exploits, and malware that's looking for that. So it's tough to say if your PC was compromised, but I too would be very concerned about it if I were in your shoes.

 

[balloonshark]

Shouldn't a NAT router and XP's built in firewall help? That's assuming you have SP2 and no opened ports.

 

[pmv]

The last time I used XP (probably around 2003), I went to reinstall XP and forgot to unplug my LAN cable.

Upon install, I immediately started getting all sorts of spam popups and other things going on. This was before I even attempted to use the PC.

XP hasn't received any updates for 5 years (outside of the surprising May 2019 update). It's not that there's "bad guys" waiting and looking for XP machines, it's all the scripts, exploits, and malware that's looking for that. So it's tough to say if your PC was compromised, but I too would be very concerned about it if I were in your shoes.

Yeah, am definitely nervous about it. The thing is, there wasn't much on it that could have had any phone-home malware on there beforehand, and I didn't fire up a browser or anything, so I would have assumed the only way for something bad to happen would be for somone/thing from out there to have discovered it and actively attacked it from "outside" in that hour. I just don't really know enough to understand how likely that is.

 

[pmv]

Shouldn't a NAT router and XP's built in firewall help? That's assuming you have SP2 and no opened ports.

I would hope so - it's SP3, because I installed updates up to that level on an off-line basis when I set it up years ago. It's never before been on-line. It's like getting out of bed naked and not noticing you haven't closed the curtains or drawn the blinds.

Probably will have to nuke it from space and start again....sigh.

 

[VirtualLarry]

Probably will have to nuke it from space and start again....sigh.

You didn't make a System Image of it, after installing and putting SP3(a) on there, but before deploying it? I wonder if a Macrium Reflect USB stick, made on another PC, would work for that. There's always CloneZilla, which I think is open-source.

Edit: To add, this is a "home" PC, right? Is there a particular actual NEED for XP in this instance? Why not Linux, or Windows 7? (Though, as I noted, Windows 7 is going to be in the same boat, soon enough.)

 

[Red Squirrel]

If it was connected to a router it's fine. It's not like it was literally facing the internet. I would not even put a windows 10 machine facing the internet directly.

Of course make sure upnp is disabled on the router, as a malicious script on a client can actually tell the router to do a port forward. It's a really stupid feature that should have never been created.

 

[ImpulsE69]

I've got an old XP system that I still use regularly for a specific application. I keep it off the internet 99% of the time. Occasionally I put it on the network for simplicity sake (behind a router) and I've never had issues.

 

[pmv]

You didn't make a System Image of it, after installing and putting SP3(a) on there, but before deploying it? I wonder if a Macrium Reflect USB stick, made on another PC, would work for that. There's always CloneZilla, which I think is open-source.

Edit: To add, this is a "home" PC, right? Is there a particular actual NEED for XP in this instance? Why not Linux, or Windows 7? (Though, as I noted, Windows 7 is going to be in the same boat, soon enough.)

I figure as long as it now remains unplugged from the router I probably can just wait-and-see. Really have to make sure it doesn't accidentally go on-line again. But if it does anything weird its getting wiped! If so will try and make an updated xp image at the same time.

(It's basically the PC I had before the currrent one...There are a couple of minor things XP is needed for - usually it is booted in linux)

 

[balloonshark]

If it was connected to a router it's fine. It's not like it was literally facing the internet. I would not even put a windows 10 machine facing the internet directly.

Of course make sure upnp is disabled on the router, as a malicious script on a client can actually tell the router to do a port forward. It's a really stupid feature that should have never been created.

When reinstalling XP one of the first things I did was disable upnp. I seem to remember something else but when I go to check adapter settings in Windows 8.1 IE keeps opening every time I click on a setting <rolls eyes>.

 

[lxskllr]

We still have a couple xp machines at work. No real issues with them aside from being antique software.

 

[mindless1]

Just think, people, Windows 7 PCs won't be safe to go online with after Jan. of next year (2020) either!

I let Win7 install SP1 then disabled updates, maybe did a couple more manually that seemed relevant and that's it. That system has had zero malware or viri after running several years, used often for browsing the internet, never updated the browser past Firefox 54 no less. No concerns about it, behind a router with upnp disabled, and some browser add-ons.

Can I get a link to a website I can't visit on that setup without becoming infected, then let's consider the odds I would end up there if I didn't have that link, out of what, over a couple billion websites out there and malicious ones being shut down before they've been up long, more often than not?

No seriously, any security expert out there I'd love a link PM'd to me, then if the box gets infected (I'll even have no anti-virus or anti-malware running, not even Windows Defender, and be running an admin account and anything else you would like to throw in within reason) to the point where I can't clean it up, I'll just restore a partition backup for it.

I'm not suggesting it's impossible to become infected, but there are many things people do in real life, that are far less secure but they do them anyway. Random example, if someone slaps an Amazon wrapper on a panel van and comes to your front door wearing a uniform and holding a box, will you open the door? Do you go outside at all for any reason? Would we consider you paranoid if you said "no"? That's how I feel about which OS goes online.

 

[Fanatical Meat]

I read something a while ago maybe 3-5 years. Someone put an XP machine on the internet and timed how long until something happened. It had various malware in minutes.
However if it’s a Gaming only box and no other info is on the machine I’d assume it would be minimal risk.
I’m not a security expert so don’t take what I said as good advice.

 

[mindless1]

^ Probably because it wasn't behind a router (or a specially contrived router setup to port forward to a vulnerability), rather plugged directly into a modem with a routable IP address and no firewall (pre-SP2).

 

[Fanatical Meat]

^ Probably because it wasn't behind a router (or a specially contrived router setup to port forward to a vulnerability), rather plugged directly into a modem with a routable IP address and no firewall (pre-SP2).

Maybe I can’t remember exactly what they did but I do remember the machine was completely unprotected.
Again if it’s just a machine to game on, do a clean install and don’t add any of your data to it, don’t use the browser, don’t plug your phone into it and don’t log into anything. Even if it gets 100s of Key loggers or malware it won’t matter.

 

[corkyg]

If it is only a stand alone gaming machine, and it is not connected to the Internet, it should be perfectly safe.

 

[Red Squirrel]

Any windows machine should not be connected straight to the internet anyway. There's no magical code that runs in an OS the minute it's out of support, suddenly opening up a bunch of security holes. Those security holes were there the whole time.

It's best to have a security approach where security holes don't matter because they arn't accessible in first place. I still run a Fedora Core 9 machine from 2008 and have a couple old unpatched windows servers running specialized apps but they arn't facing the internet. Anything I do have facing the internet is on a separate vlan reserved for web facing server stuff. That way if it gets compromised it's limited to that part of the network.