Careful with that XP, Eugene (and W2K).

[satrow]

Seems like someone put an XP VM online without firewall/antivirus to see how long it would keep clean: Eric Parker on YouTube.

No, I've not watched it, allergic to bad memories.

[Pentium4User]

Keep it only with a public IPv4 without a firewall and running services on XP would be funny.

[Moonchild]

Less than 10 minutes to have multiple trojans, infostealers and an ftp server running on it. Amazing how fast they find vulnerable IPs XD

[suzyne]

Here's a direct link to the video by Eric Parker.

https://www.youtube.com/watch?v=6uSVVCmOH5w

[RealityRipple]

Sometimes, I am so glad my ISP's network is set up so incoming connections are impossible, even if it prevents me from hosting anything (with the exception of things like Tor, which of course, uses outgoing connections to establish fake incoming connections).

[Moonchild]

Off-topic:

with the exception of things like Tor, which of course, uses outgoing connections to establish fake incoming connections

Any (real!) VPN would be able to serve this too.

[moonbat]

Someone show this to the New Moon idiots that keep showing up for support here

[Potkeny]

Someone show this to the New Moon idiots that keep showing up for support here

To be fair to them, in this video all the AV/Firewalls were disabled and all ports were opened to the internet, which is usually not done even on XP, so the situation is not this bad for the average user.

[Moonchild]

To be fair to them, in this video all the AV/Firewalls were disabled

Firewall not being enabled was the default for earlier releases of XP IIRC (it was enabled by default only after SP2 if memory serves); it's quite possible that if you start off with an RTM that's an actual risk, something can sneak in before you install the service packs, so it's an actually accurate situation.

[Potkeny]

it's quite possible that if you start off with an RTM that's an actual risk, something can sneak in before you install the service packs, so it's an actually accurate situation.

I believe in the video they used SP3?

Not sure how much being behind a normal router helps nowadays, usually they have some built-in firewall, so the situation should be a little better. Not saying people should use XP, just that the video feels more like a "worst case" (or at least, bad) scenario, and made for entertainment, which it achieves, it is fun.

[Moonchild]

Not sure how much being behind a normal router helps nowadays

Network Address translation (NAT) is a natural barrier for inbound traffic. If you are on a LAN behind a router, your system by default is simply not reachable from the internet.

[nicolaasjan]

Relevant Reddit thread.
Most of them aren't impressed either by that clickbait.

[Moonchild]

I wouldn't call it clickbait - it's a pretty sobering lesson about the constant malicious pressure the Internet forms. As stated above it's quite amazing how fast a non-advertised vulnerable IP is found and exploited. Also keep in mind that some software installers instruct you to temporarily disable AV/internet security (which would include inbound protections) because they don't work well otherwise; within minutes of doing that you can already be compromised. So even if the OOBE would have it enabled, there's still a risk.

[nicolaasjan]

I wouldn't call it clickbait - it's a pretty sobering lesson about the constant malicious pressure the Internet forms. As stated above it's quite amazing how fast a non-advertised vulnerable IP is found and exploited. Also keep in mind that some software installers instruct you to temporarily disable AV/internet security (which would include inbound protections) because they don't work well otherwise; within minutes of doing that you can already be compromised. So even if the OOBE would have it enabled, there's still a risk.

You've got a point there.

I do have a Windows XP install in a VM for certain tasks, in which I'm very careful with what I install.
After a lot of years using it I've yet to see an infection.
Malwarebytes only found the crippled Microsoft MRT tool in the registry, but I did that myself.

Code: Select all

PUM.Optional.DisableMRT, HKLM\SOFTWARE\POLICIES\MICROSOFT\MRT|DONTREPORTINFECTIONINFORMATION

In case something bad should happen, it's easy to restore from a backup.

[Eduardolucas1]

Someone show this to the New Moon idiots that keep showing up for support here

My ride into UNIX (illumos in case, and from months to now the distribution from Peter Tribble) and my love for it which then make me rethink all my operating system convictions i learned in my long conceptual/theoretical computer science background made me quickly lose my intimate interest for old windows. It simply does not make sense. If you want an OS which runs modern applications and command-line tools while keeping the same service/thread footprint and lower overhead of them and of a leanier/performance tuned kernel of the mid to late 90s, you can do it by underground linux distributions which try to remove the heavy modern linux kernel cruyft from it, or whatever. Risking yourself with holes on your system which are the kind of which do not exist since the 2000s is stupid. I have made my case that i was not stupid but playing blackjack with my safety, i knew deeply inside me about the risks, even feared them, but ignored them, as i was just trying to gamble a big risk for certain features and characteristics inside a specific OS build, times where i even talked about it triumphantly here (and should have listened from the sane advice from much older and experienced people i`m glad to have talked to)

I even messed and met very nasty sec people which could have hacked and doxxed me for personal disputes if i had kept this purism.

[moonbat]

If one still needs XP or other discontinued OSes for whatever reason, best to use it in a VM so that you can wipe and reinstall without trouble. Not if one insists on running vintage hardware though - then there's low resource Linux distributions like Puppy that will run well.

[Basilisk-Dev]

Someone show this to the New Moon idiots that keep showing up for support here

Off-topic:
The fact that roytam still calls the executable "palemoon.exe" for New Moon, and still calls the Serpent executables "basilisk.exe" legitimately pisses me off. He could easily change this if he wanted to, but he's demonstrated he doesn't care. I'd even submit a PR to his project doing it for him if he wanted, but he has no interest. I've directly mentioned to him that he should change it to not confuse our users or his users and he declined.

[moonbat]

Off-topic:
The fact that roytam still calls the executable "palemoon.exe" for New Moon, and still calls the Serpent executables "basilisk.exe" legitimately pisses me off. He could easily change this if he wanted to, but he's demonstrated he doesn't care. I'd even submit a PR to his project doing it for him if he wanted, but he has no interest. I've directly mentioned to him that he should change it to not confuse our users or his users and he declined.

Off-topic:
It suits him to offload the burden of support here, by people being misled into thinking we are associated with his builds in any way

[UCyborg]

You could get by with XP (with some limitations) in modern age if you really wanted to with usual precautions. I personally haven't used an anti-virus product or the like in over a decade, regardless of whether I was on XP, 7, 10 or anything in between. Maybe my web habits are boring, but I've always had the impression most exploits are too difficult to pull off successfully in practice. And yeah, nobody connects XP directly to the net these days without NAT at least. It's also not that hard to use non-privileged user account for normal tasks, but no one cared about that back in the day, at least that was my impression. That said, messing up the system could be more difficult without admin privileges, but there's indeed enough other bad things to pull off without admin rights.

I personally never understood the appeal of Windows XP. I just don't find it to be anything special. And I grew up with Win95 and XP.

That said, Microsoft's direction is really backwards these days, while they do make technical advancements under the hood, the user facing part is needlessly crippled. XP was probably the last OS I used as-is, later were always loaded with 3rd party augmentations. Though I couldn't use XP these days without Actual Window Manager at least either, it's just too primitive without it.

[jobbautista9]

Btw while NAT is pretty much a given nowadays with broadband internet connections, this is not so with dial-up where I heard you're directly connected to the internet. And apparently there are some people still on dial-up to this day, at least in rural USA...