Old Windows and modern malware

Getting old software/games running on older hardware.

Old Windows and modern malware

Postby WildW » 2017-5-20 @ 09:59

Does anyone know if a system running an older version of Windows, specifically 95 or 98, would be susceptable to recent malware like Wannacrypt that we've been hearing so much about lately? I have a 98SE system that I've just rebuilt, and in the past I've used network shares to move files around as it's a little more convenient that USB drives (no front USB on this machine :P). For now I've not installed my network drivers, but I would like to.

I imagine the networking might have the same vulnerabilities, but then there's the question of whether the virus could even run once it got in. I don't have much to lose beyond my Crimson Skies saves, but still, enquiring minds need to know / reassurance.
User avatar
WildW
Member
 
Posts: 103
Joined: 2017-1-24 @ 08:57

Re: Old Windows and modern malware

Postby Sammy » 2017-5-20 @ 19:18

In my DSL Router i have set that every new MAC adress is blocked for the Internet, but can access Local Network (Lan IP 192.168.178.x)

When i install a new system, in virtualbox or on a real machine, then i can access Local FTP and Printers, but no internet. (this is for Win9x machines)

When i want internet (if i try a new Linux Distro in a VM, for example) i put this PC in the DSL Router on the Whitelist.
Sammy
Oldbie
 
Posts: 529
Joined: 2014-5-01 @ 20:34

Re: Old Windows and modern malware

Postby Ampera » 2017-5-20 @ 23:13

A LAN connection is fine for older machines, but there is still malware out there that targets older machines, and while the same can be said for newer machines, older machines are a lot easier to hurt (Especially DOS based windows versions) and don't have really any defense against a virus.
User avatar
Ampera
Oldbie
 
Posts: 901
Joined: 2016-11-16 @ 22:31

Re: Old Windows and modern malware

Postby clueless1 » 2017-5-21 @ 00:07

The only practical way malware can get into your network from the internet is:
a) you let it in by clicking a link
b) you're not running behind a router

Routers (even without firewall abilities) use network address translation to drop unsolicited inbound traffic. That's why so many PCs were infected in the days before Windows XP SP2 (when Microsoft enabled the software firewall), because people still occasionally connected their single PC straight to the modem. No router+no software firewall=pwned.

When you click a link in an email or visit a malicious site, you are initiating the connection, and routers do route traffic back to your machine if you initiate. :)

So, just being on the LAN is not necessarily dangerous. If you're getting email or browsing the web on your Win9x, then you're in a riskier position.

You could still get infected if another machine on your LAN somehow allows a worm in that is network-aware. The machine that brought it in might have defenses to block infection, but it still could find other LAN devices that aren't protected and jump there.

@Sammy, you could accomplish the same thing by going into the system you don't want to have internet access, assign it a static IP on your LAN, and simply delete the gateway:
nogateway.png
nogateway.png (11.13 KiB) Viewed 785 times

If the machine does not have a gateway defined, it can't get to the outside world.
User avatar
clueless1
l33t
 
Posts: 3902
Joined: 2015-12-22 @ 17:43
Location: Midwest US

Re: Old Windows and modern malware

Postby Errius » 2017-5-21 @ 00:41

Oh this brings back memories. I think Windows 2000 had a built-in instant messaging system that was taken out with XP? I remember within minutes of connecting a new W2K installation to the internet I'd begin getting weird messages pop-up on the screen.
"I damn near killed an idiot who insisted on commenting in Klingon, but only on bits of inline assembler embedded in C ..."
User avatar
Errius
Oldbie
 
Posts: 1363
Joined: 2015-12-16 @ 19:16
Location: Lave Station

Re: Old Windows and modern malware

Postby WildW » 2017-5-21 @ 11:22

I appreciate that getting a virus is fairly difficult in the first place, but with the recent ones exploting network shares I know there is an attack vector. From the times I've had to reinstall the kids' computers I know they download and install any old thing without thinking about it. Even my partner will sometimes go weeks without rebooting rather than let Windows install updates.
User avatar
WildW
Member
 
Posts: 103
Joined: 2017-1-24 @ 08:57

Re: Old Windows and modern malware

Postby dr_st » 2017-5-21 @ 11:59

Errius wrote:Oh this brings back memories. I think Windows 2000 had a built-in instant messaging system that was taken out with XP? I remember within minutes of connecting a new W2K installation to the internet I'd begin getting weird messages pop-up on the screen.
We used to have fun with that in the computer room, after figuring out how to send messages to network peers. Especially by sending scary messages to unsuspecting victims.
User avatar
dr_st
Oldbie
 
Posts: 1905
Joined: 2015-4-09 @ 07:18

Re: Old Windows and modern malware

Postby Jorpho » 2017-5-21 @ 19:10

WildW wrote:I appreciate that getting a virus is fairly difficult in the first place, but with the recent ones exploting network shares I know there is an attack vector.
I understand that XP was actually invulnerable to the recent ones unless a specific update (released long after XP support officially ended) was installed. Windows 9x would thus be immune to those particular attacks. In fact, 95/98/ME used a very different network protocol than later versions of Windows, though it's not obvious from its apparent functionality.
User avatar
Jorpho
l33t++
 
Posts: 7043
Joined: 2003-2-14 @ 19:50
Location: Canada

Re: Old Windows and modern malware

Postby chinny22 » 2017-5-22 @ 21:00

WildW wrote:Does anyone know if a system running an older version of Windows, specifically 95 or 98, would be susceptable to recent malware like Wannacrypt that we've been hearing so much about lately? I have a 98SE system that I've just rebuilt, and in the past I've used network shares to move files around as it's a little more convenient that USB drives (no front USB on this machine :P). For now I've not installed my network drivers, but I would like to.

I imagine the networking might have the same vulnerabilities, but then there's the question of whether the virus could even run once it got in. I don't have much to lose beyond my Crimson Skies saves, but still, enquiring minds need to know / reassurance.


You could put your retro PC's on one subnet (say 10.0.0.1) and your internet connection on another (say 192.168.1.1)
any recent OS can support 2 IP address, and could talk to either network.
So yes that PC could potentially infect your retro network, but only that 1 as it is the only link between the 2 networks and should also be less vulnerable as well with better security, updates, and all that stuff that wasn't a concern for our retro systems.

Personally I don't do anything, I don't apply any updates to reto PC's just slows them down, and while they can get out on the internet I never do. Trying to surf the web with IE5 or whatever is horrible IMHO. But also don't have family members infecting other computers on the network either, hadn't thought of that future hurdle
User avatar
chinny22
l33t
 
Posts: 2366
Joined: 2011-8-26 @ 12:02
Location: Australian but living in the UK for now

Re: Old Windows and modern malware

Postby 95DosBox » 2017-5-23 @ 18:54

WildW wrote:I appreciate that getting a virus is fairly difficult in the first place, but with the recent ones exploting network shares I know there is an attack vector. From the times I've had to reinstall the kids' computers I know they download and install any old thing without thinking about it. Even my partner will sometimes go weeks without rebooting rather than let Windows install updates.


I suggest you clone image your Windows partition. It should be fairly small about 300MB? For programs I'd install them to another partition so that it keeps your Windows partition small and compact.

If you get infected it just takes a few seconds to restore the image back. Beats reinstalling everything from scratch. My 1 cent. :)
User avatar
95DosBox
Member
 
Posts: 343
Joined: 2017-5-23 @ 09:34

Re: Old Windows and modern malware

Postby WildW » 2017-5-23 @ 21:15

95DosBox wrote:I suggest you clone image your Windows partition. It should be fairly small about 300MB? For programs I'd install them to another partition so that it keeps your Windows partition small and compact.

If you get infected it just takes a few seconds to restore the image back. Beats reinstalling everything from scratch. My 1 cent. :)


Have done this actually. I'm dual booting to XP so I have Macrium Reflect running there, 400MB for the Windows 98 image.
User avatar
WildW
Member
 
Posts: 103
Joined: 2017-1-24 @ 08:57

Re: Old Windows and modern malware

Postby 95DosBox » 2017-5-25 @ 02:45

Does this program run as a DOS program at all? I noticed some restrictions in the free version that you can't restore an image onto a different computer you created it on?
User avatar
95DosBox
Member
 
Posts: 343
Joined: 2017-5-23 @ 09:34

Re: Old Windows and modern malware

Postby agent_x007 » 2017-5-29 @ 05:13

Can Wannacrypt virus encrypt DOS/Windows 98 from Win98/DOS ?
Because I don't see how a program that complex could work on Win 10/7/XP and Win98/DOS, at the same time.
Image
User avatar
agent_x007
Oldbie
 
Posts: 1141
Joined: 2016-1-19 @ 11:06

Re: Old Windows and modern malware

Postby dr_st » 2017-5-29 @ 07:15

Win98 - theoretically, yes, since a lot of the Win32 APIs are available, but I bet the kits they use would not work out of the box. With enough determination you could probably get it to run on Win98, but the gain would not be worth the effort.

DOS - obviously not. It's not even remotely the same OS. It is more likely to get it to run on Linux (but you would have to find different exploits to get it there in the first place, since the ones from Windows would not be relevant.
User avatar
dr_st
Oldbie
 
Posts: 1905
Joined: 2015-4-09 @ 07:18

Re: Old Windows and modern malware

Postby spiroyster » 2017-5-29 @ 07:43

dr_st wrote:Win98 - theoretically, yes, since a lot of the Win32 APIs are available, but I bet the kits they use would not work out of the box. With enough determination you could probably get it to run on Win98, but the gain would not be worth the effort.

Win95/98 are safe from the payload it appears. Due to the fact it uses cmd.exe (not present in 98/95 iirc) to facilitate its intention.
https://blogs.technet.microsoft.com/mmp ... e-systems/
User avatar
spiroyster
Oldbie
 
Posts: 516
Joined: 2015-10-12 @ 12:26

Re: Old Windows and modern malware

Postby agent_x007 » 2017-5-29 @ 10:00

@up Indeed - DOS/Win 95/98/ME, all use Command.com and NOT cmd.exe.
Source : https://www.computerhope.com/cmd.htm
So, Wannacrypt can't be run on them because there isn't available console to execute scripts it uses.
KernelEX may change that (I think)...
Either way, good to know :)

After some read :
SMBv1 hack probably won't work on Win 95/98 either, since SMB inside Win 98 uses different kind of security model ("share level" used by Windows for Workgroups) vs. Win NT and newer OS'es (with "user level" model).
Basicly - share level model in SMB can't block access to single files, only directories/folders (for example).
It uses a password only authentication (ie. if you know the password, you can access the share).
You also don't need to have special privileges to access a share (or be logged in as Admin).
Lastly : SMB protocol is disabled by default on Win 95/98.
Image
User avatar
agent_x007
Oldbie
 
Posts: 1141
Joined: 2016-1-19 @ 11:06

Re: Old Windows and modern malware

Postby 95DosBox » 2017-5-29 @ 19:36

agent_x007 wrote:Can Wannacrypt virus encrypt DOS/Windows 98 from Win98/DOS ?
Because I don't see how a program that complex could work on Win 10/7/XP and Win98/DOS, at the same time.

I don't think the Wannacrypt virus programmer had the foresight to include infecting DOS systems since they probably make up such a miniscule amount of actual users it would have gone unnoticed. They would probably just use a Stone Virus variation and secretly look for Command.Com and infect your boot partition. But it's so simple to reformat the boot partition and restore it there would be nothing gained for wasting their time doing it and assuming all DOS users probably either are retro users or simply people with such outdated systems they don't have the income to upgrade. Plus that system would have to be part of a MultiOs setup or else there would be no way that Wannacrypt virus could infect the DOS directly without an internet connection to a Windows based OS first. Too many things must happen and then they would have to write special code to encrypt the DOS files and how can you even see the ransom ware pop up window? I guess they could do an ASCII window version but then how could they enforce the time limit since there is no internet connection. You'd just change your date and time and get more time to avoid the time bomb until you could decrypt it.
User avatar
95DosBox
Member
 
Posts: 343
Joined: 2017-5-23 @ 09:34


Return to Software

Who is online

Users browsing this forum: No registered users and 2 guests