kolmio wrote on 2023-11-04, 09:50:

Back in the last days of Windows XP, in 2008, I tried to use Windows 2000 on older computer.
It was conquered by network worms the same minute I connected it to the Internet via provider LAN cable, without a router, and became unusable.

Connecting directly to the internet from the ISP's LAN cable is s-o-o-o-o 2008. Maybe even 2005. Or 2000.

Almost no one does it nowadays. However if you do, the old unpatched operating systems (2000, XP pre-SP1) are still vulnerable. It is probably also true that the number of such worms in the wild is far lower now as well. Malware developers, like most users, have moved on to more modern platforms.

I am not that worried about modern threats, they target software that vintage machines are not running... but some of those could affect XP/Vista/7 machines so caution advised. However I am also not willing to assume that all previous threats, vintage threats, are dead and gone. I think there might be reservoirs of infection in the poorer half of the world that might still be daily driving a 98 machine or two. Then there are "frozen" threats, preserved in ice, modern browsers shrug them off, do not reawaken them. But point your 9x box at old and unmaintained tripod sites, the zombie reanimations of geocities sites, and even maybe old pages from the waybackmachine and you might come across something that is delighted to see your old browser and OS, or is buried in a .zip of drivers or games hosted thereon.

File archives such as SIMTEL should have been maintained well in the day and threats identified and removed, thus clean mirrors hosted on modern hardware should be clean... but you get one that's been bouncing around the net a bit, and hosted on vintage stuff "because it's cool" and it might have picked up some nasties. Likewise I would be very careful about old BBS software dumps.

Anyway, I don't think you can handwave away the risks and they are small, but some caution will stop ancient evils being reanimated and becoming more widespread.

DoZator wrote on 2023-11-04, 14:39:

But over time, you will realize that the danger is exaggerated, and the source of these myths is most likely the sales departments of new products (Completely leaky products, it is worth noting).

I call it the Security Treadmill - once they get you on the upgrade cycle, you fear stepping off. Better to direct all ads to loopback in your hosts file and disable the bloated scourge that is JavaScript.

Regards Windows 9x systems, I'm far more concerned CIH or something similar is lurking on an old floppy disk. I know for a fact there's at least one virus on one of my old personal disks as Norton Antivirus on our fresh out of the box Aptiva in 1998 threw up a terrifying fullscreen warning when I inserted one.

I bought a used hardware firewall for going online with old Win 9x machines, and so far have given up trying to make it work. It's like sure, I can program some stuff... I can surely handle this... Hard Nope. Wasted 2 Saturdays on it. It ain't your Comcast firewall. I'm hoping one day I come across a network guy I could bribe with a case of beer.

hard_fault wrote on 2023-11-04, 23:34:

I bought a used hardware firewall for going online with old Win 9x machines, and so far have given up trying to make it work. It's like sure, I can program some stuff... I can surely handle this... Hard Nope. Wasted 2 Saturdays on it. It ain't your Comcast firewall. I'm hoping one day I come across a network guy I could bribe with a case of beer.

A basic NAT capable home gateway router,with UPNP set to disabled for good measure, is likely good enough if you are not explicitly forwarding inbound traffic to any ports on the Windows 9x machine.

kolmio wrote on 2023-11-04, 09:50:

I'll probably spread some FUD here. […]
Show full quote

I'll probably spread some FUD here.

Back in the last days of Windows XP, in 2008, I tried to use Windows 2000 on older computer.
It was conquered by network worms the same minute I connected it to the Internet via provider LAN cable, without a router, and became unusable.

So I installed some lightweight Linux distrubution and never tried connecting Windows 2000 to the Internet again.

You connected a Windows computer to the open internet with no router? What exactly did you expect?

keenmaster486 wrote on 2023-11-06, 19:50:

kolmio wrote on 2023-11-04, 09:50:

I'll probably spread some FUD here. […]
Show full quote

I'll probably spread some FUD here.

Back in the last days of Windows XP, in 2008, I tried to use Windows 2000 on older computer.
It was conquered by network worms the same minute I connected it to the Internet via provider LAN cable, without a router, and became unusable.

So I installed some lightweight Linux distrubution and never tried connecting Windows 2000 to the Internet again.

You connected a Windows computer to the open internet with no router? What exactly did you expect?

Exactly, what did he expect?

I am in a local network with a router, which has its own firewall, and a load balancer since have two internet providers (because work can't stop); all my old virtual machines run unprotected, no antiviruses, no firewalls. I am yet to see a dangerous virus in them...

Last time I had a such issue with viruses or trojans or ransomware was in 2009 iirc, when I was held victim of a ransomware in Windows 7. Back then the local network wasn't even firewalled.

I had no backup and I always prefer to start fresh from zero, so I simply formatted and cleaned the disk before reinstalling everything. Meh... if anything Windows 7 even ran a bit faster afterwards for a while...

Basic online hygiene goes a long way as far as matters such as these go. When you actually get into the devices and do some actual configuration such as only enabling what is necessary and turn off/remove some things it becomes very difficult or even impossible for any external force to achieve anything. More often than not it is the meat machine between seat and monitor that causes all the trouble but this is not the fault of the OS involved, except one that runs in the skull of that meat machine 🤣

I use various internet-enabled versions of windows from WFW3.11 through to Win10, and none of them has ever caught anything. IPv4 only, each with a dedicated address, all behind a modern router/modem thingy. Each is only turned on when needed, which usually isn't that often.

The antivirus I use can work on anything from W2K to Win7 and still receives daily automated updates. However it's only installed on Win7 now because it's too much of a burden on the older machines.

Network-enabled OS's in my collection: WFW 3.11, Win95B, Win98, Win98SE, NT 4.0, W2K SP4, XP SP3, Vista Business, Win7, Win10. Probably around 70 physical hard drives in total.

as an experiment has anyone let an old pc 'lose' online and captured/catalogued the viruses and worms etc that are still out there in the wild? Just to see which ones, if its many in total, how the number might compare to the past and of interest - where they are still coming from

When I had ADSL back in the days of copper (before cable), the modem/router thing logged the IP addresses of all inbound random connections - and there were heaps of them. Perhaps some current modems might offer the same facility.

The other thing you could try is installing wireshark or some other sniffer to see what's being sent. I used wireshark and discovered so many attempts to try to RDP to my computers, so therefore all external access was blocked off. Not only RDP, but remote help and other such things.

When my main computer was W2K, I installed Sygate firewall - it's quite nice with reports and graphs available, and quite strict too. No idea if it's still available, could be worthwhile looking.

There's some good points in this thread, and despite its age, I do mostly agree with the OP. Now that these operating systems aren't in daily use the risks are not the same. Sure, if you don't use antivirus and you're installing any old random tat from the Internet, you can still easily hose a system. But it's a bit different when it's not your daily driver, doesn't have any sensitive/valuable data on it, and you've probably already got a disk image of it (right?!).

I have my retro PCs on a separate VLAN. The clients on that VLAN can only access other systems on the same VLAN (for gaming and sharing files between retro PCs), the firewall, a Pi Hole instance for DNS, and an internal FTP server so I can transfer files between retro PCs and the rest of the network/modern systems. That's as much mitigation as I think is necessary. I also have DriveImage disk images of each system on DVDs along with all the drivers and notes for each one so if I have to rebuild due to a problem it's not too much stress. I've made use of services like Windows Update Restored and done a bit of web browsing WfW 3.11, something I never did in period. Even joined some Unreal Tournament online games using the original game running under Win98. Just be sensible about what you get up to.

Back in the day everyone used to connect directly to the Internet without much thought. I remember for a long time doing that with dial-up and briefly with a cable connection, before building a Smoothwall box (firewall/router). It was the norm for a PC to have a public IP address. There were some desktop firewall/security applications just coming about in the early 2000s such as ZoneAlarm that I remember using for a bit of protection. It was a very different time, not least because households usually didn't have multiple systems to share an Internet connection with, so home routers - and the inherent protection that they add - were just not a thing.

Shadzilla wrote on 2023-11-10, 16:27:

But it's a bit different when it's not your daily driver, doesn't have any sensitive/valuable data on it, and you've probably already got a disk image of it (right?!).

This is exactly my point regarding these old systems. As long as you have a backup, its not an issue or anything to worry about. They're not our daily drivers.

Anyone daily driving an old system these days is, in my opinion, and it is just an opinion before anyone shoots at me, being stupid.

Banking activities is not even a feasible and secure thing with them, for example, no matter how much we talk about "old systems are no longer a target for any threat". It is down to our own judgement and good sense.

The most valuable type of exploit is one that doesn’t require the user to click on, run, or download anything. These type of exploits are very common in older software and there are completely automated tools that rapidly scan ip addresses looking for known vulnerabilities. These tools automatically scan for huge numbers of known vulnerabilities, not just recent ones. Old oses are included because many companies and governments still use them.

A lot of people have this weird ego about it like they’re too smart to ever be infected by a virus but that’s not how modern viruses work. They don’t require you to click on or download anything, or even to visit an infected site. Many vulnerabilities exist at the OS level or in libraries that handle any traffic coming in from the outside, so you don’t even have to be running any software other than your os and you can still be infected just sitting there.

It’s a billion dollar business involving the resources of entire nations these days. It can take as little as 5-10 minutes for a vulnerable machine to be automatically found.

Having said all that, does it matter if your retro computer gets infected? Probably not, but you may still end up participating in a bot net and eating resources slowing down your retro computer. Best advice is still to keep your retro computer offline.

midicollector wrote on 2023-11-10, 21:02:

Old oses are included because many companies and governments still use them.

Old as XP - sure. Old as Win9x - no. No company and no government uses those anymore. Still, they may be included in the auto-scans, because why not.

midicollector wrote on 2023-11-10, 21:02:

Many vulnerabilities exist at the OS level or in libraries that handle any traffic coming in from the outside, so you don’t even have to be running any software other than your os and you can still be infected just sitting there.

And yet are easily defeated by a stupid NAT router that simply blocks incoming traffic in the absence of explicit rules.

midicollector wrote on 2023-11-10, 21:02:

Having said all that, does it matter if your retro computer gets infected?

It does matter, if it is in the same LAN as the rest of your machines, and has access to them or their data. I am sharing the drives of most my computers on the LAN, but have taken precautions to makes these shares read-only, so that in the disastrous event of a cryptovirus infecting one PC, it won't be able to easily destroy the data on every networked PC that happens to be on.

midicollector wrote on 2023-11-10, 21:02:

you may still end up participating in a bot net and eating resources slowing down your retro computer.

This I find harder and harder to believe. That there are vulnerabilities affecting Win9x that may still be scanned for - sure. But the amount of useable software still runnable on those old OSes is dwindling every day.

midicollector wrote on 2023-11-10, 21:02:

Best advice is still to keep your retro computer offline.

I think a good balance may be keeping it off the WAN via a rule in your router. Browsing the modern web on an old PC running Win9x is an experience in pain anyways. This way one can get the warm feeling of security, while still being able to access and shared local resources within the LAN.

People are still spellbound by the security theater long after the inevitable result has come to pass. You handed a browser monopoly to an advertising company and most of your gear is remote controlled by corporations. Superstition is alive and well.

bakemono wrote on 2023-11-11, 11:23:

People are still spellbound by the security theater long after the inevitable result has come to pass. You handed a browser monopoly to an advertising company and most of your gear is remote controlled by corporations. Superstition is alive and well.

Real

midicollector wrote on 2023-11-10, 21:02:

Many vulnerabilities exist at the OS level or in libraries that handle any traffic coming in from the outside, so you don’t even have to be running any software other than your os and you can still be infected just sitting there.

Hackers HATE him. With this one weird trick he repels all of their automated attacks.

(using a router)

bakemono wrote on 2023-11-11, 11:23:

People are still spellbound by the security theater long after the inevitable result has come to pass. You handed a browser monopoly to an advertising company and most of your gear is remote controlled by corporations. Superstition is alive and well.

Btw, that reminds me of a comic series about web browsers, "Internet Explorer".
https://www.youtube.com/watch?v=Qy8tJ6r5DXc