Gopher666 wrote on 2025-08-09, 06:43:

So folks here comes the million dollar question as the source code of XP (and probably this as well) is all over the internet si […]
Show full quote

So folks here comes the million dollar question as the source code of XP (and probably this as well) is all over the internet since years:

The attachment screenshot.jpg is no longer available

Did micro$hit built in a kill switch to this OS? This is not the first time I notice it actually... If you install 2003 these days set the time correctly, let it go out to the internet, after 1-2 reboots the server stops working. First I thought I screwed up something in it but no. You try to login with whatever user it throws you out both RDP or locally even in safemode.

I have some of these installed in Vmwares running since decades (internet disabled) no problem.

I tried to have some KVM installs that goes into black background activate this crap over the phone blahblah, this acts differently with just crippling the system but the end result is pretty much the same.

I wonder if anybody seen this and is there a tool to remove it.

I don't want to let this crap out to the Internet anyway but best is to have a good workaround for it.

Have a look at this.
https://www.youtube.com/watch?v=1vsjbxN4zP4

..
Windows XP and its variants shouldn't be exposed to the internet anymore.
Neither should Windows 98SE. At least not unsupervised, without special measures. I've mentioned this for years, in various forums.
Unfortunately, I've earned criticism, no one really listened and played the dangers down. 😟

Edit: Here in Germany, many years ago, when XP was going EOL, there had been heated forum discussions about liability (our forums, not on Vogons).
Some voices demanded that users who're keeping XP online against all odds should be made personally liable for the damage that infected XP PCs would cause (bot nets etc).
The equivalent to tar and feather people, in short. ;)

But really, despite me being an XP friend, I realized these voices were right.
In the early XP days, before XP got SP2, the malware Sasser, Sober and Conficker/Downadup were a real threat.
If it wasn't for the software firewall, XP would have been an easy prey all the time.
Windows Vista was much tougher here, also because it protected the super user account.

Jo22 wrote on 2025-08-09, 07:32:

Edit: Here in Germany, many years ago, when XP was going EOL, there had been heated forum discussions about liability (our forums, not on Vogons).
Some voices demanded that users who're keeping XP online against all odds should be made personally liable for the damage that infected XP PCs would cause (bot nets etc).
The equivalent to tar and feather people, in short. 😉

So users should be liable for the negligence and/or malice of developers? This is indeed a fascinating scenario. Essentially, non experts would not be able to use the internet at all, without endemnity. It'd be like rewinding to pre- eternal september days. Of course this won't happen.

Directly exposing? Yes, but that was not safe for decades. Behind NAT and Firewall? Depends.

bakemono wrote on 2025-08-09, 08:55:

Jo22 wrote on 2025-08-09, 07:32:

Edit: Here in Germany, many years ago, when XP was going EOL, there had been heated forum discussions about liability (our forums, not on Vogons).
Some voices demanded that users who're keeping XP online against all odds should be made personally liable for the damage that infected XP PCs would cause (bot nets etc).
The equivalent to tar and feather people, in short. 😉

So users should be liable for the negligence and/or malice of developers? This is indeed a fascinating scenario. Essentially, non experts would not be able to use the internet at all, without endemnity. It'd be like rewinding to pre- eternal september days. Of course this won't happen.

The point of view of the critics in these discussions was that XP machines and their users were a threat to society.
Keeping these malware magnets running, on the internet, was seen as plain unresponsible and selfish.
Like driving a car without brakes and seatbelts.
Or something along these lines, speaking under correction here.

This was early 2010s, so my memory is a bit vague about the exact wording in the forums and comment sections on various sites.
Being online with XP at the time, it made feel guilty at the time and I was annoyed by this point of view.

In retrospect, though, I agree with the criticism, though.
XP used to be great in comparison to 98 when new, but quickly took its place.
Also in terms of popularity and vulnerability.

XP also has big market share in Russia, China and third-world countries in general.
So its no wonder that criminals are used to using XP.
Over the long period of time it was the leading Windows OS,
it has a large device driver library and runs on PCs that are assembled from cheap spareparts.

One of the biggest issues nowadays is that the default user account is the "administrator" and that unsigned drivers can easily being installed.
It makes hacking the OS so easy compared to other OSes.

Anyway, I've always like XP - still do.
But if I do surpress all my feelings and try to be entirely logical and reasonable, the XP and its variants aren’t any safe at all.
The world (internet) of 2025 simply is an extremely dangerous place, like a battlefield (IMHO).
Even Linux on the desktop is something to be questioned, eventually, maybe, considering its market share and the news about recent Linux malware.
AI will make these dangers even more serious.

Edit:

Directly exposing? Yes, but that was not safe for decades. Behind NAT and Firewall? Depends.

Hi! DSL or cable routers were the norm by 2010s here, it was long after dial-up.
We didn't really have cable modems without router functionality, these AVM Fritzbox devices did set sort of a standard over here.
In the US or so, plain cable/DSL modems were more common than here I assume.

Directly exposing?

- As in not letting XP directly touch the internet via TCP/IP, but use tunneling
- VM software that take exlusively control over ethernet port of XP host (making it unavailable to applications)
- using a dedicated hardware firewall (a commercial firewall or another PC, a Raspberry Pi etc)

IMHO, it's best to physically disconnect any Windows 98/XP machine from internet when leaving the room.
Just unplug the ethernet cable or remove the USB WiFi dongle.
It's a bit tedious to do each time, but it's safer and a matter of being responsible to others.

Edit: Please don't anyone get me wrong, it's likely okay to setup a vintage PC for gaming/hobby use.
I don’t mean to spoil anyone's fun here.

You'll likely notice if something very unusual happens.
The game might stutter when there's lot of background activity, the connection icon will flash when you're doing nothing and so on.

What I meant is leaving the PC being unattended for a longer time, connected to the internet. Without any supervision.

Because anything can happen when the PC OS runs with super user rights (as common on Windows).
User software (esprcially malware) could re-enable all network connections via Win32 API. On Vista+, the UAC would ask for permission, by contrast.

That's why I mentioned unplugging the cable, rather than disabling network connection via mouse click.
Just like some do physically "disable" their webcams using a shutter, tape or something similar. They have good reasons.

By the way: It's possible to spy on you through your wired pair of headphones.
Many soundcards can have their input/output jacks being re-mapped via included software.
So if software switches the mic and speaker jack, then the headphones' loudspeakers act as microphones.
No kidding. In general, you can use speakers similar to dynamic microphones.
Impedance and amplification are different, though, so it's not ideal.
(Another detail: Microphones are usually electret type, which speakers are not. However, soundcards do have microphone pre-amps which can compensate for weak input.)

darry wrote on 2025-08-09, 06:52:

Have a look at this.
https://www.youtube.com/watch?v=1vsjbxN4zP4

I was annoyed at this video. First thing he does is disable the firewall, why?
Even before XP/2003 and it's inbuilt firewall people were installing programs like zone alarm.
and once people were upgrading to broadband, typically the router had its firewall on by default.

Business that would be running a server, almost always had a hardware firewall (Typically a Cisco Pix of some sort)

The video also doesn't represent typical setup in 2025 either. Most of us are behind NAT and firewalled connection.
I'm not saying 2003 is a secure OS, but it's not as venerable as the video makes out!

Gopher666 wrote on 2025-08-09, 06:43:

Did micro$hit built in a kill switch to this OS? This is not the first time I notice it actually... If you install 2003 these days set the time correctly, let it go out to the internet, after 1-2 reboots the server stops working.

I haven't installed 2003 in the past 2 years but did install XP just a few months ago without issue.
Mine is connected to the home LAN, so has internet. I just don't actively go out and browse the web.
I use Volume Licence editions of Windows, so XP/03 this means no activation. Maybe that's the issue?
I also disable Auto updates (although they have been broken for years) and don't bother with applying other then service packs.

I wonder how Windows 2003 behaves if freshly installed and configured for IPv6 (with no NAT), with and without its firewall enabled.

I strongly dislike that video! It's simply stupid to go online with no firewall! I have a router and a firewall.
I still use XP connected to my home network but not connected to the internet - I set up 3 PC's with the latest updates using legacy update and afterwards internet connection was permanently disabled and nothing horrible happened! The thing is those 3 PC's received connection from my main computer and were not directly connected to the router.

Last week I connected 20 XP machines (professional, SP3, fully updated before m$ killed updates) to the internet, while I updated the remaining supported software to the latest version. Nothing went wrong, nothing was attacked.

I'm guessing that SP2 is probably susceptible to something bad that is still circulating around. I'd suggest to reinstall from scratch, stay off the net if possible, while you apply SP3 followed by the hundreds of updates that came after. Also, update the certificates.

nd22 wrote on 2025-08-11, 07:01:

I strongly dislike that video!

Understandable, I think.

What the video does right, though, is showing the ugly truth without any sugarcoating.

There apparently is some malware left that still infects older operating systems, which I assume many don't want to be bothered with.

It's much nicer to think that our beloved retro systems are safe and that there's nothing to care about.

Edit: With updates such as KernelEx or One Core API, older Windows releases have ~Vista level application compatibility.
Great for running newer software including web browsers, but not so great when it makes more recent malware run, too.

Edit: To be fair, these extensions can be restricted to individual applications (via compatibility tab).
However, if the web browser is the one run via kernel extensions, then a child processes may also be run that way, as well.

nd22 wrote on 2025-08-11, 07:01:

It's simply stupid to go online with no firewall! I have a router and a firewall.

I have nothing much to add here. :)

Though not all firewalls are same, some are just port filters, some have more sophisticated filter rules.

Back in the 2000s, I had bad luck with Kerio Personal Firewall. It simple didn't protect Windows 98SE the way I had assumed.
On each dial-up via modem, the Windows got infected (Avira Antivir Guard rung an alarm).

Edit:

darry wrote on 2025-08-11, 00:33:

I wonder how Windows 2003 behaves if freshly installed and configured for IPv6 (with no NAT), with and without its firewall enabled.

Good point, I think.

IPv6 in older OSes is being fully configurable via command line only.
The IPv6 firewall in Windows XP comes to mind.
But without a properly configured IPv6, there's a risk of creating a so-called "shadow network".

Long story short, that's a separate, "invisible" network in parallel to an existing one that's being maintained.
So if IPv4 is being configured in a restrictive way, packets may travel via IPv6 instead. If it's enabled and not configured.

Jo22 wrote on 2025-08-09, 07:32:

.. Windows XP and its variants shouldn't be exposed to the internet anymore. Neither should Windows 98SE. At least not unsupervi […]
Show full quote

..
Windows XP and its variants shouldn't be exposed to the internet anymore.
Neither should Windows 98SE. At least not unsupervised, without special measures. I've mentioned this for years, in various forums.
Unfortunately, I've earned criticism, no one really listened and played the dangers down. 😟

Edit: Here in Germany, many years ago, when XP was going EOL, there had been heated forum discussions about liability (our forums, not on Vogons).
Some voices demanded that users who're keeping XP online against all odds should be made personally liable for the damage that infected XP PCs would cause (bot nets etc).
The equivalent to tar and feather people, in short. 😉

But really, despite me being an XP friend, I realized these voices were right.
In the early XP days, before XP got SP2, the malware Sasser, Sober and Conficker/Downadup were a real threat.
If it wasn't for the software firewall, XP would have been an easy prey all the time.
Windows Vista was much tougher here, also because it protected the super user account.

Hello,

This has nothing to do with the topic of the thread and I bet you a million dollar that if you just leave an XP or 2k3 idle behind a NAT router none of them will get owned. On public IP well thats another thing.

The discussion here is the weird behaviour of 2K3 getting crapped after letting it out to the internet.

Whoever wrote that the domains this used are long dead is wrong, they are not. It can just connect here via SSL and get whatever commands or updates it want from MS.

Anyways I just opened this thread out of curiosity, if nobody knows I will just always blackhole the router for these machines and they are usable.

1nslookup www.download.windowsupdate.com 8.8.8.8
2Server:		8.8.8.8
3Address:	8.8.8.8#53
4
5Non-authoritative answer:
6www.download.windowsupdate.com	canonical name = www.download.windowsupdate.com.delivery.microsoft.com.
7www.download.windowsupdate.com.delivery.microsoft.com	canonical name = wu-f-net.trafficmanager.net.
8wu-f-net.trafficmanager.net	canonical name = edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com.
9Name:	edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com
10Address: 77.224.14.18
11Name:	edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com
12Address: 77.224.14.20
13Name:	edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com
14Address: 77.224.14.21
15Name:	edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com
16Address: 77.224.14.19
17Name:	edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com
18Address: 77.224.14.3
19Name:	edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com
20Address: 77.224.14.2
21Name:	edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com
22Address: 77.224.14.5
23Name:	edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com
24Address: 77.224.14.4

Gopher666 wrote on 2025-08-11, 15:15:

Jo22 wrote on 2025-08-09, 07:32:

.. Windows XP and its variants shouldn't be exposed to the internet anymore. Neither should Windows 98SE. At least not unsupervi […]
Show full quote

..
Windows XP and its variants shouldn't be exposed to the internet anymore.
Neither should Windows 98SE. At least not unsupervised, without special measures. I've mentioned this for years, in various forums.
Unfortunately, I've earned criticism, no one really listened and played the dangers down. 😟

Edit: Here in Germany, many years ago, when XP was going EOL, there had been heated forum discussions about liability (our forums, not on Vogons).
Some voices demanded that users who're keeping XP online against all odds should be made personally liable for the damage that infected XP PCs would cause (bot nets etc).
The equivalent to tar and feather people, in short. 😉

But really, despite me being an XP friend, I realized these voices were right.
In the early XP days, before XP got SP2, the malware Sasser, Sober and Conficker/Downadup were a real threat.
If it wasn't for the software firewall, XP would have been an easy prey all the time.
Windows Vista was much tougher here, also because it protected the super user account.

Hello,

This has nothing to do with the topic of the thread and I bet you a million dollar that if you just leave an XP or 2k3 idle behind a NAT router none of them will get owned. On public IP well thats another thing.

It hasn't much, probably, I do admit. And yes, NAT and port filters are relevant probably.
I wrote this to answer a question, though. I thought that was okay.
Edit: Also, I can only talk from experience of where I lived unfortunately.

The really interesting thing is, however, that there in 2025 there still is malware out there for Windows NT 5..
I find this most worrying. It would also affect Windows 2000, thus.
Which in turn was the last OS for PC-98 platform, for example.

From this point of view, Windows 98SE might be even safer nowadays.
Despite it not having an integrated software firewall, at all. Which feels strange and is confusing, I think.
It doesn't even have an user login on the desktop.

Unfortunately, there are only a few "Windows 98 unprotected on the internet" related videos on Youtube.
I think this might be an interesting topic, but better being discussed in another thread.

Gopher666 wrote on 2025-08-11, 15:15:

The discussion here is the weird behaviour of 2K3 getting crapped after letting it out to the internet.

I see, makes sense. To my defense, Windows Server 2003 is Windows NT 5.2, though, the direct sister to Windows NT 5.1 (aka XP).
Windows XP x64 was based on Windows NT 5.2, as well.
So at least to me, they're related if not same architecture.

Edit: I forgot to mention. This was just me thinking out loud.
Everyone feel free to simply ignore my posts and go on with original topic. Sorry for being a bit off-topic.

What the video does right, though, is showing the ugly truth without any sugarcoating.

"Play stupid games, win stupid prizes."

The Serpent Rider wrote on 2025-08-11, 17:44:

What the video does right, though, is showing the ugly truth without any sugarcoating.

"Play stupid games, win stupid prizes."

Likely. It's interesting how much is going on, though.
Even Windows 98 is being port-scanned, but being ignored somehow.
Unfortunately, the experiments on YT didn't last very long. The result of a 24 hour test would be interesting.
Anyhow. I just think it's important to keep the risks somewhere in mind.
Underneath the surface, a lot must be going on that we don't see. That's why things like Cloudfare came to be.
But I'll promise to keep quiet now. ^^