What Happens If You Connect Windows XP To the Internet In 2024?

Long-time Slashdot reader sandbagger writes: Have you ever wondered if it's true you can instantly get malware? In this video, a person connects an XP instance directly to the internet with no firewall to see just how fast it gets compromised by malware, rootkits, malicious services and new user accounts. The answer — fast!
Malwarebytes eventually finds eight different viruses/Trojan horses -- and a DNS changer. (One IP address leads back to the Russian federation.) Itâ(TM)s fun to watch -- within just a few hours a new Windows user has even added themself. And for good measure, he also opens up Internet Explorer...

âoeWindows XP -- very insecure,â they conclude at the end of the video. âoeVery easy for random software from the internet to get more privileges than you, and it is very hard to solve that.

âoeAlso, just out of curiosity I tried this on Windows 7. And even with all of the same settings, nothing happened. I let it run for 10 hours. So it seems like this may be a problem in historical Windows.â

My senior developer still uses XP at home

[jfdavis668]

Develops with the latest Microsoft tools at work, goes retro at home.

Re:

[ThePhilips]

Still have (and start it occasionally) WinXP in VM. Back in the days, it took 1.5 minutes to start. Today, even in VM, WinXP starts off an SSD in about 10s. Again: from cold start to ready to use desktop in under 10s. Feels like magic.

P.S. My Android phone takes ~2min to start and ~1min before it's actually useable. Linux on HW or in VM - ~15-20 seconds.

Re:

[bn-7bc]

That might be because the flash on said phone (like most of the other pref sensitive hw) is optimized to minimize powerusage vs optemizing for eek performance (esp for an infrequent action like a hot/cold boot/reboot where relatively large quantities of data are accessed in relatively rapid succession). does the phone do some kind of post?

Re: My senior developer still uses XP at home

[guruevi]

Not necessarily optimized, flash in phones is simply slower and lower quality than any decent desktop SSD. Also the fact that core Windows XP is like 300MB (definitely fits on a CD) whereas modern Android is ~4GB.

Re:

[HiThere]

When I went retro with MS software, I went to Windows 95b. No malware collected, because not internet connected.

Re:

[vbdasc]

Windows 95 has TCP/IP though, and a file server too, so you can easily subject it to pwnage if you're not careful.

Re:

[HiThere]

I'm pretty sure that was an add-on. WinSock or some such. I think the on-line connection became standard with Windows98, but that had timing problems with the music software I was using.

Re:

[toddestan]

Windows 95 has built in networking. You'll have to go back to Windows 3.1 for a version of Windows that doesn't include a network stack.

Re:

[chefren]

Yes, TCP/IP support just wasn't in the default installation for Windows 95 so you had to enable it separately. OS/2 Warp was similar, I have a faint memory of having to download the OS/2 packages but you could definitely also get online with that one using just official OS/2 from IBM.

WinXP, compromised, same as Linux from that era.

[drnb]

Develops with the latest Microsoft tools at work, goes retro at home.

Presumably patched as much as WinXP will patch. However that is only little better than a fresh install from a WinXP SP1 CD.

I have an XP box too, for testing purposes. OK, legacy gaming too.. Never would I allow it to be visible to the internet. I've run OpenBSD based firewalls at home and examined the log files. Tons of probing of my home user IP address from Eastern Europe and Russia and China, and a ton more from my "neighbors" on my internet provider's subnet. These probes can lead to an infected system, be it Windows or Linux.

Back in XP days a friend installed Linux off of a CD, not a network based install. When he got a successful install it was late and he went to sleep. When he got up in the morning to configure it he found it already compromised. Apparently the CD was missing key patches. WinXP will be the same. At a minimum it needs to be behind a deny all incoming firewall, allowing only communications that the WinXP box initiates to a very short whitelist of trusted sites for testing. Even that is dangerous depending on what these sites use in their software stack for their website.

Personally I'd use an XP VM zipped and stored for such testing. As needed I'd make a copy, do the testing, delete the VM just used. Start over with another fresh copy of the stored VM next time.

Re:

[unrtst]

Personally I'd use an XP VM zipped and stored for such testing. As needed I'd make a copy, do the testing, delete the VM just used. Start over with another fresh copy of the stored VM next time.

FWIW, there are MUCH better ways to do that. Just one such example using VMWare:
* VMWare -> (vm image) -> Settings -> Hard Disk -> Advanced -> Mode: Independent + Nonpersistent

The "Nonpersistent" option reads, "Changes to this disk are discarded when you power off or restore a snapshot."

Can also do similar via snapshots, COW files, etc.. You don't need to copy the whole VM image every time in any of those cases - just blow away the data created since it started (the Copy On Write file, or rol

Re:

[drnb]

Personally I'd use an XP VM zipped and stored for such testing. As needed I'd make a copy, do the testing, delete the VM just used. Start over with another fresh copy of the stored VM next time.

FWIW, there are MUCH better ways to do that. Just one such example using VMWare: * VMWare -> (vm image) -> Settings -> Hard Disk -> Advanced -> Mode: Independent + Nonpersistent

The "Nonpersistent" option reads, "Changes to this disk are discarded when you power off or restore a snapshot."

Can also do similar via snapshots, COW files, etc.. You don't need to copy the whole VM image every time in any of those cases - just blow away the data created since it started (the Copy On Write file, or roll back to a snapshot, or let VMWare toss out the COW data). If using a non-persistent image, you simply power off; Next boot will be like that last boot never happened.

Awesome. I lean towards deleting since I rarely need the VM again. Waste of SSD space if left hanging around.

Re:

[vbdasc]

Can you ask him what Web browser he uses?

Re:

[jfdavis668]

An old version of Chrome. He's happy as long as he can get to Gmail.

Why without firewall?

[WaffleMonster]

Windows XP has a firewall and it is enabled by default. Why not take Windows XP SP3 with default configuration and see how long it takes to get owned? How is intentionally disabling default security precautions consistent with conclusions related to security of XP?

Re:

[jsonn]

Yes and no. XP's firewall depends on the trust status of a network. The private home network allows enough access to other machines to easily exploit one of the various RPC bugs for example.

Re:Why without firewall?

[beheaderaswp]

Ya ok.

Anyone with a decent IT engineering background is going to change the network status to "Public". And ensure the firewall is up. And disable stock exceptions (if any).

What I do on legacy test systems is disable any incoming connections on all network profiles. That way if the system joins a domain ports do not automatically open.

However, maybe people are dumber than me.

Re:

[WaffleMonster]

Yes and no. XP's firewall depends on the trust status of a network. The private home network allows enough access to other machines to easily exploit one of the various RPC bugs for example.

They used a public IP address.

Re:

[TractorBarry]

The XP firewall, and MS firewalls in general, are totally useless as they let *anything* on the local machine make an outward connection. So if something nasty does get on the box it can immediately phone home to download the real payload.

I've still got XP machines (running old audio software) and, whilst I no longer let them access the 'net, both machines have got an early version of Zone Alarm on them. This not only blocks all incoming connections by default but, crucially, also notifies you the first t

Re:

[jsonn]

The purpose of an endpoint firewall is to protect that system, not protect the rest of the world from it.

Re:

[unrtst]

The purpose of an endpoint firewall is to protect that system, not protect the rest of the world from it.

I'm not a big fan out outbound firewalls, but they do (try to) prevent bad software (ex. virus) from phoning home to pull down updates. That could get on your system via a local exploit (ex. something a friend emailed you, a usb drive, another infected system on your local network, etc..), and then get smarter and grow after it pulls down an update. Granted, I think that belongs on a different layer (network level firewall), if at all, but there is a benefit locally in naive situations or as an added layer.

Re:

[PsychoSlashDot]

Windows XP has a firewall and it is enabled by default. Why not take Windows XP SP3 with default configuration and see how long it takes to get owned? How is intentionally disabling default security precautions consistent with conclusions related to security of XP?

It doesn't look like they disabled the OS firewall. It looks like what they're saying is that the XP instance was given a public IP as opposed to residing behind network perimeter firewall or NAT device. I didn't watch every frame of the video so I could be wrong, but I didn't find the presenter shutting the firewall off. There is also mention that this is NOT Gold release XP, so it's at least SP1.

Re:Why without firewall?

[WaffleMonster]

It doesn't look like they disabled the OS firewall. It looks like what they're saying is that the XP instance was given a public IP as opposed to residing behind network perimeter firewall or NAT device. I didn't watch every frame of the video so I could be wrong, but I didn't find the presenter shutting the firewall off. There is also mention that this is NOT Gold release XP, so it's at least SP1.

I watched the video. They intentionally disabled the firewall and there is cut where they did it.

Re:Why without firewall?

[geekmux]

It doesn't look like they disabled the OS firewall. It looks like what they're saying is that the XP instance was given a public IP as opposed to residing behind network perimeter firewall or NAT device. I didn't watch every frame of the video so I could be wrong, but I didn't find the presenter shutting the firewall off. There is also mention that this is NOT Gold release XP, so it's at least SP1.

I watched the video. They intentionally disabled the firewall and there is cut where they did it.

If that’s the case, then someone should put up every other flavor of *NIX/BSD to do the same test. See how much fun happens in perspective. All fun and games in the OS demo derby until you realize someone took out your seat belts too.

Re:

[MorgothTheMighty]

How is the guy that's wrong and didn't watch the video have a +5 informative?

Re:

[Luckyo]

Default install assumes ethernet is "trusted home network" by default last I checked. That's how it gets fucked by worms instantly. It's outside the scope of the firewall.

If you run telephony modem or similar, firewall will assume "untrusted network" and block worms.

Windows 7 asks for ethernet connection if I remember correctly when you connect the first time, and assumes it's untrusted until you specifically tell it its trusted in the wizard pop-up.

Re:

[tepples]

Why not take Windows XP SP3 with default configuration and see how long it takes to get owned?

Probably because the machine will get owned before it finishes downloading Service Pack 3.

Re:

[drinkypoo]

Who is still installing old versions of Windows, but doesn't know how to slipstream a service pack?

Re:

[tlhIngan]

Because it would be rather boring otherwise. It's like installing an old Linux back in the day with no services running. Nothing interesting is going to happen. (There's a video of like Ubuntu 8.04 being run and put on the Internet - by default nothing interesting happens because there's nothing listening).

The fact is, there's still plenty of crap out there running that's still able to infect XP, despite it not being supported for over a decade now and other Windows versions being patched. Chances are if yo

Re:

[Narcocide]

My guess is the firewall just doesn't initialize early enough in the install process. This is assuming a direct cable connection with no external firewall/router box already in place.

Re:

[Narcocide]

Also, this has been a problem for at least a decade, on the major cable networks.

Re:

[AmiMoJo]

Original flavour XP didn't have the firewall enabled by default. Service Pack 1 enabled it. However, in the video they installed SP3 and disabled the firewall.

They also made sure it had a public IP address, no NAT protection.

Still in use today

[ukoda]

I think you will find XP is still in regular use today. Not for desktop and home users but rather with older factories and businesses, particularly in China, and used in industrial equipment developed in the XP era but still in production today. The main saving grace is such systems are not usually exposed directly to the Internet but live on a LAN behind a firewall.

Re:

[the_rajah]

I have an XP machine here at home and a matching one at the office. Neither are connected to the Internet. They are used to maintain 8085 assembly language that runs on some 2,000 controllers still in use daily. These controllers occasionally need updates to the software and I'm the only one left that knows the software that I wrote starting back in 1985. I could have retired over a decade ago, but the company made me an offer. I also do support via phone for the technicians in the field that maintain these

Re:

[bn-7bc]

Good for you, but from a business perspective I really hope they have a contingency plan in case you are suddenly permanently unable to do the work. Having things depend on one person , with replacements hatd/impossible to find on short notice, is a vey bad idea.

museum

[stooo]

Nice museum.

Re:

[haruchai]

Also some older phone systems that may still be running fine but are too expensive to update.
IIRC there was a line card you could install in a Nortel(??) system that ran Meridian Mail on top of XP.
A bunch of diagnostic equipment for ophthalmology was still running on XP until at least 5-10 years ago so I bet there are still many clinics or hospitals with such systems & if they're on the network, they're a liability

Re:

[sg_oneill]

How faithful is XP's DOS mode?. I know theres a lot of *really* ancient process control , and weirdly enough accounting, software running on DOS that never gets updated because frankly it aint broken. But sometimes the machines die and need to be updated. I remember having to get.... shit it might have been an old dBase DB, long time ago.... running on I *think* it was windows 2000 and we couldnt get it to work and ended up moving across to windows 98 or ME or one of those old DOS based ones to get it work

Re:

[thegarbz]

The main saving grace is such systems are not usually exposed directly to the Internet but live on a LAN behind a firewall.

The other saving grace is they are usually not running a very outdated version of Windows XP. XP got a lot of updates over its time with the majority of easily wormable exploits addressed. Sure it's not secure against everything, but in TFA they did disable the firewall intentionally and not run the most up to date version of Windows XP.

And while windows update itself will no long push updates to Windows XP machines making updating one quite a challenge, you can still find ISOs out there with the most up to

Re:

[angel'o'sphere]

A few days ago I saw a crashed ATM, running Windows _NT_

They replaced that ATM with a complete new one, so no idea what OS that one is running.

Intriguing.

[jd]

Some of those attacks will be relatively modern malware, but not many for the simple reason that not many targets use XP any more. A lot of these exploits, then, will be exploits discovered at the time XP was mainstream.

We know a lot of factories, and even hydroelectric power stations, put old computers directly onto the Internet with minimal or no protection to allow remote monitoring. So the test is representative of what small BRICS companies experience, along with a percentage of infrastructure.

More importantly, though, it'll be reflective of the difference between the toolkits the srate-sponsored hackers actually use and the public awareness by corporations of what said hackers can do.

We must assume that the percentage of obliviousness has not decreased significantly, because if it had, things like Heartbleed would not have been nearly as bad, and an international medical testing corp wouldn't have been hacked three times in the first four months of this year.

(Only morons connect unsecured computers directly to the public Internet, remote sites needing access are perfectly capable of connecting via proxies or through VPNs. Directly connecting everything is lazy.)

We should assume far, far more successful low-key and undetected attacks than detected+reported ones, for this reason.

In turn, this means we really need OS' and applications software to implement far better security than has been the case.

Itâ(TM)s fun to watch âoe XP!

[ihaveamo]

So old Itâ(TM)s like a website that couldn't format âoeExtended Characters! âoe

Re:

[Randseed]

So old Itâ(TM)s like a website that couldn't format âoeExtended Characters! âoe

That would be Slashdot?

Re:

[bn-7bc]

Well to be somewhat forgiving to slashdot (I'm in a somewhat charitable mood today), Unicode is a complex beast and some people are just duchbags, using legitimate nonprinting characters (like writing direction changes) to post non obvious links to unvented sites. yes solutions can be implemented, but who wants the costs, and let's all be honest here as much as we all like slashdot it's not exactly critical.

nothing

[nonicknameavailable]

i have connected my windows xp pc to the internet and still no malware after several days

Re:

[Luckyo]

If you firewall it, it's going to be perfectly fine. The main problem is that there are no good mainline internet facing software options for a lot of basic functions. Last browsers that support XP from chromium and gecko engine families are horribly out of date. Same for email clients, etc.

Re:

[Anonymous Coward]

If there is a will, there is a way: https://github.com/win32ss/sup... [github.com]

Re:

[Luckyo]

https://win32subsystem.live/su... [win32subsystem.live]

Thanks, I'll add this thing to my windows 7 machine. I was thinking of actually having to install 10 on it because Firefox is now pulling support from 7. This will help me run it without having to install windows 10 and then perform rectal surgery on it to remove the anal probe.

Re:

[nonicknameavailable]

i installed Mypal browser and it works and gets updated a few times a year but i use it mostly for old games and listening to internet radio

The last time I accidentally exposed Win7 ...

[mmell]

... in an enterprise cloud hosted by IBM, it took less than a minute for me to lose control. It happened (literally) in front of my eyes in 2015.

IBM had a support engineer on site helping me with the migration I was performing when he saw my "aw, $@!+" moment. He laughed a little (despite his own best efforts not to). He then walked me through setting up the LB/FW and VLAN configuration before installing W7 (I needed to migrate an MS-SQL database to support an otherwise Linux/JAVA product).

Speaking from experience

[thegreatbob]

Back around 2005 or 2006, I connected an XP machine directly to a DSL modem and managed to get wormed within a few hours. These days, I suspect it might take a while just because of how few compatible worms still exist in the wild, but I'd wager it might last a couple weeks before something bad happened to it.

Re:

[thegreatbob]

Also I found this odd at the time, as my family's 98 machine was connected directly to a cable modem for a couple years, got tons of "net send" spam, but never fell to an external attack.

Re: Speaking from experience

[Anamon]

I think it was an XP system, too, that I tried to fix for a neighbour back in the day. It was the peak of one of the then-popular worms spreading (Blaster? Sasser? MyDoom?) and I remember, having brought only a "disinfecting tool" but not the OS patch, struggling to boot the system and download the necessary MS security patch before it was reinfected. The few minutes the download took were longer than it took for the worm to be back on and shut down the system.

Equivalent Mac OS?

[david.emery]

It would be interesting to try the same experiment with Mac OS. That would be some version of Mac OS 9, and the beta version of OS X.

Now we can pinpoint ground zero of the recent outa

[Provocateur]

So when did you run this test of yours; inquiring minds want to know.

I remember

[Randseed]

I remember back in the days when we would raid the computers of all the idiots that went to their dorms and shared their entire file directories. I used to have a lot of porn from that. And music. And I remember one asshole who videoed his girlfriend and left it on his drive. I emailed it to her from information I got from the same drive.

But I remember crapping people off of IRC with Hayes modem commands. I remember sending shit packets and crashing Windows. And I remember what would now be considered rootk

Staged

[Dwedit]

Is this that video where they got caught intentionally downloading viruses and running them?

Well thank goodness

[RitchCraft]

Well thank goodness we don't need to reply on an old operating system any longer to get malware since Windows 11 comes preinstalled with tons of it. Thank you for making things easier Microsoft.

It will be like Star Trek ...

[drnb]

What Happens If You Connect Windows XP To the Internet In 2024?

It will be like 1960s TOS Star Trek. First a synthesized "does not compute" will be emitted by the speaker and then smoke and sparks will erupt.

Soooo

[Slashythenkilly]

Do people not have physical firewalls anymore?

Hehe

[Mr. Dollar Ton]

So, basically, the same thing that happened to it in 2003.

Not that insecure

[vbdasc]

Just stop the "Server" and a couple of other services whose names I don't remember right now (better yet, stop all network services you don't use), and voila, the XP is secure directly facing the Internetz. No firewalls, no NAT, no nothing. The Server, Browser and the Remote Desktop services are the most dangerous ones.

Well now there's a surprise.

[Petersko]

Next you'll tell me somebody has managed to solve a Rubik's Cube in under 30 seconds.

Who cares?

[Qbertino]

EOM

Why wait for the install to complete?

[julian67]

Why wait for the install to complete? I remember installing XP in around 2000, direct to ISP's Motorola Cable Modem, no firewall. The install failed as it was compromised by a worm, sasser or blaster I guess, *during* the install. I had to start again, install offline and install a software firewall from CD before going online.

Even worse...

[Crash Gordon]

I ran a webserver (32-bit Apache/Win) on Windows 98SE for about ten years, until about 2018. Basic security precautions and not much traffic, but still port 80 was wide open to the world. It was fine.

IP address leads back to the Russian federation :o

[Mirnotoriety]

> One IP address leads back to the Russian federation.

It's well known that the FSB is too stupid to redirect traffic through a third part ISP /s