• gwindli@lemy.lol
    link
    fedilink
    arrow-up
    25
    arrow-down
    3
    ·
    6 months ago

    I’m sorry, but disabling the firewall makes this a wasted exercise. ANY computer connected directly to the internet without a firewall will get infected. Even PCs with modern, up to date OSes.

    • 0x0OP
      link
      fedilink
      arrow-up
      13
      arrow-down
      1
      ·
      6 months ago

      Granted, Eric turned off the firewall on Windows XP before he started the experiment, but we have a sneaking suspicion that a security suite that hasn’t been updated for at least a decade doesn’t have much chance against modern tactics.

      But yeah, would’ve been more interesting with the fw running.

      • bitfucker
        link
        fedilink
        arrow-up
        4
        arrow-down
        1
        ·
        6 months ago

        Correct me if I am wrong, isn’t a simple firewall that blocks incoming and outgoing connection is basically impenetrable? Because when something tries to connect, then the connection is dropped immediately unless on a certain port. If even the connection attempt were ignored, how would an exploit achieve some form of connection? Unless we are talking about application level firewall or deep packet inspection

      • refalo
        link
        fedilink
        arrow-up
        3
        arrow-down
        1
        ·
        6 months ago

        What “modern tactics” actually work on XP?

    • efstajas@lemmy.world
      link
      fedilink
      arrow-up
      6
      ·
      6 months ago

      I know next to nothing about networking security, but doesn’t the Windows firewall basically block unsolicited incoming traffic? So I guess the way a modern OS without a firewall could get infected through some malicious traffic against some open port. But wouldn’t there still have to be a serious security vulnerability with something that listens on some port for it to get infected with something? And, assuming the local network is clean, wouldn’t you also need to open / forward ports on your router so that they’re actually accessible at all from the Internet?

      • gwindli@lemy.lol
        link
        fedilink
        arrow-up
        4
        ·
        6 months ago

        in this example, its like disabling the firewall and plugging directly into the modem with no router. in that case, there’s no local network and no router firewall in place. wrt ports needing exploits, that’s correct. the thing about that is that there are definitely exploits being used in the wild that we dont know about. Microsoft’s May security update fixed 3 critical vulnerabilities that were being actively exploited. sophisticated attackers use exploit chains, where one vulnerability gets a foothold then others are deployed in a way that circumvents most common security measures inside the affected OS to gain admin rights. so in short, the scenario you describe is not as implausible as you think it might be.

  • 0x0OP
    link
    fedilink
    arrow-up
    7
    ·
    6 months ago

    I wonder how many internet-facing SCADA systems run on XP…

  • InvaderDJ@lemmy.world
    link
    fedilink
    English
    arrow-up
    5
    ·
    6 months ago

    I remember reading years ago that an unpatched WinXP machine on the Internet would catch something in 10 minutes without having to browse.

    Is there anything different here that is a change from that rule of thumb?

    • Dkarma@lemmy.world
      link
      fedilink
      arrow-up
      3
      ·
      6 months ago

      At the very least you want a router between the comp and the Internet to obfuscate port scanners and such.