this post was submitted on 16 May 2024
22 points (89.3% liked)

Tech

447 readers
1 users here now

A community for high quality news and discussion around technological advancements and changes

Things that fit:

Things that don't fit

Community Wiki

founded 8 months ago
MODERATORS
top 9 comments
sorted by: hot top controversial new old
[–] [email protected] 22 points 5 months ago (2 children)

I'm sorry, but disabling the firewall makes this a wasted exercise. ANY computer connected directly to the internet without a firewall will get infected. Even PCs with modern, up to date OSes.

[–] 0x0 12 points 5 months ago (2 children)

Granted, Eric turned off the firewall on Windows XP before he started the experiment, but we have a sneaking suspicion that a security suite that hasn't been updated for at least a decade doesn't have much chance against modern tactics.

But yeah, would've been more interesting with the fw running.

[–] bitfucker 3 points 5 months ago

Correct me if I am wrong, isn't a simple firewall that blocks incoming and outgoing connection is basically impenetrable? Because when something tries to connect, then the connection is dropped immediately unless on a certain port. If even the connection attempt were ignored, how would an exploit achieve some form of connection? Unless we are talking about application level firewall or deep packet inspection

[–] refalo 2 points 5 months ago

What "modern tactics" actually work on XP?

[–] [email protected] 6 points 5 months ago (1 children)

I know next to nothing about networking security, but doesn't the Windows firewall basically block unsolicited incoming traffic? So I guess the way a modern OS without a firewall could get infected through some malicious traffic against some open port. But wouldn't there still have to be a serious security vulnerability with something that listens on some port for it to get infected with something? And, assuming the local network is clean, wouldn't you also need to open / forward ports on your router so that they're actually accessible at all from the Internet?

[–] [email protected] 4 points 5 months ago

in this example, its like disabling the firewall and plugging directly into the modem with no router. in that case, there's no local network and no router firewall in place. wrt ports needing exploits, that's correct. the thing about that is that there are definitely exploits being used in the wild that we dont know about. Microsoft's May security update fixed 3 critical vulnerabilities that were being actively exploited. sophisticated attackers use exploit chains, where one vulnerability gets a foothold then others are deployed in a way that circumvents most common security measures inside the affected OS to gain admin rights. so in short, the scenario you describe is not as implausible as you think it might be.

[–] 0x0 7 points 5 months ago

I wonder how many internet-facing SCADA systems run on XP...

[–] [email protected] 5 points 5 months ago (1 children)

I remember reading years ago that an unpatched WinXP machine on the Internet would catch something in 10 minutes without having to browse.

Is there anything different here that is a change from that rule of thumb?

[–] [email protected] 3 points 5 months ago

At the very least you want a router between the comp and the Internet to obfuscate port scanners and such.