Dangerous nostalgia: Taking Windows XP online will result in auto-installed viruses in a matter of minutes

D

DragonSlayer101

Posts: 647   +3
Staff
In a nutshell: Legacy operating systems like Windows XP can present a major threat to user safety if connected to the internet without any security software. A YouTube channel demonstrated as much in a recent video by connecting an unsecured Windows XP machine to the internet, only to attract a number of viruses.

To prove how dangerous it can be to use old and deprecated operating systems without any antivirus program, firewall or routers in 2024, YouTuber Eric Parker performed a proof-of-concept experiment by setting up a Windows XP virtual machine with an unsecured internet connection. Within minutes, the system was under attack, with several viruses and other types of malware automatically installing themselves on the device.

One of the viruses even created a new account named "admina" that was seemingly hosting an FTP file server on the machine. Another virus, "conhoz.exe," was pretending to be a valid Windows service called conhost.exe and connecting to a number of third-party domains, including at least one in Russia. Another sketchy file was pretending to be from Google, with the publisher being listed as "www.google.com."

The attacks continued unabated, with more viruses installing themselves on the machine with elevated privileges. After spending some time researching the auto-installed malware, Parker installed a legacy version of Malwarebytes to run a scan, and it flagged at least eight viruses, classified variously as trojans, backdoors, DNS changers, and adware.

Windows XP was released back in 2001 and went on to become one of the most popular operating software for desktop computers. However, Microsoft ended mainstream support for XP in 2009, while extended support ended in 2014. This means it no longer receives security updates, unlike more recent systems like Windows 10 and 11, making it extremely dangerous to use online.

People who still have older machines with Windows XP should either upgrade to a newer version of Windows if supported, or turn to a lightweight Linux distro like Puppy Linux or Lubuntu that are modern and support the latest security protocols. However, if you absolutely have to use a legacy OS like XP to run an app that's not supported on newer operating systems, turn on the built-in firewall and use an antivirus program like Avast that still supports Windows XP.

Permalink to story:

Dangerous nostalgia: Taking Windows XP online will result in auto-installed viruses in a matter of minutes

 
And Mutahar already explained on Some Ordinary Gamers (Youtube) that this was a special setup - direct connection to the internet, with no firewall.

This is a huge point that needed to be made in the article.

Have a decent firewall? You’re generally fine, just don’t be stupid.
 
  • Like
Reactions: Marco Mint, ZedRM, 0dium and 12 others
The reason that Wxp got so many viruses in such a little time is because Wxp was 95% of all operating systems from 2000 till about 2012. It was the boss operating system that was there to be hacked at Those attacks that hackers made for it are still there to this day. And as MisterSpock said previously direct connection to the internet with no firewall.
 
  • Like
Reactions: MisterSpock
Linux got the same problem, why is nobody bashing linux? I made a statement many times on this website how linux doesnt even come with a firewall, and is in that terms even behind windows xp in security, only to be laughed at... The only serious antivirus companies discontinued their linux antiviruses years ago because too small userbase to be profitable
 
user478318 said:
Linux got the same problem, why is nobody bashing linux? I made a statement many times on this website how linux doesnt even come with a firewall, and is in that terms even behind windows xp in security, only to be laughed at... The only serious antivirus companies discontinued their linux antiviruses years ago because too small userbase to be profitable
Click to expand...
Probably because many/most use a network firewall, similar to XP here? Additionally, firewall utilities are always available in the distro’s repositories, and oftentimes one is installed in desktop suites in some form. If you’re talking Arch or a bare minimal install, then yeah, no automatically installed system firewall — regardless, it’s always your responsibility to administrate your own machines.
 
  • Like
Reactions: Phylop
I have a low traffic Wordpress site on a simple proxmox Ubuntu 20.04 LXC and it gets hit daily by probes looking for vulnerabilities. It’s been running since the days of XP (where it started out) and has never been breached. The only firewall was normally the router (vendor, did-wrt, or now pfsense) as I often turned off the windows firewalls and antivirus for performance and manageability. My Ubuntu server does not have a firewall or antivirus enabled.

If I left all the doors and windows to my house wide open and then vacated my house, it would probably attract intruders, but I don’t think that is a meaningful test of my home safety or security. Good clickbait however.
 
  • Like
Reactions: Thrackerzod, trgz, Ephebus and 1 other person
Why don't we see how long it takes Windows 10 or 11 to be compromised under the same conditions of no firewall or anti-virus? I'm sure the newer OS will fair better, but without a firewall, anything connected to the internet will be compromised.
 
  • Like
Reactions: Thrackerzod and Ephebus
Fake news, I still use xp on the web without any security software installed without any problems. router and a correctly configured browser that filters all the garbage are the way to go.
 
  • Like
Reactions: 0dium and trgz
user478318 said:
Linux got the same problem, why is nobody bashing linux? I made a statement many times on this website how linux doesnt even come with a firewall, and is in that terms even behind windows xp in security, only to be laughed at... The only serious antivirus companies discontinued their linux antiviruses years ago because too small userbase to be profitable
Click to expand...

What?

I run my own linux based webservers for ... 10+ years. Recently upgrade to AMD Epyc to swap out the ancient XEON's.

Linux on it's own is safe, and yeah those are connected directly to the internet. There's good commercial software available that is ready to go and is generally considered secure. You can DIY but obviously if you don't have experience with Linux in the first place dont even start.
 
  • Like
Reactions: amghwk and dangh
user478318 said:
Linux got the same problem, why is nobody bashing linux? I made a statement many times on this website how linux doesnt even come with a firewall, and is in that terms even behind windows xp in security, only to be laughed at... The only serious antivirus companies discontinued their linux antiviruses years ago because too small userbase to be profitable
Click to expand...
Which exactly popular linux distro do not have a firewall? And which one runs malicious code with elevated privileges when it is just connected to the internet?
 
  • Like
Reactions: Phylop
Besides using a direct connection with no router, no software or router firewall and all ports opened like others explained (I'd love to see what would happen if someone uses this setup with an up-to-date Windows 11 or Linux install, for sake of comparison), the Youtuber also used Internet Explorer 6 to browse the web, rather than installing some XP-compatible current and up-to-date browser such as Mypal or Supermium.
 
Suggesting that the fault is all XP is totally wrong. Yes Windows has been steadily improving security with each version of windows. But your most important point of security is your router. It contains a natural firewall in the form of NAT. A properly configured router hides the computer/s IP from any one maliciously searching for systems to compromise behind the internet facing IP assigned by your ISP. XP was just as vulnerable to hacking when it was first introduced as it currently is. How do I know? I foolishly directly connected a fresh XP install to my ISP's modem. I think it took all of 5 minutes to become infected. Think Win10 would fare any better if I did the same? I'd give it 30 minutes top before it was just as compromised as the XP system was.
 
I believe the introduction of UAC with Windows Vista helped prevent things from just being able to be installed in the background without user consent.
 
Yeah. This was done un purpose.
I've got w98/winxp machine. It's connected to the internet and still no problems
 
  • Like
Reactions: amghwk
I have a very old laptop with XP. I only use it once in a while, but NEVER had any viruses jump on it.
 
MisterSpock said:
And Mutahar already explained on Some Ordinary Gamers (Youtube) that this was a special setup - direct connection to the internet, with no firewall.

This is a huge point that needed to be made in the article.

Have a decent firewall? You’re generally fine, just don’t be stupid.
Click to expand...
Exactly this. A Router's firewall is enough to protect from most of the garbage out there. After seeing the above video, I got curious and tried it for myself. XP + All the latest patches + The firewall I used to use with it = No security problems on the internet. Granted, I don't visit sites that are shady as a rule and was extra careful with that install of XP, but still, no issues.

Anyone crazy enough to get on the internet without any protection DESERVES what happens to them. It's like bringing a Geo Metro to a tank fight, you're gonna get crushed.
 
ScottSoapbox said:
NO router and NO firewall.

Blaming XP at that point is laughable. Stop the clickbait.
Click to expand...
Thrackerzod said:
No router, disabled the firewall, he went out of his way to make it as insecure as possible. Youtube clickbait.
Click to expand...
magisys said:
Fake news, I still use xp on the web without any security software installed without any problems. router and a correctly configured browser that filters all the garbage are the way to go.
Click to expand...
To be fair, it was an experiment, not a statement of how competent Microsoft has been with the OS they retired completely 10 years ago.
 
You must log in or register to reply here.

Similar threads

Daniel Sims
PlayStation 5 Pro upscaling tech will move closer to AMD's FSR 4 in 2026
Replies
7
Views
152
Puiu
Puiu
Daniel Sims
Asus denies reports of quick-release GPU damage, but offers support for affected users
Replies
3
Views
171
magoid
M
Shawn Knight
Paul Rudd reprises role as Nintendo hypeman in new Switch 2 commercial
Replies
2
Views
48
ZedRM
ZedRM

Latest posts

Back