I’m sorry, but disabling the firewall makes this a wasted exercise. ANY computer connected directly to the internet without a firewall will get infected. Even PCs with modern, up to date OSes.
Granted, Eric turned off the firewall on Windows XP before he started the experiment, but we have a sneaking suspicion that a security suite that hasn’t been updated for at least a decade doesn’t have much chance against modern tactics.
But yeah, would’ve been more interesting with the fw running.
Correct me if I am wrong, isn’t a simple firewall that blocks incoming and outgoing connection is basically impenetrable? Because when something tries to connect, then the connection is dropped immediately unless on a certain port. If even the connection attempt were ignored, how would an exploit achieve some form of connection? Unless we are talking about application level firewall or deep packet inspection
What “modern tactics” actually work on XP?
I know next to nothing about networking security, but doesn’t the Windows firewall basically block unsolicited incoming traffic? So I guess the way a modern OS without a firewall could get infected through some malicious traffic against some open port. But wouldn’t there still have to be a serious security vulnerability with something that listens on some port for it to get infected with something? And, assuming the local network is clean, wouldn’t you also need to open / forward ports on your router so that they’re actually accessible at all from the Internet?
in this example, its like disabling the firewall and plugging directly into the modem with no router. in that case, there’s no local network and no router firewall in place. wrt ports needing exploits, that’s correct. the thing about that is that there are definitely exploits being used in the wild that we dont know about. Microsoft’s May security update fixed 3 critical vulnerabilities that were being actively exploited. sophisticated attackers use exploit chains, where one vulnerability gets a foothold then others are deployed in a way that circumvents most common security measures inside the affected OS to gain admin rights. so in short, the scenario you describe is not as implausible as you think it might be.
I wonder how many internet-facing SCADA systems run on XP…
I remember reading years ago that an unpatched WinXP machine on the Internet would catch something in 10 minutes without having to browse.
Is there anything different here that is a change from that rule of thumb?
At the very least you want a router between the comp and the Internet to obfuscate port scanners and such.