security for people using WINDOWS XP.

I’ve been using audacity 2.1.0 since its launch & encountered no problems at all loading it on my three hp laptops,(One is 5 yrs old)none of them are logged on to the internet ,if i need the internet i use my hot mail account at the library,'but i understand your concern about security & understand you can still be open to viruses even when not logged on to the net.

Someone posted that an unprotected WinXP machine on an open internet connection has about a fifteen minute life expectancy. Much better if the machine is behind a WiFi Firewall and even better yet if it has current virus protection software.

Air Gap Firewalls can be very effective as long as the other measures are taken. I have those. Machines with no network connection.


Would XP on the Net through a mobile phone be at risk?

Via a hot spot. Good question. You’re still vulnerable if you download something naughty, but past that I don’t know. I’ve put my Mac on line before as a diagnostic, but that’s fully locked-down Linux system.


Not through a hotspot. By mobile phone, I mean cell phone.

I’m aware of creating a WiFi point on a cellphone and logging into it with my laptop. I’ve done that. What do you mean?


I mean ‘tethering’. I can plug my PC into my phone and use the phone’s mobile data connection. The phone works as a modem. No other hardware needed.

I’ve got an XP machine here at work that’s part of a hardware test station. It’s on the network & Internet, but I only download new test programs occasionally. No web browsing/surfing or email on that machine. Since Microsoft Security Essentials no longer works on XP, the only protection I have is Malwarebytes.

I’ve got a Windows 98 machine with no protection at all, but it’s rare that I download anything. The network connection was flaky and the last time I tried to download something I had to use a floppy disk! :open_mouth: (I have a USB floppy drive so I can write to a floppy using a newer machine.)

I’ve got another Windows 98 machine that’s not currently networked, and I’ve even got a (non-networked) Windows 3.1 machine that we use occasionally in a couple of test setups… :open_mouth:

Right now, I’m on Win7 (with Windows Security Essentials and the free version of Malwarebytes).

I’ve only had a computer virus ONCE (15 or 20 years ago) and I’ve owned computers since before the Internet… I’m “careful”, but I’m not super-paranoid.

I have had malware/crapware/spyware/adware and other unwanted stuff…

I’m with you, DVD. I onlined with a PC for several years without any security and without any problems.

All of this above is purely anecdotal, of course.

The fact is that today’s malware isn’t your friendly script kiddy prank anymore. While malware in the past didn’t really hide it’s actions, today’s malware is highly covert, often only activates after a while and is really, really good in avoiding malware detection.

Having a router between your local network and the net is a must. But even that router can be compromised and used, fi in DDOS attacks. The advantage for the malware creator is that a router is usually plugged in 24/7 and you hardly ever look at it. And most routers are very bad, security wise. I’ve even seen instances of backdoors in backdoors on a couple of models. Blank or fixed passwords is another problem that’s still alive.

Tethering is usually on the same par as a router. I don’t know of any cases of malware targeting that specific use case. It should be relatively safe, imho, because you have to exploit TWO OS’es: the phone and the computer. There are simpler ways to do it. Anyhow, hotspots in airports or coffee shops are far easier to use if you want to “pwn” some computers.

I wouldn’t worry too much about XP. Malware makers stopped targeting XP a while ago. It’s not that hard to create a virus that easily penetrates XP through Win 10, all versions. Just one example:

The “downloads” directory and several others have special status in Windows. “Naked” .dll’s inside will be automatically executed by any installer if they have a special name. “Naked” meaning they aren’t zipped or wrapped in something else.

This is clearly a very exploitable hole. Get the user to download a crafted .dll, then to download and install Audacity fi. Boom. Compromise executed. And the Audacity installer doesn’t even have to be doctored.

With a bit of social engineering, easy to exploit. Write a plugin howto, make some noise about it on the net, “Waves finally cracked”, or something like it…

And not one AV package is really aware of this technique. Some catch some of the .dll’s, the majority doesn’t notice.

This particular one has existed and is known at least since XP and has current status “feature, not bug, will not fix”. The funny thing is, this almost 20 years old hole got recently re-discovered by a couple of researchers. They are making noise, but nobody’s listening.

The sad fact is, some forces don’t want security. It would make their job harder. The recent happenings with Fortinet and Juniper’s products should make this as clear as an unmudded lake…

I guess that if someone has enough knowledge and wants to pwn a computer badly enough, they will do so whatever security it has.

Businesses have more to fear than the personal user.

i’m not on the NET-if i require the NET for any registered software such as AV1 file converter etc,
I always take my laptop/s to my
local well respected computer shop… I get
some good malware protection programmes & other tit bits free (apart from the main software & time)which they download.
If I need the NET i use My HOTMAIL account at the’re not safe even off line.mickthefish.

In the long run it would probably be less trouble to upgrade to Linux rather than all that to and fro to the library and back.

i’m not on the NET

So you’re recommending an air-gap firewall. Good idea. I have several computers with no active network connection.


Until you plug in a USB device…

Seen recently: a targeted virus on police bodycams in the USA. Also on “security oriented” USB card readers, of course on USB sticks and on USB LED lights. You’d expect these USB LED lights to be safe. It’s only a LED, right?

You’d expect these USB LED lights to be safe.

No engineer has ever been able to resist adding “features.”

When the engineers were running Apple for a while there, they brought out an iPod with the traditional scroll-wheel, tilt functions and the button in the middle…and four function keys along the top.

Quick, how many control decisions does that give you? What’s nine factorial…

It’s amazing the iPod developed after that.


Have you had a virus from a USB LED light, Cyrano? Or from a new flash drive/card?

I have never had a virus. But I collect malware and some of my clients did get viruses. Then I get to clean up the computer…

I don’t remember where the infected LED light showed up. It seems that the LED was remotely dimmed and the control program contained some “extra’s”, trying to steal pasword wallets. The LED light was a gift from a business relation. Several dozens were given to the employees. :laughing:

The latest year or so things are getting hairy. But that’s whit businesses. Not with average people. The worst that can happen, is a crypto virus that encrypts most of your files and demands a ransom to decrypt them. The last one of that kind, was kind of bad. The hosting provider deleted the control server. No keys left to decrypt the files and paying the ransom was useless.

In businesses targeted attacks, looking for information are getting worse. A bank here lost about 70 million € with a “mail from the boss” attack. That’s not a virus, but social engineering, of course. Still a lot of money, even for a bank.

The strangest case 'till now is still Dragos Rui’s lab. He’s a professional malware researcher and in the end he had airgapped machines that got infected over audio. Seems that particular malware communicated very slowly with ultrasound from speaker to microphone. Nobody would believe him at first, but now we know that the NSA, fi has such an approach. Nobody’s laughing today. The malware in question hasn’t been isolated, as far as I know.

The prize for the most creative one still goes to Mongolia, imho. A few years back, they sold 2TB external harddrives there that contained reject 16 GB USB sticks, with a modified FAT system. The “drive” never filled up, but it only kept the latest 16 GB. All the rest was deleted. I saw some pics from these devices and the “engineering” was really good. To add some weight, there was a thick piece of cast iron in the case. When you formatted the drive, everything looked OK and it fooled all drive tools, unless your tried to format it to something exotic, like ZFS or Reiser FS. That’s how someone discovered what was really wrong. The origin of the drives was China, of course :smiley:

The sad fact is ,Some of the anti virus software has been hacked even before being released.(TRUE)!!.I cant see Our Data ever being 100% safe.mickthefish.2017. :frowning: