Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
×
Security

Ask Slashdot: Can You Use an Unsafe Computer Safely? 183

"I think the answer is no, but there are some clever people around here," writes long-time Slashdot reader shanen, "so...

"Is there any firewall or router or some other device that can adequately protect an old and no longer supported computer?" I have at least two of those that come to mind, and I might use them more often if there was a safe way to connect them to the Internet.

The specifics probably matter, though that's like opening a can of worms, but... One is a little old machine running an old and no longer supported version of Linux. Another is a Windows XP box that's too customized at a low level to run Linux.

But the big concern involves a couple of old boxes that are only alive now because Windows 10 saved them from the end-of-service of Windows 7. Right now it looks like they might outlive Windows 10, too, but two of them are not suitable for Windows 11. Plus my spouse has an old Windows 8 box now running under 10...

What happens when you combine missed security updates with internet connectivity? Share your best thoughts in the comments.

Can you use an unsafe computer safely?
This discussion has been archived. No new comments can be posted.

Ask Slashdot: Can You Use an Unsafe Computer Safely?

Comments Filter:
  • monitoring software, sometimes outside the OS like Intel's PC management (vPro) make trusting systems impossible. You can not be sure.
    • Meh I wouldn't count on monitoring software. And how you secure systems like these really depends on what they're being used for, and the person who posted this gave no hints of that.

      While you want to prevent a security breach, in general that's impossible, but for these systems you've got even more working against you than typical. In general, keep them isolated so that it's impossible for it to communicate with other devices on the network except for the other ones they MUST communicate with, and then ens

      • by cstacy ( 534252 ) on Saturday March 04, 2023 @09:08PM (#63343489)

        I think the more important question is: Why keep these systems limping along?

        Two reasons, which also combine.

        FIRST: MONEY, as in lack thereof.

        Many ordinary people *cannot* afford to spend a couple hundred dollars (let alone $500 or thousands) on a new computer. They could be living in borderline poverty, or even above that, but on fixed incomes, and asking them to save up $250 (for a start) is a considerable burden. Nedicine, groceries, and rent are a big deal. This may be far removed from your lifestyle situation, but it's many millions of people in the USA.

        Their computers are 4, 5, 10, or maybe even more years "out of date". And they can't even get security patches anymore.

        They have these computers, they've been browsing the web, doing email, and whatever, for years. The computer powers up fine, the display is fine, all the parts work. Maybe they even replaced some hard drives already. Microsoft Word still runs, they seem to be able to surf just fine. All their other random apps work just fine, too.

        SECOND: Compatabiliy.

        Even if they can scrape it together, they know they'll be paying for the privilege of having to learn how to do everything all over again. All their files are on the computer and they know where they are and how to open them. The desktop is arranged the way they want. They know how to work the programs, and they don't want to re-learn some "improved" version.

        These are not all un-sophisticated users. Some have installed things like custom fonts and keyboard layouts. And made command customizations and preferences within (e.g word processing) apps. They are not naive, and know they're going to be fucked. Probably alredy went through that at least once before.

        They don't play games, don't stream video (just watch the occasional YouTube). It is not the fastest computer, it but it is perfectly fine.

        To summarize: These folks cannot afford to live in the online world we've created, because that requires continuous ongoing technology re-purchases that have never been part of their budget. Or are now outside of their means.

        It is difficult for them to comprehend the existential computer security threats. Especially when everything seems to work just fine.

        Why should they be having to spend all this money, and re-learn every goddamn fucking thing? Because nobody will give you just security pathes.

        On that point, you might be thinking Linux. But sorry, that ship sailed 15 or 20 years ago. We're talking about Microsoft or Apple users.

        Hence, the question of this thread.
        What options are there? Some cheap universal protective device would be nice.

        You may have little sympathy for these people because they are ordinary consumers who bought the products used by 99.999% of the population.

        You may think less of them because the are poor. Or because they are old. "Facebook is for old people. Like my parents!" Or because they're just not great at constantly re-learning technology and only ever wanted a reliable, stable information appliance.

        But I hope you can understand where they are coming from.

        I know lots of these people.

        • This sounds like a lot of elderly people I know. I put them on my NextDNS account, make sure they use GMail and not a regular email program, and tell them not to call numbers that pop up saying that they need to contact Microsoft Support.
          • by shanen ( 462549 )

            Actually this comment about elderly people seems to be the only link to my later thoughts on the topic. Sometimes trying to formulate the question brings up new ideas about possible answers?

            So what I was looking for and definitely could not find in the discussion was consideration of child-protection software. I also looked for "children" and "kid" and came up empty. (Ditto "funny", but the topic doesn't seem too ripe for humor.)

            But protecting an old computer from new threats is in some ways similar to the

        • I totally understand all that. I think the kind of curious thing is that the proposed solution is "leverage hundreds of dollars worth of expertise to avoid that", which is also infeasible.

        • Two reasons, which also combine.

          Neither of which are compelling, even if they apply.

          FIRST: MONEY, as in lack thereof.

          Many ordinary people *cannot* afford to spend a couple hundred dollars (let alone $500 or thousands) on a new computer. They could be living in borderline poverty, or even above that, but on fixed incomes, and asking them to save up $250 (for a start) is a considerable burden. Nedicine, groceries, and rent are a big deal. This may be far removed from your lifestyle situation, but it's many millions of people in the USA.

          And how much is an rpi? Literally all he'd need is the board and maybe a $5 power adapter. He obviously has a mouse, keyboard, monitor, etc.

          SECOND: Compatabiliy.

          Even if they can scrape it together, they know they'll be paying for the privilege of having to learn how to do everything all over again. All their files are on the computer and they know where they are and how to open them. The desktop is arranged the way they want. They know how to work the programs, and they don't want to re-learn some "improved" version.

          These are not all un-sophisticated users. Some have installed things like custom fonts and keyboard layouts. And made command customizations and preferences within (e.g word processing) apps. They are not naive, and know they're going to be fucked. Probably alredy went through that at least once before.

          They don't play games, don't stream video (just watch the occasional YouTube). It is not the fastest computer, it but it is perfectly fine.

          To summarize: These folks cannot afford to live in the online world we've created, because that requires continuous ongoing technology re-purchases that have never been part of their budget. Or are now outside of their means.

          It is difficult for them to comprehend the existential computer security threats. Especially when everything seems to work just fine.

          Why should they be having to spend all this money, and re-learn every goddamn fucking thing? Because nobody will give you just security pathes.

          On that point, you might be thinking Linux. But sorry, that ship sailed 15 or 20 years ago. We're talking about Microsoft or Apple users.

          If you had actually read TFS, the guy literally said he already has a Linux computer. But no, you spent all of that time and effort to try to contrive a scenario that doesn't even apply. Time well wasted on your part, way to go.

          Hence, the question of this thread.
          What options are there? Some cheap universal protective device would be nice.

          Such a thing doesn't exist. Period. Such a thing can't even exist. If somebody claimed to ma

          • He obviously has a mouse, keyboard, monitor, etc.
            Yes, his computer is a laptop and came with those.

            No idea why 50% of the idiots on the internet who are completely incapable of providing a solution to a question always jump up with: you do not need that, because you can do X instead. Sorry: that was not the question and your answer is no solution to his problem. Besides the fact that he is/was probably well aware that he can buy a Raspberry Pi, if not: he does not know what a "rpi" is anyway, and your answe

            • Yes, his computer is a laptop and came with those.

              He described the computer as heavily customized. Generally one doesn't do that with laptops. Again, we're dealing with a situation where not many details were provided. Nice try at getting revenge, but no.

              No idea why 50% of the idiots on the internet who are completely incapable of providing a solution to a question always jump up with: you do not need that, because you can do X instead.

              And as we've seen numerous times already, you're one of those 50% of idiots. For example, that time somebody asked a question about data structures, and you came in to suggest a linked list for a situation that was begging for a deque. That's when somebody like me has to come in and say "dude, that's total

        • As their machines die they generally replace them with phones.

          They will not learn a new OS and didn't learn the old one, they just need an internet kiosk.

          They had years, decades, to prepare a replacement or learn a new OS or read how to install a later version of Windows. They chose otherwise. Their real problem was decisional paralysis and the choice (it is a choice) to be tech-illiterate. They wasted their endless years online learning nothing. They never learnt what enthusiasts learnt in their first year

        • First, firewall this so that the computer cannot see your internal network at all-- just the world. You may want to also block service ports you don't need like ssh, ftp, telnet, rsh, samba, etc...

          This doesn't solve someone stealing data or messing up your computer. Nor does it prevent people from using your computer to attack other computers (e.g. DOS ).

          Second, do you need to keep a persistent evolving state on this computer? That is, if it gets e-mail or accumulates browser history and bookmarks or new

      • by shanen ( 462549 )

        Mod parent insightful. In particular, one of the ancient machines is running an ancient database app that really should be moved somewhere... The real problem for that app (as it exists now) is moving the updated data to a different machine where CGI/PERL front end makes it accessible in a more useful way.

        Upon reflection, the fundamental problem might be that I (and we) want to do fundamentally unsafe things and there is no safe way to do unsafe things...

    • Go ahead, try and find enough capacity on an 8-bit 6502/6510 to run useful malware on top of whatever retro game someone wants to play. Or good luck recovering useful data from keylogging Space Invaders.
      • by cstacy ( 534252 )

        Go ahead, try and find enough capacity on an 8-bit 6502/6510 to run useful malware on top of whatever retro game someone wants to play. Or good luck recovering useful data from keylogging Space Invaders.

        Spy Thriller movie plot challenge ACCEPTED!

      • Well, he could get my password: a*space*aaa*space*dddd*space*d*space*a

        Shit, now I have to change it.

    • by kriston ( 7886 )

      I was gonna say "just use Guacamole, Amazon WorkSpaces, or another remote desktop solution to connect with your real desktop" but I neglected to remember the keylogger threat.

      Use a bootable USB drive, instead, using Puppy Linux or a similar bootable environment.
      If that's not possible, wipe the drive and install Ubuntu on it.
      If that's not possible (very unlikely), send it to the recycler.

      • I mean, ultimately you need to avoid keyloggers. If all you do online is go directly to some cloud vnc and use that to interact with rest of the net, you should be fine.

        You need to have an external firewall that doesn't let incoming connections talk, and you need to only communicate with trusted things. Then you should be ok.

        • by kriston ( 7886 )

          We're still vulnerable to keyloggers going to the cloud desktop. How do you avoid the keyloggers?

    • Even a compromised Linux box can't really be trusted. See Ken Thompson's Reflections on Trusting Trust [cat-v.org] for a very old example of how bad things can be if a compiler is compromised.

  • Firewall + browser (Score:5, Informative)

    by imunfair ( 877689 ) on Saturday March 04, 2023 @07:07PM (#63343181) Homepage

    There are two parts to protecting an old system. Optimally you would want to isolate it from the internet completely, LAN access only with ports and subnets filtered by network hardware. But from your question it sounds like you're just talking about using an old XP computer at home or something.

    Obviously you could install linux, but if you wanted to keep Windows you'd need to make sure you weren't connecting it directly to the internet since you need a firewall to filter the dangerous port-specific remote exploits. The second danger is just your own browsing activity, and for that you'd want to strictly filter your website usage, a good antivirus will help with that but your first line of defense should be a browser with the scripting relatively locked down except on trusted sites using something like noscript, pair it with a good adblocker for extra security.

    That won't protect you 100% since there's always the possibility of a rogue script on a trusted site, but it's about the best you'll do while still having decent usability of the PC.

    • by shanen ( 462549 )

      This one is pretty close to my thinking on the topic, though I was tilting towards the idea of highly restrictive whitelisting. Also seems to justify ad-blocking, though in general I feel obliged to accept ads when I am using services that are funded that way...

      I actually spent quite a while trying to get some version of Linux to run on that XP box, but couldn't do it. There was actually a special distro that was focused on similar models from that "clever" maker. Quite a while ago and now I can't remember

    • by AmiMoJo ( 196126 )

      Best to avoid browsing on these old systems. What most people into retro computing do is download everything on another machine and then transfer it over somehow. Floppy disk for small stuff, and depending on the age other options include USB drives and Compact Flash. Compact Flash cards have the advantage of being IDE devices, so with a cheap adapter they can be connected to most 90s era and later machines,

    • > a good antivirus will help with that but your first line of defense should be a browser with the scripting relatively locked down except on trusted sites using something like noscript, pair it with a good adblocker for extra security.

      Good luck finding those things for an old unsupported OS. Even if they existed once they probably do not today in a usable way.

      • by dryeo ( 100693 )

        Both no-script and ublock_origin have maintained branches for xul based browsers. Palemoon for example or even straight Firefox 52ESR, the last version that didn't require SSE2, and IIRC, supported XP
        Of course the problems with them is less and less web pages display (Palemoon is much better then stock 52ESR) and memory, 32 bits doesn't go far now a days. Even SeaMonkey has dropped 32 bit support.

  • by pcjunky ( 517872 ) <walterp@cyberstreet.com> on Saturday March 04, 2023 @07:10PM (#63343193) Homepage

    So much depends on the operator that what software/OS the computer is running is far less important than having a knowledgeable operator. Even the most modern computers with the most modern software/OS is unsafe in the hands of many.

    • by Reziac ( 43301 ) *

      As one who still uses XP and XP64 for everyday (and mostly linux when I really need something "modern", because Win10/11 makes my eyes bleed) ... yeah. Don't install software from dodgy sources, don't trawl sketchy websites, run a firewall, use an adblocker. Zero problems. (And stellar stability. The daily driver was last restarted in October 2021.)

      Lost in this discussion is how do the bad guys figure out where to attack Windows? They're not genius coders and they don't have Windows source code... but they

  • uMatrix/nuTensor, and block everything by default. Only selectively turn things on if you trust the website, and need a feature to work.

    That should protect from most of the javascript stuff.

  • What are you protecting, the computer or yourself? If yourself, then I'd think it's very hard, due to keyloggers and who know what else that might be running on them.

    If it's the machine (in a "known good" state), then I think you can mitigate risks a lot. The concept of whitelisting comes to mind, and not only when it comes to the internet.

    For internet connection, you can possibly put a device between the machine and the web. You can then whitelist sites, ports, services, protocols, etc., and this way you c

  • by iAmWaySmarterThanYou ( 10095012 ) on Saturday March 04, 2023 @07:15PM (#63343209)

    If you're using said computer (windowsills through 8 and old Linux) on the net with a browser, email, maybe some games or whatever that people typically do online, no.

    Most likely situation is your browser runs a browser zero day which won't impact a patched machine will nail an older client.

    I wouldn't do it. In fact, my windows 7 machine is rock solid and super custom but I won't put it online anymore. Pretty much the same as your situation.

    If you have the money, I'd suggest getting your spouse a laptop+monitor setup and get yourself a faster machine with a bunch of extra memory ("bunch" tbd based on your usage), and run virtual machines for all these older systems.

    Once you take a look at doing something like that you may realize you don't really need a machine for some of those things, just move the apps to your new box but you don't say what you're using all this old hardware for so I can't really say.

    • by leonbev ( 111395 )

      Using older OS'es is safe if you keep it offline and only allow trusted users physical access to it.

      I would never put an unsupported/unpatched system on the Internet, though. Replacement hardware is cheap nowadays, so it really isn't worth the risk.

    • I wouldn't do it. In fact, my windows 7 machine is rock solid and super custom but I won't put it online anymore.

      I'd upgrade it to Windows 10...

      • It has an SSD but it's circa 2011 and frankly not much faster than the old school slow ass raid array it has, too.

        Just not worth the effort. I do have a newer 970 ssd sitting around idle but the win7 box doesn't have m2 support and I'm not going to spend time n money on adapters etc, if such is even possible. I did have the 970 on usb 2 for a while but it was hopelessly slow.

        These days I don't do much on PC. I have a MBP when my iPad isn't enough. If there's ever a must-have game I'll build a new PC for

    • >zero day

      If you are vulnerable to things that have been patched, as an older unpatched machine is. You are not vulnerable to "zero days". If you can be rebooted by a ping of death, that isn't a zero day, that is like a 9500 day vuln.

      • Zero day browser is not zero day OS. It has been the case for many years that hacks can involve weaving through multiple different vulnerabilities at different layers of the stack to escalate privileges.

        In this case what I was saying is maybe they can hack your patched browser but that only owns your browser. The next step to system ownership is the OS with a different hole (accessed via that browser bug) which an older system is much more likely susceptible to than a newer fully patched system, generally

  • If the computer has a keylogger (software or hardware) then it's going to be next to impossible to do something like
    type in a credit card without it being logged even if you install a virtual machine.
    If you are talking browsing the web, then it doesn't really matter.
    If you are worried about your local network then isolate it and you are basically back to coffee shop style of network.
    If you are logging into a banking portal and you have 2FA, then they will have your password but won't be able to do much with

    • by Striek ( 1811980 )

      If the computer has a keylogger (software or hardware) then it's going to be next to impossible to do something like
      type in a credit card without it being logged even if you install a virtual machine.

      And if my grandmother had wheels, she'd be a bicycle.

      The question is whether you can be sure there is no keylogger.

      • Sure you can.

        Just run a minimalist custom-rolled Linux distro whose source you've exhaustively audited yourself, compiled using a compiler whose code and binary you've audited to ensure no vulnerabilities are discretely inserted into the output, running on a computer you've personally built from individual transistors, and shielded against producing any decodeable EM emissions. (same for the keyboard, obviously) And only use it in a room that you're sure is free from any video or even audio recording devic

  • by Joce640k ( 829181 )

    XP? No.

    Windows 10? Sure, why not? Just because Microsoft announces "end of support" doesn't mean it stops working. There's still plenty of Windows 7 machines out there and Windows 10 will be around even longer because Microsoft refuses to provide a version of Windows 11 that will work on some CPUs.

    (it's not for any technical reason so maybe they'll relent as the Windows 10 deadline approaches at the end of 2025)

  • What are you using it for? I have a Windows 7 install that is just for gaming and I don't have anything on the computer that is remotely important. I suppose it could leave my Steam installation vulnerable to hacking but um, yeah that's not even important. I do however unplug the Linux hard before booting into Windows and vice versa, the idea being a hard drive not connected isn't going to be able to interact with the out of date OS.

    Also worth noting, I don't even have a home network setup anymore. I just u

    • Just make sure you have a recovery disk image handy to minimize downtime.

    • Gaming only? I use Widows for 1) connecting to my motorcycle (no ODBII), 2) jailbreaking Amazon tablets, 3) updating wireless car adapters, and 4) where my primary OS doesn't support or isn't easy to use.
    • by Megane ( 129182 )

      This. It all depends on what you want to do with it. It's fine to run something like Windows 7 as though it was a console gaming system. (I have two, but one is turned off most of the time, and I only use a few specific online games on them.) Just don't put it on a "live" IP address, and don't use it for general web browsing.

      If you just want to make an old computer useful, unless it's really old (386/486 era, or limited RAM), there's a very good chance that you can get a modern Linux running on it. If it's

  • Unsafe for what? (Score:4, Informative)

    by Rosco P. Coltrane ( 209368 ) on Saturday March 04, 2023 @07:31PM (#63343241)

    Browsing unsafe websites? Word processing? Accounting? Drawing?

    "Unsafe" computers are totally safe for plenty of things. You don't have to be on the internet doing things that expose you to hackers. Unless that's the only thing you think computers are good for...

  • EOL on large automated capital equipment is longer than the EOL of any OS, so many industrial facilities still have a few XP boxes running something or other.
    I physically remove all network capability on those machines. They need something, they get a USB stick

    • Well, viruses were a thing long before most people had any online access.

      Although I suppose that your USB strategy might relatively safe these days, since probably few people bother writing viruses that spread by disk anymore.

  • by Crashmarik ( 635988 ) on Saturday March 04, 2023 @07:34PM (#63343259)

    The only thing you can do is minimize risk. Think of the past vulnerabilities that were known but went unpatched, and widely used. Flash, Active X, Windows Metafile code execution vulnerabilities, Encapsulated Post Script code execution vulnerabilities, just about every sandbox or virtual machine has been broken.

    If you are going to connect your computer to the net, it will become unsafe.

    Now you can use your unsafe computer in a manner that minimizes risk.
    1. Don't connect it to the net. I have an old pentium in my garage acting as a controller for some tooling. None are net connected, pretty safe.
    2. If you do connect to the net, don't put any personal information on the machine. Nothing absolutely nothing.
    3. Limit what you use it for. Using it as a terminal for just "Safe Sites" limits the risk. You want to read Wikipedia, and only go there, you have limited your risk.
    4. Don't store anything on it of any importance. Nothing, zero, zilch.
    5 NEVER EVER CONNECT IT TO YOUR NET. This is a number one item but it's more complicated than the rest. The "unsafe" PC should not even be able to know your network exists, let alone have any kind of direct connection.

    All that said, it's once again a case of how much risk you are willing to have to gain benefit.
    Or to put it another way
    Do You Feel Lucky Punk?

    • "4. Don't store anything on it of any importance. Nothing, zero, zilch."

      Not your real name, or address, no credit card numbers, certainly no Social Security Number, no bank accounts, no records of what bank you use, no Amazon account, etc, etc.

      That's also good description of what I have on my IPad. If you want to rummage through my pictures of the cat sleeping in front of the fireplace feel free.

      Oh, there's the model number of the capacitor for the irrigation pump motor. I'm sure that's highly important. ;-

  • Its a dumb question because its asking one question but the followup is a different question.
    "Can You Use an Unsafe Computer Safely?" should have been "Ask Slashdot: Can You Use an Unsafe Computer Safely on the internet?"

    I have a "trip laptop" where it has the independent games I want, documents, and text editors. Internet and USB is disabled.
    Very usable for the purpose intended.

  • by msauve ( 701917 )
    What a fucking stupid question. "Use an unsafe computer safely?" No, by definition. Use an old computer/OS on the Internet safely, maybe. But if you're asking the question, then you probably can't. Use an old computer/OS locally, sure.
  • by bugs2squash ( 1132591 ) on Saturday March 04, 2023 @07:46PM (#63343291)

    Unless you know it is a new installation, how do you know it is not already compromised ?

    If you are willing to newly install it, eg. to support some old software that MUST have the old OS for some weird reason, then maybe you can make it safer by running it in a VM, and periodically blow it away and restart from a saved copy of the VM. That will at least clear out any viruses or whatever but you'll never be able to trust it

    You might consider using something like deepfreeze from faronics to at least allow the machine to reboot to a clean OS periodically, but again you won't be able to trust it fully

    But then can you trust a modern OS fully ? for one there will always be unpatched vulnerabilities and for another the virsus writers are probably busy developing new attacks for the latest OS and my have moved on from yours, I daresay you're pretty safe running MicroVMS nowadays !

    your behavior will matter too, do you click on random links people send you in email or go to just one trusted domain, do you install every new screensaver you can find ?

  • Sure you can, but it all depends what you're using it for. If you think you're going to be using it as a general-purpose desktop and browsing the web, no chance. However if you're using it as a server for a single purpose, it's perfectly possible to lock it down and isolate the potentially vulnerable machine from virtually all attack vectors.

    Windows 11's forced obsolescence is another matter. I'm sorry to say that Microsoft is forcing you to upgrade your equipment if you want to continue to use their softwa

    • by Megane ( 129182 )
      There are two big things that will keep you from running Linux on an old PC. Those are having a 486 or older, and not having enough RAM. For the first you will have to run an old distro (preferably not too old, as the ones from the late 90s were still full of serious exploits), but for low RAM requirements there's always Slackware.
  • Will the computer access the internet? If not, you could isolate it and build a modern secure proxy around it. For example running in machine working as a proxy. If it will, you may by only letting it access an outgoing proxy that reinterprets output messages and issues them from a safe endpoint. But it will be an awful lot of work.
  • Are you protecting yourself from the internet, or anything that may still reside on the machine itself?

    The easiest way to safe yourself from the internet and anything remaining on the HD is to boot from read-only external media and update the media separate from the questionable machine. I have Knoppix on a Kanguru USB stick with a physical read only switch. I can boot knoppix forensic toram no3d to be sure I'm not touching the local HD or the fancier video card options. ChromeOS Flex can also work here

  • Buy a newer computer. It's a fun thought experiment to try cheating the march of progress which has brought your once proud hardware to the brink of being landfill fodder, but sometimes opening your wallet really is the best option. I went through all the stages of grief with my Skylake i7 and upgraded it awhile back to a 10th gen model. It's now no longer on Microsoft's shit list, and as an added bonus transcodes 1080p video to H.265 twice as fast as my old rig.

    As the famous Weird Al once said [youtube.com]:

    My new co

  • These days we build our computers from the ground up to get infected, and stay infected. You need a write enable on the OS drive at all times because?
  • In about 2000, my "idiot brother" bought a brand new computer. Three years later, he finally got internet service. So his computer had no updates and the free anti-virus had expired in those 3 years. How long did it last when connected? 8 days. Just over a week after getting internet service, the machine was so badly infected it could no longer boot. (He gave it to me, I wiped the drive and installed an up to date L8nux, and used it for 4 more years.)

    If your computer is unpatched, there is no safe way to co
    • by Jeremi ( 14640 )

      If your computer is unpatched, there is no safe way to connect it to the internet. End of story.

      The safe way is to install an OS so obscure that no hackers can be bothered to try to hack it. I recommend either BeOS [wikipedia.org], Plan 9 [wikipedia.org], or for the truly paranoid, TempleOS [wikipedia.org].

      • Haiku, you can't plant software I can not find.
      • The post supposed that some of the hardware was custom/proprietary and thus not supported by alternative OSs. Personally I think he's out of date; hardware support in Linux is much better than it used to be. Even the various winmodems and win-printers are supported in some versions of Linux - though he may need to do some research.
  • You have to keep the attackers out. This means:

    1) A firewall to prevent anyone from connecting to your box.
    2) A browser with a whitelist that only connects to trusted sites.

    Of course, normal other points apply, don't open attachments you don't trust, don't download Banzai Buddy, etc.
    • Basically if you can enforce a whitelist to only connect to computers you trust, then you only have to deal with problems from those computers (if they get hacked first).
  • Toy retro OS installs are easily protected. Isolate your machine from the internet and browse using VNC or other remote desktop to browse using a modern OS, preferably Linux. Retro enthusiasts do that all the time and DOS VNC viewers etc make it easy.

    Businesses and important networks should just air gap old OS which need not be used for comms but may be required to run CNC machine tools etc which are uneconomic and horribly expensive to convert.

    If you're afflicted with ancient computers you need to get on t

  • by williamyf ( 227051 ) on Saturday March 04, 2023 @08:40PM (#63343437)

    Your Win10 machines can run 10 beyond 2025.
    If you go to LTSC 2019 you can keep them running until 2029
    If you go LTSC 2021 you can keep them running until 2026 (yes, no typo, shorter than LTSC 2019)
    If you go Win IoT 2011 you can keep it running until 2031
    If you go To a server version derived from the Win10 codebase the support window is longer as well...

    Of course, actually procuring said versions without going to the high seas is another can of worms entirely...
    Also, each option has some pros and cons, for instance, your intended SW may reject LTSC 2019 as too old, and IoT will miss (consumer type) things that, if re-introduced, will not be fully patched...

    Also, there is https://0patch.com/ [0patch.com] ... Their stance for Win10 is not clear at the moment (and logically so, because Win10 is still supported), but if their stance on 7 is anything to go by, they will be able to give you security, either for vanilla Win10, or for one of the special versions I already mentioned.

    For the XP and Old-Linux machines, if by now you have not solved that problem, you have not looked hard enough, the best practices for securing XP machines in particular, was extensively discussed when WinXP went completely out of support in 2014. Google and the waybackmachine are your friends.

  • No computer can be used entirely safely when facing a sufficiently determined and resourceful adversary. For example, if the NSA wants to know what is in your computer's hard drive, they will find out a way to get that information, no matter how diligently you protect your computer, even if it ends up with them putting a gun to your head, similarly to the Godfather, to the effect that either all of your passwords will be cleanly written down in a piece of paper or else the brains of all those dear to you,
  • It's hard to imagine a piece of hardware that isn't supported by a current Linux distribution (e.g AlmaLinux, Ubuntu, Debian) yet would still seem fast enough that a person would be willing to use it.

    • ???? My drive is formatted as Beos, but it is running as a compressed drive using my own compressor of my design, not any of the one out there.
  • They work as door stops, bookends, monitor risers, any number of things.
    On a more practical level, if they have a function that does not require unsafe exploitable software to access the internet, then yes. If you are talking about a general purpose web browser machine then your problem is going to be finding a browser that is not vulnerable to just visiting the wrong infested web server.
    Most exploits that get consumer PCs these days are not poking at external vulnerabilities in OSs, because most consumer

  • There are two main reasons I'd assume someone wants to do this. The first is that they have critical hardware/software which must run on these machines and does not work on something more modern. This happens in specialized industries. The second is that they are broke broke broke.

    In the first case I'd put these in a private vlan to isolate them, firewall them off and use intermediate systems in a separate DMZ running proxies to connect to any external resources if and only if those connections are a hard r

  • I don't know if it would work on that hardware but if it did I think that might be the closest thing that would do the job? Maybe someone can poke some holes in that theory.

  • And it deserves 1 answer:

    NO

  • No.

    Did you think otherwise when you said unsafe yourself?

  • It all depends on your setup (the road to your computer).

    Most ISP's today have some kind of end user protection, they will protect the users against common attacks so most of the older noise will never reach your computer in the first place.

    Secondly - if you don't already have any malware on your computer that "phones home" to inform a certain recepient of your computer, then it's more of an hit-and-miss game, they have to randomly search your IP address and scan for open ports and vunerabilities, and for t

  • All standard computers are unsafe. Some deliberately leak your information to the developers of the system in a way which you might deem unsafe. More critical bugs will be discovered which enable root access allowing compromise.
    A MS windows computer is the least safe supported PC platform to use, not because other platforms are inherently better, because they dominate the market, hence they support the highest malware load. Similarly I'd suspect that Android is the least safe platform simply because it dom

  • Here are the primary attack vectors for any OS:

    * Open listening network ports, i.e. network services (for home versions of Windows that's CIFS, and rarely IIS).
    * Applications and services connecting to remote services (that's a much wider attack area: CIFS, HTTP/HTTPS (iexplore.exe), FTP, etc. etc. etc.).
    * Local applications working with foreign content such as audio, video, images, rich text formats (RTF), etc. Yes, applications opening such formats can be exploited this way because parsing a complicated b

  • Why suddenly you care so much about these leftover boxes? Behind NAT you are relatively stable, until activity rot occurs, so it starts to become more risky. Visit free content sites, and you are dealing with poisoned servings no matter what device you brought in. Then, you do similar on your smartphone, just that you do not care much about that one.

    Me, I am still keeping Windows 2000 box as my server, turned-on couple times in a month. It looks sane, being mostly off-key for contemporary abusers. Then, it

  • by Tom ( 822 )

    What happens when you combine missed security updates with internet connectivity?

    You'll be owned within minutes. There are enough automated bots out there to do that.

    Now can you avoid that? Yes, you can. But it's not worth it.

    You could, theoretically, sanitize all the input/output. Put the old machines behind a firewall system. Not a simple IP firewall, but an application-level firewall that acts as a proxy (so no direct connections to the old machine), can filter out malicious JS, etc. It will also have to inspect TLS so you need to set up a root certificate and trust it on the old mac

    • Normally you use a NAT firewall. Built in into the router.

      You basically are only vulnerable to opening malformed pictures etc. and obviously to firewalls that are vulnerable themselves.

  • by dvice ( 6309704 )

    Why do you want to keep using outdated machines instead of buying a new one?

    A) Money. Are you low on money? Is this really worth your time?
    B) Laziness (and yet you are ready to do lots of things?)
    C) Specific software or hardware which runs only on these machines. (you will eventually have hardware failure, what then?)

  • By "Unsafe" you mean an unsecured device?

    Then Step (1)Firewall. Outgoing connections only.
    (2) Make sure whatever software programs you do use to access the internet with is secure.

    Usually the web browser could be secured independent of the OS - as long as you aren't using Internet Explorer, Or something that allows page access to insecure Windows platform features.

    Other programs... Less likely. Certainly don't have MS Office installed.

    • The problem with web pages used to be malformed input, e.g. exploiting jpg libraries used to display an image in a web browser.
      If the browser or image library is not patched accordingly (same for any other render library, like PDF or PNG and any other inter net aware program using them, e.g. a mail program) your NAT firewall is not helping. Funnily: there are NAT fire walls that can recognize if an image is compromised and filter it out.

      • by mysidia ( 191772 )

        there are NAT fire walls that can recognize if an image is compromised and filter it out.

        I wouldn't trust filtering functionality of the NAT devices other than port-based filtering and Destination host/IP address blacklist-based filtering - it's not going to work for HTTPS connections, and most images will be downloaded over a HTTPS connection.

        The NAT device is mainly to prevent TCP/IP stack exploits and Inbound connections from other devices,
        And you also want to set firewall rules to block Outgoing conn

  • If all you need is a browser to access the internet, consider installing ChromeOS Flex on it. This will once again provide the machine with regular security updates. After years of dealing with my parents and in-laws somehow ending up with infections on their PCs, I finally switched them all to ChromeOS devices and haven't had a single such instance since doing so.

    https://chromeenterprise.googl... [chromeenterprise.google]

  • The usual consultant and lawyer answer before you cough up the dough: Depends. Because saying either yes or no may lead to someone then going "but you said..." when their situation is a fundamentally different one.

    Why is that computer unsafe? In your case, the "unsafe" label comes from the OS of the machine is no longer supported, if I get this right. This doesn't make it unsafe per se. It only means that any security woes the were discovered after the machine went out of support will not be handled. If no

  • IF they can be arsed to install it.

    It runs surprisingly well on my C2D 3GB T61 I use to flash GM PCMs (with PCM Hammer and Universal Patcher, both free).

    Since the low-tech sort were mentioned that's their fix. They're not going to learn Linux and are really better off with a phone or tablet with keyboard and mouse. Even the Fire 10 tablets are usable for that sort of thing (I bought one to use with LS Droid because of its Android version).

  • Can you use an unsafe computer safely?

    Yes, as long as you do not connect it to the Internet. And don't import files to it from usb!

    A different question is, how you avoid getting here again. I know of a case where someone has been running the exact same desktop, covered with files, since early Mandriva. And the same apps, same fonts, same tweaks. Moved from Gnome 2 to Mate, and from Mandriva to Debian. And this is on half a dozen different hardwares.

    It can be done, you can keep everything the same while

  • Here's my dumb opinion... I've been on the Internet since 1994. I've almost exclusively used outdated (Windows) machines at home(s). I also haven't used antivirus software at all in many, many years. I don't think I've seen the trouble everyone else talks about.

    I read once that most of the problems come from phishing and web ads these days, so I tell family to not click on email links and put good ad blockers in all of their browsers. Also, I don't allow anything special to go on: remote access an
  • There isn't a way to safely use Microsoft products.

Think of it! With VLSI we can pack 100 ENIACs in 1 sq. cm.!

Working...