XP SP3 no AV or windows FW

Discussion in 'other security issues & news' started by 1nvad3r, Jul 13, 2009.

Thread Status:
Not open for further replies.
  1. 1nvad3r

    1nvad3r Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    20
    I'm just curious if a XP SP3 computer with no AV, windows FW turned off, no FW router, and connected to a public internet, not doing anything, would get any malware?
     
    1nvad3r, Jul 13, 2009
    #1
  2. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,963
    Location:
    Somethingshire
    Eventually yes
     
    Cudni, Jul 13, 2009
    #2
  3. Gullible Jones

    Gullible Jones Guest

    Gullible Jones, Jul 14, 2009
    #3
  4. the Tester

    the Tester Registered Member

    Joined:
    Jul 28, 2002
    Posts:
    2,854
    Location:
    The Gateway to the Blue Hills,WI.
    Yes. And probably in short order.
     
    the Tester, Jul 14, 2009
    #4
  5. Fly

    Fly Registered Member

    Joined:
    Nov 1, 2007
    Posts:
    2,201
    Not that long ago, I read on this forum that, at least in theory, you don't need a firewall.

    As long as you have no services listening (default?), no firewall for inbound protection would be necessary.

    I'm not saying I believe that.

    Would anyone care to comment ?

    (Btw, I use Windows XP Home Edition service pack 2)
     
    Fly, Jul 16, 2009
    #5
  6. Joeythedude

    Joeythedude Registered Member

    Joined:
    Apr 19, 2007
    Posts:
    519
    Other thread is here.
    https://www.wilderssecurity.com/showthread.php?t=245354

    If its got the default windows services settings then probably yes.

    If some of these are turned off then probably not.
    There would be 2 risks left I know of
    1. a new vulnerability is found in the services you still have running.
    2. an application on the PC opens a port.

    Its a bit of a grey area to me though. :)

    For example I originally thought the idea of port being open was analogous to a door being open.
    Now I think it can cover 2 very different senarios
    1. opening a door without expecting anyone and then leaving it open to let anyone in.
    2. After hearing the knock from outside ,open the door to let someone you expected in.

    1 - would be, say a windows service works.
    2 - the way a browser works.
    Both open a port but the security risks that result are very different.
     
    Joeythedude, Jul 16, 2009
    #6
  7. 1nvad3r

    1nvad3r Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    20
    k i understand, minimum is having a firewall if listening services r left at default.
     
    1nvad3r, Jul 18, 2009
    #7
  8. wat0114

    wat0114 Guest

    I tend to agree with this. I have only three processes listening: alg.exe. jqs.exe and DKservice.exe listening when no programs are open. I'm willing to bet I could have this laptop sit on a public network for a very long time before it succumbs to attacks. Of course this is only conjecture on my part, but I feel confident it's not all that vulnerable in its present state. it is running a reduced services profile and problem port 445 is disabled
     

    Attached Files:

    wat0114, Jul 18, 2009
    #8
  9. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    10,224
    If you have no ports open, no.
    If you have ports open, maybe, depending on patches and such.

    Gullible, your link is from 2004 ... SP2 was only starting to get baked then. The question was about SP3.

    Mrk
     
    Mrkvonic, Jul 18, 2009
    #9
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...