I am doing a layman honeypot in VMWare. I have set up a Windows XP original in Vmware (ie no servicepacks or hotfixes at all) I am connected to internet without a firewall or other anti malware apps. Vmware has its own IP number. I have no router, just fiber LAN to the net. A check at GRC.com shows ports from 0 to 1024 are closed. excepts 135-139 and 445 are stealthed. 1025 and 5000 are open. I have been online with it for three hours without anything happening. I have read somewhere that you only have to be online for 15-30 minutes before you get infected with something. Is that just a myth or is it VMware that somehow prevents the worms´n´stuff? Or maybe I am just impatient? The only things I use to check if any activity is going on is Port explorer and Process explorer. Perhaps those are not enough?