I connected Windows XP to the Internet; it was fine

Hacker News Discussion ↗

Scope of “connecting XP to the Internet”

  • Many note a key distinction: XP with a public IP, open ports, and disabled firewall vs XP behind a NAT/router.
  • A YouTube “gets instantly owned” scenario is criticized as manufactured: public IP, file sharing/RDP exposed, firewall off.
  • Several argue the OP’s experience is unsurprising because most home setups now sit behind routers with default-deny inbound traffic.

NAT, firewalls, and “herd immunity”

  • Consensus: being behind NAT or a stateful firewall greatly reduces drive‑by network worms (e.g., Blaster era infections in seconds).
  • Some stress it’s state tracking/firewalling, not NAT itself, that provides protection.
  • Others push back, saying NAT effectively forces a firewall and hides internal topology, which users value.

XP vs modern OS security

  • One view: no modern OS would survive on the open Internet with multiple exposed services and no firewall.
  • Counterview: modern Linux/BSD/macOS (and current Windows) with patched services and auth can be safely exposed, at least against opportunistic attacks.
  • A minority report claims even up‑to‑date Debian servers picked up malware on the open Internet; others strongly doubt this without more detail.

Browser and application-layer risk

  • Big concern is outdated Internet Explorer and old plugins (Java applets, Flash, etc.) that used to be common infection vectors.
  • Modern hardened browsers, ad blockers, and avoiding Microsoft client apps on XP are seen as critical mitigations.
  • Some argue current web risks are more about tracking via JavaScript than classic destructive malware.

Targeting of legacy systems

  • Several suggest XP is now a low‑value target: botnets focus on newer OSes; exploit toolkits may not bother with Windows 98/XP.
  • Others reply that scanning for old OSes costs little and legacy vulns have a long tail.

Use cases, practicality, and nostalgia

  • XP still used for retro gaming, legacy hardware, and user familiarity; some refurbish and sell XP machines (often with pre‑applied updates and modern browsers).
  • Most agree XP should not be used for sensitive tasks, but is “fine” for constrained, hobbyist, or offline/behind‑NAT scenarios.