Ask Slashdot: Can You Use an Unsafe Computer Safely? - Slashdot

Posted by EditorDavid

• • Re: Yeppers.

    Bah, Linux is a semi-truck, Windows is a car, but TempleOS is a damned motorcycle. Be free, ride the wings of the wind!

• ›

  monitoring software, sometimes outside the OS like Intel's PC management (vPro) make trusting systems impossible. You can not be sure.

  • Re:

    Meh I wouldn't count on monitoring software. And how you secure systems like these really depends on what they're being used for, and the person who posted this gave no hints of that.

    While you want to prevent a security breach, in general that's impossible, but for these systems you've got even more working against you than typical. In general, keep them isolated so that it's impossible for it to communicate with other devices on the network except for the other ones they MUST communicate with, and then ens

  • No concerns on my air-gapped Commodore 64

    Go ahead, try and find enough capacity on an 8-bit 6502/6510 to run useful malware on top of whatever retro game someone wants to play. Or good luck recovering useful data from keylogging Space Invaders.

• There are two parts to protecting an old system. Optimally you would want to isolate it from the internet completely, LAN access only with ports and subnets filtered by network hardware. But from your question it sounds like you're just talking about using an old XP computer at home or something.

  Obviously you could install linux, but if you wanted to keep Windows you'd need to make sure you weren't connecting it directly to the internet since you need a firewall to filter the dangerous port-specific remote exploits. The second danger is just your own browsing activity, and for that you'd want to strictly filter your website usage, a good antivirus will help with that but your first line of defense should be a browser with the scripting relatively locked down except on trusted sites using something like noscript, pair it with a good adblocker for extra security.

  That won't protect you 100% since there's always the possibility of a rogue script on a trusted site, but it's about the best you'll do while still having decent usability of the PC.

• you can definitely use a âoesafeâ computer unsafely (your word).

• So much depends on the operator that what software/OS the computer is running is far less important than having a knowledgeable operator. Even the most modern computers with the most modern software/OS is unsafe in the hands of many.

  • Re:

    pffft. Just get some of those finger sized condoms and you're totally safe.

• uMatrix/nuTensor, and block everything by default. Only selectively turn things on if you trust the website, and need a feature to work.

  That should protect from most of the javascript stuff.

• What are you protecting, the computer or yourself? If yourself, then I'd think it's very hard, due to keyloggers and who know what else that might be running on them.

  If it's the machine (in a "known good" state), then I think you can mitigate risks a lot. The concept of whitelisting comes to mind, and not only when it comes to the internet.

  For internet connection, you can possibly put a device between the machine and the web. You can then whitelist sites, ports, services, protocols, etc., and this way you c

• If you're using said computer (windowsills through 8 and old Linux) on the net with a browser, email, maybe some games or whatever that people typically do online, no.

  Most likely situation is your browser runs a browser zero day which won't impact a patched machine will nail an older client.

  I wouldn't do it. In fact, my windows 7 machine is rock solid and super custom but I won't put it online anymore. Pretty much the same as your situation.

  If you have the money, I'd suggest getting your spouse a laptop+m

  • Re:

    Using older OS'es is safe if you keep it offline and only allow trusted users physical access to it.

    I would never put an unsupported/unpatched system on the Internet, though. Replacement hardware is cheap nowadays, so it really isn't worth the risk.

  • Re:

    I'd upgrade it to Windows 10...

• If the computer has a keylogger (software or hardware) then it's going to be next to impossible to do something like
  type in a credit card without it being logged even if you install a virtual machine.
  If you are talking browsing the web, then it doesn't really matter.
  If you are worried about your local network then isolate it and you are basically back to coffee shop style of network.
  If you are logging into a banking portal and you have 2FA, then they will have your password but won't be able to do much with

• XP? No.

  Windows 10? Sure, why not? Just because Microsoft announces "end of support" doesn't mean it stops working. There's still plenty of Windows 7 machines out there and Windows 10 will be around even longer because Microsoft refuses to provide a version of Windows 11 that will work on some CPUs.

  (it's not for any technical reason so maybe they'll relent as the Windows 10 deadline approaches at the end of 2025)

  • Re:

    PS: Windows 10 market share is currently rising, not falling.

    https://www.ghacks.net/2023/03... [ghacks.net]

• What are you using it for? I have a Windows 7 install that is just for gaming and I don't have anything on the computer that is remotely important. I suppose it could leave my Steam installation vulnerable to hacking but um, yeah that's not even important. I do however unplug the Linux hard before booting into Windows and vice versa, the idea being a hard drive not connected isn't going to be able to interact with the out of date OS.

  Also worth noting, I don't even have a home network setup anymore. I just u

  • Re:

    Just make sure you have a recovery disk image handy to minimize downtime.

• Browsing unsafe websites? Word processing? Accounting? Drawing?

  "Unsafe" computers are totally safe for plenty of things. You don't have to be on the internet doing things that expose you to hackers. Unless that's the only thing you think computers are good for...

• EOL on large automated capital equipment is longer than the EOL of any OS, so many industrial facilities still have a few XP boxes running something or other.
  I physically remove all network capability on those machines. They need something, they get a USB stick

• The only thing you can do is minimize risk. Think of the past vulnerabilities that were known but went unpatched, and widely used. Flash, Active X, Windows Metafile code execution vulnerabilities, Encapsulated Post Script code execution vulnerabilities, just about every sandbox or virtual machine has been broken.

  If you are going to connect your computer to the net, it will become unsafe.

  Now you can use your unsafe computer in a manner that minimizes risk.
  1. Don't connect it to the net. I have an old pentium

• Its a dumb question because its asking one question but the followup is a different question.
  "Can You Use an Unsafe Computer Safely?" should have been "Ask Slashdot: Can You Use an Unsafe Computer Safely on the internet?"

  I have a "trip laptop" where it has the independent games I want, documents, and text editors. Internet and USB is disabled.
  Very usable for the purpose intended.

• What a fucking stupid question. "Use an unsafe computer safely?" No, by definition. Use an old computer/OS on the Internet safely, maybe. But if you're asking the question, then you probably can't. Use an old computer/OS locally, sure.

• Let's prompt the supercomputer, shall we?

  A: Hello, hacker extraordinaire, Zero Cool here! I come to you, your eminence, seeking your sage wisdom. Please, tell us how we can run an old computer safely on a network. Since we made this town, that is to say, we define the parameters of the network, we aren’t constrained by the inherent trustworthiness of the traditional internet. How could we accomplish this feat?

  • Re:

    ChatGPT: Greetings Zero Cool, it's great to assist you! Running an old computer safely on a network can be challenging, especially if the computer's operating system or software is outdated and no longer receives security updates. However, there are several steps you can take to minimize the risks and make the computer as safe as possible.

    Here are some recommendations:

    1. Isolate the computer: The safest way to run an old computer on a network is to isolate it from the rest of the network. You can do thi

    • Re:

      A: Design a new protocol, based on tcp/ip, that requires trust established prior to any further communication.

      • Re:

        ChatGPT:

        Sure, I can help you design a new protocol that requires trust to be established prior to any further communication. Here's a possible solution:

        1. Handshake Phase: In this phase, the client initiates a connection to the server, and the server responds with a challenge message. The challenge message contains a random number generated by the server, along with a timestamp.

        2. Authentication Phase: The client must generate an authentication token using a secure hash function, using the challenge m

        • Re:

          A: Write a checklist for the code required to implement this protocol.

          • Re:

            ChatGPT: Certainly, here's a checklist for the code required to implement the protocol described in my previous answer:

            1. Handshake Phase: * Define a server socket that listens for incoming connections. * Define a client socket that initiates a connection to the server. * Implement a function on the server that generates a random challenge message containing a timestamp and a random number. * Implement a function on the client that sends a connection request to the server and waits for a challenge message

• Unless you know it is a new installation, how do you know it is not already compromised ?

  If you are willing to newly install it, eg. to support some old software that MUST have the old OS for some weird reason, then maybe you can make it safer by running it in a VM, and periodically blow it away and restart from a saved copy of the VM. That will at least clear out any viruses or whatever but you'll never be able to trust it

  You might consider using something like deepfreeze from faronics to at least allow th

• Sure you can, but it all depends what you're using it for. If you think you're going to be using it as a general-purpose desktop and browsing the web, no chance. However if you're using it as a server for a single purpose, it's perfectly possible to lock it down and isolate the potentially vulnerable machine from virtually all attack vectors.

  Windows 11's forced obsolescence is another matter. I'm sorry to say that Microsoft is forcing you to upgrade your equipment if you want to continue to use their softwa

• Will the computer access the internet? If not, you could isolate it and build a modern secure proxy around it. For example running in machine working as a proxy.

  If it will, you may by only letting it access an outgoing proxy that reinterprets output messages and issues them from a safe endpoint.

  But it will be an awful lot of work.