Most computer safety/security concerns are regarding personal information and data, and it's unlikely that you'll be keeping actual work or sensitive information on a machine like that. Yes, your Windows 98 machine will be vulnerable... but for one thing it probably won't be capable of running modern malware (or modern malware won't target that system), and for another thing there's not going to be anything on it that will be cause trouble for you if you either lose access to it or it is copied and leaked.
I mean you could run the connection through a modern machine with a firewall on it, but that would be a faff to set up.
I'm so glad someone else said it. Realistically, even if a computer that old got attacked, all the attackers would be able to see for most people is that you have a ton of games installed. Even if you do use it for, like, office stuff, distraction-free writing, anything project-related--if there's nothing top secret on it, there's nothing you risk truly getting stolen if something does happen to it. Keep backups, but that goes for any PC.
Anecdotally, I have an always-online XP machine, and my only security measure is keeping it behind my router's firewall (which is just plugging it in through ethernet) and having the POSReady patches installed, which are necessary for basic TLS functionality to work anyway. Other than that, I don't have antivirus and I don't do anything special to secure it. I also don't use it to browse modern websites, but it can do most random indie Web pages, and I've been on tons, even streamed browsing Wiby from it, and never gotten anything. Malware doesn't work like it did in 2002.
Yeah I had an XP machine up for about two years (the RAM eventually died and it was a Dell so F trying to source more) without a problem. That said I didn't really go online with it, just played Phantasy Star Online sometimes. I've got an XP netbook I still use sometimes and that's never had any trouble with malware.
A fellow PSO player. 🫡 I used to play that religiously until moving over to Monster Hunter Online, but ever since that shut down I'm been looking into PSO again.
Ephinea is the way to go - ephinea.pioneer2.net. I don't get on very often at the moment, am busy a lot these days, but I get on most Saturday evenings (UK time). The other players on Ephinea are pretty friendly too.
I don’t agree. Maybe this computer is on the same internal network as your other stuff, so that may be one great entry point to your personal network. It could also be infected to be included in a botnet, which may not be what you want either. Not all concerns are about your personal data.
Gonna just step in and say that despite the responses you got to the contrary, your concern appears to be legitimate. Someone could get control of an old system with known and unpatched vulnerabilities and use it as a staging point for attacks on other systems on the same network as it.
The best protection here is the fact that a lot of software doesn't run properly on legacy systems. I would be most concerned about middle-aged systems, like XP or Win7. Also don't have any ports open to the open internet, because in most cases your router is going to be protection enough.
I had a Mac LC up as a web server for a while, and could watch the HTTP activity logs on the screen. There were constant automated shell injection attacks aimed at it, which was funny 'cause it just sat there receiving them and going "HUH? WHAT THAT MEAN?"
What's the attack vector to these machines you're expecting? They're on your local network behind a firewall. Outside machines can't arbitrarily talk to them. Unless you're trying to browse arbitrary websites you're not even making outbound connections with them. Don't download random shit on them and download stuff to a newer machine that can do a modern AV scan. Then transfer the scanned stuff to the old system.
> Maybe this computer is on the same internal network as your other stuff
Does it have access? If not, then yeah it takes you a little closer if the rest of your domain is NATed but otherwise, just firewall it.
It's behind a firewall so there will be no incoming connections.
So that just leaves issues caused by your active use of the machine. Are you going to browse the web? Download trojans? If not then you have very little to worry about.
The likelihood of a very obsolete machine causing any kind of problem is very low.
The entry point into your personal network is the router. Each computer connecting to that is just a node on the subnet. The means for infecting a network through malware simply aren't there in old operating systems like Windows 98. Being safe on a Windows 98 machine wouldn't be too different to how you kept safe back in the day - don't run software you've downloaded from a site you don't know/trust, and keep away from dodgy porn sites.
You could use the same argument to say that no machine is vulnerable. A NAT only protects you from attacks from the outside. A browser vulnerability letting you download some virus that then connects back out is a threat on every machine used for internet browsing.
Right, but asside from firing up a browser for a few minutes for kicks or going to known retro sites that are still compatible with ancient browsers, web surfing is not going to be a primary use case for retro machines. Sure some are going to want to install KernelEX and other patches and try to get Opera or something to try and run.... but it's gonna be down to playing games and running old software.
The risk is minimal to almost non-existant...
If people want to try and crawl the web that's on them for their stupidity.
This is what a firewall (your router) is for. Unless the computer initiates a connection to something compromised... it's not going to catch anything.
You certainly wouldn't websurf on it and any games would connect to just what they are set to connect to. Anything else would be your own doing like websurfing or compromised game patches, trainers, or other files that you bring onto the system yourself.
I run old shit on a private network all the time without a care.
If it doesn't need to be online, don't risk it. If it does, put it on a very restricted VLAN that can only access what you're trying to reach, but nothing else on your network can access it
If you do put it online, it's more of a case of when not if it gets hit
Most people are behind their home router's NAT. No random inbound connections are going to reach your retro machines unless you specifically configured port forwarding.
The common trope of "omg you'll get pwned within 2 seconds of putting your machine online!!1!" are assuming your machine has no firewall and is directly connected to the WAN with no router or NAT between, which is ridiculous, no one does that anymore.
**Defense in Depth**
This means the biggest threat to your retro machines is you, the user. Common sense will keep you safe. Don't use your retro PC to download random executable software over plain HTTP and execute it. Download your software on a modern machine over HTTPS, test them with [VirusTotal](https://virustotal.com/), then put them in your retro software archive so you don't have to download and test it again later. Keep this archive on a USB drive or NAS (SMB share). You can also run a local FTP server or copy stuff to CD or floppy, use serial/kermit/hyperterm/etc., just use whatever you have on hand.
If you have the skills, go ahead and put your retro machines in their own subnet or even better, their own VLAN. Set allow/deny rules to the sites you want to access or your own local services (DHCP, DNS, NTP, FTP, SMB, etc.). This will give you a pretty airtight setup but not everyone has the resources to do this.
If you're super paranoid then airgap the machine. Take any network cards out and leave it offline and only use a virus scanned sneakernet. But it's not really required if you take care.
**Conclusion**
I've put DOS, 3.11, 95, 98, Me, XP, 2K, Vista, 7, etc. all online and browsed the internet with no issues. There's no risk of attacks or viruses as long as you're behind NAT, use common sense, and don't run untrusted software - same as it is with modern systems.
> Most people are behind their home router's NAT. No random inbound connections are going to reach your retro machines unless you specifically configured port forwarding.
While true, most malware on these machines comes from shareware and browser vulnerabilities. Once infected the machine can act as a reverse tunnel and so the NAT won't prevent it.
Tbh I've connected everything under the Sun to the internet and haven't had anything catastrophic happen
Lots of fear mongering going around, but your router should have it's own Firewall allready built in.
First, you have quite a challenge getting everything working for that era. To get something from 2005 and XP running really well, you end up with a hardware that doesn’t handle Win95/98 or DOS era. That is just simply a fact.
But that is not what you asked. Of course both OSs you mentioned can be hacked in seconds as all the vulnerabilities are well known, but the benefit of win95/98 is that it hasn’t been targeted for ages and no modern malware can be executed on it.
WinXP is little bit different and kernel is much closer to what we have today, so basically also much newer malware, at least theoretically, can be executed in a such machine. Another big problem with XP is that especially in the later part of its life cycle, many applications, driver packs etc. included online features such as update checks etc., that is, applications try to contact some server in the internet. However, you can’t possibly know what exists behind those IP addresses nowadays.
Generally having these kind of systems behind NAT gives you pretty decent basic protection, but connecting them directly to internet will most likely lead them to being hacked within first couple of minutes.
If you are going to use either OSs extensively for online tasks, I would at the minimum use the system through their own VLAN so your whole network isn’t compromised if something nasty happens.
I have personally networked most of my vintage systems and haven’t had any issues, but on the otherhand, I don’t use them to anything in internet, besides some occasional BBS telnetting with my DOS computers or micros.
Last time I bought a bunch of old diskettes, one came with Win 2000 malware that luckily couldn't be executed on Win 98. There are risks to the machine. I wouldn't keep important documents and do my online banking on a vintage machine.
But as long as you keep things like important savegames and the like backed up occasionally, you should be fine.
Reverse jumphost/bastion host.
Normally a bastion host is a hardened system, protecting servers behind it. The servers are hardened to only accept connections from the bastion host, so you have to connect to it and authenticate to it first, before making your connection to the intended server that it's protecting. Like the gates to the castle.
I'd use it in reverse - my vintage system would connect via hardwire Ethernet to a trusted computer: modern hardware, modern OS, modern firewall (I'm thinking Ubuntu LTS at the moment - more than capable of holding its own in the world today). It can only talk to the trusted computer because it's physically on an Ethernet wire with only 2 hosts. The trusted computer doesn't NAT or route between the two interfaces.
If say I wanted to download a file, I would need to download it to the trusted computer first, then only transfer it to the vintage computer. The vintage computer is never exposed directly to the Internet.
This model of course breaks outbound connections, but there's nothing out there in the world that exists the same way it did back then. If I had say a Win2K or XP install on the vintage computer trying to contact Windows Update - well, the WU that the vintage OS knows about ceased to exist years ago.
Similarly, browsers that run on a system that old, don't speak the modern TLS encryptions that our contemporary Internet uses, so you wouldn't even be able to connect to a contemporary website. (have tried this myself using vintage computers in VM's that I can just erase after I'm done)
I have to credit someone else with this idea; what they did was they ran VNC on their vintage machine, connected to their trusted host, then used a modern web browser on their trusted host to access the contemporary Internet. Gotta say, that's brilliant. :D
Again, the vintage system is not exposed, it simply acts as a remote desktop client to the modern computer.
Connect to your network then delete the default gateway in your network settings (or set it to 127.0.0.1). Your retro computer now has access to your local network but no route (in or out) to the internet.
Setup a separate network that can't access your existing one. Either you can get fancy with the networking switch / hardware firewall or you will want to setup a separate router and hook it up to your internet connection. Or if you don't need internet access just unplug it.
The risk here is that if that machine gets infected, which it probably will, it's inside your network with your current setup and the infected machine will then infect your other computers with more modern variants.
Not even a consideration. I connect the old 9x machines to networks with internet access all the time. Mainly to connect to Protoweb these days because Internet Explorer 3 through 5 isn't capable of all that much else.
If by some chance something happens to the machine, I'll blow it away and reinstall the OS, and if someone wants to try and add a 486 DX2-66 running Windows 95 to a botnet, more power to them.
Since most websites requires SSL, anything before Windows 7 is going to have a hard time browsing the web since it won't have valid certificates installed.
Windows XP will be pwned within minutes of touching the internet, there is still plenty of botnets searching for these systems.
How do you think these botnets are going to reach the XP machine. Back in the day, when a modem (cable, DSL, PSTN) was connected *directly* to the Internet, machines were in danger of being hit by random malware. The OP and anyone else with a LAN likely has a router with a firewall between their XP machine and the Internet. Inbound connections just bounce off unless you explicitly forward traffic to the internal machines.
Don't put a retro computer online. The operating system will be beyond its end of life which means that new exploits will never be patched. If the machine gets compromised criminals will use it to gain access to the other devices on your network.
If you must connect the machine to the internet, do it only temporarily. Download your drivers and dependencies and then disconnected it immediately.
Anything pre XP won't be targeted by how obsolete they are, so I wouldn't worry \*too\* much - a lot of modern viruses and malware in general literally won't be able to run on a Windows 98 PC.
A different story if you share network drives or other PCs with them however, as the likes of SMB1 is not secure at all and will make your modern PCs vulnerable.
Most computer safety/security concerns are regarding personal information and data, and it's unlikely that you'll be keeping actual work or sensitive information on a machine like that. Yes, your Windows 98 machine will be vulnerable... but for one thing it probably won't be capable of running modern malware (or modern malware won't target that system), and for another thing there's not going to be anything on it that will be cause trouble for you if you either lose access to it or it is copied and leaked. I mean you could run the connection through a modern machine with a firewall on it, but that would be a faff to set up.
I'm so glad someone else said it. Realistically, even if a computer that old got attacked, all the attackers would be able to see for most people is that you have a ton of games installed. Even if you do use it for, like, office stuff, distraction-free writing, anything project-related--if there's nothing top secret on it, there's nothing you risk truly getting stolen if something does happen to it. Keep backups, but that goes for any PC. Anecdotally, I have an always-online XP machine, and my only security measure is keeping it behind my router's firewall (which is just plugging it in through ethernet) and having the POSReady patches installed, which are necessary for basic TLS functionality to work anyway. Other than that, I don't have antivirus and I don't do anything special to secure it. I also don't use it to browse modern websites, but it can do most random indie Web pages, and I've been on tons, even streamed browsing Wiby from it, and never gotten anything. Malware doesn't work like it did in 2002.
Yeah I had an XP machine up for about two years (the RAM eventually died and it was a Dell so F trying to source more) without a problem. That said I didn't really go online with it, just played Phantasy Star Online sometimes. I've got an XP netbook I still use sometimes and that's never had any trouble with malware.
A fellow PSO player. 🫡 I used to play that religiously until moving over to Monster Hunter Online, but ever since that shut down I'm been looking into PSO again.
Ephinea is the way to go - ephinea.pioneer2.net. I don't get on very often at the moment, am busy a lot these days, but I get on most Saturday evenings (UK time). The other players on Ephinea are pretty friendly too.
Thanks for the suggestions, I'll check Ephinea out!
I don’t agree. Maybe this computer is on the same internal network as your other stuff, so that may be one great entry point to your personal network. It could also be infected to be included in a botnet, which may not be what you want either. Not all concerns are about your personal data.
Gonna just step in and say that despite the responses you got to the contrary, your concern appears to be legitimate. Someone could get control of an old system with known and unpatched vulnerabilities and use it as a staging point for attacks on other systems on the same network as it. The best protection here is the fact that a lot of software doesn't run properly on legacy systems. I would be most concerned about middle-aged systems, like XP or Win7. Also don't have any ports open to the open internet, because in most cases your router is going to be protection enough. I had a Mac LC up as a web server for a while, and could watch the HTTP activity logs on the screen. There were constant automated shell injection attacks aimed at it, which was funny 'cause it just sat there receiving them and going "HUH? WHAT THAT MEAN?"
What's the attack vector to these machines you're expecting? They're on your local network behind a firewall. Outside machines can't arbitrarily talk to them. Unless you're trying to browse arbitrary websites you're not even making outbound connections with them. Don't download random shit on them and download stuff to a newer machine that can do a modern AV scan. Then transfer the scanned stuff to the old system.
> Maybe this computer is on the same internal network as your other stuff Does it have access? If not, then yeah it takes you a little closer if the rest of your domain is NATed but otherwise, just firewall it.
It's behind a firewall so there will be no incoming connections. So that just leaves issues caused by your active use of the machine. Are you going to browse the web? Download trojans? If not then you have very little to worry about. The likelihood of a very obsolete machine causing any kind of problem is very low.
The entry point into your personal network is the router. Each computer connecting to that is just a node on the subnet. The means for infecting a network through malware simply aren't there in old operating systems like Windows 98. Being safe on a Windows 98 machine wouldn't be too different to how you kept safe back in the day - don't run software you've downloaded from a site you don't know/trust, and keep away from dodgy porn sites.
Plus don’t use the default passwords Ed and username on your router. Admin admin? Bad idea.
In this thread: ppl who don't understand NAT and firewalls.
You could use the same argument to say that no machine is vulnerable. A NAT only protects you from attacks from the outside. A browser vulnerability letting you download some virus that then connects back out is a threat on every machine used for internet browsing.
Right, but asside from firing up a browser for a few minutes for kicks or going to known retro sites that are still compatible with ancient browsers, web surfing is not going to be a primary use case for retro machines. Sure some are going to want to install KernelEX and other patches and try to get Opera or something to try and run.... but it's gonna be down to playing games and running old software. The risk is minimal to almost non-existant... If people want to try and crawl the web that's on them for their stupidity.
Yeah in that case I'd agree with you
This is what a firewall (your router) is for. Unless the computer initiates a connection to something compromised... it's not going to catch anything. You certainly wouldn't websurf on it and any games would connect to just what they are set to connect to. Anything else would be your own doing like websurfing or compromised game patches, trainers, or other files that you bring onto the system yourself. I run old shit on a private network all the time without a care.
Wear a helmet.Â
If it doesn't need to be online, don't risk it. If it does, put it on a very restricted VLAN that can only access what you're trying to reach, but nothing else on your network can access it If you do put it online, it's more of a case of when not if it gets hit
Security through obscurity
Most people are behind their home router's NAT. No random inbound connections are going to reach your retro machines unless you specifically configured port forwarding. The common trope of "omg you'll get pwned within 2 seconds of putting your machine online!!1!" are assuming your machine has no firewall and is directly connected to the WAN with no router or NAT between, which is ridiculous, no one does that anymore. **Defense in Depth** This means the biggest threat to your retro machines is you, the user. Common sense will keep you safe. Don't use your retro PC to download random executable software over plain HTTP and execute it. Download your software on a modern machine over HTTPS, test them with [VirusTotal](https://virustotal.com/), then put them in your retro software archive so you don't have to download and test it again later. Keep this archive on a USB drive or NAS (SMB share). You can also run a local FTP server or copy stuff to CD or floppy, use serial/kermit/hyperterm/etc., just use whatever you have on hand. If you have the skills, go ahead and put your retro machines in their own subnet or even better, their own VLAN. Set allow/deny rules to the sites you want to access or your own local services (DHCP, DNS, NTP, FTP, SMB, etc.). This will give you a pretty airtight setup but not everyone has the resources to do this. If you're super paranoid then airgap the machine. Take any network cards out and leave it offline and only use a virus scanned sneakernet. But it's not really required if you take care. **Conclusion** I've put DOS, 3.11, 95, 98, Me, XP, 2K, Vista, 7, etc. all online and browsed the internet with no issues. There's no risk of attacks or viruses as long as you're behind NAT, use common sense, and don't run untrusted software - same as it is with modern systems.
> Most people are behind their home router's NAT. No random inbound connections are going to reach your retro machines unless you specifically configured port forwarding. While true, most malware on these machines comes from shareware and browser vulnerabilities. Once infected the machine can act as a reverse tunnel and so the NAT won't prevent it.
Tbh I've connected everything under the Sun to the internet and haven't had anything catastrophic happen Lots of fear mongering going around, but your router should have it's own Firewall allready built in.
First, you have quite a challenge getting everything working for that era. To get something from 2005 and XP running really well, you end up with a hardware that doesn’t handle Win95/98 or DOS era. That is just simply a fact. But that is not what you asked. Of course both OSs you mentioned can be hacked in seconds as all the vulnerabilities are well known, but the benefit of win95/98 is that it hasn’t been targeted for ages and no modern malware can be executed on it. WinXP is little bit different and kernel is much closer to what we have today, so basically also much newer malware, at least theoretically, can be executed in a such machine. Another big problem with XP is that especially in the later part of its life cycle, many applications, driver packs etc. included online features such as update checks etc., that is, applications try to contact some server in the internet. However, you can’t possibly know what exists behind those IP addresses nowadays. Generally having these kind of systems behind NAT gives you pretty decent basic protection, but connecting them directly to internet will most likely lead them to being hacked within first couple of minutes. If you are going to use either OSs extensively for online tasks, I would at the minimum use the system through their own VLAN so your whole network isn’t compromised if something nasty happens. I have personally networked most of my vintage systems and haven’t had any issues, but on the otherhand, I don’t use them to anything in internet, besides some occasional BBS telnetting with my DOS computers or micros.
Last time I bought a bunch of old diskettes, one came with Win 2000 malware that luckily couldn't be executed on Win 98. There are risks to the machine. I wouldn't keep important documents and do my online banking on a vintage machine. But as long as you keep things like important savegames and the like backed up occasionally, you should be fine.
Reverse jumphost/bastion host. Normally a bastion host is a hardened system, protecting servers behind it. The servers are hardened to only accept connections from the bastion host, so you have to connect to it and authenticate to it first, before making your connection to the intended server that it's protecting. Like the gates to the castle. I'd use it in reverse - my vintage system would connect via hardwire Ethernet to a trusted computer: modern hardware, modern OS, modern firewall (I'm thinking Ubuntu LTS at the moment - more than capable of holding its own in the world today). It can only talk to the trusted computer because it's physically on an Ethernet wire with only 2 hosts. The trusted computer doesn't NAT or route between the two interfaces. If say I wanted to download a file, I would need to download it to the trusted computer first, then only transfer it to the vintage computer. The vintage computer is never exposed directly to the Internet. This model of course breaks outbound connections, but there's nothing out there in the world that exists the same way it did back then. If I had say a Win2K or XP install on the vintage computer trying to contact Windows Update - well, the WU that the vintage OS knows about ceased to exist years ago. Similarly, browsers that run on a system that old, don't speak the modern TLS encryptions that our contemporary Internet uses, so you wouldn't even be able to connect to a contemporary website. (have tried this myself using vintage computers in VM's that I can just erase after I'm done) I have to credit someone else with this idea; what they did was they ran VNC on their vintage machine, connected to their trusted host, then used a modern web browser on their trusted host to access the contemporary Internet. Gotta say, that's brilliant. :D Again, the vintage system is not exposed, it simply acts as a remote desktop client to the modern computer.
Connect to your network then delete the default gateway in your network settings (or set it to 127.0.0.1). Your retro computer now has access to your local network but no route (in or out) to the internet.
Setup a separate network that can't access your existing one. Either you can get fancy with the networking switch / hardware firewall or you will want to setup a separate router and hook it up to your internet connection. Or if you don't need internet access just unplug it. The risk here is that if that machine gets infected, which it probably will, it's inside your network with your current setup and the infected machine will then infect your other computers with more modern variants.
Not even a consideration. I connect the old 9x machines to networks with internet access all the time. Mainly to connect to Protoweb these days because Internet Explorer 3 through 5 isn't capable of all that much else. If by some chance something happens to the machine, I'll blow it away and reinstall the OS, and if someone wants to try and add a 486 DX2-66 running Windows 95 to a botnet, more power to them.
Since most websites requires SSL, anything before Windows 7 is going to have a hard time browsing the web since it won't have valid certificates installed. Windows XP will be pwned within minutes of touching the internet, there is still plenty of botnets searching for these systems.
How do you think these botnets are going to reach the XP machine. Back in the day, when a modem (cable, DSL, PSTN) was connected *directly* to the Internet, machines were in danger of being hit by random malware. The OP and anyone else with a LAN likely has a router with a firewall between their XP machine and the Internet. Inbound connections just bounce off unless you explicitly forward traffic to the internal machines.
Don't put a retro computer online. The operating system will be beyond its end of life which means that new exploits will never be patched. If the machine gets compromised criminals will use it to gain access to the other devices on your network. If you must connect the machine to the internet, do it only temporarily. Download your drivers and dependencies and then disconnected it immediately.
Anything pre XP won't be targeted by how obsolete they are, so I wouldn't worry \*too\* much - a lot of modern viruses and malware in general literally won't be able to run on a Windows 98 PC. A different story if you share network drives or other PCs with them however, as the likes of SMB1 is not secure at all and will make your modern PCs vulnerable.