I decided to load up my old Compaq nx9010 with it's single core Celeron CPU and DDR ram. It immediately connected to the internet on it's own. I must've been doing something on it a few years ago lol. I wont make a habit of this due to the obvious security risks. But it is a nice blast from the past. What OS do you currently use?

Which browser and what version did you used?

It looks like he used MyPal, a Gecko-based browser. I usually use Supermium, which is chromium based and updated more frequently.

I'm currently browsing on a Windows 7 Ultimate computer. It was built in 2006 and has 12GB of DDR3 RAM, a 2TB mechanical and a 256 GB solid state drive, a blu-ray drive (which I added), an Nvidia Quadro K4200 GPU (a fairly powerful unit), and a 64-bit 4-core 8-thread Intel Xeon CPU. Yeah, quite the beast back in the day. And I bought it for $20 last year.

As for security risks, most antivirus programs still run on Windows 7, and there are even some that will still run on XP.

Running Windows 10 with extended support patched for a few more years. I don't like Windows 11 and the direction that Microsoft is taking it. I considered Linux but a few of my important programs are Windows only. I built my computer fairly recently so older versions of Windows weren't fully compatible with it. 

The good thing seen here immediately is that Lighting Gallery website itself is very well built. It is simple and easy on resources, without any dreaded "user experience", and works just the same as it does today



Viruses are foreign software which must arrive on the computer and be executed

Most of the time this happens through user action, ie. the user brings in and opens the stuff. So just not being an idiot prevents a big part of the problem in the first place

With the user out of the way, the rest of the threat is with defects in the normal software already existing on the computer, which would allow it to be hijacked (for example, into downloading and running all sorts of malware, viruses being one of them)

So, the problem is not the viruses (they are a consequence) but the possibility of he system getting hijacked to begin with



In the distant past, "basic" software and OSes were too dumb to have significant security threats facing outside through the network

If you install a fresh copy of Windows 95 and dont enable file/printer sharing, it probably won't have any listening ports by default

If you install a web browser from 1995, it probably doesn't support anything more than basic HTML rendering - No Javascrpt, no ActiveX, etc. The most that can happen is probably it running out of memory trying to load a big page, or failing to load a page altogether



Then things started becoming "smarter", opening new ways for things to be abused

Like the code execution from JPEG images in Windows 98. For the threat to materialize, the images would have to be downloaded to the computer and viewed with Windows explorer. So a possible way to catch anything could be to surf to a website serving such image, and going with Windows explorer to C:/Windows/Temp or the like before its contents are cleared



Windows XP is newer than that

It does have some default OS services interacting with the internet, each of which could have an open security defect

Web browsers used with it (which is anything from IE5 to browsers of ~2014) have complicated code execution mechanisms, which generally aim to execute the code only within the scope of the web page, but actual limits were anything from non existent (ActiveX) to badly flawed (Javascript, ...)

During the product's supported life, such issues are corrected once they are found (maybe or maybe not fast enough), so while the risks keep existing and growing (due to growing complexity of everything), there is an active effort to fix discovered holes

Once the service ends, new holes are still discovered but no longer fixed. Most of those holes are well abused already



New versions of Windows and web browsers are much worse than this in terms of raw possibilities of existence of threats

They are much more complicated, which creates more places where defects may exist. Modern web browsers have so complicated and capable JS engines that they require sandboxing just to keep the code running inside from accessing the system (if the engines would simply not implement anything besides some basic changes to the web page display, this would not be an issue)

Even with sandboxing, they are capable of running code which can abuse side channel attacks like spectre and meltdown. Again, probably would be much less of an issue with a JS engine which does not implement so much functionality (all of which isn't even needed for any proper websites, only for some extreme "user experience" stuff)

The OS itself has lots of services which interact with the "cloud". Some of which explicit purpose is to download and execute additional software on the computer

The only reason why this is considered safe is because the effort to fix everything by the software providers is ongoing. Once this system falls behind, it will become much more dangerous and much faster than e.g. Windows XP abandoned for the same period of time



In short, being mindful in general as a user, and closing system services which have an attack surface (possibly with the aid of a firewall), go a long way in securing a system

Existence of antivirus is not a significant measurement of how secure the system is



I'm on Linux since ca 2003

In terms of security of Linux (with everything running on top of it in a fairly standard desktop install) vs. the described systems above - Linux is on the complex side as a system, and the web browsers are pretty much the same as in other OSes. However, it has much better ability to configure it to reduce attack surfaces

Also, current and up to date versions run well on aging hardware. I have multiple systems running well on Core 2 Duos, and only a few years ago had some running on Pentium 4's, few of which may still be brought back to use as i expand my workshop

(Though right now in front of me i have a pile of just a few year old Lenovo and HP desktops, perfectly capable of any average use, that i saved from scrap - they headed there just because of Windows 11 TPM alola. Which have nothing at all to do with security in the normal sense)

Yes, I currently don't have an antivirus, I just didn't want to explain all that.

It seems like today most people's gut reflex is that the second an OS falls out of support it will be all full of trojans and malware and won't be safe to use anymore. In reality, out of support OSes quickly lose market share and thus become a less-desirable target for hackers. Most programs won't even run on W7 and XP anymore!

Yes, I currently don't have an antivirus, I just didn't want to explain all that.

It seems like today most people's gut reflex is that the second an OS falls out of support it will be all full of trojans and malware and won't be safe to use anymore. In reality, out of support OSes quickly lose market share and thus become a less-desirable target for hackers. Most programs won't even run on W7 and XP anymore!

Actually, the "the second an OS falls out of support" is fairly correct for Windows, and will become more and more correct for each newer Windows version that is dropped out of support. XP may not be as bad / become bad as quickly as 10 or 11 when each of them becomes unsupported, but it is bad enough to expect it to be hijacked at some point if it remains connected to unrestricted internet

The market share may be declining, but you can't deny that the remaining share is "delicious", and only becomes better with age like old wine. Consider who it may consist of :

 - Home users with zero information protection skills or capabilities, which become easy targets for credit card thefts and plain scamming

 - Businesses which also fail in all other information protection duties like backups and securing their systems and become easy targets for ransomware attacks

 - Unattended systems which are an easy free proxy for performing attacks on other (not necessarily unsupported) systems

Finally, maybe new threats to the system are becoming less common, but this does not mean that all the threats already existing (and from which the system is not getting protected anymore) disappear from all over the internet overnight...