Network Security and the Vintage PC |
This has been a hot-button topic among retro-computing enthusiasts for a really, really, really long time - how safe are you putting that old computer on the internet. To be honest, while I understand the idea of "unknowns", I also understand that I.T., like music, is a BUSINESS, and business is not particularly happy we're still using our legacy ancient hardware because they want us to get rid of it all and buy the latest, and greatest new thing, including any "retro" shit they want to sell to us to appease our nostalgic appetities for old software and games.
The Most Secure Computer is... The most secure computer you can own, is ANY computer, any age, that is disconnected from any form of networking, put in a locked room, with no windows, and an un-obvious door. This is what's taught by most I.T. related college professors, Information Security people, and so on. If you are THAT concerned about security, then your best bet is, right now, disconnect your computer from the internet, disconnect your computer from your home network, put it in an unpleasant and hard to get in room somewhere, and then lock that room when you're not using it! And even then, there's no guarantee someone won't break the lock and gain access to the PC anyway, but breaking and entering is a far easier crime to prosecute than a DoS Attack (Denial of Service Attack). I know it sounds extreme, but I highly doubt anyone is going to want to use your computer in a locked up room where it smells like farts and 10 day old cool ranch Doritoes, and the hornets built a nice globular nest on the window to the room where their activities are constantly visible 24/7/365 - and they wake up as soon as you turn the light on and make it unpleasant to work in there with that constant threataning buzzing noise and rapid tapping at the glass they are trying to sting. And that goes double if the computer is a IBM 5150 with 64K RAM, Mono video, and no network card or hard disk. Ain't nobody going to hack anything with that setup, except maybe a text file at worst! To steal any critical data, it'd take at least a crowbar, two good working feet and legs, and pray tell there's no camera there watching. LOL. FUD and the Armchair Infosec Dweeb I know this is a little "immature" on how to put it, but I wanted to go off on people who have gone on internet forums to whine at us for using our old machines on the internet about what a security risk they are. I've noticed two key things in these guys.... A Failure to Explain, in Technical Terms, WHY This is a bad idea - I would totally understand and be willing to listen to any PROPER, technical, logical, scientific, whitepaper-level observation as to why this is a security risk, that makes actual technical sense that actually links up. If you could tell me what ports, how they could separate your IP address from the billions on the internet, and actually target your vintage PC and manage to gain enough control to stick a file on it that is small enough not to be noticed, then I might actually listen. The ONE time I had someone try and tell me this, it was on AtariAge (one reason I don't go there anymore) and the guy literally tried to tell me they'd put a "Bitcoin Miner" on my DOS box without me noticing....how? I'm running a sub 100MHz machine with less memory than your cell phone by x500-x1000, on a They are almost always Millennials or Younger - A lot of the whiners, the majority actually, and I'm not being ageist in the slightest here, are born in 1981 or later, and likely grew up with Windows 95 or later, which was when a lot of our cybersecurity problems began to be a huge problem - because in 1995 is really the year the "internet" became a mainstream thing, or started to catch on at least. They don't understand that a DOS system or even a Windows For Workgroups 3.11 system runs a bit differently than a Windows 95 client, and that very specific parameters on those systems need to be 100% correct, and on the actual valuable systems need to be 100% incorrect, for there to be a problem. They fail to realize I'm talking 16-bit, single user, single tasking operating systems running on single core hardware that has no OOE (out of order execution) so no Spectre, no flash BIOS, so nobody can write anything to the firmware unless they physically yank the ROM out and put a burned ROM with new malicious firmware on it onto the motherboard IN PERSON, at best a LIMITED 32-bit compatibility layer called Win32S on WFW clients that can't even run most Windows 95 apps, let alone a modern x64-oriented malware aimed at a system built within the last 10 years. They don't undertand this because the oldest version of Windows they most likely used was already a 32-bit GUI running with pieces of DOS under it, but it rarely, or never was the DOS part of Windows 95 and higher that got people in trouble - it was usually the newer parts aimed at connecvitity. TLDR - all these people know, more often than not, is Windows 95 and later. I would by totally willing to listen to someone explain to me the technical reasons why. And "if you actually knew networking you'd know why" is not an answer I will listen to, let alone believe. It's not an answer - it shows ZERO logical or scientific proof that you're right, just that you want to be right, but are not willing to put in the effort to back up your own claims. I know most of you all don't have the time to explain, but honestly, IMHO, if you don't have time to explain, then don't comment. Not everyone just posts shit on the internet and ignores it. It makes you look like a troll and like you have no mertit when you do that.So Let's Get to the Nitty Gritty First and foremost, for you meritocrats out there, I have been working in I.T. for over 20 years. I have administered a home LAN for longer than that. In that time, I've only ever had 2 machines taken down by a virus, both of which were MODERN WINDOWS CLIENTS. All caps for emphasis, not shouting. And only ONCE was anything even remotely likely my fault (holding onto an ancient hotmail account I'd had since 2001 - which got hacked, e-mailed my ex-roommate and my work supervisor from said account, and reimaging was a precautionary step, not a proven one - I also dumped the hotmail account and upgraded it to a new Outlook.com account immediatley after that incident as both were owned by Microsoft and I was hardly using my hotmail account anymore anyway). Currently, I've started studying past the A+ Certified hardware/software stuff and have been branching out into Linux, Cisco, Apple, and lots and lots of heathcare systems, many of which are far more complex than anything we're talking about on my website. Currently I administer a wired and (mostly) wireless network in my apartment that spans quite far from one single Access Point, and everything is behind a router, multiple firewalls (as my PC's sometimes have specific configurations), and all WiFi Clients utilize WPA or WPA2-PSK currently. I would disclose more, but again, another great bit of security, is OBSCURITY. And no, this does not grant any weight against my arguement above. What do I mean by obscurity. Generally, I'm a big fan of reticence on your SPECIFIC network details. IE don't give out passwords, don't give out public IP Addresses to ANYONE - most tech support won't ask for it (they have proper tools to securely connect to your machine for support, and in most cases, would already know the client anyway such as your ISP or your work I.T. Support). Don't give out your SSID to anyone you don't trust. The less a bad actor has to know about your network, the better. And one way to control that, is being careful who you give information to. Which brings me to another page of "how to be safe on a modern network (with vintage hardware)". I'll have much the same thing on the "modern" pages as well...Yourself - YOU are the Front Line Pretty much the #1 thing, more valueable than any firewall, or Virtual Private Network (VPN) - and in extremely short supply today I might add - is Common Sense! Most people today, don't have any of it, and are pretty incapable of exercising it even when they do have it because of things like Groupthink, laziness, and the popular thing to do. This is especially prevailant in modern American culture (where I'm from). This is why your job requires you to take some kind of extensive cybersecurity "training" every year! This is also why cybersecurity and security breeches are a HUGE concern these days. But this is also why the Tech industry as a whole, latches onto these severe events and then sensationalizes them into sales, often for things you don't necessarily need, and for things that may not do the thing you think they do. It seems to me, that the tech industry as a whole, while cybersecurity is important, one reason we have problems with it, is because of HOW training is executed, how advertising and the six o-clock news portray it. The frontline of it all, is you. When it comes to vintage clients, this goes DOUBLE because there's far less on the client itself to protect you. That's why I kind of consider "actual hardware" more advanced than emulation and for guys like me who understand the risks. You're less likely to hit these problems on much easier (and much more security minded) emulation, but you also don't get the joy of using REAL hardware. First thing with a Vintage computer, DONT DO ANY FINANCIAL TRANSACTIONS!!!. Present day financial transactions are possible because of secure HTML, and various security protocols running in the background that makes sure that your credit card info, pin numbers, security codes, and even your first and last name and address, are not transmitted in a way that someone can intercept the packets and obtain such information. Next thing, I also would not use such a machine for accessing anything that is vital to your livelihood or privacy - ie an e-mail address you partake in work, or personal affairs where Personal Information might be easily breechable, is very unwise. Mind you, I don't even really use e-mail on my vintage clients at all. I could, I just choose not to because there's no good e-mail client that's TLS 1.2 compliant or accepted by something like GMAIL or Yahoo! for proper use without altering security settings. I have messed with FLMAIL a bit, but to be honest, it DID require I cut off the security settings in GMAIL to a certain extent to get it working wit htheir service. It worked out of the box with Yahoo! if I recall correctly.....but I'm still a little uneasy about doing this currently. The next thing is to be aware that there very well might be things lurking under the surface that may be risky, albeit not a big one, you have to remember, these are still very old computers, with very old operating systems, and there is a certain level of caution with your activities you should be mindful of. Some of this can matter more depending on your network confguration. For example, in my case, I have a little bit of an extra layer of obscurification because of my additional Wireless hardware I've started using. While in other cases, someone might be fully visible. Routers, Firewalls, and Switches, Oh My Beware people calling about your devices |