Safe to take XP without any SPs online?

[soumyasch]

My comment "No you can't get a virus from having an idle computer running. That's BS.", was meant towards running the PC and updating it while connected to the internet. Not visiting thousands of websites that are shady and then leaving it idle.

The worm doesn't come from the remote web server, but other compromised PCs on the same network. Pre-SP2, the firewall isn't on by default; couple that with known vulnerabilities in network-facing services and IP-scanning worms have a free lunch.

[ehlo]

http://en.wikipedia.org/wiki/Blaster_%28computer_worm%29

get your facts straight buddy :rolleyes:

If you're behind a hardware firewall, you should be immune to this

[hdood]

The issue with XP pre-SP2 was that the firewall didn't activate at the same time as the network connection, so there was a delay between network-on and firewall-on. This left a window of opportunity for the IP scanning worms to get in.

There was no firewall on by default in XP SP0.

And yes, XP can become infected by just sitting there as long as certain ports are accessible from the internet. Most people today have NAT gateways that do not allow any incoming connections by default, and in those cases you are safe. If you don't have that, install it without a network cable plugged in, and then install SP2 before going online.

[DrCheese]

Just slipstream SP3 onto a fresh install media. Less hassle/time wasted then :)

[Lee G. Veteran]

I wouldn't use Windows XP without any service packs online. I remember in late 2004, early 2005 I formatted my laptop, installed Windows XP SP1, and connected to the internet to download SP2, and within seconds, was infected, so I had to reformat and reinstall.

Just slipstream SP3 onto a fresh install media. Less hassle/time wasted then :)

+1

[Chasethebase Veteran]

Also bear in mind any version of XP without SP2 on the disc will not like being installed to a system with a PCI-e graphics card in it. Voice of experience here.

[Rudy]

There was no firewall on by default in XP SP0.

And yes, XP can become infected by just sitting there as long as certain ports are accessible from the internet. Most people today have NAT gateways that do not allow any incoming connections by default, and in those cases you are safe. If you don't have that, install it without a network cable plugged in, and then install SP2 before going online.

Exactly, XP RTM (no Service Pack) can be infected without ever using the computer. Install it and leave it on for a bit and you'll be infected (try it in a VM if you don't trust me, just make sure it has direct access to the internet)

[soldier1st]

it aint safe to use xp without a service pack as you would be wormed and exploited within minutes but the safe thing to do is download sp3 and run it on the xp without sp but do it offline so that the os is safe from infection.i recall doing that and i got infected very fast so i learned to update while offline to prevent being infected, the mydoom and several exe infectors(don't recall the names)got in and i could not run any exe files so i had to format to fix it.

[-Himanshu-]

Download SP3 and then install XP and install SP3 and then go online.

I don't know if it is possible to directly install SP3. If not then download SP2 also and install SP2 before SP3.

Only connect to internet after SP3 is installed and then also run Windows Update and install all available updates.

You may also download and install an antivirus software before connection to internet.

[+BudMan MVC]

"I don't know if it still applies now, but I don't think it's just a case of FUD.

When worms such as Blaster etc. were prevalent you could be infected without doing anything."

Yeah if you were directly connected to the public net -- behind a NAT router then NO!! Unless some other machine on your local net got infected. It just seems asinine that 99% of the broadband users out there would not be behind a router.. Most every DSL connection gives the users a modem/router combo device vs just a modem.. So they are behind a nat, etc. If you are on cable -- your just plain stupid to not put your machine behind a router. There is no reason to directly connect your machine to the public net.

Its sad to see such a lack basic understanding of even how even basic worms work.

Unless your local network is hostile.. Its fine to get online with XP without a SP or firewall as long as your behind a router -- and you do not have the box in the DMZ ;)

But I would suggest the first thing you do is fully update the machine. A nat router will protect you from worms, but it won't protect you from exploits on sites you visit.

[Darrian]

Why is nobody suggesting the obvious answer here? Install XP and then go immediately to Windows Update and grab the service packs before going to any other site. If you're really paranoid about it then run a virus scanner afterward. Or of course, if you're super paranoid then just do the second most obvious thing, which is what most other people are suggesting: download SP3 first and then load it on the XP machine before taking it online. There's also the option of copying your XP files and using something like nLite to slipstream SP3 (you can use command lines, too, but why bother when there are several free utilities that will do it for you?) and reburn it with SP3 integrated.

[smooths*]

Why is nobody suggesting the obvious answer here? Install XP and then go immediately to Windows Update and grab the service packs before going to any other site. If you're really paranoid about it then run a virus scanner afterward. Or of course, if you're super paranoid then just do the second most obvious thing, which is what most other people are suggesting: download SP3 first and then load it on the XP machine before taking it online. There's also the option of copying your XP files and using something like nLite to slipstream SP3 (you can use command lines, too, but why bother when there are several free utilities that will do it for you?) and reburn it with SP3 integrated.

I guess you don't know what the blaster worm is then?

[Xilo]

I setup my uncle's computer once. Installed Windows XP and went ONLY to Windows Update.

Windows started going crazy later. Ran an online virus scanner and turns out the computer got infected.

[soldier1st]

Darrian: if he really did that he would be infected as windows update in the past got exploited so to be safe make sure you got sp3 installer and install it offline then reconnect afterwards then at least your more up to date and safe until you fully update as lots of updates have been released after sp3 but that happens after every sp. if your offline you can't be infected unless your install is infected and the blaster worm was terrible as i recall that and a few others like the mydoom one.