Win 3.11 firewall?

[MisterEvasion]

I have rescued an old 80686 PC from a certain fate of being destroyed. It was part of a clear out of ancient equipment in the junk room at work recently and when I got a hold of it, I understood possibly why it was junked by someone in IT from the distant past. The CD-ROM didn't work and this obviously made upgrading it to win95 with the rest of the machines more difficult.

The drive was formatted in preparation for another OS. So I found a copy of Windows 3.11 and spanned it on to old diskettes after getting DOS 5 on it. I looked everywhere in our old software pile for DOS 6, but could not find it. Could have downloaded it from somewhere, but I thought DOS 5 - which oddly survived being thrown out throughout the years, was good enough.

Managed to get Workgroups on, then I went to work on the PCI slots. The slots were all raided ages ago apart from the video card. Found an crystal audio card and got the sound going. Drivers were easy for that. The video card needed drivers as well and it turned out to be a good one for its day - capable of 1024x768 with 64k color. After few days, I dug out old DOS games and MS Publisher 2.0, MS Golf 2.0, etc., etc.

Then I decided it was time to see if I could get it on our network. First I would need an ethernet card. After several tries from the junked cards - I finally found an old one that I could find a driver for. It worked. I had never seen Windows 3.11 running on broadband. There it was - on a machine it was designed for - WORKING! Got the CD-ROM drive with an old 24x I found. Then I got old IE5 and Opera on there to acquire HGopher, FreeAgent and other texty internet software of the old days.

It runs like a top. In a race to the desktop from bootup it easily defeats XP and Win7 in side by side trials.

I want to take it home now. But I am concerned about one thing. At home, I do not have the convenience of having a nice network firewall like I do at work. If I simply plugged this computer into my network connection at home, would it be likely be attacked? Apart from creating a network server or adding a firewall router to my cable modem - is there any other client software I should use to make it secure from hacks?

On the other side, should I worry at all? Considering that all packet bot sniffers are calculated to attack 32bit and higher systems?

What's the lowdown on old OS firewall protection anyway?

My next project will be to put OS/2 warp on an old 166. A bit more of a challenge driver-wise. Warp was cool in those days - I know it is 'windows-ish' that is true, but I think it would be a nice addition to the museum.

[BC_Programmer]

personally, I wouldn't bother with a firewall. Then again, I don't bother with a firewall on any of my machines.

[MisterEvasion]

personally, I wouldn't bother with a firewall. Then again, I don't bother with a firewall on any of my machines.

Seriously?

Opinions on firewalls for 3.x vary on the many forums for old OS hobbyists. I just read about 'gnatbox' - and the guy using it has never had a problem. Others claim to have had their old systems severely compromised. I guess I should just try it out and see.

[Computer_Commando]

If you have more than 1 computer, it's a lot easier to get a router.  The router will suffice as a firewall.  BTW, Windows 3.11 (or Windows for Workgroups 3.11) is the same as Windows 3.1, but with networking included.  Otherwise, networking was enabled through DOS.  All corporations used it or Windows NT 3.51 prior to the release of Windows NT 4.0

[MisterEvasion]

If you have more than 1 computer, it's a lot easier to get a router.  The router will suffice as a firewall.  BTW, Windows 3.11 (or Windows for Workgroups 3.11) is the same as Windows 3.1, but with networking included.  Otherwise, networking was enabled through DOS.  All corporations used it or Windows NT 3.51 prior to the release of Windows NT 4.0

One of the reasons I put 3.11 on instead of plain 3.1 was for that very reason. Networking to the tcp/ip is a snap. It amazes me how I cannot impress upon the young guys how cool it was to get this system running on ADSL. To them, it is pointless sentimentalism on my part - playing with a system they barely remember as children. They seem indifferent to this technology which was the forerunner to all the great things they enjoy today. If something was before WinXP or modern Linux - it isn't worth discussing to them.

Sadly, in a sense they are right. Since I got this system going, I was dismayed how the old browsers fall over on most of the popular websites. I tried the old text-based side of the internet. I went on gopher servers and I found something amazing. Gopher is still going with plenty of servers to keep you surfing for a while, but it is for the most part strangely frozen in time around the mid-90s. Almost just as I left it many years ago. Some dedicated people keep Gopher going and there are files galore from 15 to 20 years ago. It is weird to visit.

If you are interested. gopher://quux.org is a good place to start your trip.

When's the last time you tried a search with Veronica instead of Google?

[BC_Programmer]

All corporations used it or Windows NT 3.51 prior to the release of Windows NT 4.0

or NT 3.1, or OS/2 Warp.... or Solaris... or VMS... or... etc etc... 

One of the reasons I put 3.11 on instead of plain 3.1 was for that very reason. Networking to the tcp/ip is a snap. It amazes me how I cannot impress upon the young guys how cool it was to get this system running on ADSL.

I thought it was cool when I was able to get the internet working on windows 3.1 as well- it was running on a  Pentium machine so it was in fact slightly older then the machine you speak of (80686 being pentium-2 class) I originally read that as 386... but then I noticed the reference to PCI slots, which didn't exist on any machine before the 486 (and even for 486 machines it wasn't a given).

I got lucky though because the network card I had bought for the machine (for running windows 2000) had drivers for windows 3.1 and DOS right on the CD; and I installed them both.

Sadly, in a sense they are right. Since I got this system going, I was dismayed how the old browsers fall over on most of the popular websites.

Yeah, the standards have moved up unfortunately- so while now it's more standardized between today's browsers it's just a confusing mess to older browsers. (personally, I don't check my sites for netscape navigator 4 support, either, so one can hardly blame the site authors).

IE5 and Opera should at least be usable most of the time, I would think.

[Computer_Commando]

or NT 3.1, or OS/2 Warp.... or Solaris... or VMS... or... etc etc...

Sorry BCP, how could I forget about Solaris & VMS?  They were more prevalent than Windows where I used to work.  DEC Sparc's & Alpha 1000's, if I remember.  The Alphas never ran Windows, but OpenVMS, even though NT4.0 supported both processors.  The Alphas transitioned from EISA slots to PCI, so we bought all the remaining EISA's in stock.  All the special add-in cards were ISA.

[MisterEvasion]

Just an added note: I think with the old browsers an idea would be to turn off everthing in options and make NS, IE or Opera run like LYNX. I tried LYNX itself  just to see if what they said was true that LYNX won't run on 3.x and they were not wrong.

But hope springs eternal for my next project - OS/2 warp 4 when I save another oldie from the scrap heap. Plenty of LYNX for that system.

I guess those LYNX guys didn't really like Windows or MSDOS very much...

Ah well, never mind. Just glad I never became unyielding when it came to that stuff...

[MisterEvasion]

Well things are looking up for the 3.11 project. I believe a firewall is not all that important for 3.11 from what I have gathered from other users. An intrusion on 3.11 is not serious because of one important aspect missing from old 3.x systems that hackers and spyware houses rely on in the 21st century - the registry and roaming folders.

There is also a utility in 3.11 called netwatcher which can notify when someone is connecting to you and you can boot them immediately - kind of a manual firewall. In fact, machines running on DOS-based 16bit systems are insulated from 32bit malware. If I wanted to attack a 3.11 system, I would do it in the form of a TSR type scheme or a boot sector executable of some kind - a .com or .exe. But no hacking society would waste their time writing and testing such software when there are so few fish to catch. Even though I am running 32s - there is still no such thing as an HKLM or HKLU parameter segments apart from win.ini which is sort of the registry for 3.x. That can be backed up and replaced in the very unlikely scenario someone has made the effort to attack it.

Still, care must be taken and relaxing too much on security no matter what system is folly.

Next up - I will be putting OS/2 Warp 4 on an old IBM Aptiva I found once I get the system fan/power pack replaced. That'll be fun.

[BC_Programmer]

windows 3.x does have a registry, but it's contents are pretty much limited to things like OLE classes (what programs can serve what documents to what other programs) as well as file associations (pretty much what HKEY_CLASSES_ROOT is in 95 and later).

As far as likelihood of being hacked when your running windows 3.1 nowadays, I'd say you have about the same chance of being struck by lightning twice and being served dodo bird by a polar bear wearing a monocle, all on your birthday. (I love colourful analogies).

[MisterEvasion]

As far as likelihood of being hacked when your running windows 3.1 nowadays, I'd say ...

Concerns about security are as important as the applications we run these days. Back in the 1990s, I never thought about a firewall. The word was never mentioned - even during the Win95 days.

Since Google decided to try and take over the internet and make ad-clicks a way for people to make extra money while sitting on their asses, the web has become worse for opportunists with unscrupulous geeks writing malware for them. I really hate google, facebook and all the rest of them for what they have done to cyberspace over the years. I think the time will come very soon when Gopher will be rediscovered by many people - for informative gophersites without the risk of malicious scripting.

The usenet too has become less devoted to discussion nowadays and forums like this are today's threading. The usenet has turned into primarily a binary leech dump, with fewer and fewer devotees to what was once an accessible quick access forum. The downside and downfall of the newsgroups was they were unmoderated and people took flaming against them too personally.

Just some thoughts. Thanks for responding...

[BC_Programmer]

Concerns about security are as important as the applications we run these days. Back in the 1990s, I never thought about a firewall. The word was never mentioned - even during the Win95 days.

That's because firewalls were only used by corporate networks on the internet/WAN facing side. Even today, as much as people like to think otherwise, the "good" hackers are going after corporations- trying to leak source code for the latest game, or their flagship product, etc. It is the script kiddies who can hardly use the ping command that threaten the average user and try to build up botnets.

the web has become worse for opportunists with unscrupulous geeks writing malware for them.

a Snake-Oil salesman is a Snakeoil salesman, regardless of the medium. And trying to write malware has become harder and harder over the years- not easier, as the vulnerabilities they use are patched and new security is implemented directly into the operating System (windows UAC, for example). As far as I'm concerned, the actual dangers are no different then they used to be, and in fact, browsers and systems are hundreds of times more secure- but people are paranoid- and not because they understand the risks, but because they don't. a cave man with the common cold might have feared that it would kill them, simply because they don't understand. Now everybody knows that it's only fatal in very specific circumstances where another more terminal condition is concerned. Much in the same fashion, misunderstanding leads to paranoia, despite Quantos' humourous signature "Paranoia, it's what results when you have all the facts" it's rather the opposite. When you don't have all the facts, people tend to fill in the blanks with paranoid assumptions- generally, worst case scenarios. for example, what happens without an AV program would of course lead to the paranoid assumption that a virus infection is the only possible result. Of course, it is a result, but it's not the only possible outcome, and additionally, having an anti-virus program doesn't prevent the most dangerous viruses anyway, since the most dangerous viruses are the newest ones whose signatures don't exist in the database.

To illustrate- Linux is itself a rather secure environment, but it doesn't matter how secure a operating system is if you sidestep the protection. With windows, people are disabling UAC in droves because its "annoying"- most Linux users are more informed- they NEVER run as root (administrator) and instead elevate for, and only for, those system administration tasks that require it. you won't find them running a browser as root, and yet I often find that those systems that have  been severely compromised by viruses and malware have UAC disabled.

of course, running something like a browser as root doesn't in and of itself make the system vulnerable. But it makes your system as vulnerable as the browser- if the browser has a buffer overflow or some other issue that can be used by a script, or a vulnerability of some other type that can be taken advantage of, once the script is in control of the browser, if the browser is running as root the script is in control of the system. If the browser is not running as root, the script would still need to try to elevate to root, something a lot easier said then done. It is the benefit of a Limited user account, not to limit the user, but to limit the programs the user runs- not only in case one of those programs is purposely made malicious but also if one of those programs is an unintended vehicle of something malicious through a vulnerability.

Since Google decided to try and take over the internet and make ad-clicks a way for people to make extra money while sitting on their asses, the web has become worse for opportunists with unscrupulous geeks writing malware for them.

You are lying to yourself. web-based attacks and malware were far more prevalent <before> google took hold. Considering Internet Explorer 3 allowed any page to run arbitrary binary code at will (ActiveX) it didn't take a lot of effort, either.

I really hate google, facebook and all the rest of them for what they have done to cyberspace over the years.

Google, facebook, etc. None of them have done anything bad to the internet. The internet was riddled with popups and flash ads before Google became prevalent in search around 2000, and before 1998 when they were founded it wasn't much different, aside from the lack of a search engine that didn't have a page full of ads on their first page. AltaVista, Yahoo search, etc- all the various search engines <FILLED> their main pages with ads and sponsored ads. Google didn't, and in fact, they still don't- their main page is basically a logo, search box, and a few buttons. Sure they now have paid ads in various locations in the search results, but those locations are well defined and illustrated, as well, unlike the front page ads and the paid search results provided by altavista and the other search engines before google (they have of course abolished that practice, from what I can tell).

The reason that firewalls and Anti-virus software weren't heard of and therefore didn't sell very well before is because people weren't absolutely paranoid. Now everybody seems to think they need an Anti-virus, firewall, malware scanner, and about 12 other programs. And it is this very fear of needing these things that let's the ads that advertise things like registry cleaners and scanners make so much money for the people that run them. And in the long run the paranoia that drives people to install all these programs causes their computers to slow down and crash, as they install rogue-filled, adware supported "firewalls" and "anti-virus programs" that are actually just containers for a host of infectious software. The internet is only as dangerous as people want it to be, and nowadays it's an important "fact" that the "internet is a dangerous place" when in fact it's no different then it's ever been- as long as you don't try to do something stupid like download pirated software or music or "keygens" or anything along those lines- you will be perfectly safe. If that wasn't true, <I> would be infected all the time by the "evil internet" as the "thousands upon thousands" of "expert hackers" that are trying to get into my PC will "jump for joy" that I have no software firewall installed. Since I have now been connected for over 2 years, and I've only been infected once (by a download acquired by "doing something stupid" listed above, packaged with the friendly neighborhood virut) All I can say is there is absolutely no basis for ever havign a software firewall installed on any machine. The main thing a firewall would prevent is a trojan program trying to "phone home" to it's controller. It's better to simply not download the trojan to begin with.

Additionally, despite equally prevalent claims that downloads can be changed "en route" to your PC, that simply doesn't happen. a download is acquired straight by connecting to the HTTP server and requesting the file.

I think the time will come very soon when Gopher will be rediscovered by many people - for informative gophersites without the risk of malicious scripting.

Aside from the exact same issues that have been prevalent with http and ftp. It's no safer then HTTP or FTP, unless you factor in the fact that each browser's writers have been working to eliminate those issues found in HTTP and FTP. Large scale and public attacks via the Gopher protocol are no less common but they are essentially back-burner issues. FTP can't run scripting anyway- the scripting part of any browser is solely at the discretion of the browser itself- the browser runs the script. Generally in a sandboxed environment. Of course because as I noted, everybody is paranoid, they assume that even though all the precautions have been taken, a script can somehow "escape" this sandbox and do what it pleases, and, in some cases, it can. but doing what it pleases is a lot harder then it sounds, since browser-included client side scripting languages (like VBScript and ECMAScript) don't have built in support for file operations, and the use of something like the FSO (file system objects) by a script running in the browser would require further circumvention of security, including the fact that the FSO is not marked as "safe for scripting" so cannot be instantiated by IE. of course since the script in a firefox or opera browser cannot create ActiveX Objects and doesn't have local file system access even if it breaks out of its "sandbox" I can't help but wonder what people are paranoid about. I don't know why people will cower in a corner when they find a few temporary files written by their browser at the request if a script, and yet continue to blithely attempt to download pirated software, music, and keygens with little import for their contents. For many people, Security is important until stands between them and what they want. in the latter case it doesn't matter how many UAC prompts appear when you try to double-click "fun game keygen.exe" they are going to run it, and the trojan that it certainly contains will be let loose on the system. And once a piece of malicious software is loose on your system, it doesn't matter how many superfluous "security" applications you have installed, you've already lost the prevention war. Some may say that a software firewall will prevent a trojan downloader from downloading more infections. Perhaps, but only until they are able to circumvent the software firewall. Remember the trojan program is running on the same machine as the firewall- it can do anything the firewall can, including changing registry keys associated with the firewall (say, allowing certain URLs through or something) or even disabling the firewall completely. Hardware firewalls aren't perfect but at least their settings cannot be changed by malicious software running within the network.

Anyway- asking ourselves wether we are better off now then we were several years ago, only the paranoid or deluded can say "no, we are not". The reason that, for example, you never had a firewall in 95 was because your system didn't need one- the attack vector that firewalls try ot prevent simply wasn't used. Windows 95, for example, had a vulnerability that you could send a specific packet to any system and instantly blue screen it, no questions asked. Anybody could have run a program to send this packet to a set of IP addresses and Blue screened every single one of them running windows 95. Doesn't sound like a security conscious operating system to me.