Are there any old viruses from the days of DOS, windows 3.1, 95, 98, ME that can still affect modern windows 11 computers?
Posted by therealjoemontana@reddit | vintagecomputing | View on Reddit | 33 comments
Klutzy_Cat1374@reddit
Somehow my mother will manage to install it.
therealjoemontana@reddit (OP)
Hahaha
roz303@reddit
Yep! They're known in the OSI model as layer 0 😁
Distribution-Radiant@reddit
No. Anything running Windows 11 won't be able to run 16 bit code.
Scoth42@reddit
Anything 32-bit for Win9x or early NT would have a chance of running, but Windows Defender is pretty thorough and it'd almost certainly detect something that was even halfway known. Maybe if there was something super obscure from back then that never made it into the scanners. A lot of them did nefarious things to hide themselves or avoid detection that are easily picked up on now.
There's a better chance of some sort of malware that isn't exactly a virus still running. A lot of those were a little more under the radar and might not be picked up if it was doing standard file APIs deleting or something else a little more out in the open. I'd still expect Windows Defender to pick it up, and UAC would pop up or block something from messing with, say, C:\Windows directly, but it could happen.
Fun story - I realized how actually decent Windows Defender was when I was downloading some Mac software from Macintosh Garden for my real Mac Classic. I had used an emulator to copy it to disk/over the network, and partway through Windows Defender blew up and blocked a bunch of operations. Turned out some of the ancient Mac stuff I'd downloaded was infected with an ancient Mac virus from the System 6 days, and Defender had picked it up inside an emulator disk image. I had already copied it to my real Mac, which meant I'd actually infected my real ancient Mac with malware from the internet. Fortunately it was the harmless variety but still amused me.
Maeglin75@reddit
I played Civilization in DOSBox on an PDA (Intel XScale CPU) with Windows Mobile about 20 years ago. At some point the virus scanner on my PC detected an old DOS virus on the SD card in the civilization file when I copied data.
I don't think the virus was very effective in this strange environment. It definitely didn't manage to spread.
squirrel8296@reddit
Windows CE/Mobile is a different kernel than normal Windows (either DOS-based Windows or NT-based Windows). So, ignoring the CPU architecture differences, the virus still wouldn't run there for that PDA.
Scoth42@reddit
The main risk there would be careless mounting of directories within dosbox. You could do something really stupid like mount your entire c:\ drive or host downloads/documents folder directly to dosbox and then something in there could break stuff, but it's one of the many reasons you don't want to do that
Maeglin75@reddit
Yes. It could only run inside of DOSBox, but with little to no chance to spread to anything. L
Maybe if I had started the infected civilization, ended it and switched to a different disc image without restarting DOSBox, then the virus possibly could have infected the other DOS disc image too. Depending on how the virus worked.
In any case, the old virus was way outside of its natural habitat.
Vintage486Lizard@reddit
Crazy that it'd pick up a virus designed for an entirely different operating system lol
sidusnare@reddit
It's all about pattern matching, and if you've got the pattern, no sense in curating it for the platform, or deleting it when it's old.
The recognition signatures are a collective effort, so as long as it's not a false positive, I'd expect most virus scanners to hit on it.
This-Bug8771@reddit
Correct. They all use file hashes to do matching. Most viruses have their file hash recorded and the information is shared among researchers.
sidusnare@reddit
Some of the patterns are more involved than a simple hash, as the simplest polymorphic virus would defeat that, but the heuristics aren't that much more complicated.
This-Bug8771@reddit
Yes. I recently attempted to turn my batch hashing app into a malware scanner, so l learned this. You have to look at an executable’s structure for various dubious indicators and non-executables for certain patterns as well. So, a good virus scanner needs a very large database of hashes AND the ability to look deeper at a file across different dimensions and be reasonably performant. It’s an interesting space.
NetFu@reddit
No, that’s why you keep upgrading your operating systems, like stop using Windows 10 to avoid future vulnerabilities.
Guaranteed, there are exploits for old versions of Windows that still exist today for anyone who still uses them as their main computers. Some of them are network-based, and I’ve seen older PC’s infected in seconds when they actually connect to networks with modern PC’s.
Keep in mind, it’s possible for infected old Windows PC’s to overwhelm networks and routers that modern PC’s use, slowing or crippling those networks without directly threatening those modern PC’s.
So, best practice is to leave old PC’s off modern networks where possible. Or at least physically segregate them.
shotsallover@reddit
Not really. But don’t put an unprotected XP machine on the internet. Those viruses are still running rampant and will compromise a new XP install in minutes.
redditshreadit@reddit
My server is still running XP, always on but not used otherwise. The nat must be protecting it.
CubilasDotCom@reddit
Pretty incredible how quick this can happen
shotsallover@reddit
Pretty incredible that it can still happen. You'd think they'd have given up by now.
Kitchen_Part_882@reddit
You'd be surprised how many legacy systems are out there running old operating systems.
Often it's because there's software on them that simply won't run on anything newer and doesn't work properly in a virtualised environment (the latter is usually down to a need to interface with hardware that newer systems don't have drivers for).
shotsallover@reddit
Oh, I'm aware. But you'd think they'd have been hit by one of the viruses by now.
It's also surprising that there's enough of these systems still out there for the attacker to leave their systems running targeting them. You'd think they'd move on to more fertile fields by now.
NorCalFrances@reddit
Corner case: a virus that utilized something like part of the Win XP task scheduler, much of which has not changed in Win 11 as the bugs are still there. There's a surprising amount of file system code that's never been changed, too. For instance, .com is no longer a valid executable yet you cannot name a file with it. Also, 8.3 file names are still enabled and created in the background by default . You just never see them without the DIR switch. Turn off 8.3 for a speed boost if you have folders with > 3k files that have the same leftmost six characters.
ruo86tqa@reddit
I think you are mixing up .COM files (which are indeed not executable by default above Windows XP) versus the special device file CON.
gameplayer55055@reddit
Maybe some sort of MBR virus?
codykonior@reddit
Most systems aren’t MBR anymore they’re GPT.
gameplayer55055@reddit
Maybe if the virus somehow erases guid...
Very unlikely tho.
goldman60@reddit
There is absolutely malware from that era that could effect modern windows 11, but you'd have to pretty intentionally and manually turn off/bypass a bunch of security stuff first. Viruses and malware of that vintage could be doing stuff as simple as deleting all your files.
WingedGundark@reddit
A large majority of DOS era viruses weren’t even designed to cause actual destruction of data, they were more or less gags. When activated, many of them just played a tune, displayed text or some ascii graphics picture.
Of course they caused hassle and trouble for the user and for example when dormant, often cosumed a kB or something of that precious RAM. This is actually how I noticed that my system got infected at some point.
Vinylmaster3000@reddit
Anything which is designed for DOS or even 3.1 will ostensibly not work simply because it's designed with 16-bit applications in mind.
Psy1@reddit
If it attacks the MBR and the motherboard still boots from that then yes. Yet Window's defender should stop writes to the MBR without admin permission. Other then that there wouldn't be a risk as Windows has changed too much and tricks then are well known.
OozingHyenaPussy@reddit
try runnin in compatability mode
the_Athereon@reddit
Realistically, no. You'd be lucky if the code from anything that old can even be run on modern systems.
Additionally, most of the common exploits from back in the day have been patched into oblivion. Be it software wise or hardware, It's unlikely any virus from back then can actually do any harm.
That said. The overall way that viruses work hasn't changed much. Still plenty of "system chockers" out there that'll peg your system at 100% usage and make it impossible to use until you call to have it deactivated.
AppropriateCap8891@reddit
Not really, as those would all be using code that is no longer a threat to a modern OS. Everything from how memory was managed to everything else has changed so drastically that they are simply no longer applicable.