A researcher connected a Windows XP machine directly to the public Internet without any protection—and within ten minutes, the system was overrun with malware, rogue user accounts, and remote access services. The experiment, conducted on a virtual machine by Eric Parker and detailed in a report from modernetdigital.cat, was designed to mimic the network posture of an early-2000s PC with its firewall disabled and no router-based network address translation (NAT). The result is a stark reminder of what happens when an unsupported, unpatched operating system meets an environment where automated attackers never stop scanning.
The test was intentionally extreme: a Windows XP Service Pack 3 virtual machine, exposed directly with a public IP address, no firewall, and no NAT. But the speed and completeness of the compromise—malware processes, an unauthorized FTP server, DNS manipulation, and hidden user accounts all appearing within minutes—underscores a risk that is not merely theoretical for users who still rely on legacy Windows systems behind even basic consumer routers.
What actually happened in the ten-minute test
Parker’s setup reproduced a worst-case scenario. The virtual machine had no firewall enabled, effectively plugging it straight into the Internet without any access control. An automated scan quickly located the system, and within minutes malware began executing. One process, “conhoz.exe,” masqueraded as a legitimate Windows component but was actually a Trojan. Additional malware spawned from temporary folders, and an FTP server was silently installed, granting full remote file access to an attacker. DNS settings were tampered with to redirect traffic, and new user accounts were created to maintain persistent access. The intruders also actively blocked security tools like Malwarebytes, further cementing control.
No user interaction was required. The infection did not depend on visiting a malicious website, downloading a suspicious file, or opening an email attachment. The system was compromised because the moment it became visible on the Internet, automated attack tools recognized it as a vulnerable Windows XP host and deployed payloads without asking permission.
What this means for home users still running Windows XP
If you’re a home user who keeps an old XP machine around for nostalgia, legacy software, or because it still works, the experiment carries an important nuance. Parker’s test placed the PC outside the protection of a home router. In a typical household today, your Internet service provider’s modem or your own router performs NAT and includes a basic firewall that blocks unsolicited inbound connections. That means a computer connected behind such a router is not “naked” on the Internet in the same way.
That protection is real, but it is not bulletproof. It does nothing to stop threats that enter through web browsing, email, compromised USB drives, or malicious downloads—all attack vectors that an unsupported operating system handles poorly because it no longer receives security patches. A router prevents the ten-minute automatic compromise, but it does not make Windows XP safe to use online. If you use an XP machine to browse the web, even behind a router, you are relying on a browser that stopped receiving updates years ago, on an operating system with no modern exploit mitigations, and on software that can be tricked by malicious websites or files. For any activity involving the Internet, a router is a necessary layer, not a complete shield.
What it means for IT professionals and business environments
For businesses and institutional users, the experiment is less about router configurations and more about the consequences of unsupported operating systems lingering inside otherwise protected networks. Legacy Windows XP systems often persist because of a single irreplaceable application: a factory controller, medical device, point-of-sale terminal, or an old database that refuses to run on modern Windows. These machines are rarely connected directly to the public Internet, but they often reside on corporate networks with access to file shares, domain controllers, and other sensitive resources.
In such environments, the real danger is lateral movement. An attacker who gains a foothold on any networked machine—perhaps through a phishing email, a compromised website, or a vulnerable internet-facing service—can use an unpatched XP system as a stepping stone. Once inside, threats like EternalBlue, the SMBv1 exploit famously used in the WannaCry ransomware outbreak, can allow an intruder to jump from that XP machine to more valuable targets quickly. Because XP no longer receives security updates, any newly discovered vulnerability will remain unaddressed forever, turning the system into a permanent weak point.
The experiment makes plain that if an XP machine must exist, it should be aggressively isolated from everything else. That means segmenting it onto its own VLAN or physical network with strict firewall rules, blocking all inbound and outbound traffic by default, and never using it for web browsing, email, or authentication against modern domain services. In practice, many organizations treat such isolation as aspirational rather than real, relaxing rules for convenience until the boundary erodes.
How we got here: XP’s security legacy
Windows XP was released in 2001, an era when personal computers were just beginning to live continuously connected lives. At launch, its default installation included no firewall, administrator accounts were commonly used for everyday tasks, and services like SMB listened on the network without restrictions. The result was a wave of worms and mass-exploitation events—Blaster, Sasser, Nimda—that forced Microsoft into a fundamental security rethink. Service Pack 2 in 2004 turned on the Windows Firewall by default and applied emergency hardening, but XP remained an operating system built before the industry truly understood the implications of always-on connectivity.
Formal support for XP ended in April 2014. Since then, only a handful of extraordinary emergency patches have been released, such as those during the WannaCry crisis in 2017. Those exceptions are not a safety net; they are rare, one-off interventions designed to protect the wider Internet from rampant wormable exploits. For everyday vulnerabilities, XP receives nothing. Its browser ecosystem is dead. Its cryptographic support is obsolete. Its kernel lacks the advanced exploit mitigations—like Control Flow Guard, Arbitrary Code Guard, and memory integrity features—that Microsoft built into Windows 10 and 11.
The EternalBlue exploit, which targets a vulnerability in SMBv1, is emblematic but not the whole story. Even if every known XP exploit were patched, the operating system would still be fundamentally unsuited for a connected world because it was not designed to expect hostility from the network itself. Later Windows versions, particularly starting with Windows 7 and carried forward into Windows 10 and 11, were built with the assumption that a machine might be attacked at any moment, and they include layered defenses that XP never had.
Notably, when Parker repeated the experiment with Windows 7 under identical conditions, no infection occurred after ten hours of exposure. That difference is a testament to the architectural security improvements Microsoft made after learning the hard lessons from XP’s history. It does not mean Windows 7 is safe to use today—its own extended support has largely ended, and using it online carries its own risks—but it underscores how much the baseline shifted.
What to do now
For home users: If you still have a Windows XP PC, do not connect it to the Internet in any way that exposes it to web browsing, email, or file downloads. If you need to retrieve old files, do so using a USB drive from a modern, patched computer, then retire the XP machine. If you must keep the system alive for a specific offline task, such as playing a vintage game or running legacy hardware, keep it strictly off the network. Disable all wireless and wired network adapters, and never plug it into an active network port.
For IT administrators: Audit your environment immediately for any remaining Windows XP or other unsupported Windows systems. For each one, document the business justification, isolate it on a dedicated network segment with no access to production systems, and establish a hard deadline for its decommissioning. Apply application whitelisting and intrusion detection on that segment, and monitor it closely for anomalous behavior. If isolation is not possible, consider whether the critical application can be migrated to a modern, supported platform, even if that means rewriting or replacing it. The cost of an incident will almost certainly dwarf the cost of migration.
For Windows 10 users nearing end-of-support: Windows 10’s mainstream support ended in October 2025, and while Extended Security Updates are available for paying customers, they only delay the inevitable. This experiment is a cautionary tale about the widening gap that opens when a platform stops receiving regular patches. If your hardware does not meet the requirements for Windows 11, explore alternative lightweight operating systems like Linux or ChromeOS Flex that can give older hardware a supported lifespan, rather than clinging to an unsupported Windows version that will only become more dangerous over time.
The outlook: unsupported doesn’t mean harmless
Parker’s ten-minute case study is dramatic, but the real-world timeline for owning an unsupported machine is often longer, not because the threats aren’t there, but because the network edge usually softens the initial blows. The danger accumulates silently over months and years as vulnerabilities pile up and automated attack tools improve. Windows 10 will not become the new XP overnight, but it has begun the same journey. The lessons of XP are not about one old operating system; they are about the lifecycle of any software that stops getting patched. As we move further into a world where millions of PCs no longer qualify for the latest Windows version, the balance between keeping old hardware alive and accepting the security consequences will become a defining challenge for both home users and enterprises.