Computer without antivirus on network

Theres an older computer in my home which we don't have connected to a network so it doesn't need an anti-virus and a firewall.

Is there any way I can secure this computer from the outside (i.e. on the network layer) so we would be able to get files in and out of it .mp3 files and wave files. That doesn't open it up to full file sharing within the network.

Basically is there a way to get files on and off the machine without resorting to usb sticks which allow it to push contents.

I'm more worried about the push case as I feel its easier to lock down and the machine is used primarily to produce files.

Oh in case its relevant the machine runs windows XP. (win2k would be the other option)

Wes

Posted 2011-04-26T16:20:04.813

Reputation: 111

7So it doesn't need a firewall because it's not connected to a network... but then you want to connect it to a network? – DHall – 2011-04-26T16:23:52.560

No sorry the meaning of that was unclear. Its not connected to a network so that we don't have to run the antivirus (cause not effect). However I'd like to be able to get files off it (while still not allowing outgoing or incomming http / ftp / mail connections etc) – Wes – 2011-04-26T16:31:04.560

I'd use some firewall that only allows connections to a single trusted target ip. – CodesInChaos – 2011-04-26T16:37:34.460

3@Wes; If you want to be able to interface with it from other computers, you want to network it. However, if the only possible infection vector is from computers that do have antiviruses, then using an AV on it seems somewhat pointless, and a firewall should have no real performance hit. – Phoshi – 2011-04-26T16:42:14.180

@phoshi thanks I'll look at getting a firewall. Thank you. – Wes – 2011-04-26T16:54:03.470

Sounds like you should install Linux on it. – Rook – 2011-04-26T17:18:07.163

@Rook Not an option. The software I'm running on it specifically requires win XP or earlier. I don't think rose garden is mature enough yet to be offered as a replacement. – Wes – 2011-04-26T17:35:26.697

@Rook: We don't permit that kind of language here, if you don't refrain from using offensive language in the future, your account may be suspended. – studiohack – 2011-04-26T21:57:43.937

Answers

Remove the DNS Server and Default Gateway addresses for the appropriate Network Connection. Googled the instructions on how to do it in about 3 seconds.

You might also consider Windows Steady State (depreciated) or Deep Freeze if you don't want anti-virus but later decide you do want internet access on the computer in question.

EDIT:

To elaborate on my Steady State / Deep Freeze suggestion, I just want to point out that both of those programs use almost no system resources (unlike traditional anti virus programs). Disk freezing is really the way to go these days, especially on older systems with limited resources.

ubiquibacon

Posted 2011-04-26T16:20:04.813

Reputation: 7 287

The problem you face is that any network connection introduces security vulnerabilities. Your task then is to mitigate the potential threats. Blocking it from connecting to the internet is a good place to start, but you still have to worry about malicious software using your other machines as a springboard to attack this machine.

The best thing you can do is to modify your usage to fit a more security conscious scenario. Here are a few questions that I hope can guide you to find the right answer for your situation:

Why are the files stored on this machine? Can they be offloaded to different system that has security software running?
Which computers on your network need access to this machine?
Why can't you run security software on this machine? Is there a hardware change that would allow it?
What happens when I get an infection? Do I have a backup scheme?

In my home network, I make sure that every machine has at least a basic virus scanner running. If the system can't handle one, I generally throw it out and get something that can. I feel that the cost of a new machine is less expensive than rebuilding my entire network because a system wasn't powerful enough to run anti-virus.

Hope this helps.

Doltknuckle

Posted 2011-04-26T16:20:04.813

Reputation: 5 813

Several of your points are in fact the reason I suggested Steady State and Deep Freeze. Both programs use almost no system resources making them perfect "anti virus" solutions for old machines, plus they work better than any anti virus could... because no matter how good your anti virus is it is going to miss something eventually. – ubiquibacon – 2011-04-26T19:30:12.103

It depends on the use case of the machine. Steady State and Deep Freeze are best used on "terminal machines". If you want to make any changes to the system, you have to remember to "refreeze" the system to keep the changes. I should also note that steady state is best used to "undo" the damage done by a virus. If you download a virus on a steady state machine, it can spread to the rest of your network before you reset the machine. Having steady state on only one machine only protects against long term infections on that machine. The machine is still a danger to the network as a whole. – Doltknuckle – 2011-04-27T15:17:24.517

You can install the old Sygate 5.6.2808 Firewall. it is no longer supported but is the best XP firewall imho, it also has advanced filtering, so you can lock it down to only allow connections from specific IP addresses.

Disable the XP firewall after Sygate is installed and you reboot.

Moab

Posted 2011-04-26T16:20:04.813

Reputation: 54 203