[Tool_of_Society]

We have a project XP machine that has been plugged into the internet for nearly a year now with no third party firewall etc. Nothing has happened despite all the proclamations it'd be an infested box within seconds of touching the internet.

The reality seems to be that problems stem from the user and what software they use to access the internet more than just being connected. This jives with your comments as you keep mentioning user actions that result in infections.

[autoexec]

> We have a project XP machine that has been plugged into the internet for nearly a year now with no third party firewall etc. Nothing has happened despite all the proclamations it'd be an infested box within seconds of touching the internet.

Is it behind a router? Most routers have stateful firewalls doing a lot of work to keep random connections from passing to the NAT'd devices behind them. All the "infected in under 5 minutes" stories I've seen were machines connected directly to the internet.

Also, are you monitoring inbound/outbound traffic for that machine? It seems like you should at least be seeing attempts to compromise your machine (even if they're not working). Is it using IPv4? If you've got a setup that stops port scans, vulnerability scanners, and internet worms you should share!

[jxramos]

maybe this gets into the why more, like is the ISP doing a lot of heavy lifting behind the scenes.