Securing Windows 98(SE) in the Modern Age

D

Dan

1. I would suggest using a wired connection with ethernet and a NAT address
within your router. You can go to grc.com and check the Shields Up test to
see if over 1000 ports are stealthed with green setting.

2. I would suggest making sure your Windows 98 Second Edition and its
associated updates are fully up to date and would suggest using the security
cd if you have it although you will have to edit the *.inf as PCR has
suggested to show to some programs that it is indeed 98 Second Edition. You
will need to use the Windows update site after that. I cannot endorse the
use of non-approproved Microsoft update packs and they may or may not work
but use them at your own risk and make sure your PC is backed up fully before
installing one of course.

3. I would suggest using an antivirus program like AVG antivirus that has
worked well for me and my dad or Avast that many users here seem to like but
I did not care for its interface.

4. I would suggest using anti-spyware programs and the ones I particularly
like for 98 Second Edition are SpywareBlaster and Spybot Search and Destroy.
Please make sure you get them from their main sites or a fairly safe
alternative like majorgeeks.com website. I do not care for Adaware any more
because of false positives in the past. Another one is CWShredder if you
need it and HiJack This but with HiJackThis make sure experts help you and
just don't go willy nilly and delete potentially good and needed stuff on
your machine.

5. I would suggest using Mozilla Firefox version 2.0.0.8 or its latest
version for better browser security and safety over Internet Explorer.
Mozilla Firefox supports 256 bit cipher strength in Windows 98 that Microsoft
only supports 256 bit cipher strength in Vista with Internet Explorer
currently. Internet Explorer also has Active X vulnerabilites that are
targetted frequently. The same goes for you Apple users and Linux users as
well. Safari for Apple only has a maximum encryption of 128 bit so it is
lacking as well. I have discovered that 128 bit encryption can be hacked in
15 minutes or less with 2 or 3 Craig Supercomputers working on the encryption
strength cipher and that is why the industry is way behind on this. Bank of
America and Citicards continue to use only 128 bit encryption and Bank of
America does not seem to care but at least Citicards said they are working on
implementing Mozilla Firefox with 256 bit encryption. The safest way is to
post information on an off-line computer of course but industry standards are
lacking compared to the latest threats available on-line to break computer
encryption.

6. Please practice safe browsing methods and do not open email attachments
until you are sure they are safe. Be aware of the many phising scams out
there and especially ones that claim to be from Microsoft or someone or other
wanting information or money because it is not what it claims to be
especially if it sounds to good to be true. Contact the business from their
main number from the telephone book or the back of your bank or from your
business card. Information can help if you get stuck as well. Please also
block html code as a default precaution and only view when you are sure it is
safe. You can read in plain text and send in plain text and that is fairly
safe.

7. Please be aware that information you post on the Internet is available
for everyone to view so just remember how much information you are willing to
freely give the public about yourself.

8. Please be careful about social-networking sites like MySpace and/or
Facebook and others that could data mine your information. Heck, a website
which was one I enjoyed posting at which was tsl-game.com had its forum
hacked this summer with 9-11 propaganda posted. Here is the weblink if any
are interested in reading about it:

http://www.tsl-game.com/forum/index.php?topic=6115.0

9. Please be careful who you trust especially if you are younger than 21
because there are a lot of terrible people out there that ruthlessly prey
upon weak and innocent children and hurt women also so the Internet has
become a tool to try and force some people in bad situations to be monitored
so much that they are like slaves.

10. A final word is to be careful what you download because if it is free
games, wallpaper, software, music, etc. then you could be getting more than
you bargain for originally and it is not worth it. You could be opening your
machine up to spyware, adware, trojans, viruses, identity theft, etc. and
lawsuits from the music or other industries against you and please do things
legally.

The end of my 10 comments that are good general computer tips with Windows
98 Second Edition in the front of my mind thus I had no reason to mention
things like Windows Defender that is not supported on 98 Second Edition. If
you check out the secunia.com website and do your research you will see how
much safer Mozilla Firefox is than all versions of Internet Explorer and how
98 Second Edition is safer currently than XP Home and Professional.
Fortunately, Vista is secure but has automatic issues, backwards
compatibility issues and other issues because it is too new. Have a nice day.
 
D

Don Phillipson

"Dan" <Dan@discussions.microsoft.com> wrote in message
news:5B4DD8C0-7610-474B-A0D0-3AB501CC194D@microsoft.com...

[Good advice snipped]
> 5. I would suggest using Mozilla Firefox version 2.0.0.8 or its latest
> version for better browser security and safety over Internet Explorer.

Better check in advance before dumping IE because some other
computer companies link exclusively with that (and not Firefox.)
E.g. my bank processes work perfectly via Firefox but not
Quicken/Intuit which links only with IE.

A point omitted by Dan is PC housekeeping and backup routines.
We should not use MSBACKUP which is seriously flawed. Hard
drive space is now so cheap we seldom need to compress backed up
files. Windows protection prevents our copying some important system
files but some third-party utilities bypass this, see www.xxcopy.com

--
Don Phillipson
Carlsbad Springs
(Ottawa, Canada)
 
B

Brian A.

"Dan" <Dan@discussions.microsoft.com> wrote in message
news:5B4DD8C0-7610-474B-A0D0-3AB501CC194D@microsoft.com...
> 1. I would suggest using a wired connection with ethernet and a NAT address
> within your router. You can go to grc.com and check the Shields Up test to
> see if over 1000 ports are stealthed with green setting.

Without going back to check, IIRC the GRC port test checks 1500 ports. If the user
has no router and does not use a sufficient third party firewall it means nothing.
If they do have a router incorporated into their network, it also means squat if they
fail to change the default un/pw provided with the router. In todays cat and mouse
battle with the way hackers have progressed, one of the first lines of defense is to
change the default un/pw of any router utilized in a network.

>
> 2. I would suggest making sure your Windows 98 Second Edition and its
> associated updates are fully up to date and would suggest using the security
> cd if you have it although you will have to edit the *.inf as PCR has
> suggested to show to some programs that it is indeed 98 Second Edition. You
> will need to use the Windows update site after that. I cannot endorse the
> use of non-approproved Microsoft update packs and they may or may not work
> but use them at your own risk and make sure your PC is backed up fully before
> installing one of course.

IMHO the security update CD is not the way to go other than the rare exception
after a clean install. If a user has a reasonably fast connection on the net,
downloading and installing the updates will be much quicker than any read/write from
a CD.

>
> 3. I would suggest using an antivirus program like AVG antivirus that has
> worked well for me and my dad or Avast that many users here seem to like but
> I did not care for its interface.

Again, IMHO AVG is crap, Avast is subliminal. Either way, both apps will sooner
than later be integrated into a suite and no longer support 98.

>
> 4. I would suggest using anti-spyware programs and the ones I particularly
> like for 98 Second Edition are SpywareBlaster and Spybot Search and Destroy.
> Please make sure you get them from their main sites or a fairly safe
> alternative like majorgeeks.com website. I do not care for Adaware any more
> because of false positives in the past. Another one is CWShredder if you
> need it and HiJack This but with HiJackThis make sure experts help you and
> just don't go willy nilly and delete potentially good and needed stuff on
> your machine.

Without knowing your exact situation I will venture to guess that the Adaware
false/positives had to do with cookies and/or MRU's. Adaware has always been a good
compliment to SB S&D and visa versa, each one identifying something the other didn't.

>
> 5. I would suggest using Mozilla Firefox version 2.0.0.8 or its latest
> version for better browser security and safety over Internet Explorer.
> Mozilla Firefox supports 256 bit cipher strength in Windows 98 that Microsoft
> only supports 256 bit cipher strength in Vista with Internet Explorer
> currently. Internet Explorer also has Active X vulnerabilites that are
> targetted frequently. The same goes for you Apple users and Linux users as
> well. Safari for Apple only has a maximum encryption of 128 bit so it is
> lacking as well. I have discovered that 128 bit encryption can be hacked in
> 15 minutes or less with 2 or 3 Craig Supercomputers working on the encryption
> strength cipher and that is why the industry is way behind on this. Bank of
> America and Citicards continue to use only 128 bit encryption and Bank of
> America does not seem to care but at least Citicards said they are working on
> implementing Mozilla Firefox with 256 bit encryption. The safest way is to
> post information on an off-line computer of course but industry standards are
> lacking compared to the latest threats available on-line to break computer
> encryption.

Personally IMHO again, your PC and/or network are only as secure as one makes it.
It makes no difference on which browser a user deploys when it comes to online sites,
the difference in security has to do with the administrator of that site and how well
they lock it down.

>
> 6. Please practice safe browsing methods and do not open email attachments
> until you are sure they are safe. Be aware of the many phising scams out
> there and especially ones that claim to be from Microsoft or someone or other
> wanting information or money because it is not what it claims to be
> especially if it sounds to good to be true. Contact the business from their
> main number from the telephone book or the back of your bank or from your
> business card. Information can help if you get stuck as well. Please also
> block html code as a default precaution and only view when you are sure it is
> safe. You can read in plain text and send in plain text and that is fairly
> safe.

Browsing the net and emails are two separate entities. Aside from that it should
be stated that "No Email" should ever be opened if the sender is unknown to the
reciever.

>
> 7. Please be aware that information you post on the Internet is available
> for everyone to view so just remember how much information you are willing to
> freely give the public about yourself.

Not 100% true depending on how one reads into the statement and the way I read it's
completely false.

>
> 8. Please be careful about social-networking sites like MySpace and/or
> Facebook and others that could data mine your information. Heck, a website
> which was one I enjoyed posting at which was tsl-game.com had its forum
> hacked this summer with 9-11 propaganda posted. Here is the weblink if any
> are interested in reading about it:
>
> http://www.tsl-game.com/forum/index.php?topic=6115.0
>
> 9. Please be careful who you trust especially if you are younger than 21
> because there are a lot of terrible people out there that ruthlessly prey
> upon weak and innocent children and hurt women also so the Internet has
> become a tool to try and force some people in bad situations to be monitored
> so much that they are like slaves.
>
> 10. A final word is to be careful what you download because if it is free
> games, wallpaper, software, music, etc. then you could be getting more than
> you bargain for originally and it is not worth it. You could be opening your
> machine up to spyware, adware, trojans, viruses, identity theft, etc. and
> lawsuits from the music or other industries against you and please do things
> legally.
>
> The end of my 10 comments that are good general computer tips with Windows
> 98 Second Edition in the front of my mind thus I had no reason to mention
> things like Windows Defender that is not supported on 98 Second Edition. If
> you check out the secunia.com website and do your research you will see how
> much safer Mozilla Firefox is than all versions of Internet Explorer and how
> 98 Second Edition is safer currently than XP Home and Professional.
> Fortunately, Vista is secure but has automatic issues, backwards
> compatibility issues and other issues because it is too new. Have a nice day.

XP Pro is by far more secure than 98/SE, again, it's up to the user/admin to lock
the system(s) down.


--

Brian A. Sesko { MS MVP_Shell/User }
Conflicts start where information lacks.
http://basconotw.mvps.org/

Suggested posting do's/don'ts: http://www.dts-l.org/goodpost.htm
How to ask a question: http://support.microsoft.com/kb/555375
 
M

MEB

"Brian A." <gonefish'n@afarawaylake> wrote in message
news:%23rT65QmGIHA.4808@TK2MSFTNGP05.phx.gbl...
| "Dan" <Dan@discussions.microsoft.com> wrote in message
| news:6ADCFC6A-B689-4DF8-ADC8-3527FB29FE0A@microsoft.com...
| >I will focus on your last question and I think Chris Quirke, MVP would
agree
| > with me that Windows 98 Second Edition is safer than XP Professional.
Here
| > are my web-links to prove my case:
| >
| > http://secunia.com/product/22/
| >
| > Vendor Microsoft
| >
| >
| > Product Link N/A
| >
| >
| > Affected By 192 Secunia advisories
| >
| >
| > Unpatched 16% (30 of 192 Secunia advisories)
| >
| >
| > Most Critical Unpatched
| > The most severe unpatched Secunia advisory affecting Microsoft Windows
XP
| > Professional, with all vendor patches applied, is rated Highly critical
| >
| > http://secunia.com/product/13/
| >
| > Vendor Microsoft
| >
| >
| > Product Link N/A
| >
| >
| > Affected By 32 Secunia advisories
| >
| >
| > Unpatched 9% (3 of 32 Secunia advisories)
| >
| >
| > Most Critical Unpatched
| > The most severe unpatched Secunia advisory affecting Microsoft Windows
98
| > Second Edition, with all vendor patches applied, is rated Less critical
| >
| >
| > That is my case.
|
| I responded without question. The only way 98 is safer than XP Pro is
because it's
| not targeted, that's all and no more. When XP Pro is configured properly
it is by
| far more secure than 98. Soon enough XP will be forgotten altogether as
the full
| attack goes Vista, and so on.
|
| --
|
| Brian A. Sesko { MS MVP_Shell/User }
| Conflicts start where information lacks.
| http://basconotw.mvps.org/
|
| Suggested posting do's/don'ts: http://www.dts-l.org/goodpost.htm
| How to ask a question: http://support.microsoft.com/kb/555375
|
|

I disagree. As XP is based upon the same base code as VISTA it will always
be attacked, and vigorously.
The coding differentials are so minuscule, that even if specific to VISTA,
the attack will work upon XP with equal if not more effectiveness, and even
less difficulty as there will be less to work-around. What hacks VISTA
*WILL* hack XP.
9X on the other hand, will receive less and less attention. One need look
no further than this group. There aren't many people who can even write a
simple batch file for 9X/DOS anymore.
Not saying there will be no attacks, as there is still sufficient viri,
hacks, and Spyware available [and targeted at installable 9X files]. But it
brings no recognition, and the OS is not being used now [very much anyway]
within supposedly secured areas and businesses as XP and VISTA are...

You can ignore these rather obvious aspects and continue to spout how
supposedly secure the newer operating systems are, but that smacks in the
face of the purpose of the attacks... glamour, fame, recognition, ID theft,
and all the other things now found with those NEW OSs... and the systems
which use them..

To say the XP is more secure is like putting your head in a paper bag and
claiming no one can see you...

--
MEB
http://peoplescounsel.orgfree.com
________
 
M

MEB

"98 Guy" <98@Guy.com> wrote in message news:472684F5.F1F7B493@Guy.com...
| MEB wrote:
|
| > I disagree. As XP is based upon the same base code as VISTA it
| > will always be attacked, and vigorously.
|
| The hackers are not "attacking" OS's.
|
| They are coding to take advantage of vulnerabilities in specific
| modules when such vulnerabilities are discovered or announced.

And let me guess, you think its all the professionals finding the holes....
gees you really are out there in a dream world aren't you..

|
| > 9X on the other hand, will receive less and less attention.
|
| Again, it's not the OS's that receive attention - it's the posted
| vulnerabilities that get attention.

OH REALLY. So these vulnerabilities are floating around in thin air
right... if your going to post stupid stuff, do it in some of your other
USENET haunts..

|
| If a hacker thinks he can leverage a vulnerability then the attempt
| will be made.
|
| Many of the vulnerabilities discovered over the past 5 years are
| buffer-overruns. Truth is that win-98 (or it's relavent IE module)
| will get tripped up when exposed to a given exploit. But usually it
| will only hang or crash the module - it won't execute as the hacker
| intended.

SO gees, if the hack worked for XP and didn't in 9X, just why is it that
you, in your infinite wisdom, think it didn't... oh tell me wise one ....

--
MEB
http://peoplescounsel.orgfree.com
________
 
D

Dan

I will focus on your last question and I think Chris Quirke, MVP would agree
with me that Windows 98 Second Edition is safer than XP Professional. Here
are my web-links to prove my case:

http://secunia.com/product/22/

Vendor Microsoft


Product Link N/A


Affected By 192 Secunia advisories


Unpatched 16% (30 of 192 Secunia advisories)


Most Critical Unpatched
The most severe unpatched Secunia advisory affecting Microsoft Windows XP
Professional, with all vendor patches applied, is rated Highly critical

http://secunia.com/product/13/

Vendor Microsoft


Product Link N/A


Affected By 32 Secunia advisories


Unpatched 9% (3 of 32 Secunia advisories)


Most Critical Unpatched
The most severe unpatched Secunia advisory affecting Microsoft Windows 98
Second Edition, with all vendor patches applied, is rated Less critical


That is my case.
 
B

Brian A.

"Dan" <Dan@discussions.microsoft.com> wrote in message
news:6ADCFC6A-B689-4DF8-ADC8-3527FB29FE0A@microsoft.com...
>I will focus on your last question and I think Chris Quirke, MVP would agree
> with me that Windows 98 Second Edition is safer than XP Professional. Here
> are my web-links to prove my case:
>
> http://secunia.com/product/22/
>
> Vendor Microsoft
>
>
> Product Link N/A
>
>
> Affected By 192 Secunia advisories
>
>
> Unpatched 16% (30 of 192 Secunia advisories)
>
>
> Most Critical Unpatched
> The most severe unpatched Secunia advisory affecting Microsoft Windows XP
> Professional, with all vendor patches applied, is rated Highly critical
>
> http://secunia.com/product/13/
>
> Vendor Microsoft
>
>
> Product Link N/A
>
>
> Affected By 32 Secunia advisories
>
>
> Unpatched 9% (3 of 32 Secunia advisories)
>
>
> Most Critical Unpatched
> The most severe unpatched Secunia advisory affecting Microsoft Windows 98
> Second Edition, with all vendor patches applied, is rated Less critical
>
>
> That is my case.

I responded without question. The only way 98 is safer than XP Pro is because it's
not targeted, that's all and no more. When XP Pro is configured properly it is by
far more secure than 98. Soon enough XP will be forgotten altogether as the full
attack goes Vista, and so on.

--

Brian A. Sesko { MS MVP_Shell/User }
Conflicts start where information lacks.
http://basconotw.mvps.org/

Suggested posting do's/don'ts: http://www.dts-l.org/goodpost.htm
How to ask a question: http://support.microsoft.com/kb/555375
 
D

Dan

Thank you, MEB. In addition, Windows 98 Second Edition has less services
than XP Professional thus it presents a smaller attack surface than all the
services that XP has compared to 98 Second Edition. Chris Quirke, MVP is
working on a maintenance operating system for Vista based on Ubantu Linux and
you must remember that 98 S.E. does have DOS for its maintenance operating
system. It would be great to have a trial of a clean install of Windows XP
Professional and a clean install of 98 Second Edition and see which a
hacker(cracker) could break into first. On another note, on page A16 art.com
apparently was hacked and the hacker or hackers broke through multiple layers
of security to break into the website so it just goes to show if you want
true safety and security that you use an old 486 IBM PC or such and store
your passwords there and not have it connected to the internet and just use a
password and even if a burglar breaks into your home they will most likely
ignore such an old PC anyway. I am becoming more convinced that Linux will
be the wave of the future, at least for the techies.
 
9

98 Guy

"Brian A." wrote:

> I responded without question. The only way 98 is safer than
> XP Pro is because it's not targeted, that's all and no more.

Bullshit.

Win-2K and XP were incredibly vulnerable to at least 5 network-based
worms that enabled those systems to be directly infected and
trojanized without their owners performing any act such as opening
e-mail or surfing the web.

Micro$oft is completely responsible for configuring XP (home and pro)
with certain settings and certain services turned on by default which
exposed those systems to the above-mentioned network vulnerabilities.
Micro$haft traded security for reduced end-user support load and in
doing so they exposed millions of idiots to infection who bought
XP-based home computers during 2002 and 2003. Macro$haft didn't even
have the wisdom to alter the default installation settings of XP-home
to more closely match the demands of the computing environments those
systems were likely used in.

The term "Internet Survival Time" is very well known (look it up on
Google). It was coined as a measure of how long an un-patched 2K or
XP system would last on the net before being hit by a worm. It became
a joke that you couldn't take a brand new install of 2k or XP and hang
it on the net and download patches without being infected before the
patches were installed.

You can take an original Win-98/se system and hang it on the net (with
default settings, no AV and no firewall, no NAT router) and it's not
vulnerable to anything.

Half the IE5 and IE6 vulnerabilities that affect 2K and XP don't even
apply to 98.

Macrosoft has time and time again posted advisories about
vulnerabilities where they list 98 as being affected in the advisory
summary, but don't list 98 in the details or FAQ section. That's
their way of making dupes like you, and the stupid tech press, believe
that XP wasn't a step backward when compared to 98.

> When XP Pro is configured properly it is by far more secure
> than 98.

In your dreams. The best XP can hope for is to be as EQUALLY secure
as 98. And that only came in the summer of 2004 with SP2 - almost 2
years after XP was introduced.

If you want to talk about desktop (login) security - that's another
matter completely. Most people here are not concerned about what
amounts to physical system accessibility, and that's not what this
thread is about.

IT and sys-admins hated and looked down on 9x for that reason. But
their notion of "security" is not what we're talking about here.
 
9

98 Guy

MEB wrote:

> I disagree. As XP is based upon the same base code as VISTA it
> will always be attacked, and vigorously.

The hackers are not "attacking" OS's.

They are coding to take advantage of vulnerabilities in specific
modules when such vulnerabilities are discovered or announced.

> 9X on the other hand, will receive less and less attention.

Again, it's not the OS's that receive attention - it's the posted
vulnerabilities that get attention.

If a hacker thinks he can leverage a vulnerability then the attempt
will be made.

Many of the vulnerabilities discovered over the past 5 years are
buffer-overruns. Truth is that win-98 (or it's relavent IE module)
will get tripped up when exposed to a given exploit. But usually it
will only hang or crash the module - it won't execute as the hacker
intended.
 
M

MEB

"98 Guy" <98@Guy.com> wrote in message news:47274760.47DF9D4@Guy.com...
| MEB wrote:
|
| > And let me guess, you think its all the professionals finding the
| > holes....
| > gees you really are out there in a dream world aren't you..
|
| You're the one in a dream world.

Okay, I'll take the bait... here we go again ...

|
| There are professional outfits that look for vulnerabilities (in all
| sorts of products, software and hardware) and there are other outfits
| that run a sort of exchange system where the manufacturer can decide
| whether they want to pay the discoverer for the details of the
| vulnerability.

As if these are the people hacking systems... asking for money would be or
could reasonably be labeled as extortion.
I realize you really have no comprehension of worldly affairs, you
constantly display such before this group and the world, but this is
something far worse...

ALL the crap you find on Secuna and the other such sites are KNOWN
vulnerabilities, not the as yet unknown... nor all the ones which hackers
may be using or intend to use ...

|
| But in almost every case for the past, say 3 or 4 years, exploits come
| out only after details of a vulnerability are made public. But that
| usually coincides with the availability of patch being announced.

You are truely friggin crazy ...

|
| Can you point to any recent vulnerability where the exploit was in the
| wild well before the vulnerability was publicly announced or even
| given a name?

Try reading the News some time... all of the recent successful hackings
were achieved by some hacker using some UNKNOWN vulnerability. It was only
AFTER THE FACT, that these vulnerabilities were addressed or listed. Or is
it that you can't read...

|
| > | Again, it's not the OS's that receive attention - it's the
| > | posted vulnerabilities that get attention.
| >
| > OH REALLY. So these vulnerabilities are floating around in thin
| > air right...
|
| I never said they're "floating around in thin air". They're listed by
| various agencies when they get discovered - or when their stakeholders
| give the go-ahead to announce their existence.

That's interesting... so its only these KNOWN vulnerabilities that exist in
your world of dreams.. or these are ONLY listed if the stockholders
authorize the release huh...

HAHAHAHAHA,,,, teehheee,,, you need to take that bag off your head... while
you're at it take out that nose ring that you are being lead around with ,
to your own slaughter ...

|
| > SO gees, if the hack worked for XP and didn't in 9X, just why
| > is it that you, in your infinite wisdom, think it didn't... oh
| > tell me wise one ....
|
| Because buffer overruns almost always mess with and manipulate stack
| data. For an exploit to run properly, it depends on the stack having
| a certain structure. Given that there are code differences between 9x
| and NT versions of many modules, it's highly likely that the stack
| structures and buffer areas (for a given module) of a system running
| 9x will not be identical to one running 2K or XP.

Buffer overruns huh,,, so your claim is, these are the most important
vulnerabilities.... that these are the most exploited??????? Sorry dude,
these just happen to be the most easily found...

Not unusual,,, the very thing you have used in this supposed demonstration,
is the very thing you were purporting as NOT being the opposing aspects,,
the differences in the OSs... do you ever think before you type, or does
this drivel you constantly post come naturally... doing to many drugs,
alcohol, or something, or are you suffering from some form of mental
illness? Hey, if you are I will give you more latitude... but if you're
not...

BTW: I corrected most of your spelling errors for you... but an apostrophe
is used to show conjunction or possession.. neither of which applies when
referencing multiple OS...

--
MEB
http://peoplescounsel.orgfree.com
________
 
9

98 Guy

MEB wrote:

> And let me guess, you think its all the professionals finding the
> holes....
> gees you really are out there in a dream world aren't you..

You're the one in a dream world.

There are professional outfits that look for vulnerabilities (in all
sorts of products, software and hardware) and there are other outfits
that run a sort of exchange system where the manufacturerer can decide
whether they want to pay the discoverer for the details of the
vulnerability.

But in almost every case for the past, say 3 or 4 years, exploits come
out only after details of a vulnerability are made public. But that
usually coincides with the availability of patch being announced.

Can you point to any recent vulnerability where the exploit was in the
wild well before the vulnerability was publically announced or even
given a name?

> | Again, it's not the OS's that receive attention - it's the
> | posted vulnerabilities that get attention.
>
> OH REALLY. So these vulnerabilities are floating around in thin
> air right...

I never said they're "floating around in thin air". They're listed by
various agencies when they get discovered - or when their stakeholders
give the go-ahead to announce their existance.

> SO gees, if the hack worked for XP and didn't in 9X, just why
> is it that you, in your infinite wisdom, think it didn't... oh
> tell me wise one ....

Because buffer overruns almost always mess with and manipulate stack
data. For an exploit to run properly, it depends on the stack having
a certain structure. Given that there are code differences between 9x
and NT versions of many modules, it's highly likely that the stack
structures and buffer areas (for a given module) of a system running
9x will not be identical to one running 2K or XP.
 
D

Dan

I will go even farther than you 98 Guy and say that the NT source code has
not been able to be better than 98 Second Edition until Vista which is secure
so far. I just hope that I can be able to license the 9x source code to help
in my research of making a safe and secure tri-source code operating system
for Microsoft.
 
B

Brian A.

Hang on to his shirt tails all you want and think about what he wrote, this part in
particular which goes against everything you stated in your original post.
<quote>
You can take an original Win-98/se system and hang it on the net (with
default settings, no AV and no firewall, no NAT router) and it's not
vulnerable to anything.
</quote>

I need not say any more.


--

Brian A. Sesko { MS MVP_Shell/User }
Conflicts start where information lacks.
http://basconotw.mvps.org/

Suggested posting do's/don'ts: http://www.dts-l.org/goodpost.htm
How to ask a question: http://support.microsoft.com/kb/555375


"Dan" <Dan@discussions.microsoft.com> wrote in message
news:D9FB8DB1-591B-4968-BF7F-55DDCDBCF0F8@microsoft.com...
>I will go even farther than you 98 Guy and say that the NT source code has
> not been able to be better than 98 Second Edition until Vista which is secure
> so far. I just hope that I can be able to license the 9x source code to help
> in my research of making a safe and secure tri-source code operating system
> for Microsoft.
 
B

Brian A.

"MEB" <meb@not here@hotmail.com> wrote in message
news:%238DnevoGIHA.4712@TK2MSFTNGP04.phx.gbl...
>
>
> "Brian A." <gonefish'n@afarawaylake> wrote in message
> news:%23rT65QmGIHA.4808@TK2MSFTNGP05.phx.gbl...
> | "Dan" <Dan@discussions.microsoft.com> wrote in message
> | news:6ADCFC6A-B689-4DF8-ADC8-3527FB29FE0A@microsoft.com...
> | >I will focus on your last question and I think Chris Quirke, MVP would
> agree
> | > with me that Windows 98 Second Edition is safer than XP Professional.
> Here
> | > are my web-links to prove my case:
> | >
> | > http://secunia.com/product/22/
> | >
> | > Vendor Microsoft
> | >
> | >
> | > Product Link N/A
> | >
> | >
> | > Affected By 192 Secunia advisories
> | >
> | >
> | > Unpatched 16% (30 of 192 Secunia advisories)
> | >
> | >
> | > Most Critical Unpatched
> | > The most severe unpatched Secunia advisory affecting Microsoft Windows
> XP
> | > Professional, with all vendor patches applied, is rated Highly critical
> | >
> | > http://secunia.com/product/13/
> | >
> | > Vendor Microsoft
> | >
> | >
> | > Product Link N/A
> | >
> | >
> | > Affected By 32 Secunia advisories
> | >
> | >
> | > Unpatched 9% (3 of 32 Secunia advisories)
> | >
> | >
> | > Most Critical Unpatched
> | > The most severe unpatched Secunia advisory affecting Microsoft Windows
> 98
> | > Second Edition, with all vendor patches applied, is rated Less critical
> | >
> | >
> | > That is my case.
> |
> | I responded without question. The only way 98 is safer than XP Pro is
> because it's
> | not targeted, that's all and no more. When XP Pro is configured properly
> it is by
> | far more secure than 98. Soon enough XP will be forgotten altogether as
> the full
> | attack goes Vista, and so on.
> |
> | --
> |
> | Brian A. Sesko { MS MVP_Shell/User }
> | Conflicts start where information lacks.
> | http://basconotw.mvps.org/
> |
> | Suggested posting do's/don'ts: http://www.dts-l.org/goodpost.htm
> | How to ask a question: http://support.microsoft.com/kb/555375
> |
> |
>
> I disagree. As XP is based upon the same base code as VISTA it will always
> be attacked, and vigorously.

As long as it has the name of Microsoft attached to it, it will be targeted.

> The coding differentials are so minuscule, that even if specific to VISTA,
> the attack will work upon XP with equal if not more effectiveness, and even
> less difficulty as there will be less to work-around. What hacks VISTA
> *WILL* hack XP.

In many of those aspescts, true, but not in every one. As code changes so do the
targeted systems, that's not saying Vista will pull away from XP, yet it can and will
change in ways.

> 9X on the other hand, will receive less and less attention. One need look
> no further than this group. There aren't many people who can even write a
> simple batch file for 9X/DOS anymore.
> Not saying there will be no attacks, as there is still sufficient viri,

Watch yourself and gear up for battle using the word viri, there are those out here
that will chastise you for it, been there already.

> hacks, and Spyware available [and targeted at installable 9X files]. But it
> brings no recognition, and the OS is not being used now [very much anyway]
> within supposedly secured areas and businesses as XP and VISTA are...

That doesn't make 98 any more secure, only less vulnerable.

>
> You can ignore these rather obvious aspects and continue to spout how
> supposedly secure the newer operating systems are, but that smacks in the
> face of the purpose of the attacks... glamour, fame, recognition, ID theft,
> and all the other things now found with those NEW OSs... and the systems
> which use them..

I don't continue to spout about anything, I'm certainly not on any crusade to push
a product (not stating you implied that). I stated that a "Properly Configured" XP
Pro machine is by far more secure than 98. That's not saying it's less vulnerable to
attack or that it can't be compromised, it states that it can be locked down tighter
when properly configured. The "glamour, fame, recognition, ID theft," etc. is a Cat
and Mouse game that will never end and it most certainly isn't only utilized with
PC's.

>
> To say the XP is more secure is like putting your head in a paper bag and
> claiming no one can see you...

That's rediculous, your arms and legs still show, you need a full body bag.



--

Brian A. Sesko { MS MVP_Shell/User }
Conflicts start where information lacks.
http://basconotw.mvps.org/

Suggested posting do's/don'ts: http://www.dts-l.org/goodpost.htm
How to ask a question: http://support.microsoft.com/kb/555375
 
M

MEB

"Brian A." <gonefish'n@afarawaylake> wrote in message
news:O9IlJf5GIHA.3600@TK2MSFTNGP06.phx.gbl...
| "MEB" <meb@not here@hotmail.com> wrote in message
| news:%238DnevoGIHA.4712@TK2MSFTNGP04.phx.gbl...
| >
| >
| > "Brian A." <gonefish'n@afarawaylake> wrote in message
| > news:%23rT65QmGIHA.4808@TK2MSFTNGP05.phx.gbl...
| > | "Dan" <Dan@discussions.microsoft.com> wrote in message
| > | news:6ADCFC6A-B689-4DF8-ADC8-3527FB29FE0A@microsoft.com...
| > | >I will focus on your last question and I think Chris Quirke, MVP
would
| > agree
| > | > with me that Windows 98 Second Edition is safer than XP
Professional.
| > Here
| > | > are my web-links to prove my case:
| > | >
| > | > http://secunia.com/product/22/
| > | >
| > | > Vendor Microsoft
| > | >
| > | >
| > | > Product Link N/A
| > | >
| > | >
| > | > Affected By 192 Secunia advisories
| > | >
| > | >
| > | > Unpatched 16% (30 of 192 Secunia advisories)
| > | >
| > | >
| > | > Most Critical Unpatched
| > | > The most severe unpatched Secunia advisory affecting Microsoft
Windows
| > XP
| > | > Professional, with all vendor patches applied, is rated Highly
critical
| > | >
| > | > http://secunia.com/product/13/
| > | >
| > | > Vendor Microsoft
| > | >
| > | >
| > | > Product Link N/A
| > | >
| > | >
| > | > Affected By 32 Secunia advisories
| > | >
| > | >
| > | > Unpatched 9% (3 of 32 Secunia advisories)
| > | >
| > | >
| > | > Most Critical Unpatched
| > | > The most severe unpatched Secunia advisory affecting Microsoft
Windows
| > 98
| > | > Second Edition, with all vendor patches applied, is rated Less
critical
| > | >
| > | >
| > | > That is my case.
| > |
| > | I responded without question. The only way 98 is safer than XP Pro
is
| > because it's
| > | not targeted, that's all and no more. When XP Pro is configured
properly
| > it is by
| > | far more secure than 98. Soon enough XP will be forgotten altogether
as
| > the full
| > | attack goes Vista, and so on.
| > |
| > | --
| > |
| > | Brian A. Sesko { MS MVP_Shell/User }
| > |
| >
| > I disagree. As XP is based upon the same base code as VISTA it will
always
| > be attacked, and vigorously.
|
| As long as it has the name of Microsoft attached to it, it will be
targeted.

Not necessarily true. Should Microsoft lose its market mastery, then
whatever takes its place would become the target.

|
| > The coding differentials are so minuscule, that even if specific to
VISTA,
| > the attack will work upon XP with equal if not more effectiveness, and
even
| > less difficulty as there will be less to work-around. What hacks VISTA
| > *WILL* hack XP.
|
| In many of those aspects, true, but not in every one. As code changes
so do the
| targeted systems, that's not saying Vista will pull away from XP, yet it
can and will
| change in ways.

Well, of course I would by necessity agree in part. There will be VISTA
*only* hacks created sometime in the future, but for the present time, as
the coding is shared [XP now in the position that 9X was during the XP><9X
support days, e.g., receiving patches more designed for VISTA than XP] these
shared aspects will continue to supply the necessary entry points.
Regretfully, it appears Microsoft shows even less interest in patching all
the holes in XP than it did with 9X or even NT.

|
| > 9X on the other hand, will receive less and less attention. One need
look
| > no further than this group. There aren't many people who can even write
a
| > simple batch file for 9X/DOS anymore.
| > Not saying there will be no attacks, as there is still sufficient viri,
|
| Watch yourself and gear up for battle using the word viri, there are
those out here
| that will chastise you for it, been there already.

Yeah, I remember those... strange that semantics such as that tend to bring
lengthy discussions, as if those are world shaking/changing.

|
| > hacks, and Spyware available [and targeted at installable 9X files]. But
it
| > brings no recognition, and the OS is not being used now [very much
anyway]
| > within supposedly secured areas and businesses as XP and VISTA are...
|
| That doesn't make 98 any more secure, only less vulnerable.

Hmm, that seems to create a contrast. If less vulnerable [be it because of
lack of interest or otherwise], then by mere extension, it becomes more
secure. Less interest attended towards attacking, less chances of being
attacked = by omission > more secure.

|
| >
| > You can ignore these rather obvious aspects and continue to spout how
| > supposedly secure the newer operating systems are, but that smacks in
the
| > face of the purpose of the attacks... glamour, fame, recognition, ID
theft,
| > and all the other things now found with those NEW OSs... and the systems
| > which use them..
|
| I don't continue to spout about anything, I'm certainly not on any
crusade to push
| a product (not stating you implied that). I stated that a "Properly
Configured" XP
| Pro machine is by far more secure than 98. That's not saying it's less
vulnerable to
| attack or that it can't be compromised, it states that it can be locked
down tighter
| when properly configured. The "glamour, fame, recognition, ID theft,"
etc. is a Cat
| and Mouse game that will never end and it most certainly isn't only
utilized with
| PC's.

Spout was used to instill a conversation... I realize you're not really a
Microsoft clone ...

True,,, in part. XP and VISTA can be locked down *tighter*, however, they
[the newer OSs] also contain far more aspects [vulnerabilities if you will]
that can be hacked. From ingrained AutoUpdating, to pre-configured
Firewalls, to the basic networking aspects broadcast to the world, to UPnP,
to .... The fact that these are OSs designed FOR networking brings with them
unprecedented potential vulnerabilities.
Hackers no longer need to LOOK for the code [determine which third party
program was used], it came with their own systems. They no longer need to
OBSERVE the packet signatures, just for the OS indicators [and they know
them well]. Each time Microsoft patches anything, they get those same
updates, and adjust accordingly ...

We could even go the route of *root kits*, though there we would need to
again address the old style [for example] 9X/DOS *cult of the mad cow* hacks
now generally considered as virus, whereas, these newer systems, by their
very design, are inherently more vulnerable and thereby, difficulties
expanded in preventing such attacks. PGP, in its day, was 4096 and above
cipher... yet this same style of *trust* and *keys* is employed as the MAJOR
security aspect in XP and VISTA but at a significantly lesser strength, and
following standards of the government, designed by the government, and
suggested by the government. That is something that everyone should at least
question ...
I mean [for example], Verisign? Who determined that was a trusted source?
Its a business, and EBERY business is out for profit,,, and ALWAYS
potentially for sale ...

The point is, these OSs are designed around pre-determined trust ...

|
| >
| > To say the XP is more secure is like putting your head in a paper bag
and
| > claiming no one can see you...
|
| That's ridiculous, your arms and legs still show, you need a full body
bag.

Yes, that is a little ridiculous isn't it... of course you could wear one
of those whole body Halloween condom costumes <G>...

|
|
|
| --
|
| Brian A. Sesko { MS MVP_Shell/User }
|

--
MEB
http://peoplescounsel.orgfree.com
________
 
9

98-Guy

"Brian A." wrote:

> > You can take an original Win-98/se system and hang it on the net
> > (with default settings, no AV and no firewall, no NAT router)
> > and it's not vulnerable to anything.
>
> I need not say any more.

Not unless you want to actually support your vacuous statement.

Perhaps by actually naming any such win-98 vulnerability.

I'll even help you out.

Here is the complete list of 31 vulnerabilities for Win 98:

http://secunia.com/product/12/?task=advisories

And here is the list of 32 win-98se vulnerabilities:

http://secunia.com/product/13/?task=advisories

Tell us which one(s) create a vulnerability when a win-98 system has a
live, unprotected internet connection.

Or perhaps you will lay low, and not directly respond to this post, as
you didn't respond to my preceeding one.
 
9

98-Guy

"Brian A." wrote:

> I stated that a "Properly Configured" XP Pro machine is by far
> more secure than 98. That's not saying it's less vulnerable to
> attack or that it can't be compromised,

Great logic.

That's like saying 4 is larger than 2, but 2 isin't necessarily
smaller than 4.

> it states that it can be locked down tighter when properly
> configured.

Win-98 has far fewer vulnerabilities than XP, and none of win-98's
vulnerabilities were was crippling or debilitating from a
remote-access, remote-control POV than were XP's. None of Win-98's
vulnerabilities came close to allowing remote takeover and code
execution simply by having a working, unprotected internet connection.

And please explain how XP can be "locked down tighter" than win-98.
What aspect can be made "tighter" when compared to win-98?

> As long as it has the name of Microsoft attached to it, it
> will be targeted.

So a Meekro$oft apologist takes pride in how MS has used their illegal
monopoly position to become the dominant OS, thereby he can throw up
his hands and say the evil hackers go after MS software for political
or ideological reasons.
 
J

John John

98-Guy wrote:

> None of Win-98's
> vulnerabilities came close to allowing remote takeover and code
> execution simply by having a working, unprotected internet connection.


http://search.yahoo.com/search?p="w..."&y=Search&fr=yfp-t-501&xargs=0&pstart=1&b=11
http://www.cve.mitre.org/cgi-bin/cvekey.cgi?keyword=windows+98
http://search.yahoo.com/search_ylt=...port+139"+security+flaw&y=Search&fr=yfp-t-501

And don't go about telling us that these vulnerabilities only affect
Windows 98 if users "actually" use the internet (as opposed to only
being connected). If you connect to the internet you will use it, else
why bother having a connection? If you use Windows 98 as shipped and
without protection your computer can be compromised by simply visiting a
web site...

John
 
9

98 Guy

John John wrote:

> > None of Win-98's vulnerabilities came close to allowing remote
> > takeover and code execution simply by having a working,
> > unprotected internet connection.

(various non-specific URL's omitted)

> And don't go about telling us that these vulnerabilities
> only affect Windows 98 if users "actually" use the internet

There is a very important distinction between a vunerability that only
requires internet connectivity (and no user involvement) vs running a
vulnerable application on an otherwise secure system.

All you've shown is a series of IE vulnerabilities. Your examples
break down if I use a non-MS browser and e-mail client.

But that's irrelavent.

Many Win-2k and XP systems were victimized by the welchia, sasser, SQL
Slammer and Opanki network worms, for example.

Doesn't matter if you practice "safe hex". Doesn't matter if you ran
Mozilla or netscape or firefox or opera and you didn't touch IE with a
10 foot pole. If you ran 2K or XP you were screwed. Those systems
went on to take their place in botnet land. You most likely received
spam from them.

Power users who quickly migrated to 2K and early adopters of XP were
screwed over by all manner of worms while win-98 users stood by and
watched those clowns fight off their infections.
 
You must log in or register to reply here.

Similar threads

B
Windows 11, worse than Vista, ME, 2000 or 98
Replies
0
Views
28
BrianS00000000
B
W
Any fixes on my CPU being used 98%-100% almost all the time?
Replies
0
Views
31
Wingleyy
W
L
is modern warfare 2 on windows store for pc
Replies
0
Views
28
lowrider0011
L
T
How can I get my browser to work after it fails to start because its side-by-side configuration is incorrect?
Replies
0
Views
39
Timot_677
T
T
How can I get my browser to work after it fails to start because its side-by-side configuration is incorrect?
Replies
0
Views
33
Timot_677
T
Back
Top Bottom