Password security in Win98

  • Thread starter Rosivaldo Fernandes Alves
  • Start date
R

Rosivaldo Fernandes Alves

I have a Win98 and a WinXP in a home LAN. In this group I've learned that a
Win98 account may access WinXP shared resources provided the latter has an
account with name and password identical to those of the account in the
former.

Since I think that Win98 stores the passwords in a much less safe way than
WinXP does, I'm somewhat worried about the risk of these passwords to be
cracked via this possible vulnerability, compromising my WinXP security.

Could some one help me about this?

Thanks in advance and forgive my poor English.

Rosivaldo.
 
G

glee

I have a Win98SE machine and a WinXP Pro machine that I network at home.

I do NOT use a password (or more exactly, I use a blank password) to log onto the
Win98SE machine, so I do not see any log-in screen when using that machine.

On my XP Pro system, I log on at the Welcome screen with a specific username and a
password.

I can access shared files and folders on the XP system from the 98SE system, and
vice versa.

So, your initial premise is not necessarily correct.

I suggest you ask your questions on this subject in an XP group or a networking
group.
--
Glen Ventura, MS MVP Shell/User, A+


"Rosivaldo Fernandes Alves" <rfa@jfse.gov.br> wrote in message
news:OwbWmXRPIHA.5164@TK2MSFTNGP03.phx.gbl...
>I have a Win98 and a WinXP in a home LAN. In this group I've learned that a Win98
>account may access WinXP shared resources provided the latter has an account with
>name and password identical to those of the account in the former.
>
> Since I think that Win98 stores the passwords in a much less safe way than WinXP
> does, I'm somewhat worried about the risk of these passwords to be cracked via
> this possible vulnerability, compromising my WinXP security.
>
> Could some one help me about this?
>
> Thanks in advance and forgive my poor English.
>
> Rosivaldo.
>
 
N

Nigel Stapley

glee wrote:
> I have a Win98SE machine and a WinXP Pro machine that I network at home.
>
> I do NOT use a password (or more exactly, I use a blank password) to log
> onto the Win98SE machine, so I do not see any log-in screen when using
> that machine.
>
> On my XP Pro system, I log on at the Welcome screen with a specific
> username and a password.
>
> I can access shared files and folders on the XP system from the 98SE
> system, and vice versa.

Slightly curious about this. I now have a similar setup, i.e. XP Pro on
one machine, 98SE on the other.

When I boot up the 98 box, I'm presented with two logon prompts. The
first one is for the network, where I log on with the name and password
from a second account on the XP Pro machine. Then comes the 98 logon
prompt. I've always logged in on that too (rather than cancel it). I
haven't tried seeing what happens if I just cancel the second one.


--
Regards

Nigel Stapley

www.judgemental.plus.com

<reply-to will bounce>
 
G

glee

"Nigel Stapley" <unet@judgemental.plus.com> wrote in message
news:13m1me883se649d@corp.supernews.com...
> glee wrote:
>> I have a Win98SE machine and a WinXP Pro machine that I network at home.
>>
>> I do NOT use a password (or more exactly, I use a blank password) to log onto the
>> Win98SE machine, so I do not see any log-in screen when using that machine.
>>
>> On my XP Pro system, I log on at the Welcome screen with a specific username and
>> a password.
>>
>> I can access shared files and folders on the XP system from the 98SE system, and
>> vice versa.
>
> Slightly curious about this. I now have a similar setup, i.e. XP Pro on one
> machine, 98SE on the other.
>
> When I boot up the 98 box, I'm presented with two logon prompts. The first one is
> for the network, where I log on with the name and password from a second account
> on the XP Pro machine. Then comes the 98 logon prompt. I've always logged in on
> that too (rather than cancel it). I haven't tried seeing what happens if I just
> cancel the second one.

If you Cancel the log-on for 98, I don't know if you'll be able to connect to the XP
machine or not....let me know. I don't Cancel in 98, I simply do not have a
password, so there is no log-in box. I don't keep the network cable attached unless
I am going to use it, so I don't get a log-on for the XP machine until I try to
access a resource.

Also, you may have your 98 networking configured differently than I do, as far as
the Primary Network Logon and so forth, in the Network control panel.
--
Glen Ventura, MS MVP Shell/User, A+
 
B

Brian A.

"Rosivaldo Fernandes Alves" <rfa@jfse.gov.br> wrote in message
news:OwbWmXRPIHA.5164@TK2MSFTNGP03.phx.gbl...
>I have a Win98 and a WinXP in a home LAN. In this group I've learned that a Win98
>account may access WinXP shared resources provided the latter has an account with
>name and password identical to those of the account in the former.

AFAIK that's only in a Domain on a server. You should only need to have the proper
components/protocols installed in order to share folders/files in a Workgroup.

>
> Since I think that Win98 stores the passwords in a much less safe way than WinXP
> does, I'm somewhat worried about the risk of these passwords to be cracked via this
> possible vulnerability, compromising my WinXP security.

Depending on the XP version depends on how well you can lock up the XP machine from
compromise, XP Pro is much more secure than Home. Also, as long as you keep you LAN
secured from any unauthorized access from the WAN it will minimize any security
breach. Lastly you should not let any unauthorized access on any machine from
anywhere by anyone that can not be 100% trusted.

>
> Could some one help me about this?
>
> Thanks in advance and forgive my poor English.
>
> Rosivaldo.
>

--

Brian A. Sesko { MS MVP_Shell/User }
Conflicts start where information lacks.
http://basconotw.mvps.org/

Suggested posting do's/don'ts: http://www.dts-l.org/goodpost.htm
How to ask a question: http://support.microsoft.com/kb/555375
 
M

MEB

"Rosivaldo Fernandes Alves" <rfa@jfse.gov.br> wrote in message
news:OwbWmXRPIHA.5164@TK2MSFTNGP03.phx.gbl...
| I have a Win98 and a WinXP in a home LAN. In this group I've learned that
a
| Win98 account may access WinXP shared resources provided the latter has an
| account with name and password identical to those of the account in the
| former.
|
| Since I think that Win98 stores the passwords in a much less safe way than
| WinXP does, I'm somewhat worried about the risk of these passwords to be
| cracked via this possible vulnerability, compromising my WinXP security.
|
| Could some one help me about this?
|
| Thanks in advance and forgive my poor English.
|
| Rosivaldo.
|
|

It appears that this party either has a need to use passwords, or believes
that they do. Also, the networking help groups generally supply the
recommendation to use passwords and USERS to increase the security of one's
system.

It would be interesting to review why this party, who presently uses
passwords, believes they need or wishes to use passwords.

Others have posted personal preference or personal setup, but may have
overlooked the question itself [though perhaps I have mistaken the query].

The query appears to relate to HOW to ensure passwords were not exposed,
and whether there was any way to ensure they were protected.

Simple File Sharing would be the easiest configuration, particularly if the
Internet accessing system was the XP system using a firewall, perhaps in an
ICS configuration, with a firewall and preferably a router. However, this
still leaves the issues which appeared to be included in the query.

If the computers in question, are not part of a domain [and protected by
other aspects therein], then the Windows 98 system is not really protected
related to password protection. Using blank passwords would be a security
hole, and easily found and circumvented, the same as using some easily
guessable password would be.


IF the concern is a more secured system, both local and Internet, then
Users and passwords within the local system is one more layer of
protection.

The original poster is correct, in that 98 stores its passwords in a much
more insecure way. In fact, its been something that I also was once
concerned with, to the point that third party programs were used to encrypt
and protect them [and related files]. The decryption was done automatically
and essentially invisibly. The old PGP suite included networking security,
which could use various forms [encryptors] to increase security. There were
also other programs which could be used to encrypt/decrypt passwords and
supplied such *on demand*. I'm not sure, however, whether some of these were
*network aware*.

It might be of interest, to review some of those programs, and whether they
could, perhaps, provide additional security in the 9X environment.


--
MEB
http://peoplescounsel.orgfree.com
________
 
N

Nigel Stapley

glee wrote:

>
> If you Cancel the log-on for 98, I don't know if you'll be able to
> connect to the XP machine or not....let me know.

Yep, you can.

--
Regards

Nigel Stapley

www.judgemental.plus.com

<reply-to will bounce>
 
You must log in or register to reply here.

Similar threads

J
How to reset password on old account
Replies
0
Views
36
juan maldonado5
J
G
Unable to change hacked account's email! I recovered my account by getting a password reset BUT I can't change the email the hacker put in my account
Replies
0
Views
58
Gavin888
G
J
Unusual sign-in activity / multiple foregin countries / Can login to account cant change password
Replies
0
Views
78
Javier Morata-Plaza
J
C
Why can't I reuse old passwords? My security is MY concern, not yours.
Replies
0
Views
79
Common microsoft failure
C
V
Access Denied Error When Resetting Account Operator password with a user given delegated permissions
Replies
0
Views
90
Vic_MC20
V
Back
Top Bottom