Securing Windows 98(SE) in the Modern Age

[Guest Dan]

1. I would suggest using a wired connection with ethernet and a NAT address

within your router. You can go to grc.com and check the Shields Up test to

see if over 1000 ports are stealthed with green setting.

 

2. I would suggest making sure your Windows 98 Second Edition and its

associated updates are fully up to date and would suggest using the security

cd if you have it although you will have to edit the *.inf as PCR has

suggested to show to some programs that it is indeed 98 Second Edition. You

will need to use the Windows update site after that. I cannot endorse the

use of non-approproved Microsoft update packs and they may or may not work

but use them at your own risk and make sure your PC is backed up fully before

installing one of course.

 

3. I would suggest using an antivirus program like AVG antivirus that has

worked well for me and my dad or Avast that many users here seem to like but

I did not care for its interface.

 

4. I would suggest using anti-spyware programs and the ones I particularly

like for 98 Second Edition are SpywareBlaster and Spybot Search and Destroy.

Please make sure you get them from their main sites or a fairly safe

alternative like majorgeeks.com website. I do not care for Adaware any more

because of false positives in the past. Another one is CWShredder if you

need it and HiJack This but with HiJackThis make sure experts help you and

just don't go willy nilly and delete potentially good and needed stuff on

your machine.

 

5. I would suggest using Mozilla Firefox version 2.0.0.8 or its latest

version for better browser security and safety over Internet Explorer.

Mozilla Firefox supports 256 bit cipher strength in Windows 98 that Microsoft

only supports 256 bit cipher strength in Vista with Internet Explorer

currently. Internet Explorer also has Active X vulnerabilites that are

targetted frequently. The same goes for you Apple users and Linux users as

well. Safari for Apple only has a maximum encryption of 128 bit so it is

lacking as well. I have discovered that 128 bit encryption can be hacked in

15 minutes or less with 2 or 3 Craig Supercomputers working on the encryption

strength cipher and that is why the industry is way behind on this. Bank of

America and Citicards continue to use only 128 bit encryption and Bank of

America does not seem to care but at least Citicards said they are working on

implementing Mozilla Firefox with 256 bit encryption. The safest way is to

post information on an off-line computer of course but industry standards are

lacking compared to the latest threats available on-line to break computer

encryption.

 

6. Please practice safe browsing methods and do not open email attachments

until you are sure they are safe. Be aware of the many phising scams out

there and especially ones that claim to be from Microsoft or someone or other

wanting information or money because it is not what it claims to be

especially if it sounds to good to be true. Contact the business from their

main number from the telephone book or the back of your bank or from your

business card. Information can help if you get stuck as well. Please also

block html code as a default precaution and only view when you are sure it is

safe. You can read in plain text and send in plain text and that is fairly

safe.

 

7. Please be aware that information you post on the Internet is available

for everyone to view so just remember how much information you are willing to

freely give the public about yourself.

 

8. Please be careful about social-networking sites like MySpace and/or

Facebook and others that could data mine your information. Heck, a website

which was one I enjoyed posting at which was tsl-game.com had its forum

hacked this summer with 9-11 propaganda posted. Here is the weblink if any

are interested in reading about it:

 

http://www.tsl-game.com/forum/index.php?topic=6115.0

 

9. Please be careful who you trust especially if you are younger than 21

because there are a lot of terrible people out there that ruthlessly prey

upon weak and innocent children and hurt women also so the Internet has

become a tool to try and force some people in bad situations to be monitored

so much that they are like slaves.

 

10. A final word is to be careful what you download because if it is free

games, wallpaper, software, music, etc. then you could be getting more than

you bargain for originally and it is not worth it. You could be opening your

machine up to spyware, adware, trojans, viruses, identity theft, etc. and

lawsuits from the music or other industries against you and please do things

legally.

 

The end of my 10 comments that are good general computer tips with Windows

98 Second Edition in the front of my mind thus I had no reason to mention

things like Windows Defender that is not supported on 98 Second Edition. If

you check out the secunia.com website and do your research you will see how

much safer Mozilla Firefox is than all versions of Internet Explorer and how

98 Second Edition is safer currently than XP Home and Professional.

Fortunately, Vista is secure but has automatic issues, backwards

compatibility issues and other issues because it is too new. Have a nice day.

[Guest Don Phillipson]

Re: Securing Windows 98(SE) in the Modern Age

 

"Dan" <Dan@discussions.microsoft.com> wrote in message

news:5B4DD8C0-7610-474B-A0D0-3AB501CC194D@microsoft.com...

 

[Good advice snipped]

> 5. I would suggest using Mozilla Firefox version 2.0.0.8 or its latest

> version for better browser security and safety over Internet Explorer.

 

Better check in advance before dumping IE because some other

computer companies link exclusively with that (and not Firefox.)

E.g. my bank processes work perfectly via Firefox but not

Quicken/Intuit which links only with IE.

 

A point omitted by Dan is PC housekeeping and backup routines.

We should not use MSBACKUP which is seriously flawed. Hard

drive space is now so cheap we seldom need to compress backed up

files. Windows protection prevents our copying some important system

files but some third-party utilities bypass this, see http://www.xxcopy.com

 

--

Don Phillipson

Carlsbad Springs

(Ottawa, Canada)

[Guest Brian A.]

Re: Securing Windows 98(SE) in the Modern Age

 

"Dan" <Dan@discussions.microsoft.com> wrote in message

news:5B4DD8C0-7610-474B-A0D0-3AB501CC194D@microsoft.com...

> 1. I would suggest using a wired connection with ethernet and a NAT address

> within your router. You can go to grc.com and check the Shields Up test to

> see if over 1000 ports are stealthed with green setting.

 

Without going back to check, IIRC the GRC port test checks 1500 ports. If the user

has no router and does not use a sufficient third party firewall it means nothing.

If they do have a router incorporated into their network, it also means squat if they

fail to change the default un/pw provided with the router. In todays cat and mouse

battle with the way hackers have progressed, one of the first lines of defense is to

change the default un/pw of any router utilized in a network.

>

> 2. I would suggest making sure your Windows 98 Second Edition and its

> associated updates are fully up to date and would suggest using the security

> cd if you have it although you will have to edit the *.inf as PCR has

> suggested to show to some programs that it is indeed 98 Second Edition. You

> will need to use the Windows update site after that. I cannot endorse the

> use of non-approproved Microsoft update packs and they may or may not work

> but use them at your own risk and make sure your PC is backed up fully before

> installing one of course.

 

IMHO the security update CD is not the way to go other than the rare exception

after a clean install. If a user has a reasonably fast connection on the net,

downloading and installing the updates will be much quicker than any read/write from

a CD.

>

> 3. I would suggest using an antivirus program like AVG antivirus that has

> worked well for me and my dad or Avast that many users here seem to like but

> I did not care for its interface.

 

Again, IMHO AVG is crap, Avast is subliminal. Either way, both apps will sooner

than later be integrated into a suite and no longer support 98.

>

> 4. I would suggest using anti-spyware programs and the ones I particularly

> like for 98 Second Edition are SpywareBlaster and Spybot Search and Destroy.

> Please make sure you get them from their main sites or a fairly safe

> alternative like majorgeeks.com website. I do not care for Adaware any more

> because of false positives in the past. Another one is CWShredder if you

> need it and HiJack This but with HiJackThis make sure experts help you and

> just don't go willy nilly and delete potentially good and needed stuff on

> your machine.

 

Without knowing your exact situation I will venture to guess that the Adaware

false/positives had to do with cookies and/or MRU's. Adaware has always been a good

compliment to SB S&D and visa versa, each one identifying something the other didn't.

>

> 5. I would suggest using Mozilla Firefox version 2.0.0.8 or its latest

> version for better browser security and safety over Internet Explorer.

> Mozilla Firefox supports 256 bit cipher strength in Windows 98 that Microsoft

> only supports 256 bit cipher strength in Vista with Internet Explorer

> currently. Internet Explorer also has Active X vulnerabilites that are

> targetted frequently. The same goes for you Apple users and Linux users as

> well. Safari for Apple only has a maximum encryption of 128 bit so it is

> lacking as well. I have discovered that 128 bit encryption can be hacked in

> 15 minutes or less with 2 or 3 Craig Supercomputers working on the encryption

> strength cipher and that is why the industry is way behind on this. Bank of

> America and Citicards continue to use only 128 bit encryption and Bank of

> America does not seem to care but at least Citicards said they are working on

> implementing Mozilla Firefox with 256 bit encryption. The safest way is to

> post information on an off-line computer of course but industry standards are

> lacking compared to the latest threats available on-line to break computer

> encryption.

 

Personally IMHO again, your PC and/or network are only as secure as one makes it.

It makes no difference on which browser a user deploys when it comes to online sites,

the difference in security has to do with the administrator of that site and how well

they lock it down.

>

> 6. Please practice safe browsing methods and do not open email attachments

> until you are sure they are safe. Be aware of the many phising scams out

> there and especially ones that claim to be from Microsoft or someone or other

> wanting information or money because it is not what it claims to be

> especially if it sounds to good to be true. Contact the business from their

> main number from the telephone book or the back of your bank or from your

> business card. Information can help if you get stuck as well. Please also

> block html code as a default precaution and only view when you are sure it is

> safe. You can read in plain text and send in plain text and that is fairly

> safe.

 

Browsing the net and emails are two separate entities. Aside from that it should

be stated that "No Email" should ever be opened if the sender is unknown to the

reciever.

>

> 7. Please be aware that information you post on the Internet is available

> for everyone to view so just remember how much information you are willing to

> freely give the public about yourself.

 

Not 100% true depending on how one reads into the statement and the way I read it's

completely false.

>

> 8. Please be careful about social-networking sites like MySpace and/or

> Facebook and others that could data mine your information. Heck, a website

> which was one I enjoyed posting at which was tsl-game.com had its forum

> hacked this summer with 9-11 propaganda posted. Here is the weblink if any

> are interested in reading about it:

>

> http://www.tsl-game.com/forum/index.php?topic=6115.0

>

> 9. Please be careful who you trust especially if you are younger than 21

> because there are a lot of terrible people out there that ruthlessly prey

> upon weak and innocent children and hurt women also so the Internet has

> become a tool to try and force some people in bad situations to be monitored

> so much that they are like slaves.

>

> 10. A final word is to be careful what you download because if it is free

> games, wallpaper, software, music, etc. then you could be getting more than

> you bargain for originally and it is not worth it. You could be opening your

> machine up to spyware, adware, trojans, viruses, identity theft, etc. and

> lawsuits from the music or other industries against you and please do things

> legally.

>

> The end of my 10 comments that are good general computer tips with Windows

> 98 Second Edition in the front of my mind thus I had no reason to mention

> things like Windows Defender that is not supported on 98 Second Edition. If

> you check out the secunia.com website and do your research you will see how

> much safer Mozilla Firefox is than all versions of Internet Explorer and how

> 98 Second Edition is safer currently than XP Home and Professional.

> Fortunately, Vista is secure but has automatic issues, backwards

> compatibility issues and other issues because it is too new. Have a nice day.

 

XP Pro is by far more secure than 98/SE, again, it's up to the user/admin to lock

the system(s) down.

 

 

--

 

Brian A. Sesko { MS MVP_Shell/User }

Conflicts start where information lacks.

http://basconotw.mvps.org/

 

Suggested posting do's/don'ts: http://www.dts-l.org/goodpost.htm

How to ask a question: http://support.microsoft.com/kb/555375

[Guest MEB]

Re: Securing Windows 98(SE) in the Modern Age

 

 

 

"Brian A." <gonefish'n@afarawaylake> wrote in message

news:%23rT65QmGIHA.4808@TK2MSFTNGP05.phx.gbl...

| "Dan" <Dan@discussions.microsoft.com> wrote in message

| news:6ADCFC6A-B689-4DF8-ADC8-3527FB29FE0A@microsoft.com...

| >I will focus on your last question and I think Chris Quirke, MVP would

agree

| > with me that Windows 98 Second Edition is safer than XP Professional.

Here

| > are my web-links to prove my case:

| >

| > http://secunia.com/product/22/

| >

| > Vendor Microsoft

| >

| >

| > Product Link N/A

| >

| >

| > Affected By 192 Secunia advisories

| >

| >

| > Unpatched 16% (30 of 192 Secunia advisories)

| >

| >

| > Most Critical Unpatched

| > The most severe unpatched Secunia advisory affecting Microsoft Windows

XP

| > Professional, with all vendor patches applied, is rated Highly critical

| >

| > http://secunia.com/product/13/

| >

| > Vendor Microsoft

| >

| >

| > Product Link N/A

| >

| >

| > Affected By 32 Secunia advisories

| >

| >

| > Unpatched 9% (3 of 32 Secunia advisories)

| >

| >

| > Most Critical Unpatched

| > The most severe unpatched Secunia advisory affecting Microsoft Windows

98

| > Second Edition, with all vendor patches applied, is rated Less critical

| >

| >

| > That is my case.

|

| I responded without question. The only way 98 is safer than XP Pro is

because it's

| not targeted, that's all and no more. When XP Pro is configured properly

it is by

| far more secure than 98. Soon enough XP will be forgotten altogether as

the full

| attack goes Vista, and so on.

|

| --

|

| Brian A. Sesko { MS MVP_Shell/User }

| Conflicts start where information lacks.

| http://basconotw.mvps.org/

|

| Suggested posting do's/don'ts: http://www.dts-l.org/goodpost.htm

| How to ask a question: http://support.microsoft.com/kb/555375

|

|

 

I disagree. As XP is based upon the same base code as VISTA it will always

be attacked, and vigorously.

The coding differentials are so minuscule, that even if specific to VISTA,

the attack will work upon XP with equal if not more effectiveness, and even

less difficulty as there will be less to work-around. What hacks VISTA

*WILL* hack XP.

9X on the other hand, will receive less and less attention. One need look

no further than this group. There aren't many people who can even write a

simple batch file for 9X/DOS anymore.

Not saying there will be no attacks, as there is still sufficient viri,

hacks, and Spyware available [and targeted at installable 9X files]. But it

brings no recognition, and the OS is not being used now [very much anyway]

within supposedly secured areas and businesses as XP and VISTA are...

 

You can ignore these rather obvious aspects and continue to spout how

supposedly secure the newer operating systems are, but that smacks in the

face of the purpose of the attacks... glamour, fame, recognition, ID theft,

and all the other things now found with those NEW OSs... and the systems

which use them..

 

To say the XP is more secure is like putting your head in a paper bag and

claiming no one can see you...

 

--

MEB

http://peoplescounsel.orgfree.com

________

[Guest MEB]

Re: Securing Windows 98(SE) in the Modern Age

 

 

 

"98 Guy" <98@Guy.com> wrote in message news:472684F5.F1F7B493@Guy.com...

| MEB wrote:

|

| > I disagree. As XP is based upon the same base code as VISTA it

| > will always be attacked, and vigorously.

|

| The hackers are not "attacking" OS's.

|

| They are coding to take advantage of vulnerabilities in specific

| modules when such vulnerabilities are discovered or announced.

 

And let me guess, you think its all the professionals finding the holes....

gees you really are out there in a dream world aren't you..

 

|

| > 9X on the other hand, will receive less and less attention.

|

| Again, it's not the OS's that receive attention - it's the posted

| vulnerabilities that get attention.

 

OH REALLY. So these vulnerabilities are floating around in thin air

right... if your going to post stupid stuff, do it in some of your other

USENET haunts..

 

|

| If a hacker thinks he can leverage a vulnerability then the attempt

| will be made.

|

| Many of the vulnerabilities discovered over the past 5 years are

| buffer-overruns. Truth is that win-98 (or it's relavent IE module)

| will get tripped up when exposed to a given exploit. But usually it

| will only hang or crash the module - it won't execute as the hacker

| intended.

 

SO gees, if the hack worked for XP and didn't in 9X, just why is it that

you, in your infinite wisdom, think it didn't... oh tell me wise one ....

 

--

MEB

http://peoplescounsel.orgfree.com

________

[Guest Dan]

Re: Securing Windows 98(SE) in the Modern Age

 

I will focus on your last question and I think Chris Quirke, MVP would agree

with me that Windows 98 Second Edition is safer than XP Professional. Here

are my web-links to prove my case:

 

http://secunia.com/product/22/

 

Vendor Microsoft

 

 

Product Link N/A

 

 

Affected By 192 Secunia advisories

 

 

Unpatched 16% (30 of 192 Secunia advisories)

 

 

Most Critical Unpatched

The most severe unpatched Secunia advisory affecting Microsoft Windows XP

Professional, with all vendor patches applied, is rated Highly critical

 

http://secunia.com/product/13/

 

Vendor Microsoft

 

 

Product Link N/A

 

 

Affected By 32 Secunia advisories

 

 

Unpatched 9% (3 of 32 Secunia advisories)

 

 

Most Critical Unpatched

The most severe unpatched Secunia advisory affecting Microsoft Windows 98

Second Edition, with all vendor patches applied, is rated Less critical

 

 

That is my case.

[Guest Brian A.]

Re: Securing Windows 98(SE) in the Modern Age

 

"Dan" <Dan@discussions.microsoft.com> wrote in message

news:6ADCFC6A-B689-4DF8-ADC8-3527FB29FE0A@microsoft.com...

>I will focus on your last question and I think Chris Quirke, MVP would agree

> with me that Windows 98 Second Edition is safer than XP Professional. Here

> are my web-links to prove my case:

>

> http://secunia.com/product/22/

>

> Vendor Microsoft

>

>

> Product Link N/A

>

>

> Affected By 192 Secunia advisories

>

>

> Unpatched 16% (30 of 192 Secunia advisories)

>

>

> Most Critical Unpatched

> The most severe unpatched Secunia advisory affecting Microsoft Windows XP

> Professional, with all vendor patches applied, is rated Highly critical

>

> http://secunia.com/product/13/

>

> Vendor Microsoft

>

>

> Product Link N/A

>

>

> Affected By 32 Secunia advisories

>

>

> Unpatched 9% (3 of 32 Secunia advisories)

>

>

> Most Critical Unpatched

> The most severe unpatched Secunia advisory affecting Microsoft Windows 98

> Second Edition, with all vendor patches applied, is rated Less critical

>

>

> That is my case.

 

I responded without question. The only way 98 is safer than XP Pro is because it's

not targeted, that's all and no more. When XP Pro is configured properly it is by

far more secure than 98. Soon enough XP will be forgotten altogether as the full

attack goes Vista, and so on.

 

--

 

Brian A. Sesko { MS MVP_Shell/User }

Conflicts start where information lacks.

http://basconotw.mvps.org/

 

Suggested posting do's/don'ts: http://www.dts-l.org/goodpost.htm

How to ask a question: http://support.microsoft.com/kb/555375

[Guest Dan]

Re: Securing Windows 98(SE) in the Modern Age

 

Thank you, MEB. In addition, Windows 98 Second Edition has less services

than XP Professional thus it presents a smaller attack surface than all the

services that XP has compared to 98 Second Edition. Chris Quirke, MVP is

working on a maintenance operating system for Vista based on Ubantu Linux and

you must remember that 98 S.E. does have DOS for its maintenance operating

system. It would be great to have a trial of a clean install of Windows XP

Professional and a clean install of 98 Second Edition and see which a

hacker(cracker) could break into first. On another note, on page A16 art.com

apparently was hacked and the hacker or hackers broke through multiple layers

of security to break into the website so it just goes to show if you want

true safety and security that you use an old 486 IBM PC or such and store

your passwords there and not have it connected to the internet and just use a

password and even if a burglar breaks into your home they will most likely

ignore such an old PC anyway. I am becoming more convinced that Linux will

be the wave of the future, at least for the techies.

[Guest 98 Guy]

Re: Securing Windows 98(SE) in the Modern Age

 

"Brian A." wrote:

> I responded without question. The only way 98 is safer than

> XP Pro is because it's not targeted, that's all and no more.

 

Bullshit.

 

Win-2K and XP were incredibly vulnerable to at least 5 network-based

worms that enabled those systems to be directly infected and

trojanized without their owners performing any act such as opening

e-mail or surfing the web.

 

Micro$oft is completely responsible for configuring XP (home and pro)

with certain settings and certain services turned on by default which

exposed those systems to the above-mentioned network vulnerabilities.

Micro$haft traded security for reduced end-user support load and in

doing so they exposed millions of idiots to infection who bought

XP-based home computers during 2002 and 2003. Macro$haft didn't even

have the wisdom to alter the default installation settings of XP-home

to more closely match the demands of the computing environments those

systems were likely used in.

 

The term "Internet Survival Time" is very well known (look it up on

Google). It was coined as a measure of how long an un-patched 2K or

XP system would last on the net before being hit by a worm. It became

a joke that you couldn't take a brand new install of 2k or XP and hang

it on the net and download patches without being infected before the

patches were installed.

 

You can take an original Win-98/se system and hang it on the net (with

default settings, no AV and no firewall, no NAT router) and it's not

vulnerable to anything.

 

Half the IE5 and IE6 vulnerabilities that affect 2K and XP don't even

apply to 98.

 

Macrosoft has time and time again posted advisories about

vulnerabilities where they list 98 as being affected in the advisory

summary, but don't list 98 in the details or FAQ section. That's

their way of making dupes like you, and the stupid tech press, believe

that XP wasn't a step backward when compared to 98.

> When XP Pro is configured properly it is by far more secure

> than 98.

 

In your dreams. The best XP can hope for is to be as EQUALLY secure

as 98. And that only came in the summer of 2004 with SP2 - almost 2

years after XP was introduced.

 

If you want to talk about desktop (login) security - that's another

matter completely. Most people here are not concerned about what

amounts to physical system accessibility, and that's not what this

thread is about.

 

IT and sys-admins hated and looked down on 9x for that reason. But

their notion of "security" is not what we're talking about here.

[Guest 98 Guy]

Re: Securing Windows 98(SE) in the Modern Age

 

MEB wrote:

> I disagree. As XP is based upon the same base code as VISTA it

> will always be attacked, and vigorously.

 

The hackers are not "attacking" OS's.

 

They are coding to take advantage of vulnerabilities in specific

modules when such vulnerabilities are discovered or announced.

> 9X on the other hand, will receive less and less attention.

 

Again, it's not the OS's that receive attention - it's the posted

vulnerabilities that get attention.

 

If a hacker thinks he can leverage a vulnerability then the attempt

will be made.

 

Many of the vulnerabilities discovered over the past 5 years are

buffer-overruns. Truth is that win-98 (or it's relavent IE module)

will get tripped up when exposed to a given exploit. But usually it

will only hang or crash the module - it won't execute as the hacker

intended.

[Guest MEB]

Re: Securing Windows 98(SE) in the Modern Age

 

 

 

"98 Guy" <98@Guy.com> wrote in message news:47274760.47DF9D4@Guy.com...

| MEB wrote:

|

| > And let me guess, you think its all the professionals finding the

| > holes....

| > gees you really are out there in a dream world aren't you..

|

| You're the one in a dream world.

 

Okay, I'll take the bait... here we go again ...

 

|

| There are professional outfits that look for vulnerabilities (in all

| sorts of products, software and hardware) and there are other outfits

| that run a sort of exchange system where the manufacturer can decide

| whether they want to pay the discoverer for the details of the

| vulnerability.

 

As if these are the people hacking systems... asking for money would be or

could reasonably be labeled as extortion.

I realize you really have no comprehension of worldly affairs, you

constantly display such before this group and the world, but this is

something far worse...

 

ALL the crap you find on Secuna and the other such sites are KNOWN

vulnerabilities, not the as yet unknown... nor all the ones which hackers

may be using or intend to use ...

 

|

| But in almost every case for the past, say 3 or 4 years, exploits come

| out only after details of a vulnerability are made public. But that

| usually coincides with the availability of patch being announced.

 

You are truely friggin crazy ...

 

|

| Can you point to any recent vulnerability where the exploit was in the

| wild well before the vulnerability was publicly announced or even

| given a name?

 

Try reading the News some time... all of the recent successful hackings

were achieved by some hacker using some UNKNOWN vulnerability. It was only

AFTER THE FACT, that these vulnerabilities were addressed or listed. Or is

it that you can't read...

 

|

| > | Again, it's not the OS's that receive attention - it's the

| > | posted vulnerabilities that get attention.

| >

| > OH REALLY. So these vulnerabilities are floating around in thin

| > air right...

|

| I never said they're "floating around in thin air". They're listed by

| various agencies when they get discovered - or when their stakeholders

| give the go-ahead to announce their existence.

 

That's interesting... so its only these KNOWN vulnerabilities that exist in

your world of dreams.. or these are ONLY listed if the stockholders

authorize the release huh...

 

HAHAHAHAHA,,,, teehheee,,, you need to take that bag off your head... while

you're at it take out that nose ring that you are being lead around with ,

to your own slaughter ...

 

|

| > SO gees, if the hack worked for XP and didn't in 9X, just why

| > is it that you, in your infinite wisdom, think it didn't... oh

| > tell me wise one ....

|

| Because buffer overruns almost always mess with and manipulate stack

| data. For an exploit to run properly, it depends on the stack having

| a certain structure. Given that there are code differences between 9x

| and NT versions of many modules, it's highly likely that the stack

| structures and buffer areas (for a given module) of a system running

| 9x will not be identical to one running 2K or XP.

 

Buffer overruns huh,,, so your claim is, these are the most important

vulnerabilities.... that these are the most exploited??????? Sorry dude,

these just happen to be the most easily found...

 

Not unusual,,, the very thing you have used in this supposed demonstration,

is the very thing you were purporting as NOT being the opposing aspects,,

the differences in the OSs... do you ever think before you type, or does

this drivel you constantly post come naturally... doing to many drugs,

alcohol, or something, or are you suffering from some form of mental

illness? Hey, if you are I will give you more latitude... but if you're

not...

 

BTW: I corrected most of your spelling errors for you... but an apostrophe

is used to show conjunction or possession.. neither of which applies when

referencing multiple OS...

 

--

MEB

http://peoplescounsel.orgfree.com

________

[Guest 98 Guy]

Re: Securing Windows 98(SE) in the Modern Age

 

MEB wrote:

> And let me guess, you think its all the professionals finding the

> holes....

> gees you really are out there in a dream world aren't you..

 

You're the one in a dream world.

 

There are professional outfits that look for vulnerabilities (in all

sorts of products, software and hardware) and there are other outfits

that run a sort of exchange system where the manufacturerer can decide

whether they want to pay the discoverer for the details of the

vulnerability.

 

But in almost every case for the past, say 3 or 4 years, exploits come

out only after details of a vulnerability are made public. But that

usually coincides with the availability of patch being announced.

 

Can you point to any recent vulnerability where the exploit was in the

wild well before the vulnerability was publically announced or even

given a name?

> | Again, it's not the OS's that receive attention - it's the

> | posted vulnerabilities that get attention.

>

> OH REALLY. So these vulnerabilities are floating around in thin

> air right...

 

I never said they're "floating around in thin air". They're listed by

various agencies when they get discovered - or when their stakeholders

give the go-ahead to announce their existance.

> SO gees, if the hack worked for XP and didn't in 9X, just why

> is it that you, in your infinite wisdom, think it didn't... oh

> tell me wise one ....

 

Because buffer overruns almost always mess with and manipulate stack

data. For an exploit to run properly, it depends on the stack having

a certain structure. Given that there are code differences between 9x

and NT versions of many modules, it's highly likely that the stack

structures and buffer areas (for a given module) of a system running

9x will not be identical to one running 2K or XP.

[Guest Dan]

Re: Securing Windows 98(SE) in the Modern Age

 

I will go even farther than you 98 Guy and say that the NT source code has

not been able to be better than 98 Second Edition until Vista which is secure

so far. I just hope that I can be able to license the 9x source code to help

in my research of making a safe and secure tri-source code operating system

for Microsoft.

[Guest Brian A.]

Re: Securing Windows 98(SE) in the Modern Age

 

Hang on to his shirt tails all you want and think about what he wrote, this part in

particular which goes against everything you stated in your original post.

<quote>

You can take an original Win-98/se system and hang it on the net (with

default settings, no AV and no firewall, no NAT router) and it's not

vulnerable to anything.

</quote>

 

I need not say any more.

 

 

--

 

Brian A. Sesko { MS MVP_Shell/User }

Conflicts start where information lacks.

http://basconotw.mvps.org/

 

Suggested posting do's/don'ts: http://www.dts-l.org/goodpost.htm

How to ask a question: http://support.microsoft.com/kb/555375

 

 

"Dan" <Dan@discussions.microsoft.com> wrote in message

news:D9FB8DB1-591B-4968-BF7F-55DDCDBCF0F8@microsoft.com...

>I will go even farther than you 98 Guy and say that the NT source code has

> not been able to be better than 98 Second Edition until Vista which is secure

> so far. I just hope that I can be able to license the 9x source code to help

> in my research of making a safe and secure tri-source code operating system

> for Microsoft.

[Guest Brian A.]

Re: Securing Windows 98(SE) in the Modern Age

 

"MEB" <meb@not here@hotmail.com> wrote in message

news:%238DnevoGIHA.4712@TK2MSFTNGP04.phx.gbl...

>

>

> "Brian A." <gonefish'n@afarawaylake> wrote in message

> news:%23rT65QmGIHA.4808@TK2MSFTNGP05.phx.gbl...

> | "Dan" <Dan@discussions.microsoft.com> wrote in message

> | news:6ADCFC6A-B689-4DF8-ADC8-3527FB29FE0A@microsoft.com...

> | >I will focus on your last question and I think Chris Quirke, MVP would

> agree

> | > with me that Windows 98 Second Edition is safer than XP Professional.

> Here

> | > are my web-links to prove my case:

> | >

> | > http://secunia.com/product/22/

> | >

> | > Vendor Microsoft

> | >

> | >

> | > Product Link N/A

> | >

> | >

> | > Affected By 192 Secunia advisories

> | >

> | >

> | > Unpatched 16% (30 of 192 Secunia advisories)

> | >

> | >

> | > Most Critical Unpatched

> | > The most severe unpatched Secunia advisory affecting Microsoft Windows

> XP

> | > Professional, with all vendor patches applied, is rated Highly critical

> | >

> | > http://secunia.com/product/13/

> | >

> | > Vendor Microsoft

> | >

> | >

> | > Product Link N/A

> | >

> | >

> | > Affected By 32 Secunia advisories

> | >

> | >

> | > Unpatched 9% (3 of 32 Secunia advisories)

> | >

> | >

> | > Most Critical Unpatched

> | > The most severe unpatched Secunia advisory affecting Microsoft Windows

> 98

> | > Second Edition, with all vendor patches applied, is rated Less critical

> | >

> | >

> | > That is my case.

> |

> | I responded without question. The only way 98 is safer than XP Pro is

> because it's

> | not targeted, that's all and no more. When XP Pro is configured properly

> it is by

> | far more secure than 98. Soon enough XP will be forgotten altogether as

> the full

> | attack goes Vista, and so on.

> |

> | --

> |

> | Brian A. Sesko { MS MVP_Shell/User }

> | Conflicts start where information lacks.

> | http://basconotw.mvps.org/

> |

> | Suggested posting do's/don'ts: http://www.dts-l.org/goodpost.htm

> | How to ask a question: http://support.microsoft.com/kb/555375

> |

> |

>

> I disagree. As XP is based upon the same base code as VISTA it will always

> be attacked, and vigorously.

 

As long as it has the name of Microsoft attached to it, it will be targeted.

> The coding differentials are so minuscule, that even if specific to VISTA,

> the attack will work upon XP with equal if not more effectiveness, and even

> less difficulty as there will be less to work-around. What hacks VISTA

> *WILL* hack XP.

 

In many of those aspescts, true, but not in every one. As code changes so do the

targeted systems, that's not saying Vista will pull away from XP, yet it can and will

change in ways.

> 9X on the other hand, will receive less and less attention. One need look

> no further than this group. There aren't many people who can even write a

> simple batch file for 9X/DOS anymore.

> Not saying there will be no attacks, as there is still sufficient viri,

 

Watch yourself and gear up for battle using the word viri, there are those out here

that will chastise you for it, been there already.

> hacks, and Spyware available [and targeted at installable 9X files]. But it

> brings no recognition, and the OS is not being used now [very much anyway]

> within supposedly secured areas and businesses as XP and VISTA are...

 

That doesn't make 98 any more secure, only less vulnerable.

>

> You can ignore these rather obvious aspects and continue to spout how

> supposedly secure the newer operating systems are, but that smacks in the

> face of the purpose of the attacks... glamour, fame, recognition, ID theft,

> and all the other things now found with those NEW OSs... and the systems

> which use them..

 

I don't continue to spout about anything, I'm certainly not on any crusade to push

a product (not stating you implied that). I stated that a "Properly Configured" XP

Pro machine is by far more secure than 98. That's not saying it's less vulnerable to

attack or that it can't be compromised, it states that it can be locked down tighter

when properly configured. The "glamour, fame, recognition, ID theft," etc. is a Cat

and Mouse game that will never end and it most certainly isn't only utilized with

PC's.

>

> To say the XP is more secure is like putting your head in a paper bag and

> claiming no one can see you...

 

That's rediculous, your arms and legs still show, you need a full body bag.

 

 

 

--

 

Brian A. Sesko { MS MVP_Shell/User }

Conflicts start where information lacks.

http://basconotw.mvps.org/

 

Suggested posting do's/don'ts: http://www.dts-l.org/goodpost.htm

How to ask a question: http://support.microsoft.com/kb/555375

[Guest MEB]

Re: Securing Windows 98(SE) in the Modern Age

 

 

 

"Brian A." <gonefish'n@afarawaylake> wrote in message

news:O9IlJf5GIHA.3600@TK2MSFTNGP06.phx.gbl...

| "MEB" <meb@not here@hotmail.com> wrote in message

| news:%238DnevoGIHA.4712@TK2MSFTNGP04.phx.gbl...

| >

| >

| > "Brian A." <gonefish'n@afarawaylake> wrote in message

| > news:%23rT65QmGIHA.4808@TK2MSFTNGP05.phx.gbl...

| > | "Dan" <Dan@discussions.microsoft.com> wrote in message

| > | news:6ADCFC6A-B689-4DF8-ADC8-3527FB29FE0A@microsoft.com...

| > | >I will focus on your last question and I think Chris Quirke, MVP

would

| > agree

| > | > with me that Windows 98 Second Edition is safer than XP

Professional.

| > Here

| > | > are my web-links to prove my case:

| > | >

| > | > http://secunia.com/product/22/

| > | >

| > | > Vendor Microsoft

| > | >

| > | >

| > | > Product Link N/A

| > | >

| > | >

| > | > Affected By 192 Secunia advisories

| > | >

| > | >

| > | > Unpatched 16% (30 of 192 Secunia advisories)

| > | >

| > | >

| > | > Most Critical Unpatched

| > | > The most severe unpatched Secunia advisory affecting Microsoft

Windows

| > XP

| > | > Professional, with all vendor patches applied, is rated Highly

critical

| > | >

| > | > http://secunia.com/product/13/

| > | >

| > | > Vendor Microsoft

| > | >

| > | >

| > | > Product Link N/A

| > | >

| > | >

| > | > Affected By 32 Secunia advisories

| > | >

| > | >

| > | > Unpatched 9% (3 of 32 Secunia advisories)

| > | >

| > | >

| > | > Most Critical Unpatched

| > | > The most severe unpatched Secunia advisory affecting Microsoft

Windows

| > 98

| > | > Second Edition, with all vendor patches applied, is rated Less

critical

| > | >

| > | >

| > | > That is my case.

| > |

| > | I responded without question. The only way 98 is safer than XP Pro

is

| > because it's

| > | not targeted, that's all and no more. When XP Pro is configured

properly

| > it is by

| > | far more secure than 98. Soon enough XP will be forgotten altogether

as

| > the full

| > | attack goes Vista, and so on.

| > |

| > | --

| > |

| > | Brian A. Sesko { MS MVP_Shell/User }

| > |

| >

| > I disagree. As XP is based upon the same base code as VISTA it will

always

| > be attacked, and vigorously.

|

| As long as it has the name of Microsoft attached to it, it will be

targeted.

 

Not necessarily true. Should Microsoft lose its market mastery, then

whatever takes its place would become the target.

 

|

| > The coding differentials are so minuscule, that even if specific to

VISTA,

| > the attack will work upon XP with equal if not more effectiveness, and

even

| > less difficulty as there will be less to work-around. What hacks VISTA

| > *WILL* hack XP.

|

| In many of those aspects, true, but not in every one. As code changes

so do the

| targeted systems, that's not saying Vista will pull away from XP, yet it

can and will

| change in ways.

 

Well, of course I would by necessity agree in part. There will be VISTA

*only* hacks created sometime in the future, but for the present time, as

the coding is shared [XP now in the position that 9X was during the XP><9X

support days, e.g., receiving patches more designed for VISTA than XP] these

shared aspects will continue to supply the necessary entry points.

Regretfully, it appears Microsoft shows even less interest in patching all

the holes in XP than it did with 9X or even NT.

 

|

| > 9X on the other hand, will receive less and less attention. One need

look

| > no further than this group. There aren't many people who can even write

a

| > simple batch file for 9X/DOS anymore.

| > Not saying there will be no attacks, as there is still sufficient viri,

|

| Watch yourself and gear up for battle using the word viri, there are

those out here

| that will chastise you for it, been there already.

 

Yeah, I remember those... strange that semantics such as that tend to bring

lengthy discussions, as if those are world shaking/changing.

 

|

| > hacks, and Spyware available [and targeted at installable 9X files]. But

it

| > brings no recognition, and the OS is not being used now [very much

anyway]

| > within supposedly secured areas and businesses as XP and VISTA are...

|

| That doesn't make 98 any more secure, only less vulnerable.

 

Hmm, that seems to create a contrast. If less vulnerable [be it because of

lack of interest or otherwise], then by mere extension, it becomes more

secure. Less interest attended towards attacking, less chances of being

attacked = by omission > more secure.

 

|

| >

| > You can ignore these rather obvious aspects and continue to spout how

| > supposedly secure the newer operating systems are, but that smacks in

the

| > face of the purpose of the attacks... glamour, fame, recognition, ID

theft,

| > and all the other things now found with those NEW OSs... and the systems

| > which use them..

|

| I don't continue to spout about anything, I'm certainly not on any

crusade to push

| a product (not stating you implied that). I stated that a "Properly

Configured" XP

| Pro machine is by far more secure than 98. That's not saying it's less

vulnerable to

| attack or that it can't be compromised, it states that it can be locked

down tighter

| when properly configured. The "glamour, fame, recognition, ID theft,"

etc. is a Cat

| and Mouse game that will never end and it most certainly isn't only

utilized with

| PC's.

 

Spout was used to instill a conversation... I realize you're not really a

Microsoft clone ...

 

True,,, in part. XP and VISTA can be locked down *tighter*, however, they

[the newer OSs] also contain far more aspects [vulnerabilities if you will]

that can be hacked. From ingrained AutoUpdating, to pre-configured

Firewalls, to the basic networking aspects broadcast to the world, to UPnP,

to .... The fact that these are OSs designed FOR networking brings with them

unprecedented potential vulnerabilities.

Hackers no longer need to LOOK for the code [determine which third party

program was used], it came with their own systems. They no longer need to

OBSERVE the packet signatures, just for the OS indicators [and they know

them well]. Each time Microsoft patches anything, they get those same

updates, and adjust accordingly ...

 

We could even go the route of *root kits*, though there we would need to

again address the old style [for example] 9X/DOS *cult of the mad cow* hacks

now generally considered as virus, whereas, these newer systems, by their

very design, are inherently more vulnerable and thereby, difficulties

expanded in preventing such attacks. PGP, in its day, was 4096 and above

cipher... yet this same style of *trust* and *keys* is employed as the MAJOR

security aspect in XP and VISTA but at a significantly lesser strength, and

following standards of the government, designed by the government, and

suggested by the government. That is something that everyone should at least

question ...

I mean [for example], Verisign? Who determined that was a trusted source?

Its a business, and EBERY business is out for profit,,, and ALWAYS

potentially for sale ...

 

The point is, these OSs are designed around pre-determined trust ...

 

|

| >

| > To say the XP is more secure is like putting your head in a paper bag

and

| > claiming no one can see you...

|

| That's ridiculous, your arms and legs still show, you need a full body

bag.

 

Yes, that is a little ridiculous isn't it... of course you could wear one

of those whole body Halloween condom costumes <G>...

 

|

|

|

| --

|

| Brian A. Sesko { MS MVP_Shell/User }

|

 

--

MEB

http://peoplescounsel.orgfree.com

________

[Guest 98-Guy]

Re: Securing Windows 98(SE) in the Modern Age

 

"Brian A." wrote:

> > You can take an original Win-98/se system and hang it on the net

> > (with default settings, no AV and no firewall, no NAT router)

> > and it's not vulnerable to anything.

>

> I need not say any more.

 

Not unless you want to actually support your vacuous statement.

 

Perhaps by actually naming any such win-98 vulnerability.

 

I'll even help you out.

 

Here is the complete list of 31 vulnerabilities for Win 98:

 

http://secunia.com/product/12/?task=advisories

 

And here is the list of 32 win-98se vulnerabilities:

 

http://secunia.com/product/13/?task=advisories

 

Tell us which one(s) create a vulnerability when a win-98 system has a

live, unprotected internet connection.

 

Or perhaps you will lay low, and not directly respond to this post, as

you didn't respond to my preceeding one.

[Guest 98-Guy]

Re: Securing Windows 98(SE) in the Modern Age

 

"Brian A." wrote:

> I stated that a "Properly Configured" XP Pro machine is by far

> more secure than 98. That's not saying it's less vulnerable to

> attack or that it can't be compromised,

 

Great logic.

 

That's like saying 4 is larger than 2, but 2 isin't necessarily

smaller than 4.

> it states that it can be locked down tighter when properly

> configured.

 

Win-98 has far fewer vulnerabilities than XP, and none of win-98's

vulnerabilities were was crippling or debilitating from a

remote-access, remote-control POV than were XP's. None of Win-98's

vulnerabilities came close to allowing remote takeover and code

execution simply by having a working, unprotected internet connection.

 

And please explain how XP can be "locked down tighter" than win-98.

What aspect can be made "tighter" when compared to win-98?

> As long as it has the name of Microsoft attached to it, it

> will be targeted.

 

So a Meekro$oft apologist takes pride in how MS has used their illegal

monopoly position to become the dominant OS, thereby he can throw up

his hands and say the evil hackers go after MS software for political

or ideological reasons.

[Guest John John]

Re: Securing Windows 98(SE) in the Modern Age

 

98-Guy wrote:

> None of Win-98's

> vulnerabilities came close to allowing remote takeover and code

> execution simply by having a working, unprotected internet connection.

 

 

http://search.yahoo.com/search?p=%22windows+98%22%2B%22remote+code+execution%22&y=Search&fr=yfp-t-501&xargs=0&pstart=1&b=11

http://www.cve.mitre.org/cgi-bin/cvekey.cgi?keyword=windows+98

http://search.yahoo.com/search;_ylt=A0geu7MB3yhHRy8BJ9tXNyoA?p=%22windows+98%22%2B%22tcp+port+139%22%2Bsecurity+flaw&y=Search&fr=yfp-t-501

 

And don't go about telling us that these vulnerabilities only affect

Windows 98 if users "actually" use the internet (as opposed to only

being connected). If you connect to the internet you will use it, else

why bother having a connection? If you use Windows 98 as shipped and

without protection your computer can be compromised by simply visiting a

web site...

 

John

[Guest 98 Guy]

Re: Securing Windows 98(SE) in the Modern Age

 

John John wrote:

> > None of Win-98's vulnerabilities came close to allowing remote

> > takeover and code execution simply by having a working,

> > unprotected internet connection.

 

(various non-specific URL's omitted)

> And don't go about telling us that these vulnerabilities

> only affect Windows 98 if users "actually" use the internet

 

There is a very important distinction between a vunerability that only

requires internet connectivity (and no user involvement) vs running a

vulnerable application on an otherwise secure system.

 

All you've shown is a series of IE vulnerabilities. Your examples

break down if I use a non-MS browser and e-mail client.

 

But that's irrelavent.

 

Many Win-2k and XP systems were victimized by the welchia, sasser, SQL

Slammer and Opanki network worms, for example.

 

Doesn't matter if you practice "safe hex". Doesn't matter if you ran

Mozilla or netscape or firefox or opera and you didn't touch IE with a

10 foot pole. If you ran 2K or XP you were screwed. Those systems

went on to take their place in botnet land. You most likely received

spam from them.

 

Power users who quickly migrated to 2K and early adopters of XP were

screwed over by all manner of worms while win-98 users stood by and

watched those clowns fight off their infections.

[Guest John John]

Re: Securing Windows 98(SE) in the Modern Age

 

98 Guy wrote:

 

> There is a very important distinction between a vunerability that only

> requires internet connectivity (and no user involvement) vs running a

> vulnerable application on an otherwise secure system.

 

I knew you were going to say exactly that, I said so in my post. Your

claim is that If you connect Windows 98 to the internet and do

absolutely nothing, you don't surf, don't send email, or don't connect

to another network and share information that Windows 98 is safe. To

which I say, well duh...! If you connect and do nothing then why the

heck bother connecting? Why do you even need the internet if you won't

use it? That is like starting your car engine but never taking it out

of park and never ever even moving it then claiming that you have never

had a traffic ticket or an accident!

 

> All you've shown is a series of IE vulnerabilities. Your examples

> break down if I use a non-MS browser and e-mail client.

>

> But that's irrelavent.

 

Oh is it? Then tell us which Windows 98 version shipped with a non-MS

browser and e-mail client? On a fresh install of Windows 98, and

without another "safe" computer to rely on how will you download those

non-MS applications? And what about the masses out there who know

nothing about these things, the ones who think that Internet Explorer is

the only browser available, how safe are their Windows 98 installations

fresh "out of the box"?

 

> Many Win-2k and XP systems were victimized by the welchia, sasser, SQL

> Slammer and Opanki network worms, for example.

>

> Doesn't matter if you practice "safe hex". Doesn't matter if you ran

> Mozilla or netscape or firefox or opera and you didn't touch IE with a

> 10 foot pole. If you ran 2K or XP you were screwed. Those systems

> went on to take their place in botnet land. You most likely received

> spam from them.

>

> Power users who quickly migrated to 2K and early adopters of XP were

> screwed over by all manner of worms while win-98 users stood by and

> watched those clowns fight off their infections.

 

Well, shows how much you know about NT systems. It is true that these

systems had (unacceptable) security holes the size of Texas in them, but

then almost all who used them knew that from day one. I have been using

NT systems since 1996 or 1997 and guess what? We knew what firewalls

were long before you did and none of the worms and pests that you

mentioned have ever affected any of my machines, none not a single one

of my machines were ever infected! And if we are to use the example

that you mentioned earlier, "Windows 98 is safe when connected as long

as you don't actually 'use' the internet", well that is no more

different than having an NT box that isn't connected at all to the net,

as I said, what is the sense of connecting to the internet if you don't

use it?

 

Another thing that you conveniently omit or that you simply don't

realize is that because of it's commercial or corporate nature, (as

opposed to W9x's home & consumer nature), NT systems have networking

components that are not available on W9x, so it is easy to say that W9x

doesn't suffer the same vulnerabilities. Install Windows 98 fresh, then

enable File and Printer Sharing and go on the internet, or connect to a

remote network then tell us how safe Windows 98 really is. Use an

unpatched IE, leave TCP port 139 open and tell us once again that

Windows 98 is perfectly safe "out of the box"!

 

The only claim that we see in your posts is that Windows 98 is

completely safe because as shipped Windows NT/2000/XP was more

vulnerable than the aforementioned, of course that is completely

irrelevant, what may or may not ail NT systems does not make an

unpatched Windows 98 a secure operating system.

 

John

[Guest Brian A.]

Re: Securing Windows 98(SE) in the Modern Age

 

"98-Guy" <98@Guyy.com> wrote in message news:4728879F.BB268D4C@Guyy.com...

> "Brian A." wrote:

>

>> I stated that a "Properly Configured" XP Pro machine is by far

>> more secure than 98. That's not saying it's less vulnerable to

>> attack or that it can't be compromised,

>

> Great logic.

>

> That's like saying 4 is larger than 2, but 2 isin't necessarily

> smaller than 4.

 

Nowhere near what's implied.

>

>> it states that it can be locked down tighter when properly

>> configured.

>

> Win-98 has far fewer vulnerabilities than XP, and none of win-98's

> vulnerabilities were was crippling or debilitating from a

> remote-access, remote-control POV than were XP's. None of Win-98's

> vulnerabilities came close to allowing remote takeover and code

> execution simply by having a working, unprotected internet connection.

 

You'll have to better define statements such as the above since they leave a broad

opening for interpretation.

>

> And please explain how XP can be "locked down tighter" than win-98.

> What aspect can be made "tighter" when compared to win-98?

>

>> As long as it has the name of Microsoft attached to it, it

>> will be targeted.

>

> So a Meekro$oft apologist takes pride in how MS has used their illegal

> monopoly position to become the dominant OS, thereby he can throw up

> his hands and say the evil hackers go after MS software for political

> or ideological reasons.

 

Apologists? If that's how you read into the statement made on MS being targeted,

no one need wonder why, it's evident.

 

 

--

 

Brian A. Sesko { MS MVP_Shell/User }

Conflicts start where information lacks.

http://basconotw.mvps.org/

 

Suggested posting do's/don'ts: http://www.dts-l.org/goodpost.htm

How to ask a question: http://support.microsoft.com/kb/555375

[Guest Brian A.]

Re: Securing Windows 98(SE) in the Modern Age

 

"MEB" <meb@not here@hotmail.com> wrote in message

news:eVWKT3AHIHA.4592@TK2MSFTNGP02.phx.gbl...

>

>

> "Brian A." <gonefish'n@afarawaylake> wrote in message

> news:O9IlJf5GIHA.3600@TK2MSFTNGP06.phx.gbl...

> | "MEB" <meb@not here@hotmail.com> wrote in message

> | news:%238DnevoGIHA.4712@TK2MSFTNGP04.phx.gbl...

> | >

> | >

> | > "Brian A." <gonefish'n@afarawaylake> wrote in message

> | > news:%23rT65QmGIHA.4808@TK2MSFTNGP05.phx.gbl...

> | > | "Dan" <Dan@discussions.microsoft.com> wrote in message

> | > | news:6ADCFC6A-B689-4DF8-ADC8-3527FB29FE0A@microsoft.com...

> | > | >I will focus on your last question and I think Chris Quirke, MVP

> would

> | > agree

> | > | > with me that Windows 98 Second Edition is safer than XP

> Professional.

> | > Here

> | > | > are my web-links to prove my case:

> | > | >

> | > | > http://secunia.com/product/22/

> | > | >

> | > | > Vendor Microsoft

> | > | >

> | > | >

> | > | > Product Link N/A

> | > | >

> | > | >

> | > | > Affected By 192 Secunia advisories

> | > | >

> | > | >

> | > | > Unpatched 16% (30 of 192 Secunia advisories)

> | > | >

> | > | >

> | > | > Most Critical Unpatched

> | > | > The most severe unpatched Secunia advisory affecting Microsoft

> Windows

> | > XP

> | > | > Professional, with all vendor patches applied, is rated Highly

> critical

> | > | >

> | > | > http://secunia.com/product/13/

> | > | >

> | > | > Vendor Microsoft

> | > | >

> | > | >

> | > | > Product Link N/A

> | > | >

> | > | >

> | > | > Affected By 32 Secunia advisories

> | > | >

> | > | >

> | > | > Unpatched 9% (3 of 32 Secunia advisories)

> | > | >

> | > | >

> | > | > Most Critical Unpatched

> | > | > The most severe unpatched Secunia advisory affecting Microsoft

> Windows

> | > 98

> | > | > Second Edition, with all vendor patches applied, is rated Less

> critical

> | > | >

> | > | >

> | > | > That is my case.

> | > |

> | > | I responded without question. The only way 98 is safer than XP Pro

> is

> | > because it's

> | > | not targeted, that's all and no more. When XP Pro is configured

> properly

> | > it is by

> | > | far more secure than 98. Soon enough XP will be forgotten altogether

> as

> | > the full

> | > | attack goes Vista, and so on.

> | > |

> | > | --

> | > |

> | > | Brian A. Sesko { MS MVP_Shell/User }

> | > |

> | >

> | > I disagree. As XP is based upon the same base code as VISTA it will

> always

> | > be attacked, and vigorously.

> |

> | As long as it has the name of Microsoft attached to it, it will be

> targeted.

>

> Not necessarily true. Should Microsoft lose its market mastery, then

> whatever takes its place would become the target.

 

It would only be not necessarily true if the MS name was retained, A Rose Is A

Rose......

>

> |

> | > The coding differentials are so minuscule, that even if specific to

> VISTA,

> | > the attack will work upon XP with equal if not more effectiveness, and

> even

> | > less difficulty as there will be less to work-around. What hacks VISTA

> | > *WILL* hack XP.

> |

> | In many of those aspects, true, but not in every one. As code changes

> so do the

> | targeted systems, that's not saying Vista will pull away from XP, yet it

> can and will

> | change in ways.

>

> Well, of course I would by necessity agree in part. There will be VISTA

> *only* hacks created sometime in the future, but for the present time, as

> the coding is shared [XP now in the position that 9X was during the XP><9X

> support days, e.g., receiving patches more designed for VISTA than XP] these

> shared aspects will continue to supply the necessary entry points.

> Regretfully, it appears Microsoft shows even less interest in patching all

> the holes in XP than it did with 9X or even NT.

>

> |

> | > 9X on the other hand, will receive less and less attention. One need

> look

> | > no further than this group. There aren't many people who can even write

> a

> | > simple batch file for 9X/DOS anymore.

> | > Not saying there will be no attacks, as there is still sufficient viri,

 

Although a late response, more of an understanding, I'm sure you meant "can't".

The people are out there yet they move on with the code.

> |

> | Watch yourself and gear up for battle using the word viri, there are

> those out here

> | that will chastise you for it, been there already.

>

> Yeah, I remember those... strange that semantics such as that tend to bring

> lengthy discussions, as if those are world shaking/changing.

>

> |

> | > hacks, and Spyware available [and targeted at installable 9X files]. But

> it

> | > brings no recognition, and the OS is not being used now [very much

> anyway]

> | > within supposedly secured areas and businesses as XP and VISTA are...

> |

> | That doesn't make 98 any more secure, only less vulnerable.

>

> Hmm, that seems to create a contrast. If less vulnerable [be it because of

> lack of interest or otherwise], then by mere extension, it becomes more

> secure. Less interest attended towards attacking, less chances of being

> attacked = by omission > more secure.

 

It's not more secure simply because it isn't a major player anymore, although

unlikely the game can turn 180 at any time.

>

> |

> | >

> | > You can ignore these rather obvious aspects and continue to spout how

> | > supposedly secure the newer operating systems are, but that smacks in

> the

> | > face of the purpose of the attacks... glamour, fame, recognition, ID

> theft,

> | > and all the other things now found with those NEW OSs... and the systems

> | > which use them..

> |

> | I don't continue to spout about anything, I'm certainly not on any

> crusade to push

> | a product (not stating you implied that). I stated that a "Properly

> Configured" XP

> | Pro machine is by far more secure than 98. That's not saying it's less

> vulnerable to

> | attack or that it can't be compromised, it states that it can be locked

> down tighter

> | when properly configured. The "glamour, fame, recognition, ID theft,"

> etc. is a Cat

> | and Mouse game that will never end and it most certainly isn't only

> utilized with

> | PC's.

>

> Spout was used to instill a conversation... I realize you're not really a

> Microsoft clone ...

>

> True,,, in part. XP and VISTA can be locked down *tighter*, however, they

> [the newer OSs] also contain far more aspects [vulnerabilities if you will]

> that can be hacked. From ingrained AutoUpdating, to pre-configured

> Firewalls, to the basic networking aspects broadcast to the world, to UPnP,

> to .... The fact that these are OSs designed FOR networking brings with them

> unprecedented potential vulnerabilities.

> Hackers no longer need to LOOK for the code [determine which third party

> program was used], it came with their own systems. They no longer need to

> OBSERVE the packet signatures, just for the OS indicators [and they know

> them well]. Each time Microsoft patches anything, they get those same

> updates, and adjust accordingly ...

>

> We could even go the route of *root kits*, though there we would need to

> again address the old style [for example] 9X/DOS *cult of the mad cow* hacks

> now generally considered as virus, whereas, these newer systems, by their

> very design, are inherently more vulnerable and thereby, difficulties

> expanded in preventing such attacks. PGP, in its day, was 4096 and above

> cipher... yet this same style of *trust* and *keys* is employed as the MAJOR

> security aspect in XP and VISTA but at a significantly lesser strength, and

> following standards of the government, designed by the government, and

> suggested by the government. That is something that everyone should at least

> question ...

> I mean [for example], Verisign? Who determined that was a trusted source?

> Its a business, and EBERY business is out for profit,,, and ALWAYS

> potentially for sale ...

>

> The point is, these OSs are designed around pre-determined trust ...

>

> |

> | >

> | > To say the XP is more secure is like putting your head in a paper bag

> and

> | > claiming no one can see you...

> |

> | That's ridiculous, your arms and legs still show, you need a full body

> bag.

>

> Yes, that is a little ridiculous isn't it... of course you could wear one

> of those whole body Halloween condom costumes <G>...

 

Can't, the neighbor already has it.

 

 

 

--

 

Brian A. Sesko { MS MVP_Shell/User }

Conflicts start where information lacks.

http://basconotw.mvps.org/

 

Suggested posting do's/don'ts: http://www.dts-l.org/goodpost.htm

How to ask a question: http://support.microsoft.com/kb/555375

[Guest 98 Guy]

Re: Securing Windows 98(SE) in the Modern Age

 

"Brian A." wrote:

> > That's like saying 4 is larger than 2, but 2 isin't necessarily

> > smaller than 4.

>

> Nowhere near what's implied.

 

Just saying so doesn't make it so.

 

You're pretty thin on explanations around here.

> > Win-98 has far fewer vulnerabilities than XP

 

Do you challenge that? Do you deny that?

 

Have you seen the Secunia reports for 98 and XP? Or are they fiction?

> You'll have to better define statements such as the above since

> they leave a broad opening for interpretation.

 

Why?

 

You don't put forward any details or explanations. I have. Why do I

need to post more?

> > What aspect can be made "tighter" when compared to win-98?

 

Why did you let that question skate by without answering it?

[Guest MEB]

Re: Securing Windows 98(SE) in the Modern Age

 

 

 

"Brian A." <gonefish'n@afarawaylake> wrote in message

news:eG0HDqFHIHA.3768@TK2MSFTNGP06.phx.gbl...

| "MEB" <meb@not here@hotmail.com> wrote in message

| news:eVWKT3AHIHA.4592@TK2MSFTNGP02.phx.gbl...

| >

| >

| > "Brian A." <gonefish'n@afarawaylake> wrote in message

| > news:O9IlJf5GIHA.3600@TK2MSFTNGP06.phx.gbl...

| > | "MEB" <meb@not here@hotmail.com> wrote in message

| > | news:%238DnevoGIHA.4712@TK2MSFTNGP04.phx.gbl...

| > | >

| > | >

| > | > "Brian A." <gonefish'n@afarawaylake> wrote in message

| > | > news:%23rT65QmGIHA.4808@TK2MSFTNGP05.phx.gbl...

| > | > | "Dan" <Dan@discussions.microsoft.com> wrote in message

| > | > | news:6ADCFC6A-B689-4DF8-ADC8-3527FB29FE0A@microsoft.com...

| > | > | >I will focus on your last question and I think Chris Quirke, MVP

| > would

| > | > agree

| > | > | > with me that Windows 98 Second Edition is safer than XP

| > Professional.

| > | > Here

| > | > | > are my web-links to prove my case:

| > | > | >

| > | > | > http://secunia.com/product/22/

| > | > | >

| > | > | > Vendor Microsoft

| > | > | >

| > | > | >

| > | > | > Product Link N/A

| > | > | >

| > | > | >

| > | > | > Affected By 192 Secunia advisories

| > | > | >

| > | > | >

| > | > | > Unpatched 16% (30 of 192 Secunia advisories)

| > | > | >

| > | > | >

| > | > | > Most Critical Unpatched

| > | > | > The most severe unpatched Secunia advisory affecting Microsoft

| > Windows

| > | > XP

| > | > | > Professional, with all vendor patches applied, is rated Highly

| > critical

| > | > | >

| > | > | > http://secunia.com/product/13/

| > | > | >

| > | > | > Vendor Microsoft

| > | > | >

| > | > | >

| > | > | > Product Link N/A

| > | > | >

| > | > | >

| > | > | > Affected By 32 Secunia advisories

| > | > | >

| > | > | >

| > | > | > Unpatched 9% (3 of 32 Secunia advisories)

| > | > | >

| > | > | >

| > | > | > Most Critical Unpatched

| > | > | > The most severe unpatched Secunia advisory affecting Microsoft

| > Windows

| > | > 98

| > | > | > Second Edition, with all vendor patches applied, is rated Less

| > critical

| > | > | >

| > | > | >

| > | > | > That is my case.

| > | > |

| > | > | I responded without question. The only way 98 is safer than XP

Pro

| > is

| > | > because it's

| > | > | not targeted, that's all and no more. When XP Pro is configured

| > properly

| > | > it is by

| > | > | far more secure than 98. Soon enough XP will be forgotten

altogether

| > as

| > | > the full

| > | > | attack goes Vista, and so on.

| > | > |

| > | > | --

| > | > |

| > | > | Brian A. Sesko { MS MVP_Shell/User }

| > | > |

| > | >

| > | > I disagree. As XP is based upon the same base code as VISTA it will

| > always

| > | > be attacked, and vigorously.

| > |

| > | As long as it has the name of Microsoft attached to it, it will be

| > targeted.

| >

| > Not necessarily true. Should Microsoft lose its market mastery, then

| > whatever takes its place would become the target.

|

| It would only be not necessarily true if the MS name was retained, A

Rose Is A

| Rose......

 

Hmm, that's a difficult one to respond to... let's think along these lines:

suppose with the new Intel processor [the super chip supposedly due in five

or so years] that SUN produces the OS that really makes the chip *spark* and

Microsoft is [some might say "as usual"] incapable of producing a quality

product to support the chip to its full advantage [regardless of Intel's

attempts to help]{we need look no further that the VISTA problems and

Microsoft's inability to adequately address the issues, to date}. Microsoft

loses its market dominance as the business/commercial world converts to

SUN's product. Or let's say that [since Unix is quite capable of being

scaled to the processor] a Linux variant is deemed the most viable OS.

 

Is it your contention that because of some *love affair* by the consumer

and investor for Microsoft, it will remain the market leader?

 

Or is it your contention that Microsoft can never lose its market

dominance?

 

|

| >

| > |

| > | > The coding differentials are so minuscule, that even if specific to

| > VISTA,

| > | > the attack will work upon XP with equal if not more effectiveness,

and

| > even

| > | > less difficulty as there will be less to work-around. What hacks

VISTA

| > | > *WILL* hack XP.

| > |

| > | In many of those aspects, true, but not in every one. As code

changes

| > so do the

| > | targeted systems, that's not saying Vista will pull away from XP, yet

it

| > can and will

| > | change in ways.

| >

| > Well, of course I would by necessity agree in part. There will be VISTA

| > *only* hacks created sometime in the future, but for the present time,

as

| > the coding is shared [XP now in the position that 9X was during the

XP><9X

| > support days, e.g., receiving patches more designed for VISTA than XP]

these

| > shared aspects will continue to supply the necessary entry points.

| > Regretfully, it appears Microsoft shows even less interest in patching

all

| > the holes in XP than it did with 9X or even NT.

| >

| > |

| > | > 9X on the other hand, will receive less and less attention. One need

| > look

| > | > no further than this group. There aren't many people who can even

write

| > a

| > | > simple batch file for 9X/DOS anymore.

| > | > Not saying there will be no attacks, as there is still sufficient

viri,

|

| Although a late response, more of an understanding, I'm sure you meant

"can't".

| The people are out there yet they move on with the code.

 

Okay, I'll qualify; I find myself needing to pull out the old DOS books if

the batch gets too involved, and VB, I wouldn't even attempt it anymore.

Moreover, the tools I now use to pick-apart files include the nifty Internet

Search functions, which I find I now use more often [okay I admit it, I'm

getting old].

So how many would you think aren't in that same position?

How many young programmers [that you would trust to produce good code] do

you personally know?

 

|

| > |

| > | Watch yourself and gear up for battle using the word viri, there are

| > those out here

| > | that will chastise you for it, been there already.

| >

| > Yeah, I remember those... strange that semantics such as that tend to

bring

| > lengthy discussions, as if those are world shaking/changing.

| >

| > |

| > | > hacks, and Spyware available [and targeted at installable 9X files].

But

| > it

| > | > brings no recognition, and the OS is not being used now [very much

| > anyway]

| > | > within supposedly secured areas and businesses as XP and VISTA

are...

| > |

| > | That doesn't make 98 any more secure, only less vulnerable.

| >

| > Hmm, that seems to create a contrast. If less vulnerable [be it because

of

| > lack of interest or otherwise], then by mere extension, it becomes more

| > secure. Less interest attended towards attacking, less chances of being

| > attacked = by omission > more secure.

|

| It's not more secure simply because it isn't a major player anymore,

although

| unlikely the game can turn 180 at any time.

 

Well, I certainly didn't mean to imply that the hacks for 9X/DOS aren't

still out there. I still get files for testing off the net with some of the

old Virus, Spyware, and Trojans ... even the occasional new variant .

Of course, I still see some of the old generic probing in my firewall and

ah,*filter* logs, searching for the unprotected system, so the base hacker

is still out there ... though cursory back probing/tracing seems to turn up

more indications these are likely some kid [or some adult with arrested

mentality perhaps] on an XBox or PlayStation, or poorly protected XP box

[some nitwit wannabe hacker], though I also find the occasional VISTA box.

 

|

| >

| > |

| > | >

| > | > You can ignore these rather obvious aspects and continue to spout

how

| > | > supposedly secure the newer operating systems are, but that smacks

in

| > the

| > | > face of the purpose of the attacks... glamour, fame, recognition, ID

| > theft,

| > | > and all the other things now found with those NEW OSs... and the

systems

| > | > which use them..

| > |

| > | I don't continue to spout about anything, I'm certainly not on any

| > crusade to push

| > | a product (not stating you implied that). I stated that a "Properly

| > Configured" XP

| > | Pro machine is by far more secure than 98. That's not saying it's

less

| > vulnerable to

| > | attack or that it can't be compromised, it states that it can be

locked

| > down tighter

| > | when properly configured. The "glamour, fame, recognition, ID theft,"

| > etc. is a Cat

| > | and Mouse game that will never end and it most certainly isn't only

| > utilized with

| > | PC's.

| >

| > Spout was used to instill a conversation... I realize you're not really

a

| > Microsoft clone ...

| >

| > True,,, in part. XP and VISTA can be locked down *tighter*, however,

they

| > [the newer OSs] also contain far more aspects [vulnerabilities if you

will]

| > that can be hacked. From ingrained AutoUpdating, to pre-configured

| > Firewalls, to the basic networking aspects broadcast to the world, to

UPnP,

| > to .... The fact that these are OSs designed FOR networking brings with

them

| > unprecedented potential vulnerabilities.

| > Hackers no longer need to LOOK for the code [determine which third party

| > program was used], it came with their own systems. They no longer need

to

| > OBSERVE the packet signatures, just for the OS indicators [and they know

| > them well]. Each time Microsoft patches anything, they get those same

| > updates, and adjust accordingly ...

| >

| > We could even go the route of *root kits*, though there we would need to

| > again address the old style [for example] 9X/DOS *cult of the mad cow*

hacks

| > now generally considered as virus, whereas, these newer systems, by

their

| > very design, are inherently more vulnerable and thereby, difficulties

| > expanded in preventing such attacks. PGP, in its day, was 4096 and above

| > cipher... yet this same style of *trust* and *keys* is employed as the

MAJOR

| > security aspect in XP and VISTA but at a significantly lesser strength,

and

| > following standards of the government, designed by the government, and

| > suggested by the government. That is something that everyone should at

least

| > question ...

| > I mean [for example], Verisign? Who determined that was a trusted

source?

| > Its a business, and EBERY business is out for profit,,, and ALWAYS

| > potentially for sale ...

 

haahaa, ebery, now how did that get by, oh well {should have run the spell

checker}.. obviously that should have been every..

 

| >

| > The point is, these OSs are designed around pre-determined trust ...

| >

| > |

| > | >

| > | > To say the XP is more secure is like putting your head in a paper

bag

| > and

| > | > claiming no one can see you...

| > |

| > | That's ridiculous, your arms and legs still show, you need a full

body

| > bag.

| >

| > Yes, that is a little ridiculous isn't it... of course you could wear

one

| > of those whole body Halloween condom costumes <G>...

|

| Can't, the neighbor already has it.

 

Oh well, late for the party, late for lunch ...

 

|

|

|

| --

|

| Brian A. Sesko { MS MVP_Shell/User }

| Conflicts start where information lacks.

|

|

 

--

MEB

http://peoplescounsel.orgfree.com

________