Guest Dan Posted October 25, 2007 Posted October 25, 2007 1. I would suggest using a wired connection with ethernet and a NAT address within your router. You can go to grc.com and check the Shields Up test to see if over 1000 ports are stealthed with green setting. 2. I would suggest making sure your Windows 98 Second Edition and its associated updates are fully up to date and would suggest using the security cd if you have it although you will have to edit the *.inf as PCR has suggested to show to some programs that it is indeed 98 Second Edition. You will need to use the Windows update site after that. I cannot endorse the use of non-approproved Microsoft update packs and they may or may not work but use them at your own risk and make sure your PC is backed up fully before installing one of course. 3. I would suggest using an antivirus program like AVG antivirus that has worked well for me and my dad or Avast that many users here seem to like but I did not care for its interface. 4. I would suggest using anti-spyware programs and the ones I particularly like for 98 Second Edition are SpywareBlaster and Spybot Search and Destroy. Please make sure you get them from their main sites or a fairly safe alternative like majorgeeks.com website. I do not care for Adaware any more because of false positives in the past. Another one is CWShredder if you need it and HiJack This but with HiJackThis make sure experts help you and just don't go willy nilly and delete potentially good and needed stuff on your machine. 5. I would suggest using Mozilla Firefox version 2.0.0.8 or its latest version for better browser security and safety over Internet Explorer. Mozilla Firefox supports 256 bit cipher strength in Windows 98 that Microsoft only supports 256 bit cipher strength in Vista with Internet Explorer currently. Internet Explorer also has Active X vulnerabilites that are targetted frequently. The same goes for you Apple users and Linux users as well. Safari for Apple only has a maximum encryption of 128 bit so it is lacking as well. I have discovered that 128 bit encryption can be hacked in 15 minutes or less with 2 or 3 Craig Supercomputers working on the encryption strength cipher and that is why the industry is way behind on this. Bank of America and Citicards continue to use only 128 bit encryption and Bank of America does not seem to care but at least Citicards said they are working on implementing Mozilla Firefox with 256 bit encryption. The safest way is to post information on an off-line computer of course but industry standards are lacking compared to the latest threats available on-line to break computer encryption. 6. Please practice safe browsing methods and do not open email attachments until you are sure they are safe. Be aware of the many phising scams out there and especially ones that claim to be from Microsoft or someone or other wanting information or money because it is not what it claims to be especially if it sounds to good to be true. Contact the business from their main number from the telephone book or the back of your bank or from your business card. Information can help if you get stuck as well. Please also block html code as a default precaution and only view when you are sure it is safe. You can read in plain text and send in plain text and that is fairly safe. 7. Please be aware that information you post on the Internet is available for everyone to view so just remember how much information you are willing to freely give the public about yourself. 8. Please be careful about social-networking sites like MySpace and/or Facebook and others that could data mine your information. Heck, a website which was one I enjoyed posting at which was tsl-game.com had its forum hacked this summer with 9-11 propaganda posted. Here is the weblink if any are interested in reading about it: http://www.tsl-game.com/forum/index.php?topic=6115.0 9. Please be careful who you trust especially if you are younger than 21 because there are a lot of terrible people out there that ruthlessly prey upon weak and innocent children and hurt women also so the Internet has become a tool to try and force some people in bad situations to be monitored so much that they are like slaves. 10. A final word is to be careful what you download because if it is free games, wallpaper, software, music, etc. then you could be getting more than you bargain for originally and it is not worth it. You could be opening your machine up to spyware, adware, trojans, viruses, identity theft, etc. and lawsuits from the music or other industries against you and please do things legally. The end of my 10 comments that are good general computer tips with Windows 98 Second Edition in the front of my mind thus I had no reason to mention things like Windows Defender that is not supported on 98 Second Edition. If you check out the secunia.com website and do your research you will see how much safer Mozilla Firefox is than all versions of Internet Explorer and how 98 Second Edition is safer currently than XP Home and Professional. Fortunately, Vista is secure but has automatic issues, backwards compatibility issues and other issues because it is too new. Have a nice day.
Guest Don Phillipson Posted October 25, 2007 Posted October 25, 2007 Re: Securing Windows 98(SE) in the Modern Age "Dan" <Dan@discussions.microsoft.com> wrote in message news:5B4DD8C0-7610-474B-A0D0-3AB501CC194D@microsoft.com... [Good advice snipped] > 5. I would suggest using Mozilla Firefox version 2.0.0.8 or its latest > version for better browser security and safety over Internet Explorer. Better check in advance before dumping IE because some other computer companies link exclusively with that (and not Firefox.) E.g. my bank processes work perfectly via Firefox but not Quicken/Intuit which links only with IE. A point omitted by Dan is PC housekeeping and backup routines. We should not use MSBACKUP which is seriously flawed. Hard drive space is now so cheap we seldom need to compress backed up files. Windows protection prevents our copying some important system files but some third-party utilities bypass this, see http://www.xxcopy.com -- Don Phillipson Carlsbad Springs (Ottawa, Canada)
Guest Brian A. Posted October 26, 2007 Posted October 26, 2007 Re: Securing Windows 98(SE) in the Modern Age "Dan" <Dan@discussions.microsoft.com> wrote in message news:5B4DD8C0-7610-474B-A0D0-3AB501CC194D@microsoft.com... > 1. I would suggest using a wired connection with ethernet and a NAT address > within your router. You can go to grc.com and check the Shields Up test to > see if over 1000 ports are stealthed with green setting. Without going back to check, IIRC the GRC port test checks 1500 ports. If the user has no router and does not use a sufficient third party firewall it means nothing. If they do have a router incorporated into their network, it also means squat if they fail to change the default un/pw provided with the router. In todays cat and mouse battle with the way hackers have progressed, one of the first lines of defense is to change the default un/pw of any router utilized in a network. > > 2. I would suggest making sure your Windows 98 Second Edition and its > associated updates are fully up to date and would suggest using the security > cd if you have it although you will have to edit the *.inf as PCR has > suggested to show to some programs that it is indeed 98 Second Edition. You > will need to use the Windows update site after that. I cannot endorse the > use of non-approproved Microsoft update packs and they may or may not work > but use them at your own risk and make sure your PC is backed up fully before > installing one of course. IMHO the security update CD is not the way to go other than the rare exception after a clean install. If a user has a reasonably fast connection on the net, downloading and installing the updates will be much quicker than any read/write from a CD. > > 3. I would suggest using an antivirus program like AVG antivirus that has > worked well for me and my dad or Avast that many users here seem to like but > I did not care for its interface. Again, IMHO AVG is crap, Avast is subliminal. Either way, both apps will sooner than later be integrated into a suite and no longer support 98. > > 4. I would suggest using anti-spyware programs and the ones I particularly > like for 98 Second Edition are SpywareBlaster and Spybot Search and Destroy. > Please make sure you get them from their main sites or a fairly safe > alternative like majorgeeks.com website. I do not care for Adaware any more > because of false positives in the past. Another one is CWShredder if you > need it and HiJack This but with HiJackThis make sure experts help you and > just don't go willy nilly and delete potentially good and needed stuff on > your machine. Without knowing your exact situation I will venture to guess that the Adaware false/positives had to do with cookies and/or MRU's. Adaware has always been a good compliment to SB S&D and visa versa, each one identifying something the other didn't. > > 5. I would suggest using Mozilla Firefox version 2.0.0.8 or its latest > version for better browser security and safety over Internet Explorer. > Mozilla Firefox supports 256 bit cipher strength in Windows 98 that Microsoft > only supports 256 bit cipher strength in Vista with Internet Explorer > currently. Internet Explorer also has Active X vulnerabilites that are > targetted frequently. The same goes for you Apple users and Linux users as > well. Safari for Apple only has a maximum encryption of 128 bit so it is > lacking as well. I have discovered that 128 bit encryption can be hacked in > 15 minutes or less with 2 or 3 Craig Supercomputers working on the encryption > strength cipher and that is why the industry is way behind on this. Bank of > America and Citicards continue to use only 128 bit encryption and Bank of > America does not seem to care but at least Citicards said they are working on > implementing Mozilla Firefox with 256 bit encryption. The safest way is to > post information on an off-line computer of course but industry standards are > lacking compared to the latest threats available on-line to break computer > encryption. Personally IMHO again, your PC and/or network are only as secure as one makes it. It makes no difference on which browser a user deploys when it comes to online sites, the difference in security has to do with the administrator of that site and how well they lock it down. > > 6. Please practice safe browsing methods and do not open email attachments > until you are sure they are safe. Be aware of the many phising scams out > there and especially ones that claim to be from Microsoft or someone or other > wanting information or money because it is not what it claims to be > especially if it sounds to good to be true. Contact the business from their > main number from the telephone book or the back of your bank or from your > business card. Information can help if you get stuck as well. Please also > block html code as a default precaution and only view when you are sure it is > safe. You can read in plain text and send in plain text and that is fairly > safe. Browsing the net and emails are two separate entities. Aside from that it should be stated that "No Email" should ever be opened if the sender is unknown to the reciever. > > 7. Please be aware that information you post on the Internet is available > for everyone to view so just remember how much information you are willing to > freely give the public about yourself. Not 100% true depending on how one reads into the statement and the way I read it's completely false. > > 8. Please be careful about social-networking sites like MySpace and/or > Facebook and others that could data mine your information. Heck, a website > which was one I enjoyed posting at which was tsl-game.com had its forum > hacked this summer with 9-11 propaganda posted. Here is the weblink if any > are interested in reading about it: > > http://www.tsl-game.com/forum/index.php?topic=6115.0 > > 9. Please be careful who you trust especially if you are younger than 21 > because there are a lot of terrible people out there that ruthlessly prey > upon weak and innocent children and hurt women also so the Internet has > become a tool to try and force some people in bad situations to be monitored > so much that they are like slaves. > > 10. A final word is to be careful what you download because if it is free > games, wallpaper, software, music, etc. then you could be getting more than > you bargain for originally and it is not worth it. You could be opening your > machine up to spyware, adware, trojans, viruses, identity theft, etc. and > lawsuits from the music or other industries against you and please do things > legally. > > The end of my 10 comments that are good general computer tips with Windows > 98 Second Edition in the front of my mind thus I had no reason to mention > things like Windows Defender that is not supported on 98 Second Edition. If > you check out the secunia.com website and do your research you will see how > much safer Mozilla Firefox is than all versions of Internet Explorer and how > 98 Second Edition is safer currently than XP Home and Professional. > Fortunately, Vista is secure but has automatic issues, backwards > compatibility issues and other issues because it is too new. Have a nice day. XP Pro is by far more secure than 98/SE, again, it's up to the user/admin to lock the system(s) down. -- Brian A. Sesko { MS MVP_Shell/User } Conflicts start where information lacks. http://basconotw.mvps.org/ Suggested posting do's/don'ts: http://www.dts-l.org/goodpost.htm How to ask a question: http://support.microsoft.com/kb/555375
Guest MEB Posted October 29, 2007 Posted October 29, 2007 Re: Securing Windows 98(SE) in the Modern Age "Brian A." <gonefish'n@afarawaylake> wrote in message news:%23rT65QmGIHA.4808@TK2MSFTNGP05.phx.gbl... | "Dan" <Dan@discussions.microsoft.com> wrote in message | news:6ADCFC6A-B689-4DF8-ADC8-3527FB29FE0A@microsoft.com... | >I will focus on your last question and I think Chris Quirke, MVP would agree | > with me that Windows 98 Second Edition is safer than XP Professional. Here | > are my web-links to prove my case: | > | > http://secunia.com/product/22/ | > | > Vendor Microsoft | > | > | > Product Link N/A | > | > | > Affected By 192 Secunia advisories | > | > | > Unpatched 16% (30 of 192 Secunia advisories) | > | > | > Most Critical Unpatched | > The most severe unpatched Secunia advisory affecting Microsoft Windows XP | > Professional, with all vendor patches applied, is rated Highly critical | > | > http://secunia.com/product/13/ | > | > Vendor Microsoft | > | > | > Product Link N/A | > | > | > Affected By 32 Secunia advisories | > | > | > Unpatched 9% (3 of 32 Secunia advisories) | > | > | > Most Critical Unpatched | > The most severe unpatched Secunia advisory affecting Microsoft Windows 98 | > Second Edition, with all vendor patches applied, is rated Less critical | > | > | > That is my case. | | I responded without question. The only way 98 is safer than XP Pro is because it's | not targeted, that's all and no more. When XP Pro is configured properly it is by | far more secure than 98. Soon enough XP will be forgotten altogether as the full | attack goes Vista, and so on. | | -- | | Brian A. Sesko { MS MVP_Shell/User } | Conflicts start where information lacks. | http://basconotw.mvps.org/ | | Suggested posting do's/don'ts: http://www.dts-l.org/goodpost.htm | How to ask a question: http://support.microsoft.com/kb/555375 | | I disagree. As XP is based upon the same base code as VISTA it will always be attacked, and vigorously. The coding differentials are so minuscule, that even if specific to VISTA, the attack will work upon XP with equal if not more effectiveness, and even less difficulty as there will be less to work-around. What hacks VISTA *WILL* hack XP. 9X on the other hand, will receive less and less attention. One need look no further than this group. There aren't many people who can even write a simple batch file for 9X/DOS anymore. Not saying there will be no attacks, as there is still sufficient viri, hacks, and Spyware available [and targeted at installable 9X files]. But it brings no recognition, and the OS is not being used now [very much anyway] within supposedly secured areas and businesses as XP and VISTA are... You can ignore these rather obvious aspects and continue to spout how supposedly secure the newer operating systems are, but that smacks in the face of the purpose of the attacks... glamour, fame, recognition, ID theft, and all the other things now found with those NEW OSs... and the systems which use them.. To say the XP is more secure is like putting your head in a paper bag and claiming no one can see you... -- MEB http://peoplescounsel.orgfree.com ________
Guest MEB Posted October 29, 2007 Posted October 29, 2007 Re: Securing Windows 98(SE) in the Modern Age "98 Guy" <98@Guy.com> wrote in message news:472684F5.F1F7B493@Guy.com... | MEB wrote: | | > I disagree. As XP is based upon the same base code as VISTA it | > will always be attacked, and vigorously. | | The hackers are not "attacking" OS's. | | They are coding to take advantage of vulnerabilities in specific | modules when such vulnerabilities are discovered or announced. And let me guess, you think its all the professionals finding the holes.... gees you really are out there in a dream world aren't you.. | | > 9X on the other hand, will receive less and less attention. | | Again, it's not the OS's that receive attention - it's the posted | vulnerabilities that get attention. OH REALLY. So these vulnerabilities are floating around in thin air right... if your going to post stupid stuff, do it in some of your other USENET haunts.. | | If a hacker thinks he can leverage a vulnerability then the attempt | will be made. | | Many of the vulnerabilities discovered over the past 5 years are | buffer-overruns. Truth is that win-98 (or it's relavent IE module) | will get tripped up when exposed to a given exploit. But usually it | will only hang or crash the module - it won't execute as the hacker | intended. SO gees, if the hack worked for XP and didn't in 9X, just why is it that you, in your infinite wisdom, think it didn't... oh tell me wise one .... -- MEB http://peoplescounsel.orgfree.com ________
Guest Dan Posted October 29, 2007 Posted October 29, 2007 Re: Securing Windows 98(SE) in the Modern Age I will focus on your last question and I think Chris Quirke, MVP would agree with me that Windows 98 Second Edition is safer than XP Professional. Here are my web-links to prove my case: http://secunia.com/product/22/ Vendor Microsoft Product Link N/A Affected By 192 Secunia advisories Unpatched 16% (30 of 192 Secunia advisories) Most Critical Unpatched The most severe unpatched Secunia advisory affecting Microsoft Windows XP Professional, with all vendor patches applied, is rated Highly critical http://secunia.com/product/13/ Vendor Microsoft Product Link N/A Affected By 32 Secunia advisories Unpatched 9% (3 of 32 Secunia advisories) Most Critical Unpatched The most severe unpatched Secunia advisory affecting Microsoft Windows 98 Second Edition, with all vendor patches applied, is rated Less critical That is my case.
Guest Brian A. Posted October 29, 2007 Posted October 29, 2007 Re: Securing Windows 98(SE) in the Modern Age "Dan" <Dan@discussions.microsoft.com> wrote in message news:6ADCFC6A-B689-4DF8-ADC8-3527FB29FE0A@microsoft.com... >I will focus on your last question and I think Chris Quirke, MVP would agree > with me that Windows 98 Second Edition is safer than XP Professional. Here > are my web-links to prove my case: > > http://secunia.com/product/22/ > > Vendor Microsoft > > > Product Link N/A > > > Affected By 192 Secunia advisories > > > Unpatched 16% (30 of 192 Secunia advisories) > > > Most Critical Unpatched > The most severe unpatched Secunia advisory affecting Microsoft Windows XP > Professional, with all vendor patches applied, is rated Highly critical > > http://secunia.com/product/13/ > > Vendor Microsoft > > > Product Link N/A > > > Affected By 32 Secunia advisories > > > Unpatched 9% (3 of 32 Secunia advisories) > > > Most Critical Unpatched > The most severe unpatched Secunia advisory affecting Microsoft Windows 98 > Second Edition, with all vendor patches applied, is rated Less critical > > > That is my case. I responded without question. The only way 98 is safer than XP Pro is because it's not targeted, that's all and no more. When XP Pro is configured properly it is by far more secure than 98. Soon enough XP will be forgotten altogether as the full attack goes Vista, and so on. -- Brian A. Sesko { MS MVP_Shell/User } Conflicts start where information lacks. http://basconotw.mvps.org/ Suggested posting do's/don'ts: http://www.dts-l.org/goodpost.htm How to ask a question: http://support.microsoft.com/kb/555375
Guest Dan Posted October 30, 2007 Posted October 30, 2007 Re: Securing Windows 98(SE) in the Modern Age Thank you, MEB. In addition, Windows 98 Second Edition has less services than XP Professional thus it presents a smaller attack surface than all the services that XP has compared to 98 Second Edition. Chris Quirke, MVP is working on a maintenance operating system for Vista based on Ubantu Linux and you must remember that 98 S.E. does have DOS for its maintenance operating system. It would be great to have a trial of a clean install of Windows XP Professional and a clean install of 98 Second Edition and see which a hacker(cracker) could break into first. On another note, on page A16 art.com apparently was hacked and the hacker or hackers broke through multiple layers of security to break into the website so it just goes to show if you want true safety and security that you use an old 486 IBM PC or such and store your passwords there and not have it connected to the internet and just use a password and even if a burglar breaks into your home they will most likely ignore such an old PC anyway. I am becoming more convinced that Linux will be the wave of the future, at least for the techies.
Guest 98 Guy Posted October 30, 2007 Posted October 30, 2007 Re: Securing Windows 98(SE) in the Modern Age "Brian A." wrote: > I responded without question. The only way 98 is safer than > XP Pro is because it's not targeted, that's all and no more. Bullshit. Win-2K and XP were incredibly vulnerable to at least 5 network-based worms that enabled those systems to be directly infected and trojanized without their owners performing any act such as opening e-mail or surfing the web. Micro$oft is completely responsible for configuring XP (home and pro) with certain settings and certain services turned on by default which exposed those systems to the above-mentioned network vulnerabilities. Micro$haft traded security for reduced end-user support load and in doing so they exposed millions of idiots to infection who bought XP-based home computers during 2002 and 2003. Macro$haft didn't even have the wisdom to alter the default installation settings of XP-home to more closely match the demands of the computing environments those systems were likely used in. The term "Internet Survival Time" is very well known (look it up on Google). It was coined as a measure of how long an un-patched 2K or XP system would last on the net before being hit by a worm. It became a joke that you couldn't take a brand new install of 2k or XP and hang it on the net and download patches without being infected before the patches were installed. You can take an original Win-98/se system and hang it on the net (with default settings, no AV and no firewall, no NAT router) and it's not vulnerable to anything. Half the IE5 and IE6 vulnerabilities that affect 2K and XP don't even apply to 98. Macrosoft has time and time again posted advisories about vulnerabilities where they list 98 as being affected in the advisory summary, but don't list 98 in the details or FAQ section. That's their way of making dupes like you, and the stupid tech press, believe that XP wasn't a step backward when compared to 98. > When XP Pro is configured properly it is by far more secure > than 98. In your dreams. The best XP can hope for is to be as EQUALLY secure as 98. And that only came in the summer of 2004 with SP2 - almost 2 years after XP was introduced. If you want to talk about desktop (login) security - that's another matter completely. Most people here are not concerned about what amounts to physical system accessibility, and that's not what this thread is about. IT and sys-admins hated and looked down on 9x for that reason. But their notion of "security" is not what we're talking about here.
Guest 98 Guy Posted October 30, 2007 Posted October 30, 2007 Re: Securing Windows 98(SE) in the Modern Age MEB wrote: > I disagree. As XP is based upon the same base code as VISTA it > will always be attacked, and vigorously. The hackers are not "attacking" OS's. They are coding to take advantage of vulnerabilities in specific modules when such vulnerabilities are discovered or announced. > 9X on the other hand, will receive less and less attention. Again, it's not the OS's that receive attention - it's the posted vulnerabilities that get attention. If a hacker thinks he can leverage a vulnerability then the attempt will be made. Many of the vulnerabilities discovered over the past 5 years are buffer-overruns. Truth is that win-98 (or it's relavent IE module) will get tripped up when exposed to a given exploit. But usually it will only hang or crash the module - it won't execute as the hacker intended.
Guest MEB Posted October 30, 2007 Posted October 30, 2007 Re: Securing Windows 98(SE) in the Modern Age "98 Guy" <98@Guy.com> wrote in message news:47274760.47DF9D4@Guy.com... | MEB wrote: | | > And let me guess, you think its all the professionals finding the | > holes.... | > gees you really are out there in a dream world aren't you.. | | You're the one in a dream world. Okay, I'll take the bait... here we go again ... | | There are professional outfits that look for vulnerabilities (in all | sorts of products, software and hardware) and there are other outfits | that run a sort of exchange system where the manufacturer can decide | whether they want to pay the discoverer for the details of the | vulnerability. As if these are the people hacking systems... asking for money would be or could reasonably be labeled as extortion. I realize you really have no comprehension of worldly affairs, you constantly display such before this group and the world, but this is something far worse... ALL the crap you find on Secuna and the other such sites are KNOWN vulnerabilities, not the as yet unknown... nor all the ones which hackers may be using or intend to use ... | | But in almost every case for the past, say 3 or 4 years, exploits come | out only after details of a vulnerability are made public. But that | usually coincides with the availability of patch being announced. You are truely friggin crazy ... | | Can you point to any recent vulnerability where the exploit was in the | wild well before the vulnerability was publicly announced or even | given a name? Try reading the News some time... all of the recent successful hackings were achieved by some hacker using some UNKNOWN vulnerability. It was only AFTER THE FACT, that these vulnerabilities were addressed or listed. Or is it that you can't read... | | > | Again, it's not the OS's that receive attention - it's the | > | posted vulnerabilities that get attention. | > | > OH REALLY. So these vulnerabilities are floating around in thin | > air right... | | I never said they're "floating around in thin air". They're listed by | various agencies when they get discovered - or when their stakeholders | give the go-ahead to announce their existence. That's interesting... so its only these KNOWN vulnerabilities that exist in your world of dreams.. or these are ONLY listed if the stockholders authorize the release huh... HAHAHAHAHA,,,, teehheee,,, you need to take that bag off your head... while you're at it take out that nose ring that you are being lead around with , to your own slaughter ... | | > SO gees, if the hack worked for XP and didn't in 9X, just why | > is it that you, in your infinite wisdom, think it didn't... oh | > tell me wise one .... | | Because buffer overruns almost always mess with and manipulate stack | data. For an exploit to run properly, it depends on the stack having | a certain structure. Given that there are code differences between 9x | and NT versions of many modules, it's highly likely that the stack | structures and buffer areas (for a given module) of a system running | 9x will not be identical to one running 2K or XP. Buffer overruns huh,,, so your claim is, these are the most important vulnerabilities.... that these are the most exploited??????? Sorry dude, these just happen to be the most easily found... Not unusual,,, the very thing you have used in this supposed demonstration, is the very thing you were purporting as NOT being the opposing aspects,, the differences in the OSs... do you ever think before you type, or does this drivel you constantly post come naturally... doing to many drugs, alcohol, or something, or are you suffering from some form of mental illness? Hey, if you are I will give you more latitude... but if you're not... BTW: I corrected most of your spelling errors for you... but an apostrophe is used to show conjunction or possession.. neither of which applies when referencing multiple OS... -- MEB http://peoplescounsel.orgfree.com ________
Guest 98 Guy Posted October 30, 2007 Posted October 30, 2007 Re: Securing Windows 98(SE) in the Modern Age MEB wrote: > And let me guess, you think its all the professionals finding the > holes.... > gees you really are out there in a dream world aren't you.. You're the one in a dream world. There are professional outfits that look for vulnerabilities (in all sorts of products, software and hardware) and there are other outfits that run a sort of exchange system where the manufacturerer can decide whether they want to pay the discoverer for the details of the vulnerability. But in almost every case for the past, say 3 or 4 years, exploits come out only after details of a vulnerability are made public. But that usually coincides with the availability of patch being announced. Can you point to any recent vulnerability where the exploit was in the wild well before the vulnerability was publically announced or even given a name? > | Again, it's not the OS's that receive attention - it's the > | posted vulnerabilities that get attention. > > OH REALLY. So these vulnerabilities are floating around in thin > air right... I never said they're "floating around in thin air". They're listed by various agencies when they get discovered - or when their stakeholders give the go-ahead to announce their existance. > SO gees, if the hack worked for XP and didn't in 9X, just why > is it that you, in your infinite wisdom, think it didn't... oh > tell me wise one .... Because buffer overruns almost always mess with and manipulate stack data. For an exploit to run properly, it depends on the stack having a certain structure. Given that there are code differences between 9x and NT versions of many modules, it's highly likely that the stack structures and buffer areas (for a given module) of a system running 9x will not be identical to one running 2K or XP.
Guest Dan Posted October 30, 2007 Posted October 30, 2007 Re: Securing Windows 98(SE) in the Modern Age I will go even farther than you 98 Guy and say that the NT source code has not been able to be better than 98 Second Edition until Vista which is secure so far. I just hope that I can be able to license the 9x source code to help in my research of making a safe and secure tri-source code operating system for Microsoft.
Guest Brian A. Posted October 31, 2007 Posted October 31, 2007 Re: Securing Windows 98(SE) in the Modern Age Hang on to his shirt tails all you want and think about what he wrote, this part in particular which goes against everything you stated in your original post. <quote> You can take an original Win-98/se system and hang it on the net (with default settings, no AV and no firewall, no NAT router) and it's not vulnerable to anything. </quote> I need not say any more. -- Brian A. Sesko { MS MVP_Shell/User } Conflicts start where information lacks. http://basconotw.mvps.org/ Suggested posting do's/don'ts: http://www.dts-l.org/goodpost.htm How to ask a question: http://support.microsoft.com/kb/555375 "Dan" <Dan@discussions.microsoft.com> wrote in message news:D9FB8DB1-591B-4968-BF7F-55DDCDBCF0F8@microsoft.com... >I will go even farther than you 98 Guy and say that the NT source code has > not been able to be better than 98 Second Edition until Vista which is secure > so far. I just hope that I can be able to license the 9x source code to help > in my research of making a safe and secure tri-source code operating system > for Microsoft.
Guest Brian A. Posted October 31, 2007 Posted October 31, 2007 Re: Securing Windows 98(SE) in the Modern Age "MEB" <meb@not here@hotmail.com> wrote in message news:%238DnevoGIHA.4712@TK2MSFTNGP04.phx.gbl... > > > "Brian A." <gonefish'n@afarawaylake> wrote in message > news:%23rT65QmGIHA.4808@TK2MSFTNGP05.phx.gbl... > | "Dan" <Dan@discussions.microsoft.com> wrote in message > | news:6ADCFC6A-B689-4DF8-ADC8-3527FB29FE0A@microsoft.com... > | >I will focus on your last question and I think Chris Quirke, MVP would > agree > | > with me that Windows 98 Second Edition is safer than XP Professional. > Here > | > are my web-links to prove my case: > | > > | > http://secunia.com/product/22/ > | > > | > Vendor Microsoft > | > > | > > | > Product Link N/A > | > > | > > | > Affected By 192 Secunia advisories > | > > | > > | > Unpatched 16% (30 of 192 Secunia advisories) > | > > | > > | > Most Critical Unpatched > | > The most severe unpatched Secunia advisory affecting Microsoft Windows > XP > | > Professional, with all vendor patches applied, is rated Highly critical > | > > | > http://secunia.com/product/13/ > | > > | > Vendor Microsoft > | > > | > > | > Product Link N/A > | > > | > > | > Affected By 32 Secunia advisories > | > > | > > | > Unpatched 9% (3 of 32 Secunia advisories) > | > > | > > | > Most Critical Unpatched > | > The most severe unpatched Secunia advisory affecting Microsoft Windows > 98 > | > Second Edition, with all vendor patches applied, is rated Less critical > | > > | > > | > That is my case. > | > | I responded without question. The only way 98 is safer than XP Pro is > because it's > | not targeted, that's all and no more. When XP Pro is configured properly > it is by > | far more secure than 98. Soon enough XP will be forgotten altogether as > the full > | attack goes Vista, and so on. > | > | -- > | > | Brian A. Sesko { MS MVP_Shell/User } > | Conflicts start where information lacks. > | http://basconotw.mvps.org/ > | > | Suggested posting do's/don'ts: http://www.dts-l.org/goodpost.htm > | How to ask a question: http://support.microsoft.com/kb/555375 > | > | > > I disagree. As XP is based upon the same base code as VISTA it will always > be attacked, and vigorously. As long as it has the name of Microsoft attached to it, it will be targeted. > The coding differentials are so minuscule, that even if specific to VISTA, > the attack will work upon XP with equal if not more effectiveness, and even > less difficulty as there will be less to work-around. What hacks VISTA > *WILL* hack XP. In many of those aspescts, true, but not in every one. As code changes so do the targeted systems, that's not saying Vista will pull away from XP, yet it can and will change in ways. > 9X on the other hand, will receive less and less attention. One need look > no further than this group. There aren't many people who can even write a > simple batch file for 9X/DOS anymore. > Not saying there will be no attacks, as there is still sufficient viri, Watch yourself and gear up for battle using the word viri, there are those out here that will chastise you for it, been there already. > hacks, and Spyware available [and targeted at installable 9X files]. But it > brings no recognition, and the OS is not being used now [very much anyway] > within supposedly secured areas and businesses as XP and VISTA are... That doesn't make 98 any more secure, only less vulnerable. > > You can ignore these rather obvious aspects and continue to spout how > supposedly secure the newer operating systems are, but that smacks in the > face of the purpose of the attacks... glamour, fame, recognition, ID theft, > and all the other things now found with those NEW OSs... and the systems > which use them.. I don't continue to spout about anything, I'm certainly not on any crusade to push a product (not stating you implied that). I stated that a "Properly Configured" XP Pro machine is by far more secure than 98. That's not saying it's less vulnerable to attack or that it can't be compromised, it states that it can be locked down tighter when properly configured. The "glamour, fame, recognition, ID theft," etc. is a Cat and Mouse game that will never end and it most certainly isn't only utilized with PC's. > > To say the XP is more secure is like putting your head in a paper bag and > claiming no one can see you... That's rediculous, your arms and legs still show, you need a full body bag. -- Brian A. Sesko { MS MVP_Shell/User } Conflicts start where information lacks. http://basconotw.mvps.org/ Suggested posting do's/don'ts: http://www.dts-l.org/goodpost.htm How to ask a question: http://support.microsoft.com/kb/555375
Guest MEB Posted October 31, 2007 Posted October 31, 2007 Re: Securing Windows 98(SE) in the Modern Age "Brian A." <gonefish'n@afarawaylake> wrote in message news:O9IlJf5GIHA.3600@TK2MSFTNGP06.phx.gbl... | "MEB" <meb@not here@hotmail.com> wrote in message | news:%238DnevoGIHA.4712@TK2MSFTNGP04.phx.gbl... | > | > | > "Brian A." <gonefish'n@afarawaylake> wrote in message | > news:%23rT65QmGIHA.4808@TK2MSFTNGP05.phx.gbl... | > | "Dan" <Dan@discussions.microsoft.com> wrote in message | > | news:6ADCFC6A-B689-4DF8-ADC8-3527FB29FE0A@microsoft.com... | > | >I will focus on your last question and I think Chris Quirke, MVP would | > agree | > | > with me that Windows 98 Second Edition is safer than XP Professional. | > Here | > | > are my web-links to prove my case: | > | > | > | > http://secunia.com/product/22/ | > | > | > | > Vendor Microsoft | > | > | > | > | > | > Product Link N/A | > | > | > | > | > | > Affected By 192 Secunia advisories | > | > | > | > | > | > Unpatched 16% (30 of 192 Secunia advisories) | > | > | > | > | > | > Most Critical Unpatched | > | > The most severe unpatched Secunia advisory affecting Microsoft Windows | > XP | > | > Professional, with all vendor patches applied, is rated Highly critical | > | > | > | > http://secunia.com/product/13/ | > | > | > | > Vendor Microsoft | > | > | > | > | > | > Product Link N/A | > | > | > | > | > | > Affected By 32 Secunia advisories | > | > | > | > | > | > Unpatched 9% (3 of 32 Secunia advisories) | > | > | > | > | > | > Most Critical Unpatched | > | > The most severe unpatched Secunia advisory affecting Microsoft Windows | > 98 | > | > Second Edition, with all vendor patches applied, is rated Less critical | > | > | > | > | > | > That is my case. | > | | > | I responded without question. The only way 98 is safer than XP Pro is | > because it's | > | not targeted, that's all and no more. When XP Pro is configured properly | > it is by | > | far more secure than 98. Soon enough XP will be forgotten altogether as | > the full | > | attack goes Vista, and so on. | > | | > | -- | > | | > | Brian A. Sesko { MS MVP_Shell/User } | > | | > | > I disagree. As XP is based upon the same base code as VISTA it will always | > be attacked, and vigorously. | | As long as it has the name of Microsoft attached to it, it will be targeted. Not necessarily true. Should Microsoft lose its market mastery, then whatever takes its place would become the target. | | > The coding differentials are so minuscule, that even if specific to VISTA, | > the attack will work upon XP with equal if not more effectiveness, and even | > less difficulty as there will be less to work-around. What hacks VISTA | > *WILL* hack XP. | | In many of those aspects, true, but not in every one. As code changes so do the | targeted systems, that's not saying Vista will pull away from XP, yet it can and will | change in ways. Well, of course I would by necessity agree in part. There will be VISTA *only* hacks created sometime in the future, but for the present time, as the coding is shared [XP now in the position that 9X was during the XP><9X support days, e.g., receiving patches more designed for VISTA than XP] these shared aspects will continue to supply the necessary entry points. Regretfully, it appears Microsoft shows even less interest in patching all the holes in XP than it did with 9X or even NT. | | > 9X on the other hand, will receive less and less attention. One need look | > no further than this group. There aren't many people who can even write a | > simple batch file for 9X/DOS anymore. | > Not saying there will be no attacks, as there is still sufficient viri, | | Watch yourself and gear up for battle using the word viri, there are those out here | that will chastise you for it, been there already. Yeah, I remember those... strange that semantics such as that tend to bring lengthy discussions, as if those are world shaking/changing. | | > hacks, and Spyware available [and targeted at installable 9X files]. But it | > brings no recognition, and the OS is not being used now [very much anyway] | > within supposedly secured areas and businesses as XP and VISTA are... | | That doesn't make 98 any more secure, only less vulnerable. Hmm, that seems to create a contrast. If less vulnerable [be it because of lack of interest or otherwise], then by mere extension, it becomes more secure. Less interest attended towards attacking, less chances of being attacked = by omission > more secure. | | > | > You can ignore these rather obvious aspects and continue to spout how | > supposedly secure the newer operating systems are, but that smacks in the | > face of the purpose of the attacks... glamour, fame, recognition, ID theft, | > and all the other things now found with those NEW OSs... and the systems | > which use them.. | | I don't continue to spout about anything, I'm certainly not on any crusade to push | a product (not stating you implied that). I stated that a "Properly Configured" XP | Pro machine is by far more secure than 98. That's not saying it's less vulnerable to | attack or that it can't be compromised, it states that it can be locked down tighter | when properly configured. The "glamour, fame, recognition, ID theft," etc. is a Cat | and Mouse game that will never end and it most certainly isn't only utilized with | PC's. Spout was used to instill a conversation... I realize you're not really a Microsoft clone ... True,,, in part. XP and VISTA can be locked down *tighter*, however, they [the newer OSs] also contain far more aspects [vulnerabilities if you will] that can be hacked. From ingrained AutoUpdating, to pre-configured Firewalls, to the basic networking aspects broadcast to the world, to UPnP, to .... The fact that these are OSs designed FOR networking brings with them unprecedented potential vulnerabilities. Hackers no longer need to LOOK for the code [determine which third party program was used], it came with their own systems. They no longer need to OBSERVE the packet signatures, just for the OS indicators [and they know them well]. Each time Microsoft patches anything, they get those same updates, and adjust accordingly ... We could even go the route of *root kits*, though there we would need to again address the old style [for example] 9X/DOS *cult of the mad cow* hacks now generally considered as virus, whereas, these newer systems, by their very design, are inherently more vulnerable and thereby, difficulties expanded in preventing such attacks. PGP, in its day, was 4096 and above cipher... yet this same style of *trust* and *keys* is employed as the MAJOR security aspect in XP and VISTA but at a significantly lesser strength, and following standards of the government, designed by the government, and suggested by the government. That is something that everyone should at least question ... I mean [for example], Verisign? Who determined that was a trusted source? Its a business, and EBERY business is out for profit,,, and ALWAYS potentially for sale ... The point is, these OSs are designed around pre-determined trust ... | | > | > To say the XP is more secure is like putting your head in a paper bag and | > claiming no one can see you... | | That's ridiculous, your arms and legs still show, you need a full body bag. Yes, that is a little ridiculous isn't it... of course you could wear one of those whole body Halloween condom costumes <G>... | | | | -- | | Brian A. Sesko { MS MVP_Shell/User } | -- MEB http://peoplescounsel.orgfree.com ________
Guest 98-Guy Posted October 31, 2007 Posted October 31, 2007 Re: Securing Windows 98(SE) in the Modern Age "Brian A." wrote: > > You can take an original Win-98/se system and hang it on the net > > (with default settings, no AV and no firewall, no NAT router) > > and it's not vulnerable to anything. > > I need not say any more. Not unless you want to actually support your vacuous statement. Perhaps by actually naming any such win-98 vulnerability. I'll even help you out. Here is the complete list of 31 vulnerabilities for Win 98: http://secunia.com/product/12/?task=advisories And here is the list of 32 win-98se vulnerabilities: http://secunia.com/product/13/?task=advisories Tell us which one(s) create a vulnerability when a win-98 system has a live, unprotected internet connection. Or perhaps you will lay low, and not directly respond to this post, as you didn't respond to my preceeding one.
Guest 98-Guy Posted October 31, 2007 Posted October 31, 2007 Re: Securing Windows 98(SE) in the Modern Age "Brian A." wrote: > I stated that a "Properly Configured" XP Pro machine is by far > more secure than 98. That's not saying it's less vulnerable to > attack or that it can't be compromised, Great logic. That's like saying 4 is larger than 2, but 2 isin't necessarily smaller than 4. > it states that it can be locked down tighter when properly > configured. Win-98 has far fewer vulnerabilities than XP, and none of win-98's vulnerabilities were was crippling or debilitating from a remote-access, remote-control POV than were XP's. None of Win-98's vulnerabilities came close to allowing remote takeover and code execution simply by having a working, unprotected internet connection. And please explain how XP can be "locked down tighter" than win-98. What aspect can be made "tighter" when compared to win-98? > As long as it has the name of Microsoft attached to it, it > will be targeted. So a Meekro$oft apologist takes pride in how MS has used their illegal monopoly position to become the dominant OS, thereby he can throw up his hands and say the evil hackers go after MS software for political or ideological reasons.
Guest John John Posted October 31, 2007 Posted October 31, 2007 Re: Securing Windows 98(SE) in the Modern Age 98-Guy wrote: > None of Win-98's > vulnerabilities came close to allowing remote takeover and code > execution simply by having a working, unprotected internet connection. http://search.yahoo.com/search?p=%22windows+98%22%2B%22remote+code+execution%22&y=Search&fr=yfp-t-501&xargs=0&pstart=1&b=11 http://www.cve.mitre.org/cgi-bin/cvekey.cgi?keyword=windows+98 http://search.yahoo.com/search;_ylt=A0geu7MB3yhHRy8BJ9tXNyoA?p=%22windows+98%22%2B%22tcp+port+139%22%2Bsecurity+flaw&y=Search&fr=yfp-t-501 And don't go about telling us that these vulnerabilities only affect Windows 98 if users "actually" use the internet (as opposed to only being connected). If you connect to the internet you will use it, else why bother having a connection? If you use Windows 98 as shipped and without protection your computer can be compromised by simply visiting a web site... John
Guest 98 Guy Posted November 1, 2007 Posted November 1, 2007 Re: Securing Windows 98(SE) in the Modern Age John John wrote: > > None of Win-98's vulnerabilities came close to allowing remote > > takeover and code execution simply by having a working, > > unprotected internet connection. (various non-specific URL's omitted) > And don't go about telling us that these vulnerabilities > only affect Windows 98 if users "actually" use the internet There is a very important distinction between a vunerability that only requires internet connectivity (and no user involvement) vs running a vulnerable application on an otherwise secure system. All you've shown is a series of IE vulnerabilities. Your examples break down if I use a non-MS browser and e-mail client. But that's irrelavent. Many Win-2k and XP systems were victimized by the welchia, sasser, SQL Slammer and Opanki network worms, for example. Doesn't matter if you practice "safe hex". Doesn't matter if you ran Mozilla or netscape or firefox or opera and you didn't touch IE with a 10 foot pole. If you ran 2K or XP you were screwed. Those systems went on to take their place in botnet land. You most likely received spam from them. Power users who quickly migrated to 2K and early adopters of XP were screwed over by all manner of worms while win-98 users stood by and watched those clowns fight off their infections.
Guest John John Posted November 1, 2007 Posted November 1, 2007 Re: Securing Windows 98(SE) in the Modern Age 98 Guy wrote: > There is a very important distinction between a vunerability that only > requires internet connectivity (and no user involvement) vs running a > vulnerable application on an otherwise secure system. I knew you were going to say exactly that, I said so in my post. Your claim is that If you connect Windows 98 to the internet and do absolutely nothing, you don't surf, don't send email, or don't connect to another network and share information that Windows 98 is safe. To which I say, well duh...! If you connect and do nothing then why the heck bother connecting? Why do you even need the internet if you won't use it? That is like starting your car engine but never taking it out of park and never ever even moving it then claiming that you have never had a traffic ticket or an accident! > All you've shown is a series of IE vulnerabilities. Your examples > break down if I use a non-MS browser and e-mail client. > > But that's irrelavent. Oh is it? Then tell us which Windows 98 version shipped with a non-MS browser and e-mail client? On a fresh install of Windows 98, and without another "safe" computer to rely on how will you download those non-MS applications? And what about the masses out there who know nothing about these things, the ones who think that Internet Explorer is the only browser available, how safe are their Windows 98 installations fresh "out of the box"? > Many Win-2k and XP systems were victimized by the welchia, sasser, SQL > Slammer and Opanki network worms, for example. > > Doesn't matter if you practice "safe hex". Doesn't matter if you ran > Mozilla or netscape or firefox or opera and you didn't touch IE with a > 10 foot pole. If you ran 2K or XP you were screwed. Those systems > went on to take their place in botnet land. You most likely received > spam from them. > > Power users who quickly migrated to 2K and early adopters of XP were > screwed over by all manner of worms while win-98 users stood by and > watched those clowns fight off their infections. Well, shows how much you know about NT systems. It is true that these systems had (unacceptable) security holes the size of Texas in them, but then almost all who used them knew that from day one. I have been using NT systems since 1996 or 1997 and guess what? We knew what firewalls were long before you did and none of the worms and pests that you mentioned have ever affected any of my machines, none not a single one of my machines were ever infected! And if we are to use the example that you mentioned earlier, "Windows 98 is safe when connected as long as you don't actually 'use' the internet", well that is no more different than having an NT box that isn't connected at all to the net, as I said, what is the sense of connecting to the internet if you don't use it? Another thing that you conveniently omit or that you simply don't realize is that because of it's commercial or corporate nature, (as opposed to W9x's home & consumer nature), NT systems have networking components that are not available on W9x, so it is easy to say that W9x doesn't suffer the same vulnerabilities. Install Windows 98 fresh, then enable File and Printer Sharing and go on the internet, or connect to a remote network then tell us how safe Windows 98 really is. Use an unpatched IE, leave TCP port 139 open and tell us once again that Windows 98 is perfectly safe "out of the box"! The only claim that we see in your posts is that Windows 98 is completely safe because as shipped Windows NT/2000/XP was more vulnerable than the aforementioned, of course that is completely irrelevant, what may or may not ail NT systems does not make an unpatched Windows 98 a secure operating system. John
Guest Brian A. Posted November 1, 2007 Posted November 1, 2007 Re: Securing Windows 98(SE) in the Modern Age "98-Guy" <98@Guyy.com> wrote in message news:4728879F.BB268D4C@Guyy.com... > "Brian A." wrote: > >> I stated that a "Properly Configured" XP Pro machine is by far >> more secure than 98. That's not saying it's less vulnerable to >> attack or that it can't be compromised, > > Great logic. > > That's like saying 4 is larger than 2, but 2 isin't necessarily > smaller than 4. Nowhere near what's implied. > >> it states that it can be locked down tighter when properly >> configured. > > Win-98 has far fewer vulnerabilities than XP, and none of win-98's > vulnerabilities were was crippling or debilitating from a > remote-access, remote-control POV than were XP's. None of Win-98's > vulnerabilities came close to allowing remote takeover and code > execution simply by having a working, unprotected internet connection. You'll have to better define statements such as the above since they leave a broad opening for interpretation. > > And please explain how XP can be "locked down tighter" than win-98. > What aspect can be made "tighter" when compared to win-98? > >> As long as it has the name of Microsoft attached to it, it >> will be targeted. > > So a Meekro$oft apologist takes pride in how MS has used their illegal > monopoly position to become the dominant OS, thereby he can throw up > his hands and say the evil hackers go after MS software for political > or ideological reasons. Apologists? If that's how you read into the statement made on MS being targeted, no one need wonder why, it's evident. -- Brian A. Sesko { MS MVP_Shell/User } Conflicts start where information lacks. http://basconotw.mvps.org/ Suggested posting do's/don'ts: http://www.dts-l.org/goodpost.htm How to ask a question: http://support.microsoft.com/kb/555375
Guest Brian A. Posted November 1, 2007 Posted November 1, 2007 Re: Securing Windows 98(SE) in the Modern Age "MEB" <meb@not here@hotmail.com> wrote in message news:eVWKT3AHIHA.4592@TK2MSFTNGP02.phx.gbl... > > > "Brian A." <gonefish'n@afarawaylake> wrote in message > news:O9IlJf5GIHA.3600@TK2MSFTNGP06.phx.gbl... > | "MEB" <meb@not here@hotmail.com> wrote in message > | news:%238DnevoGIHA.4712@TK2MSFTNGP04.phx.gbl... > | > > | > > | > "Brian A." <gonefish'n@afarawaylake> wrote in message > | > news:%23rT65QmGIHA.4808@TK2MSFTNGP05.phx.gbl... > | > | "Dan" <Dan@discussions.microsoft.com> wrote in message > | > | news:6ADCFC6A-B689-4DF8-ADC8-3527FB29FE0A@microsoft.com... > | > | >I will focus on your last question and I think Chris Quirke, MVP > would > | > agree > | > | > with me that Windows 98 Second Edition is safer than XP > Professional. > | > Here > | > | > are my web-links to prove my case: > | > | > > | > | > http://secunia.com/product/22/ > | > | > > | > | > Vendor Microsoft > | > | > > | > | > > | > | > Product Link N/A > | > | > > | > | > > | > | > Affected By 192 Secunia advisories > | > | > > | > | > > | > | > Unpatched 16% (30 of 192 Secunia advisories) > | > | > > | > | > > | > | > Most Critical Unpatched > | > | > The most severe unpatched Secunia advisory affecting Microsoft > Windows > | > XP > | > | > Professional, with all vendor patches applied, is rated Highly > critical > | > | > > | > | > http://secunia.com/product/13/ > | > | > > | > | > Vendor Microsoft > | > | > > | > | > > | > | > Product Link N/A > | > | > > | > | > > | > | > Affected By 32 Secunia advisories > | > | > > | > | > > | > | > Unpatched 9% (3 of 32 Secunia advisories) > | > | > > | > | > > | > | > Most Critical Unpatched > | > | > The most severe unpatched Secunia advisory affecting Microsoft > Windows > | > 98 > | > | > Second Edition, with all vendor patches applied, is rated Less > critical > | > | > > | > | > > | > | > That is my case. > | > | > | > | I responded without question. The only way 98 is safer than XP Pro > is > | > because it's > | > | not targeted, that's all and no more. When XP Pro is configured > properly > | > it is by > | > | far more secure than 98. Soon enough XP will be forgotten altogether > as > | > the full > | > | attack goes Vista, and so on. > | > | > | > | -- > | > | > | > | Brian A. Sesko { MS MVP_Shell/User } > | > | > | > > | > I disagree. As XP is based upon the same base code as VISTA it will > always > | > be attacked, and vigorously. > | > | As long as it has the name of Microsoft attached to it, it will be > targeted. > > Not necessarily true. Should Microsoft lose its market mastery, then > whatever takes its place would become the target. It would only be not necessarily true if the MS name was retained, A Rose Is A Rose...... > > | > | > The coding differentials are so minuscule, that even if specific to > VISTA, > | > the attack will work upon XP with equal if not more effectiveness, and > even > | > less difficulty as there will be less to work-around. What hacks VISTA > | > *WILL* hack XP. > | > | In many of those aspects, true, but not in every one. As code changes > so do the > | targeted systems, that's not saying Vista will pull away from XP, yet it > can and will > | change in ways. > > Well, of course I would by necessity agree in part. There will be VISTA > *only* hacks created sometime in the future, but for the present time, as > the coding is shared [XP now in the position that 9X was during the XP><9X > support days, e.g., receiving patches more designed for VISTA than XP] these > shared aspects will continue to supply the necessary entry points. > Regretfully, it appears Microsoft shows even less interest in patching all > the holes in XP than it did with 9X or even NT. > > | > | > 9X on the other hand, will receive less and less attention. One need > look > | > no further than this group. There aren't many people who can even write > a > | > simple batch file for 9X/DOS anymore. > | > Not saying there will be no attacks, as there is still sufficient viri, Although a late response, more of an understanding, I'm sure you meant "can't". The people are out there yet they move on with the code. > | > | Watch yourself and gear up for battle using the word viri, there are > those out here > | that will chastise you for it, been there already. > > Yeah, I remember those... strange that semantics such as that tend to bring > lengthy discussions, as if those are world shaking/changing. > > | > | > hacks, and Spyware available [and targeted at installable 9X files]. But > it > | > brings no recognition, and the OS is not being used now [very much > anyway] > | > within supposedly secured areas and businesses as XP and VISTA are... > | > | That doesn't make 98 any more secure, only less vulnerable. > > Hmm, that seems to create a contrast. If less vulnerable [be it because of > lack of interest or otherwise], then by mere extension, it becomes more > secure. Less interest attended towards attacking, less chances of being > attacked = by omission > more secure. It's not more secure simply because it isn't a major player anymore, although unlikely the game can turn 180 at any time. > > | > | > > | > You can ignore these rather obvious aspects and continue to spout how > | > supposedly secure the newer operating systems are, but that smacks in > the > | > face of the purpose of the attacks... glamour, fame, recognition, ID > theft, > | > and all the other things now found with those NEW OSs... and the systems > | > which use them.. > | > | I don't continue to spout about anything, I'm certainly not on any > crusade to push > | a product (not stating you implied that). I stated that a "Properly > Configured" XP > | Pro machine is by far more secure than 98. That's not saying it's less > vulnerable to > | attack or that it can't be compromised, it states that it can be locked > down tighter > | when properly configured. The "glamour, fame, recognition, ID theft," > etc. is a Cat > | and Mouse game that will never end and it most certainly isn't only > utilized with > | PC's. > > Spout was used to instill a conversation... I realize you're not really a > Microsoft clone ... > > True,,, in part. XP and VISTA can be locked down *tighter*, however, they > [the newer OSs] also contain far more aspects [vulnerabilities if you will] > that can be hacked. From ingrained AutoUpdating, to pre-configured > Firewalls, to the basic networking aspects broadcast to the world, to UPnP, > to .... The fact that these are OSs designed FOR networking brings with them > unprecedented potential vulnerabilities. > Hackers no longer need to LOOK for the code [determine which third party > program was used], it came with their own systems. They no longer need to > OBSERVE the packet signatures, just for the OS indicators [and they know > them well]. Each time Microsoft patches anything, they get those same > updates, and adjust accordingly ... > > We could even go the route of *root kits*, though there we would need to > again address the old style [for example] 9X/DOS *cult of the mad cow* hacks > now generally considered as virus, whereas, these newer systems, by their > very design, are inherently more vulnerable and thereby, difficulties > expanded in preventing such attacks. PGP, in its day, was 4096 and above > cipher... yet this same style of *trust* and *keys* is employed as the MAJOR > security aspect in XP and VISTA but at a significantly lesser strength, and > following standards of the government, designed by the government, and > suggested by the government. That is something that everyone should at least > question ... > I mean [for example], Verisign? Who determined that was a trusted source? > Its a business, and EBERY business is out for profit,,, and ALWAYS > potentially for sale ... > > The point is, these OSs are designed around pre-determined trust ... > > | > | > > | > To say the XP is more secure is like putting your head in a paper bag > and > | > claiming no one can see you... > | > | That's ridiculous, your arms and legs still show, you need a full body > bag. > > Yes, that is a little ridiculous isn't it... of course you could wear one > of those whole body Halloween condom costumes <G>... Can't, the neighbor already has it. -- Brian A. Sesko { MS MVP_Shell/User } Conflicts start where information lacks. http://basconotw.mvps.org/ Suggested posting do's/don'ts: http://www.dts-l.org/goodpost.htm How to ask a question: http://support.microsoft.com/kb/555375
Guest 98 Guy Posted November 1, 2007 Posted November 1, 2007 Re: Securing Windows 98(SE) in the Modern Age "Brian A." wrote: > > That's like saying 4 is larger than 2, but 2 isin't necessarily > > smaller than 4. > > Nowhere near what's implied. Just saying so doesn't make it so. You're pretty thin on explanations around here. > > Win-98 has far fewer vulnerabilities than XP Do you challenge that? Do you deny that? Have you seen the Secunia reports for 98 and XP? Or are they fiction? > You'll have to better define statements such as the above since > they leave a broad opening for interpretation. Why? You don't put forward any details or explanations. I have. Why do I need to post more? > > What aspect can be made "tighter" when compared to win-98? Why did you let that question skate by without answering it?
Guest MEB Posted November 1, 2007 Posted November 1, 2007 Re: Securing Windows 98(SE) in the Modern Age "Brian A." <gonefish'n@afarawaylake> wrote in message news:eG0HDqFHIHA.3768@TK2MSFTNGP06.phx.gbl... | "MEB" <meb@not here@hotmail.com> wrote in message | news:eVWKT3AHIHA.4592@TK2MSFTNGP02.phx.gbl... | > | > | > "Brian A." <gonefish'n@afarawaylake> wrote in message | > news:O9IlJf5GIHA.3600@TK2MSFTNGP06.phx.gbl... | > | "MEB" <meb@not here@hotmail.com> wrote in message | > | news:%238DnevoGIHA.4712@TK2MSFTNGP04.phx.gbl... | > | > | > | > | > | > "Brian A." <gonefish'n@afarawaylake> wrote in message | > | > news:%23rT65QmGIHA.4808@TK2MSFTNGP05.phx.gbl... | > | > | "Dan" <Dan@discussions.microsoft.com> wrote in message | > | > | news:6ADCFC6A-B689-4DF8-ADC8-3527FB29FE0A@microsoft.com... | > | > | >I will focus on your last question and I think Chris Quirke, MVP | > would | > | > agree | > | > | > with me that Windows 98 Second Edition is safer than XP | > Professional. | > | > Here | > | > | > are my web-links to prove my case: | > | > | > | > | > | > http://secunia.com/product/22/ | > | > | > | > | > | > Vendor Microsoft | > | > | > | > | > | > | > | > | > Product Link N/A | > | > | > | > | > | > | > | > | > Affected By 192 Secunia advisories | > | > | > | > | > | > | > | > | > Unpatched 16% (30 of 192 Secunia advisories) | > | > | > | > | > | > | > | > | > Most Critical Unpatched | > | > | > The most severe unpatched Secunia advisory affecting Microsoft | > Windows | > | > XP | > | > | > Professional, with all vendor patches applied, is rated Highly | > critical | > | > | > | > | > | > http://secunia.com/product/13/ | > | > | > | > | > | > Vendor Microsoft | > | > | > | > | > | > | > | > | > Product Link N/A | > | > | > | > | > | > | > | > | > Affected By 32 Secunia advisories | > | > | > | > | > | > | > | > | > Unpatched 9% (3 of 32 Secunia advisories) | > | > | > | > | > | > | > | > | > Most Critical Unpatched | > | > | > The most severe unpatched Secunia advisory affecting Microsoft | > Windows | > | > 98 | > | > | > Second Edition, with all vendor patches applied, is rated Less | > critical | > | > | > | > | > | > | > | > | > That is my case. | > | > | | > | > | I responded without question. The only way 98 is safer than XP Pro | > is | > | > because it's | > | > | not targeted, that's all and no more. When XP Pro is configured | > properly | > | > it is by | > | > | far more secure than 98. Soon enough XP will be forgotten altogether | > as | > | > the full | > | > | attack goes Vista, and so on. | > | > | | > | > | -- | > | > | | > | > | Brian A. Sesko { MS MVP_Shell/User } | > | > | | > | > | > | > I disagree. As XP is based upon the same base code as VISTA it will | > always | > | > be attacked, and vigorously. | > | | > | As long as it has the name of Microsoft attached to it, it will be | > targeted. | > | > Not necessarily true. Should Microsoft lose its market mastery, then | > whatever takes its place would become the target. | | It would only be not necessarily true if the MS name was retained, A Rose Is A | Rose...... Hmm, that's a difficult one to respond to... let's think along these lines: suppose with the new Intel processor [the super chip supposedly due in five or so years] that SUN produces the OS that really makes the chip *spark* and Microsoft is [some might say "as usual"] incapable of producing a quality product to support the chip to its full advantage [regardless of Intel's attempts to help]{we need look no further that the VISTA problems and Microsoft's inability to adequately address the issues, to date}. Microsoft loses its market dominance as the business/commercial world converts to SUN's product. Or let's say that [since Unix is quite capable of being scaled to the processor] a Linux variant is deemed the most viable OS. Is it your contention that because of some *love affair* by the consumer and investor for Microsoft, it will remain the market leader? Or is it your contention that Microsoft can never lose its market dominance? | | > | > | | > | > The coding differentials are so minuscule, that even if specific to | > VISTA, | > | > the attack will work upon XP with equal if not more effectiveness, and | > even | > | > less difficulty as there will be less to work-around. What hacks VISTA | > | > *WILL* hack XP. | > | | > | In many of those aspects, true, but not in every one. As code changes | > so do the | > | targeted systems, that's not saying Vista will pull away from XP, yet it | > can and will | > | change in ways. | > | > Well, of course I would by necessity agree in part. There will be VISTA | > *only* hacks created sometime in the future, but for the present time, as | > the coding is shared [XP now in the position that 9X was during the XP><9X | > support days, e.g., receiving patches more designed for VISTA than XP] these | > shared aspects will continue to supply the necessary entry points. | > Regretfully, it appears Microsoft shows even less interest in patching all | > the holes in XP than it did with 9X or even NT. | > | > | | > | > 9X on the other hand, will receive less and less attention. One need | > look | > | > no further than this group. There aren't many people who can even write | > a | > | > simple batch file for 9X/DOS anymore. | > | > Not saying there will be no attacks, as there is still sufficient viri, | | Although a late response, more of an understanding, I'm sure you meant "can't". | The people are out there yet they move on with the code. Okay, I'll qualify; I find myself needing to pull out the old DOS books if the batch gets too involved, and VB, I wouldn't even attempt it anymore. Moreover, the tools I now use to pick-apart files include the nifty Internet Search functions, which I find I now use more often [okay I admit it, I'm getting old]. So how many would you think aren't in that same position? How many young programmers [that you would trust to produce good code] do you personally know? | | > | | > | Watch yourself and gear up for battle using the word viri, there are | > those out here | > | that will chastise you for it, been there already. | > | > Yeah, I remember those... strange that semantics such as that tend to bring | > lengthy discussions, as if those are world shaking/changing. | > | > | | > | > hacks, and Spyware available [and targeted at installable 9X files]. But | > it | > | > brings no recognition, and the OS is not being used now [very much | > anyway] | > | > within supposedly secured areas and businesses as XP and VISTA are... | > | | > | That doesn't make 98 any more secure, only less vulnerable. | > | > Hmm, that seems to create a contrast. If less vulnerable [be it because of | > lack of interest or otherwise], then by mere extension, it becomes more | > secure. Less interest attended towards attacking, less chances of being | > attacked = by omission > more secure. | | It's not more secure simply because it isn't a major player anymore, although | unlikely the game can turn 180 at any time. Well, I certainly didn't mean to imply that the hacks for 9X/DOS aren't still out there. I still get files for testing off the net with some of the old Virus, Spyware, and Trojans ... even the occasional new variant . Of course, I still see some of the old generic probing in my firewall and ah,*filter* logs, searching for the unprotected system, so the base hacker is still out there ... though cursory back probing/tracing seems to turn up more indications these are likely some kid [or some adult with arrested mentality perhaps] on an XBox or PlayStation, or poorly protected XP box [some nitwit wannabe hacker], though I also find the occasional VISTA box. | | > | > | | > | > | > | > You can ignore these rather obvious aspects and continue to spout how | > | > supposedly secure the newer operating systems are, but that smacks in | > the | > | > face of the purpose of the attacks... glamour, fame, recognition, ID | > theft, | > | > and all the other things now found with those NEW OSs... and the systems | > | > which use them.. | > | | > | I don't continue to spout about anything, I'm certainly not on any | > crusade to push | > | a product (not stating you implied that). I stated that a "Properly | > Configured" XP | > | Pro machine is by far more secure than 98. That's not saying it's less | > vulnerable to | > | attack or that it can't be compromised, it states that it can be locked | > down tighter | > | when properly configured. The "glamour, fame, recognition, ID theft," | > etc. is a Cat | > | and Mouse game that will never end and it most certainly isn't only | > utilized with | > | PC's. | > | > Spout was used to instill a conversation... I realize you're not really a | > Microsoft clone ... | > | > True,,, in part. XP and VISTA can be locked down *tighter*, however, they | > [the newer OSs] also contain far more aspects [vulnerabilities if you will] | > that can be hacked. From ingrained AutoUpdating, to pre-configured | > Firewalls, to the basic networking aspects broadcast to the world, to UPnP, | > to .... The fact that these are OSs designed FOR networking brings with them | > unprecedented potential vulnerabilities. | > Hackers no longer need to LOOK for the code [determine which third party | > program was used], it came with their own systems. They no longer need to | > OBSERVE the packet signatures, just for the OS indicators [and they know | > them well]. Each time Microsoft patches anything, they get those same | > updates, and adjust accordingly ... | > | > We could even go the route of *root kits*, though there we would need to | > again address the old style [for example] 9X/DOS *cult of the mad cow* hacks | > now generally considered as virus, whereas, these newer systems, by their | > very design, are inherently more vulnerable and thereby, difficulties | > expanded in preventing such attacks. PGP, in its day, was 4096 and above | > cipher... yet this same style of *trust* and *keys* is employed as the MAJOR | > security aspect in XP and VISTA but at a significantly lesser strength, and | > following standards of the government, designed by the government, and | > suggested by the government. That is something that everyone should at least | > question ... | > I mean [for example], Verisign? Who determined that was a trusted source? | > Its a business, and EBERY business is out for profit,,, and ALWAYS | > potentially for sale ... haahaa, ebery, now how did that get by, oh well {should have run the spell checker}.. obviously that should have been every.. | > | > The point is, these OSs are designed around pre-determined trust ... | > | > | | > | > | > | > To say the XP is more secure is like putting your head in a paper bag | > and | > | > claiming no one can see you... | > | | > | That's ridiculous, your arms and legs still show, you need a full body | > bag. | > | > Yes, that is a little ridiculous isn't it... of course you could wear one | > of those whole body Halloween condom costumes <G>... | | Can't, the neighbor already has it. Oh well, late for the party, late for lunch ... | | | | -- | | Brian A. Sesko { MS MVP_Shell/User } | Conflicts start where information lacks. | | -- MEB http://peoplescounsel.orgfree.com ________
Recommended Posts