Thread: Internet Explorer 6.0 Sp1 Component Update 3.0 for Windows 98
View Single Post
  #20  
Old December 16th 09, 01:57 AM posted to microsoft.public.win98.gen_discussion,microsoft.public.windows.inetexplorer.ie6.browser,alt.windows98
98 Guy
External Usenet User
  
Posts: 2,951
Default Internet Explorer 6.0 Sp1 Component Update 3.0 for Windows 98

However, there is no "patch Tuesday" or "zero day" hotfixes for
Win9x and these will contain vulnerabilities IN THE OSs designed,
for which updates will be received, Win9X won't.

Another convoluted statement from MEB.

If the win-2K patch files for IE6 work for win-98, then use them.

If those files introduce new vulnerabilities for a win-98 system, then
there two possibilities:

a) The new vulnerability is unique to win-98 and is caused by some
peculiar interaction between win-98 and the win-2K patch file that does
not exist on a win-2k system.

b) The new vulnerability will effect win-2K and *might* also affect
win-98 equally. Microsoft will issue yet another patch for this
vulnerability when discovered, assuming win-2k is still being supported.

Now look carefully at those two possible outcomes.

Outcome (a) will probably NEVER be discovered because of the simple fact
that no security analysts or hackers will be examining or testing or
looking for vulnerabilites on a platform consisting of win-98 and IE6
patches derived from win-2K updates.

Outcome (b) is much more likely than (a), and it can be presumed that a
fix will be made available soon after it's discovery. And until it is
discovered - it does not exist.

So even if you want to speculate that the use of these files might cause
some unique vulnerability to a win-98 system, the odds of that
vulnerability being discovered and leveraged is ridiculously small.

NO ONE tests these for 9X vulnerabilities

Bingo. Meb just said it himself.

If no one is testing this combination of win-98 and Win-2K patch files,
then any vulnerability they may uniquely cause to a win-98 system will
go undetected and therefore will never be leveraged by hackers.

Security by obscurity.

and they DO introduce new vulnerabilities into the
OSs intended

If MEB is trying to say that these patches introduce new vulnerabilities
into win-2k (the intended OS), then that's complete and outrageously
wild speculation. Presumably Microsoft would not create updates or
patches for the "intended OS's" that contain known vulnerabilities.

If MEB is trying to say that these patches introduce new vulnerabilities
into Win-98, then again that is complete speculation without any shred
of testing evidence that he claims he is an expert at performing.

It would be useful for MEB to cut the bull**** lawyer-speak and behave
like a normal person and utter clear and understandable statements.