If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Display Modes |
#11
|
|||
|
|||
Securing Windows 98(SE) in the Modern Age
"98 Guy" wrote in message ... | MEB wrote: | | And let me guess, you think its all the professionals finding the | holes.... | gees you really are out there in a dream world aren't you.. | | You're the one in a dream world. Okay, I'll take the bait... here we go again ... | | There are professional outfits that look for vulnerabilities (in all | sorts of products, software and hardware) and there are other outfits | that run a sort of exchange system where the manufacturer can decide | whether they want to pay the discoverer for the details of the | vulnerability. As if these are the people hacking systems... asking for money would be or could reasonably be labeled as extortion. I realize you really have no comprehension of worldly affairs, you constantly display such before this group and the world, but this is something far worse... ALL the crap you find on Secuna and the other such sites are KNOWN vulnerabilities, not the as yet unknown... nor all the ones which hackers may be using or intend to use ... | | But in almost every case for the past, say 3 or 4 years, exploits come | out only after details of a vulnerability are made public. But that | usually coincides with the availability of patch being announced. You are truely friggin crazy ... | | Can you point to any recent vulnerability where the exploit was in the | wild well before the vulnerability was publicly announced or even | given a name? Try reading the News some time... all of the recent successful hackings were achieved by some hacker using some UNKNOWN vulnerability. It was only AFTER THE FACT, that these vulnerabilities were addressed or listed. Or is it that you can't read... | | | Again, it's not the OS's that receive attention - it's the | | posted vulnerabilities that get attention. | | OH REALLY. So these vulnerabilities are floating around in thin | air right... | | I never said they're "floating around in thin air". They're listed by | various agencies when they get discovered - or when their stakeholders | give the go-ahead to announce their existence. That's interesting... so its only these KNOWN vulnerabilities that exist in your world of dreams.. or these are ONLY listed if the stockholders authorize the release huh... HAHAHAHAHA,,,, teehheee,,, you need to take that bag off your head... while you're at it take out that nose ring that you are being lead around with , to your own slaughter ... | | SO gees, if the hack worked for XP and didn't in 9X, just why | is it that you, in your infinite wisdom, think it didn't... oh | tell me wise one .... | | Because buffer overruns almost always mess with and manipulate stack | data. For an exploit to run properly, it depends on the stack having | a certain structure. Given that there are code differences between 9x | and NT versions of many modules, it's highly likely that the stack | structures and buffer areas (for a given module) of a system running | 9x will not be identical to one running 2K or XP. Buffer overruns huh,,, so your claim is, these are the most important vulnerabilities.... that these are the most exploited??????? Sorry dude, these just happen to be the most easily found... Not unusual,,, the very thing you have used in this supposed demonstration, is the very thing you were purporting as NOT being the opposing aspects,, the differences in the OSs... do you ever think before you type, or does this drivel you constantly post come naturally... doing to many drugs, alcohol, or something, or are you suffering from some form of mental illness? Hey, if you are I will give you more latitude... but if you're not... BTW: I corrected most of your spelling errors for you... but an apostrophe is used to show conjunction or possession.. neither of which applies when referencing multiple OS... -- MEB http://peoplescounsel.orgfree.com ________ |
#12
|
|||
|
|||
Securing Windows 98(SE) in the Modern Age
MEB wrote:
And let me guess, you think its all the professionals finding the holes.... gees you really are out there in a dream world aren't you.. You're the one in a dream world. There are professional outfits that look for vulnerabilities (in all sorts of products, software and hardware) and there are other outfits that run a sort of exchange system where the manufacturerer can decide whether they want to pay the discoverer for the details of the vulnerability. But in almost every case for the past, say 3 or 4 years, exploits come out only after details of a vulnerability are made public. But that usually coincides with the availability of patch being announced. Can you point to any recent vulnerability where the exploit was in the wild well before the vulnerability was publically announced or even given a name? | Again, it's not the OS's that receive attention - it's the | posted vulnerabilities that get attention. OH REALLY. So these vulnerabilities are floating around in thin air right... I never said they're "floating around in thin air". They're listed by various agencies when they get discovered - or when their stakeholders give the go-ahead to announce their existance. SO gees, if the hack worked for XP and didn't in 9X, just why is it that you, in your infinite wisdom, think it didn't... oh tell me wise one .... Because buffer overruns almost always mess with and manipulate stack data. For an exploit to run properly, it depends on the stack having a certain structure. Given that there are code differences between 9x and NT versions of many modules, it's highly likely that the stack structures and buffer areas (for a given module) of a system running 9x will not be identical to one running 2K or XP. |
#13
|
|||
|
|||
Securing Windows 98(SE) in the Modern Age
I will go even farther than you 98 Guy and say that the NT source code has
not been able to be better than 98 Second Edition until Vista which is secure so far. I just hope that I can be able to license the 9x source code to help in my research of making a safe and secure tri-source code operating system for Microsoft. |
#14
|
|||
|
|||
Securing Windows 98(SE) in the Modern Age
Hang on to his shirt tails all you want and think about what he wrote, this part in
particular which goes against everything you stated in your original post. quote You can take an original Win-98/se system and hang it on the net (with default settings, no AV and no firewall, no NAT router) and it's not vulnerable to anything. /quote I need not say any more. -- Brian A. Sesko { MS MVP_Shell/User } Conflicts start where information lacks. http://basconotw.mvps.org/ Suggested posting do's/don'ts: http://www.dts-l.org/goodpost.htm How to ask a question: http://support.microsoft.com/kb/555375 "Dan" wrote in message news I will go even farther than you 98 Guy and say that the NT source code has not been able to be better than 98 Second Edition until Vista which is secure so far. I just hope that I can be able to license the 9x source code to help in my research of making a safe and secure tri-source code operating system for Microsoft. |
#16
|
|||
|
|||
Securing Windows 98(SE) in the Modern Age
"Brian A." gonefish'n@afarawaylake wrote in message ... | "MEB" meb@not wrote in message | ... | | | "Brian A." gonefish'n@afarawaylake wrote in message | ... | | "Dan" wrote in message | | ... | | I will focus on your last question and I think Chris Quirke, MVP would | agree | | with me that Windows 98 Second Edition is safer than XP Professional. | Here | | are my web-links to prove my case: | | | | http://secunia.com/product/22/ | | | | Vendor Microsoft | | | | | | Product Link N/A | | | | | | Affected By 192 Secunia advisories | | | | | | Unpatched 16% (30 of 192 Secunia advisories) | | | | | | Most Critical Unpatched | | The most severe unpatched Secunia advisory affecting Microsoft Windows | XP | | Professional, with all vendor patches applied, is rated Highly critical | | | | http://secunia.com/product/13/ | | | | Vendor Microsoft | | | | | | Product Link N/A | | | | | | Affected By 32 Secunia advisories | | | | | | Unpatched 9% (3 of 32 Secunia advisories) | | | | | | Most Critical Unpatched | | The most severe unpatched Secunia advisory affecting Microsoft Windows | 98 | | Second Edition, with all vendor patches applied, is rated Less critical | | | | | | That is my case. | | | | I responded without question. The only way 98 is safer than XP Pro is | because it's | | not targeted, that's all and no more. When XP Pro is configured properly | it is by | | far more secure than 98. Soon enough XP will be forgotten altogether as | the full | | attack goes Vista, and so on. | | | | -- | | | | Brian A. Sesko { MS MVP_Shell/User } | | | | I disagree. As XP is based upon the same base code as VISTA it will always | be attacked, and vigorously. | | As long as it has the name of Microsoft attached to it, it will be targeted. Not necessarily true. Should Microsoft lose its market mastery, then whatever takes its place would become the target. | | The coding differentials are so minuscule, that even if specific to VISTA, | the attack will work upon XP with equal if not more effectiveness, and even | less difficulty as there will be less to work-around. What hacks VISTA | *WILL* hack XP. | | In many of those aspects, true, but not in every one. As code changes so do the | targeted systems, that's not saying Vista will pull away from XP, yet it can and will | change in ways. Well, of course I would by necessity agree in part. There will be VISTA *only* hacks created sometime in the future, but for the present time, as the coding is shared [XP now in the position that 9X was during the XP9X support days, e.g., receiving patches more designed for VISTA than XP] these shared aspects will continue to supply the necessary entry points. Regretfully, it appears Microsoft shows even less interest in patching all the holes in XP than it did with 9X or even NT. | | 9X on the other hand, will receive less and less attention. One need look | no further than this group. There aren't many people who can even write a | simple batch file for 9X/DOS anymore. | Not saying there will be no attacks, as there is still sufficient viri, | | Watch yourself and gear up for battle using the word viri, there are those out here | that will chastise you for it, been there already. Yeah, I remember those... strange that semantics such as that tend to bring lengthy discussions, as if those are world shaking/changing. | | hacks, and Spyware available [and targeted at installable 9X files]. But it | brings no recognition, and the OS is not being used now [very much anyway] | within supposedly secured areas and businesses as XP and VISTA are... | | That doesn't make 98 any more secure, only less vulnerable. Hmm, that seems to create a contrast. If less vulnerable [be it because of lack of interest or otherwise], then by mere extension, it becomes more secure. Less interest attended towards attacking, less chances of being attacked = by omission more secure. | | | You can ignore these rather obvious aspects and continue to spout how | supposedly secure the newer operating systems are, but that smacks in the | face of the purpose of the attacks... glamour, fame, recognition, ID theft, | and all the other things now found with those NEW OSs... and the systems | which use them.. | | I don't continue to spout about anything, I'm certainly not on any crusade to push | a product (not stating you implied that). I stated that a "Properly Configured" XP | Pro machine is by far more secure than 98. That's not saying it's less vulnerable to | attack or that it can't be compromised, it states that it can be locked down tighter | when properly configured. The "glamour, fame, recognition, ID theft," etc. is a Cat | and Mouse game that will never end and it most certainly isn't only utilized with | PC's. Spout was used to instill a conversation... I realize you're not really a Microsoft clone ... True,,, in part. XP and VISTA can be locked down *tighter*, however, they [the newer OSs] also contain far more aspects [vulnerabilities if you will] that can be hacked. From ingrained AutoUpdating, to pre-configured Firewalls, to the basic networking aspects broadcast to the world, to UPnP, to .... The fact that these are OSs designed FOR networking brings with them unprecedented potential vulnerabilities. Hackers no longer need to LOOK for the code [determine which third party program was used], it came with their own systems. They no longer need to OBSERVE the packet signatures, just for the OS indicators [and they know them well]. Each time Microsoft patches anything, they get those same updates, and adjust accordingly ... We could even go the route of *root kits*, though there we would need to again address the old style [for example] 9X/DOS *cult of the mad cow* hacks now generally considered as virus, whereas, these newer systems, by their very design, are inherently more vulnerable and thereby, difficulties expanded in preventing such attacks. PGP, in its day, was 4096 and above cipher... yet this same style of *trust* and *keys* is employed as the MAJOR security aspect in XP and VISTA but at a significantly lesser strength, and following standards of the government, designed by the government, and suggested by the government. That is something that everyone should at least question ... I mean [for example], Verisign? Who determined that was a trusted source? Its a business, and EBERY business is out for profit,,, and ALWAYS potentially for sale ... The point is, these OSs are designed around pre-determined trust ... | | | To say the XP is more secure is like putting your head in a paper bag and | claiming no one can see you... | | That's ridiculous, your arms and legs still show, you need a full body bag. Yes, that is a little ridiculous isn't it... of course you could wear one of those whole body Halloween condom costumes G... | | | | -- | | Brian A. Sesko { MS MVP_Shell/User } | -- MEB http://peoplescounsel.orgfree.com ________ |
#17
|
|||
|
|||
Securing Windows 98(SE) in the Modern Age
"Brian A." wrote:
You can take an original Win-98/se system and hang it on the net (with default settings, no AV and no firewall, no NAT router) and it's not vulnerable to anything. I need not say any more. Not unless you want to actually support your vacuous statement. Perhaps by actually naming any such win-98 vulnerability. I'll even help you out. Here is the complete list of 31 vulnerabilities for Win 98: http://secunia.com/product/12/?task=advisories And here is the list of 32 win-98se vulnerabilities: http://secunia.com/product/13/?task=advisories Tell us which one(s) create a vulnerability when a win-98 system has a live, unprotected internet connection. Or perhaps you will lay low, and not directly respond to this post, as you didn't respond to my preceeding one. |
#18
|
|||
|
|||
Securing Windows 98(SE) in the Modern Age
"Brian A." wrote:
I stated that a "Properly Configured" XP Pro machine is by far more secure than 98. That's not saying it's less vulnerable to attack or that it can't be compromised, Great logic. That's like saying 4 is larger than 2, but 2 isin't necessarily smaller than 4. it states that it can be locked down tighter when properly configured. Win-98 has far fewer vulnerabilities than XP, and none of win-98's vulnerabilities were was crippling or debilitating from a remote-access, remote-control POV than were XP's. None of Win-98's vulnerabilities came close to allowing remote takeover and code execution simply by having a working, unprotected internet connection. And please explain how XP can be "locked down tighter" than win-98. What aspect can be made "tighter" when compared to win-98? As long as it has the name of Microsoft attached to it, it will be targeted. So a Meekro$oft apologist takes pride in how MS has used their illegal monopoly position to become the dominant OS, thereby he can throw up his hands and say the evil hackers go after MS software for political or ideological reasons. |
#19
|
|||
|
|||
Securing Windows 98(SE) in the Modern Age
98-Guy wrote:
None of Win-98's vulnerabilities came close to allowing remote takeover and code execution simply by having a working, unprotected internet connection. http://search.yahoo.com/search?p=%22...&pstart=1&b=11 http://www.cve.mitre.org/cgi-bin/cve...ord=windows+98 http://search.yahoo.com/search;_ylt=...h&fr=yfp-t-501 And don't go about telling us that these vulnerabilities only affect Windows 98 if users "actually" use the internet (as opposed to only being connected). If you connect to the internet you will use it, else why bother having a connection? If you use Windows 98 as shipped and without protection your computer can be compromised by simply visiting a web site... John |
#20
|
|||
|
|||
Securing Windows 98(SE) in the Modern Age
John John wrote:
None of Win-98's vulnerabilities came close to allowing remote takeover and code execution simply by having a working, unprotected internet connection. (various non-specific URL's omitted) And don't go about telling us that these vulnerabilities only affect Windows 98 if users "actually" use the internet There is a very important distinction between a vunerability that only requires internet connectivity (and no user involvement) vs running a vulnerable application on an otherwise secure system. All you've shown is a series of IE vulnerabilities. Your examples break down if I use a non-MS browser and e-mail client. But that's irrelavent. Many Win-2k and XP systems were victimized by the welchia, sasser, SQL Slammer and Opanki network worms, for example. Doesn't matter if you practice "safe hex". Doesn't matter if you ran Mozilla or netscape or firefox or opera and you didn't touch IE with a 10 foot pole. If you ran 2K or XP you were screwed. Those systems went on to take their place in botnet land. You most likely received spam from them. Power users who quickly migrated to 2K and early adopters of XP were screwed over by all manner of worms while win-98 users stood by and watched those clowns fight off their infections. |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Installing 98se on modern hardwa Asrock 775DUAL-VSTA motherboard | 98 Guy | General | 5 | February 12th 07 04:32 AM |
Securing Windows98 | Davy | General | 4 | August 8th 05 01:14 AM |
Modern computer case? | ms | General | 7 | April 8th 05 12:43 PM |
Securing access to Computer/Windows | General | 2 | September 24th 04 03:16 PM |