Should I reformat from Win2K to 98SE for security?

I have two old computers, one has 98SE, which I have the CD for, and
the other I bought has 2K Pro but with no disk. When I ran the Trend
Micro online virus scan, it brought up all kinds of security issues
with the 2K computer but not with the 98 one. Since there is no data
saved on the 2K computer, would it be wise to "downgrade" to 98SE for
security reasons? Or could I just use AdAware and Avast on the 2K
computer and get the same amount of security (the 98 computer has
AdAware and Avast on it, and I've never updated anything on it)?
Thanks.

wrote:

would it be wise to "downgrade" to 98SE for security reasons?

You would have better performance with 98 vs 2K. If the system runs
basic software (e-mail, web browsing, word processing) then there is
really no "show-stopper" that would prevent 98 doing the job for you,
as opposed to more sophisticated software (graphics, cad, multi-media,
etc) that you may have for which win-98 is not compatible with. Note
that stuff like tax preparation software, google-earth, and god knows
what-else will not run on Win-98.

As for security, yes, win-98 intrinsically is less vulnerable to
exploitation than 2K or XP.

You are highly advised to connect your machines to the internet via a
"Nat-router" which will give you basic fire-wall protection as you
perform a new installation and the subsequent updating via the
microsoft windows-update web mechanism. This is absolutely necessary
if you intend to re-install 2K or XP (those operating systems will
become infected before they are updated if you do not use a
NAT-router).

I have found anti-virus software to be mostly useless, since the other
protection on my systems seem to work fine to prevent infection.

For example, if you obtain a comprehensive hosts file, then use Spybot
and Spyware Blaster (browser innoculation feature) you will close many
viral entry points caused by web browsing. Next thing would be to
obtain the latest version of JAVA (JRE version 5.10 or 5.11 if I'm not
mistaken).

Given the use of a NAT-router, firewall software is completely useless
as a security mechanism, but many here will respond in pavlovian
fashion and spout the necessity of running firewall software.
Anti-virus software has become essentially useless because of the
extremely high rate of creation of new viruses that escape detection.
These days, if your AV software is alerting you about something,
chances are that you have something else that is not being detected
and which you won't be able to remove anyways.

I run something called "The Cleaner" by Moosoft (which is advertized
as a trojan detector) for which I frequently let my definitions lapse
for months at a time. However, it has several real-time features
(like registry monitoring) which alerts me to any changes being made
to the registry that I'm not expecting (which has yet to happen...)

wrote in message
oups.com...
| I have two old computers, one has 98SE, which I have the CD for, and
| the other I bought has 2K Pro but with no disk. When I ran the Trend
| Micro online virus scan, it brought up all kinds of security issues
| with the 2K computer but not with the 98 one. Since there is no data
| saved on the 2K computer, would it be wise to "downgrade" to 98SE for
| security reasons? Or could I just use AdAware and Avast on the 2K
| computer and get the same amount of security (the 98 computer has
| AdAware and Avast on it, and I've never updated anything on it)?
| Thanks.
|


I think you'll find that users of both system have their own ideas on which
OS is best. If you take 2K to its final updates many issues would likely
disappear.

As for security, ignore 98Guy, we have watched one after another of his
ramblings in this discussion group concerning the necessity of only using a
NAT. Be advised he also uses bit torrent so of course he wants as many
computers unprotected so illegal files can be transferred. He lacks any real
understanding of many aspects required.

For a more reasonable review, many of the MVPs and other actual experts
[the ones protecting Internet sites and commercial businesses] have numerous
web pages available concerning settings and programs related thereto. It
isn't difficult to locate the information.

I have created a few for the general public which reference other's pages,
sites, or blogs as well:

http://peoplescounsel.orgfree.com/re...ts_install.htm
http://peoplescounsel.orgfree.com/re.../antivirus.htm
http://peoplescounsel.orgfree.com/re.../firewalls.htm
http://peoplescounsel.orgfree.com/re...NETWORKING.htm
http://peoplescounsel.orgfree.com/re...ty/spyware.htm


--
MEB
http://peoplescounsel.orgfree.com/
BLOG - http://peoplescounsel.spaces.live.com/ Public Notice or the "real
world"
http://groups.google.com/group/the-peoples-law?hl=en - discussion group for
general aspects of Law verses the Peoples' of the world

"Most people, sometime in their lives, stumble across truth.
Most jump up, brush themselves off, and hurry on about their business as if
nothing had happen." Winston Churchill
Or to put it another way:
Morpheus can offer you the two pills;
but only you can choose whether you take the red pill or the blue one.
_______________

MEB wrote:

As for security, ignore 98Guy, we have watched one after another
of his ramblings in this discussion group concerning the
necessity of only using a NAT.

MEB - Why are you being a bone-head about this?

Your obvious disdain of my utilization of software obtained via
torrents and my non-EULA use of MSDN and other Micro$haft software is
clouding your judgement and objectivity about the things I write about
here.

NAT routers provide 100% of the functional "protection" that a
software firewall can ever hope to provide, and it's a myth that the
outgoing monitoring that a software firewall does is either effective
or needed. Software firewalls are vulnerable to deactivation by
trojans or viruses.

Be advised he also uses bit torrent so of course he wants as many
computers unprotected so illegal files can be transferred.

What - are you saying that some significant number of torrent seeders
are running on trojanized systems? Is that your experience from your
own torrenting?

By the way, files themselves are not "illegal". There is no such
thing as an "illegal file".

As I've said, you need to use a NAT router, a hosts file, browser
innoculation via Spybot SD and Spyware Blaster, and update your JAVA
JRE (and un-install ALL old versions of JRE). A realtime registry
monitor is probably equally effective as running AV software.
Software firewall is extraneous and provides no system protection.
Windows 98 is intrinsically less vulnerable to infection and intrusion
vs the NT line (NT/2K/XP) but software compability with 98 in
increasingly becoming a problem, not to mention hardware driver
availability.

With regard specifically to AV software, have a look on the .virus or
..anti-virus news groups or other web-resources pertaining to the AV
scene. You will see that there are MANY that are now questioning the
relavence of AV software given the nature of current viral threats and
the increasingly poor performance of AV software at detecting modern
malware (detecting them *before* they install themselves, change
system settings, etc.)

"98 Guy" wrote in message ...
| MEB wrote:
|
| As for security, ignore 98Guy, we have watched one after another
| of his ramblings in this discussion group concerning the
| necessity of only using a NAT.
|
| MEB - Why are you being a bone-head about this?

Why are you being a moron.

|
| Your obvious disdain of my utilization of software obtained via
| torrents and my non-EULA use of MSDN and other Micro$haft software is
| clouding your judgement and objectivity about the things I write about
| here.

Glad you brought that up. I suggest EVERYONE do a Goole search for this
98Guy. It is very enlightening concerning this person's knowledge of
computers, related, and the Internet

|
| NAT routers provide 100% of the functional "protection" that a
| software firewall can ever hope to provide, and it's a myth that the
| outgoing monitoring that a software firewall does is either effective
| or needed. Software firewalls are vulnerable to deactivation by
| trojans or viruses.

No they do not [NAT]. They DO NOT monitor errant or hack software using
network addressing and ports. A NAT can just as easily be hacked,
particularly if one fails to remove the default keys.

|
| Be advised he also uses bit torrent so of course he wants as many
| computers unprotected so illegal files can be transferred.
|
| What - are you saying that some significant number of torrent seeders
| are running on trojanized systems? Is that your experience from your
| own torrenting?
|

If one intends to make comments or provide advise related to issues one
must research those aspects. On need not actively engage in the tranfers,
but one can easily monitor and trace and track the transactions.

Let me clue you in since you apparently don't get these aspects.

Every few months the fed and state AGs produce their cases, round up a few
hundred people engaged in the activity, and prosecute them.
Those using this questionable activity point at the ones picked by the AGs,
and try to claim they were somehow stupid, or did something that brought
attention to them. Wrong.
As I have attempted to advise you, EVERYONE on the Internet can be traced
and tracked, it isn't that difficult, and IS the way the net is designed.


| By the way, files themselves are not "illegal". There is no such
| thing as an "illegal file".

Creation of software with key generators, reverse engineered software, or
other, is illegal as defined under US and International Laws related to
Copyright, Trademark, Intellectual property, and other related Laws. NEVER
attempt to discuss legal issue useless you actually know what your talking
about.

|
| As I've said, you need to use a NAT router, a hosts file, browser
| innoculation via Spybot SD and Spyware Blaster, and update your JAVA
| JRE (and un-install ALL old versions of JRE). A realtime registry
| monitor is probably equally effective as running AV software.
| Software firewall is extraneous and provides no system protection.
| Windows 98 is intrinsically less vulnerable to infection and intrusion
| vs the NT line (NT/2K/XP) but software compability with 98 in
| increasingly becoming a problem, not to mention hardware driver
| availability.

9X is not less vulnerable. It has less hacks being created for it at the
moment. Those creating the viri, trogans, and other, key on the
security/coding with the NT environment, making them generally incompatible
with the older DOS/32 coding. That does NOT mean 9X is less vulnerable
without firewalls, anti-spyware progs, anti-virus progs, and other security
protections.

|
| With regard specifically to AV software, have a look on the .virus or
| .anti-virus news groups or other web-resources pertaining to the AV
| scene. You will see that there are MANY that are now questioning the
| relavence of AV software given the nature of current viral threats and
| the increasingly poor performance of AV software at detecting modern
| malware (detecting them *before* they install themselves, change
| system settings, etc.)

Right, as the hackers become more adept at their *profession*, so do the
anti-[whatever] programs work to stop that activity.

I do monitor some. We [the older people on the NET who HAVE worked in these
areas] have seen this same attitude throughout the growth of the Internet...
those with a brain and who use it, realize that the old protections are
still relevant and needed. Seems its only the younger *whiz banger, I know
everything* people spouting you don't need these things. But then these are
the same people for the most part, that don't get global warming, thousands
of years old religious misdirections, government corruption, and other
aspects of the *REAL WORLD*. It's much easier to live in a dream world...

So dude, every time you spout nonsense in this group, I WILL take you to
task for it.

--
MEB
http://peoplescounsel.orgfree.com/
BLOG - http://peoplescounsel.spaces.live.com/ Public Notice or the "real
world"
http://groups.google.com/group/the-peoples-law?hl=en - discussion group for
general aspects of Law verses the Peoples' of the world

"Most people, sometime in their lives, stumble across truth.
Most jump up, brush themselves off, and hurry on about their business as if
nothing had happen." Winston Churchill
Or to put it another way:
Morpheus can offer you the two pills;
but only you can choose whether you take the red pill or the blue one.
_______________

The virus world includes a large number that are spread via SPAM. In my
experience, users who are unwise about using email, like those who insist of
viewing it in HTML, are VERY vulnerable to virus attack and only a decent AV
will prevent the virus from running. This observation is based upon regular
reports from such users who, no matter how much I insist on plain-text only,
continue reading in HTML, or feel forced to in order to view most commercial
emails properly.

--
Gary S. Terhune
MS-MVP Shell/User
www.grystmill.com

"98 Guy" wrote in message ...
MEB wrote:

As for security, ignore 98Guy, we have watched one after another
of his ramblings in this discussion group concerning the
necessity of only using a NAT.

MEB - Why are you being a bone-head about this?

Your obvious disdain of my utilization of software obtained via
torrents and my non-EULA use of MSDN and other Micro$haft software is
clouding your judgement and objectivity about the things I write about
here.

NAT routers provide 100% of the functional "protection" that a
software firewall can ever hope to provide, and it's a myth that the
outgoing monitoring that a software firewall does is either effective
or needed. Software firewalls are vulnerable to deactivation by
trojans or viruses.

Be advised he also uses bit torrent so of course he wants as many
computers unprotected so illegal files can be transferred.

What - are you saying that some significant number of torrent seeders
are running on trojanized systems? Is that your experience from your
own torrenting?

By the way, files themselves are not "illegal". There is no such
thing as an "illegal file".

As I've said, you need to use a NAT router, a hosts file, browser
innoculation via Spybot SD and Spyware Blaster, and update your JAVA
JRE (and un-install ALL old versions of JRE). A realtime registry
monitor is probably equally effective as running AV software.
Software firewall is extraneous and provides no system protection.
Windows 98 is intrinsically less vulnerable to infection and intrusion
vs the NT line (NT/2K/XP) but software compability with 98 in
increasingly becoming a problem, not to mention hardware driver
availability.

With regard specifically to AV software, have a look on the .virus or
.anti-virus news groups or other web-resources pertaining to the AV
scene. You will see that there are MANY that are now questioning the
relavence of AV software given the nature of current viral threats and
the increasingly poor performance of AV software at detecting modern
malware (detecting them *before* they install themselves, change
system settings, etc.)

"Gary S. Terhune" wrote:

The virus world includes a large number that are spread via SPAM.

According to this document:

http://tinyurl.com/yw4sed

(Messagelabs intelligence report, April 2007)

The occurrance of malware in spam is 1 out of every 145 spams.

(malware in this context is a catch-all term denoting viruses and
possibly trojans).

The rate of 1:145 is low, but even more significantly is that 84% of
those are targeting various MS Office vulnerabilities - Powerpoint and
Word. Vulnerabilities for which there are patches for.

MessageLabs is showing a graph of the occurrance rate of malware in
spam, and it's pretty clear that it is in decline. For most of 2005
it was on the order of 1 out of every 40 spams, and during 2006 it
declined from 1:40 to the 1:145 being quoted last month.

In my experience, users who are unwise about using email, like
those who insist of viewing it in HTML, are VERY vulnerable
to virus attack and only a decent AV will prevent the virus
from running.

While I don't doubt that there is spam containing URL's that point
directly to threat-containing pages (requiring the user to click on
the link to seek out and launch the malware), I don't buy your
argument that malware in the form of HTML-based vulnerabilities are
(today) arriving in the body of spam e-mail.

This observation is based upon regular reports from such
users who, no matter how much I insist on plain-text only,
continue reading in HTML, or feel forced to in order to
view most commercial emails properly.

Could you describe a recent example of an HTML-based piece of malware
that arrived in the message body of a user's e-mail? For example, how
was it identified by the AV-software in question?

Your analysis based upon statistics, particularly recent ones, is lacking.
You postulate a number of things that are not givens in the vast majority of
systems -- that they have well-patched systems, including MS applications,
and that any number of other measures have been taken, many of which are not
even known to users, much less followed. In fact, I find your implication
that simply having Windows and applications properly patched means that they
are secure rather amusing.

Not having bothered to investigate thoroughly -- I don't read in HTML and
haven't for years -- and admitting that my experiences are not mostly recent
in nature, I've had reports from users that whereas their AV did not
immediately flag viruses that were merely attachments, occasionally the AV
was triggered by simply opening the email in HTML. The possibility still
exists, and I would suggest that it is precisely the measures taken to close
those vulnerabilities in Windows, to the extent possible, that have resulted
in the statistics you cite, for much the same reason that Macs claim better
security from viruses. They're attacked less because the returns have
diminished -- diminished, but not eliminated.

Granted, for a relatively small number of knowledgeable and diligent users,
other measures can provide a sufficient level of protection to approximate
that provided by AVs. But Joe Average, especially when sharing the machine
with Joe Jr., needs that basic idiot-proofing just like he needs a lot of
other idiot-proofing. Suggesting that they spend a LOT of time finding out
how to get along without AV is a fools errand, even if we grant that they're
capable of wading through the muck to make sure they have all the bases
covered and haven't been taken in by one or more of the multitude of
contra-helpful "tech" sites.

One last word on your statistics. I have accounts that receive a few
thousand SPAM per week, each. I'd be very worried for an average user
without AV protection who got that kind of traffic.

--
Gary S. Terhune
MS-MVP Shell/User
www.grystmill.com


"98 Guy" wrote in message ...
"Gary S. Terhune" wrote:

The virus world includes a large number that are spread via SPAM.

According to this document:

http://tinyurl.com/yw4sed

(Messagelabs intelligence report, April 2007)

The occurrance of malware in spam is 1 out of every 145 spams.

(malware in this context is a catch-all term denoting viruses and
possibly trojans).

The rate of 1:145 is low, but even more significantly is that 84% of
those are targeting various MS Office vulnerabilities - Powerpoint and
Word. Vulnerabilities for which there are patches for.

MessageLabs is showing a graph of the occurrance rate of malware in
spam, and it's pretty clear that it is in decline. For most of 2005
it was on the order of 1 out of every 40 spams, and during 2006 it
declined from 1:40 to the 1:145 being quoted last month.

In my experience, users who are unwise about using email, like
those who insist of viewing it in HTML, are VERY vulnerable
to virus attack and only a decent AV will prevent the virus
from running.

While I don't doubt that there is spam containing URL's that point
directly to threat-containing pages (requiring the user to click on
the link to seek out and launch the malware), I don't buy your
argument that malware in the form of HTML-based vulnerabilities are
(today) arriving in the body of spam e-mail.

This observation is based upon regular reports from such
users who, no matter how much I insist on plain-text only,
continue reading in HTML, or feel forced to in order to
view most commercial emails properly.

Could you describe a recent example of an HTML-based piece of malware
that arrived in the message body of a user's e-mail? For example, how
was it identified by the AV-software in question?

"Gary S. Terhune" none wrote in message
...
| Your analysis based upon statistics, particularly recent ones, is lacking.
| You postulate a number of things that are not givens in the vast majority
of
| systems -- that they have well-patched systems, including MS applications,
| and that any number of other measures have been taken, many of which are
not
| even known to users, much less followed. In fact, I find your implication
| that simply having Windows and applications properly patched means that
they
| are secure rather amusing.
|
| Not having bothered to investigate thoroughly -- I don't read in HTML and
| haven't for years -- and admitting that my experiences are not mostly
recent
| in nature, I've had reports from users that whereas their AV did not
| immediately flag viruses that were merely attachments, occasionally the AV
| was triggered by simply opening the email in HTML. The possibility still
| exists, and I would suggest that it is precisely the measures taken to
close
| those vulnerabilities in Windows, to the extent possible, that have
resulted
| in the statistics you cite, for much the same reason that Macs claim
better
| security from viruses. They're attacked less because the returns have
| diminished -- diminished, but not eliminated.
|
| Granted, for a relatively small number of knowledgeable and diligent
users,
| other measures can provide a sufficient level of protection to approximate
| that provided by AVs. But Joe Average, especially when sharing the machine
| with Joe Jr., needs that basic idiot-proofing just like he needs a lot of
| other idiot-proofing. Suggesting that they spend a LOT of time finding out
| how to get along without AV is a fools errand, even if we grant that
they're
| capable of wading through the muck to make sure they have all the bases
| covered and haven't been taken in by one or more of the multitude of
| contra-helpful "tech" sites.
|
| One last word on your statistics. I have accounts that receive a few
| thousand SPAM per week, each. I'd be very worried for an average user
| without AV protection who got that kind of traffic.
|
| --
| Gary S. Terhune
| MS-MVP Shell/User
| www.grystmill.com
|
|
| "98 Guy" wrote in message ...
| "Gary S. Terhune" wrote:
|
| The virus world includes a large number that are spread via SPAM.
|
| According to this document:
|
| http://tinyurl.com/yw4sed
|
| (Messagelabs intelligence report, April 2007)
|
| The occurrance of malware in spam is 1 out of every 145 spams.
|
| (malware in this context is a catch-all term denoting viruses and
| possibly trojans).
|
| The rate of 1:145 is low, but even more significantly is that 84% of
| those are targeting various MS Office vulnerabilities - Powerpoint and
| Word. Vulnerabilities for which there are patches for.
|
| MessageLabs is showing a graph of the occurrance rate of malware in
| spam, and it's pretty clear that it is in decline. For most of 2005
| it was on the order of 1 out of every 40 spams, and during 2006 it
| declined from 1:40 to the 1:145 being quoted last month.
|
| In my experience, users who are unwise about using email, like
| those who insist of viewing it in HTML, are VERY vulnerable
| to virus attack and only a decent AV will prevent the virus
| from running.
|
| While I don't doubt that there is spam containing URL's that point
| directly to threat-containing pages (requiring the user to click on
| the link to seek out and launch the malware), I don't buy your
| argument that malware in the form of HTML-based vulnerabilities are
| (today) arriving in the body of spam e-mail.
|
| This observation is based upon regular reports from such
| users who, no matter how much I insist on plain-text only,
| continue reading in HTML, or feel forced to in order to
| view most commercial emails properly.
|
| Could you describe a recent example of an HTML-based piece of malware
| that arrived in the message body of a user's e-mail? For example, how
| was it identified by the AV-software in question?
|
|

Gary is correct in his presentation as far as it goes.

Hotmail BACKDOOR - an old discussion on Hotmail/Microsoft issues
Did MS Dig Its Hotmail Hole?
http://www.wired.com/news/technology...,21495,00.html

Security pros work to undo teacher's conviction
Robert Lemos, SecurityFocus 2007-02-02
http://www.securityfocus.com/news/11440
It was in the news, now read what's being done, and what the implications
are.

Security Focus - Vulnerabilities - listings of vulnerabilities - server
side, application, OS
http://www.securityfocus.com/vulnerabilities

Security Focus - Infocus: Firewalls
http://www.securityfocus.com/firewalls

Security FocusInfocus: Microsoft
http://www.securityfocus.com/microsoft

Security Focus - Security Basics
http://www.securityfocus.com/archive/105

http://www.symantec.com/enterprise/s...onse/index.jsp

http://www.grisoft.com/doc/61/us/crp/0

http://www.microsoft.com/technet/security/current.aspx

http://www.us-cert.gov/cas/bulletins/

http://www.adobe.com/support/security/

http://www.skype.com/security/bulletins.html

http://www.kb.cert.org/vuls/

http://www.us-cert.gov/cas/bulletins/

http://www.f-prot.com/news/index.html

http://httpd.apache.org/security_report.html

http://www.watchguard.com/

http://seclists.org/
which has several other services/forums/lists/etc linked

Of course there are literally thousands of sites, forums, and other.. as I
have stated before, all users should attempt to keep somewhat informed and
make every effort to secure their own system(s). Believing that because your
one of billions on the NET and that makes you secure is not feasible anymore
[if it ever was]. Server side codes, web apps, Flash, and other activities
have opened ever deeper holes into your systems. And it isn't just your home
computer, its your Windows based PDA, or other device... anything that you
may have private information on, and which connects to something else...
cell phones included ...

For the 9X/ME/unsupported Microsoft user, they had best think and play
carefully on the net. Anti-spyware and anti virus programs in conjunction
with firewalls, and routers if possible, MUST be on everyone's systems. But
even these are not absolute protection. It is the user who needs to work to
secure their own systems beyond these protections. It is the user who needs
to think carefully about what they do on the Internet, and allow into their
systems.

--
MEB
http://peoplescounsel.orgfree.com/
BLOG - http://peoplescounsel.spaces.live.com/ Public Notice or the "real
world"
http://groups.google.com/group/the-peoples-law?hl=en - discussion group for
general aspects of Law verses the Peoples' of the world

"Most people, sometime in their lives, stumble across truth.
Most jump up, brush themselves off, and hurry on about their business as if
nothing had happen." Winston Churchill
Or to put it another way:
Morpheus can offer you the two pills;
but only you can choose whether you take the red pill or the blue one.
_______________