If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Display Modes |
#41
|
|||
|
|||
PDF exploits shown in this comparison as exceeding Flash based
On 02/20/2010 07:02 PM, Jeff Richards wrote:
You may not be aware that there is an ongoing campaign to introduce as much irrelevant material as possible, particularly if it relates to security, into the W98 groups, mostly by casual addition of the W98 groups to postings in groups related to other versions of Windows. This is done purely to enhance the status of several trolls who think they are making themselves appear knowledgeable about W98. All they are doing is completely confusing the W98 users and creating flame wars which are then fanned as much as possible. It would be helpful to the W98 groups if this irrelevant crossposting was removed before replying. Thanks, Excuse me, do you have something you wish to say. Please show us how knowledgeable you are Jeff. Show us WITH SPECIFICS, that Win98 hacks are not being used and Windows 98 users can rest assured that parties like you are providing the information they need to protect themselves while on the Internet when confronted with PDFs, Flash, JAVA, email attacks, and other factors one finds out here. While you are explaining these facts [per your thoughts] please explain your prior support of installation of IE6 files from Win2K AFTER the EOL of Win98 as recently as the 10th month of last year, into the Win98 OS and how it would/will protect Win98 users. Or is it that you believe Win98 users should be "kept in the dark" and continue to be provided with false information regarding their security by those apparently without the comprehension to understand the threats involved? -- MEB http://peoplescounsel.org/ref/windows-main.htm Windows Info, Diagnostics, Security, Networking http://peoplescounsel.org The "real world" of Law, Justice, and Government ___--- |
#42
|
|||
|
|||
PDF exploits shown in this comparison as exceeding Flash based
In message , FromTheRafters
writes: "David H. Lipman" wrote in message ... From: "J. P. Gilliver (John)" | In message , David H. Lipman | writes: | [] There are some PDF vulnerabilities that FoxIt is vulnerable to and some that both Adobe and FoxIt are vulnerable to. | Is the former a subset of the latter (i. e. Foxit is vulnerable to some, | and Adobe to those and more), or are they overlapping sets (such that | there are some Foxit is vulnerable to that Adobe is _not_)? I'm confused now ... FoxIt suffers from a subset (so to speak) of the greater amount of vulnerabilities that afflict Adobe Reader/Acrobat. .... if the above is true, then one will always be safer (safer, not safe!) by using Foxit than Acrobat. But ... I think he's asking a math question. (I did express it in that way, yes - sorry if it caused confusion.) To define his "sets" he may need to clarify some things. The vulnerability is in the software used to process the PDF format files and implement their extensions. Some vulnerabilities may be for Foxit *only*, some for Adobe *only* and some for *both*. Intersecting sets. .... if that is true, then "Foxit is always safer" is NOT true. And then there's the question of how the latest version of each _that will work under '98_ compare with respect to these vulnerabilities, and also whether any vulnerabilities either is subject to are actually a concern under 98 ... So to summarise, the questions a What is the latest version of Foxit that runs under '98, and what vulnerabilities is that version subject to which actually are a threat under '98? What is the latest version of Acrobat that runs under '98, and what vulnerabilities is that version subject to which actually are a threat under '98? How do those lists compare? -- J. P. Gilliver. UMRA: 1960/1985 MB++G.5AL-IS-P--Ch++(p)Ar@T0H+Sh0!:`)DNAf ** http://www.soft255.demon.co.uk/G6JPG-PC/JPGminPC.htm for ludicrously outdated thoughts on PCs. ** Who's General Failure & why's he reading my disk? (Stolen from another .sig) |
#43
|
|||
|
|||
PDF exploits shown in this comparison as exceeding Flash based
In message , FromTheRafters
writes: "David H. Lipman" wrote in message ... From: "J. P. Gilliver (John)" | In message , David H. Lipman | writes: | [] There are some PDF vulnerabilities that FoxIt is vulnerable to and some that both Adobe and FoxIt are vulnerable to. | Is the former a subset of the latter (i. e. Foxit is vulnerable to some, | and Adobe to those and more), or are they overlapping sets (such that | there are some Foxit is vulnerable to that Adobe is _not_)? I'm confused now ... FoxIt suffers from a subset (so to speak) of the greater amount of vulnerabilities that afflict Adobe Reader/Acrobat. .... if the above is true, then one will always be safer (safer, not safe!) by using Foxit than Acrobat. But ... I think he's asking a math question. (I did express it in that way, yes - sorry if it caused confusion.) To define his "sets" he may need to clarify some things. The vulnerability is in the software used to process the PDF format files and implement their extensions. Some vulnerabilities may be for Foxit *only*, some for Adobe *only* and some for *both*. Intersecting sets. .... if that is true, then "Foxit is always safer" is NOT true. And then there's the question of how the latest version of each _that will work under '98_ compare with respect to these vulnerabilities, and also whether any vulnerabilities either is subject to are actually a concern under 98 ... So to summarise, the questions a What is the latest version of Foxit that runs under '98, and what vulnerabilities is that version subject to which actually are a threat under '98? What is the latest version of Acrobat that runs under '98, and what vulnerabilities is that version subject to which actually are a threat under '98? How do those lists compare? -- J. P. Gilliver. UMRA: 1960/1985 MB++G.5AL-IS-P--Ch++(p)Ar@T0H+Sh0!:`)DNAf ** http://www.soft255.demon.co.uk/G6JPG-PC/JPGminPC.htm for ludicrously outdated thoughts on PCs. ** Who's General Failure & why's he reading my disk? (Stolen from another .sig) |
#44
|
|||
|
|||
PDF exploits shown in this comparison as exceeding Flash based
MEB wrote:
Show us WITH SPECIFICS, that Win98 hacks are not being used Meb again is asking for negative proof. He is asking that a negative be proved- that something DOES NOT exist or that something DOES NOT happen. Either Meb is truely a moron and doesn't understand the concept of a negative proof, or he knows that full well but is nonetheless using it to support his mindless arguments. A negative can usually never be proved unless the scope of the argument is sufficiently small. In this case, the scope of the argument (all data that can pass between or into any computer on planet earth) is too large to rationally ask for a negative proof. But this is frequently how MEB responds in an argument. You can never ask him for a positive example to prove his point - he will always turn it around and ask you to supply a negative proof. Or is it that you believe Win98 users should be "kept in the dark" and continue to be provided with false information regarding their security by those apparently without the comprehension to understand the threats involved? You have failed time and time again to explain why you do not test various threats on your win-98 system and post the results. All you ever do is blather on and on and on about the latest flash or adobe threats and post CERT pgp keys (god knows why you do that) without providing any shread of evidence that those threats or exploits are operable on win-98 systems. And when others post the observation / suggestion that win-98 users apply IE-patch rollups released by Microsoft for win-2k IE6-sp1, you froth at the mouth against doing that, claiming it would make win-98 systems *less* secure. You claim that IE6 was never properly "ported" to win-98, but your analysis is based on a faulty understanding of dependency walker and a faulty understanding of multi-platform DLL's. I post most of this here for the benefit of those of you here in microsoft.public.security.homeusers for whom MEB is an unknown quantity. He is a well-known kook here in m.p.win98.gen_discussion. |
#45
|
|||
|
|||
PDF exploits shown in this comparison as exceeding Flash based
MEB wrote:
Show us WITH SPECIFICS, that Win98 hacks are not being used Meb again is asking for negative proof. He is asking that a negative be proved- that something DOES NOT exist or that something DOES NOT happen. Either Meb is truely a moron and doesn't understand the concept of a negative proof, or he knows that full well but is nonetheless using it to support his mindless arguments. A negative can usually never be proved unless the scope of the argument is sufficiently small. In this case, the scope of the argument (all data that can pass between or into any computer on planet earth) is too large to rationally ask for a negative proof. But this is frequently how MEB responds in an argument. You can never ask him for a positive example to prove his point - he will always turn it around and ask you to supply a negative proof. Or is it that you believe Win98 users should be "kept in the dark" and continue to be provided with false information regarding their security by those apparently without the comprehension to understand the threats involved? You have failed time and time again to explain why you do not test various threats on your win-98 system and post the results. All you ever do is blather on and on and on about the latest flash or adobe threats and post CERT pgp keys (god knows why you do that) without providing any shread of evidence that those threats or exploits are operable on win-98 systems. And when others post the observation / suggestion that win-98 users apply IE-patch rollups released by Microsoft for win-2k IE6-sp1, you froth at the mouth against doing that, claiming it would make win-98 systems *less* secure. You claim that IE6 was never properly "ported" to win-98, but your analysis is based on a faulty understanding of dependency walker and a faulty understanding of multi-platform DLL's. I post most of this here for the benefit of those of you here in microsoft.public.security.homeusers for whom MEB is an unknown quantity. He is a well-known kook here in m.p.win98.gen_discussion. |
#46
|
|||
|
|||
PDF exploits shown in this comparison as exceeding Flash based
98 Guy
Do yourself a favor and get a life. You are wrong and you are beating a dead horse. Being foolish does not make you look good and your little credibility that you had is also going the way of the wind . -- Peter Please Reply to Newsgroup for the benefit of others Requests for assistance by email can not and will not be acknowledged. "98 Guy" wrote in message ... MEB wrote: Show us WITH SPECIFICS, that Win98 hacks are not being used Meb again is asking for negative proof. He is asking that a negative be proved- that something DOES NOT exist or that something DOES NOT happen. Either Meb is truely a moron and doesn't understand the concept of a negative proof, or he knows that full well but is nonetheless using it to support his mindless arguments. A negative can usually never be proved unless the scope of the argument is sufficiently small. In this case, the scope of the argument (all data that can pass between or into any computer on planet earth) is too large to rationally ask for a negative proof. But this is frequently how MEB responds in an argument. You can never ask him for a positive example to prove his point - he will always turn it around and ask you to supply a negative proof. Or is it that you believe Win98 users should be "kept in the dark" and continue to be provided with false information regarding their security by those apparently without the comprehension to understand the threats involved? You have failed time and time again to explain why you do not test various threats on your win-98 system and post the results. All you ever do is blather on and on and on about the latest flash or adobe threats and post CERT pgp keys (god knows why you do that) without providing any shread of evidence that those threats or exploits are operable on win-98 systems. And when others post the observation / suggestion that win-98 users apply IE-patch rollups released by Microsoft for win-2k IE6-sp1, you froth at the mouth against doing that, claiming it would make win-98 systems *less* secure. You claim that IE6 was never properly "ported" to win-98, but your analysis is based on a faulty understanding of dependency walker and a faulty understanding of multi-platform DLL's. I post most of this here for the benefit of those of you here in microsoft.public.security.homeusers for whom MEB is an unknown quantity. He is a well-known kook here in m.p.win98.gen_discussion. |
#47
|
|||
|
|||
PDF exploits shown in this comparison as exceeding Flash based
98 Guy
Do yourself a favor and get a life. You are wrong and you are beating a dead horse. Being foolish does not make you look good and your little credibility that you had is also going the way of the wind . -- Peter Please Reply to Newsgroup for the benefit of others Requests for assistance by email can not and will not be acknowledged. "98 Guy" wrote in message ... MEB wrote: Show us WITH SPECIFICS, that Win98 hacks are not being used Meb again is asking for negative proof. He is asking that a negative be proved- that something DOES NOT exist or that something DOES NOT happen. Either Meb is truely a moron and doesn't understand the concept of a negative proof, or he knows that full well but is nonetheless using it to support his mindless arguments. A negative can usually never be proved unless the scope of the argument is sufficiently small. In this case, the scope of the argument (all data that can pass between or into any computer on planet earth) is too large to rationally ask for a negative proof. But this is frequently how MEB responds in an argument. You can never ask him for a positive example to prove his point - he will always turn it around and ask you to supply a negative proof. Or is it that you believe Win98 users should be "kept in the dark" and continue to be provided with false information regarding their security by those apparently without the comprehension to understand the threats involved? You have failed time and time again to explain why you do not test various threats on your win-98 system and post the results. All you ever do is blather on and on and on about the latest flash or adobe threats and post CERT pgp keys (god knows why you do that) without providing any shread of evidence that those threats or exploits are operable on win-98 systems. And when others post the observation / suggestion that win-98 users apply IE-patch rollups released by Microsoft for win-2k IE6-sp1, you froth at the mouth against doing that, claiming it would make win-98 systems *less* secure. You claim that IE6 was never properly "ported" to win-98, but your analysis is based on a faulty understanding of dependency walker and a faulty understanding of multi-platform DLL's. I post most of this here for the benefit of those of you here in microsoft.public.security.homeusers for whom MEB is an unknown quantity. He is a well-known kook here in m.p.win98.gen_discussion. |
#48
|
|||
|
|||
PDF exploits shown in this comparison as exceeding Flash based
"J. P. Gilliver (John)" wrote in message
... "David H. Lipman" wrote in message .. . FoxIt suffers from a subset (so to speak) of the greater amount of vulnerabilities that afflict Adobe Reader/Acrobat. ... if the above is true, then one will always be safer (safer, not safe!) by using Foxit than Acrobat. But ... False conclusion, because it is the future you are gambling on. Maybe Adobe's code has been tested more rigorously now, and FoxIt's code remains to be tested. I think he's asking a math question. (I did express it in that way, yes - sorry if it caused confusion.) I infer from David's post that he is attesting to the fact that the Adobe PDF vulnerability set has many more members than does the FoxIt Reader PDF vulnerability set. To define his "sets" he may need to clarify some things. The vulnerability is in the software used to process the PDF format files and implement their extensions. Some vulnerabilities may be for Foxit *only*, some for Adobe *only* and some for *both*. Intersecting sets. ... if that is true, then "Foxit is always safer" is NOT true. I don't see how that conclusion hinges upon my statement. Anyway, even though I don't know anything about either program, I could suggest that FoxIt Reader is safer than Adobe's. This is based only on my strong suspicion that Adobe's has more lines of code. And then there's the question of how the latest version of each _that will work under '98_ compare with respect to these vulnerabilities, and also whether any vulnerabilities either is subject to are actually a concern under 98 ... Well, Win98 is practically impervious to any privilege escalation exploits. Filesystem security sure isn't an issue. D You should ask in the Win98 group. Treat PDFs as you would executables - no browser add-on to autorender content - no scripting or "Flash" extensions etc... .... the devil is in the extensions (usually) So to summarise, the questions a What is the latest version of Foxit that runs under '98, and what vulnerabilities is that version subject to which actually are a threat under '98? One thing about 98 and NT versions is that even though an exploit can be written that affects all, it is often coupled with shellcode or further processing that is OS specific. 98 is becoming less of a target, so actual threat decreases. A remote code execution exploit using a PDF file may have shellcode to get control of an XP machine while only doing a DoS to a 98 machine. This doesn't mean that the writer couldn't have just as easily written the shellcode part of the exploit for the Win98 machine. What is the latest version of Acrobat that runs under '98, and what vulnerabilities is that version subject to which actually are a threat under '98? Another one specifically for the 98 group. How do those lists compare? Have fun with your research, I suspect you will end up with FoxIt being the better choice even if it is old and unpatched. |
#49
|
|||
|
|||
PDF exploits shown in this comparison as exceeding Flash based
"J. P. Gilliver (John)" wrote in message
... "David H. Lipman" wrote in message .. . FoxIt suffers from a subset (so to speak) of the greater amount of vulnerabilities that afflict Adobe Reader/Acrobat. ... if the above is true, then one will always be safer (safer, not safe!) by using Foxit than Acrobat. But ... False conclusion, because it is the future you are gambling on. Maybe Adobe's code has been tested more rigorously now, and FoxIt's code remains to be tested. I think he's asking a math question. (I did express it in that way, yes - sorry if it caused confusion.) I infer from David's post that he is attesting to the fact that the Adobe PDF vulnerability set has many more members than does the FoxIt Reader PDF vulnerability set. To define his "sets" he may need to clarify some things. The vulnerability is in the software used to process the PDF format files and implement their extensions. Some vulnerabilities may be for Foxit *only*, some for Adobe *only* and some for *both*. Intersecting sets. ... if that is true, then "Foxit is always safer" is NOT true. I don't see how that conclusion hinges upon my statement. Anyway, even though I don't know anything about either program, I could suggest that FoxIt Reader is safer than Adobe's. This is based only on my strong suspicion that Adobe's has more lines of code. And then there's the question of how the latest version of each _that will work under '98_ compare with respect to these vulnerabilities, and also whether any vulnerabilities either is subject to are actually a concern under 98 ... Well, Win98 is practically impervious to any privilege escalation exploits. Filesystem security sure isn't an issue. D You should ask in the Win98 group. Treat PDFs as you would executables - no browser add-on to autorender content - no scripting or "Flash" extensions etc... .... the devil is in the extensions (usually) So to summarise, the questions a What is the latest version of Foxit that runs under '98, and what vulnerabilities is that version subject to which actually are a threat under '98? One thing about 98 and NT versions is that even though an exploit can be written that affects all, it is often coupled with shellcode or further processing that is OS specific. 98 is becoming less of a target, so actual threat decreases. A remote code execution exploit using a PDF file may have shellcode to get control of an XP machine while only doing a DoS to a 98 machine. This doesn't mean that the writer couldn't have just as easily written the shellcode part of the exploit for the Win98 machine. What is the latest version of Acrobat that runs under '98, and what vulnerabilities is that version subject to which actually are a threat under '98? Another one specifically for the 98 group. How do those lists compare? Have fun with your research, I suspect you will end up with FoxIt being the better choice even if it is old and unpatched. |
#50
|
|||
|
|||
PDF exploits shown in this comparison as exceeding Flash based
"98 Guy" wrote in message ...
[...] without providing any shread of evidence that those threats or exploits are operable on win-98 systems. Considering exploits, it is not reasonable to assume that your OS is more secure just because an exploit is not operable on it. If the vulnerable software falls over, but the OS doesn't recognise the shellcode, the system is *still* vulnerable to the exploit. If it is an NT specific malware *payload* you might not be vulnerable to the payload, but you still are vulnerable to the exploit. It is the exploit that delivers the payload (often in the form of shellcode). Just because a malware instance can't complete its worm function on a Win98 system does not mean it cannot complete its PE infection routine and be a virus on Win98. |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
New Adobe Reader Zero Day Exploits - New FireFox exploits | MEB[_16_] | General | 28 | May 5th 09 12:29 AM |
Registry and system.dat comparison | Bill P. | General | 9 | August 27th 06 04:53 AM |
Comparison of W98SE and ME? | ms | General | 5 | May 12th 05 06:58 PM |
Win98 comparison | [email protected] | General | 3 | September 14th 04 10:01 AM |
Spybot and DSO Exploits | Alias | General | 2 | September 7th 04 04:03 PM |