Hello everyone, ive been fixing some older computers lately for my computer illiterate friends and could use some advice in the security department! Im currently working on a gateway machine w/ 500mhz/198ram/win98se installed, not much to work with here. Resources are practically non-existent, so my priorities for security software are in this order-

1) lightweight on ram and cpu
2) little to no user maintenance required automatic/scheduled updates and scans are a must. looking for programs that do the job and stay out of sight.
3) effective in preventing/removing any malware you might get from browsing the web and using web based email. occasional downloading

At the moment Im having the some success using Firefox 1.5.9, KIS 6 with web-scan disabled, superantispyware, spywaregaurd and spywareblaster.
KIS and superantispyware are a little heavier than i would like them to be but they seem relatively light compared to the other apps ive tried. (Im working with a dinosaur here RaWWwr!) Its gotten to the point where im considering skipping on either the antivirus or the antispyware for the sake of keeping precious system resources free for music and browsing. Spyware scanners always seem to turn up more than virus scans so im thinking maybe just a good antispyware program and some on-demand av? :wacko: i dont know this is getting to be a real pain in the ass!

question: there wont be much in the way of installations if any on this computer after im done with it, would it be possible to use just a firewall (no AV or AS) to keep out all the badness without any "allow/deny" prompts?

-{ Quote: "there wont be much in the way of installations if any on this computer after im done with it, would it be possible to use just a firewall (no AV or AS) to keep out all the badness without any "allow/deny" prompts?" }-
Yes, but it depends, if they would be able to use NoScript.
I would also recommend to set up CCleaner to run at startup.
If you would set up all rules in firewall, you could disable alerts.
I would think about using no firewall, if all ports could be closed.
In that case, there would be no prompts, but it depends on a user.
If there is a high risk surfer and illiterate, it would not be a good idea.
Free scanners without process in backround: A-Squared (http://www.softpedia.com/get/Antivirus/a-squared-a2-Free.shtml), Cure It (http://www.softpedia.com/get/Antivirus/Dr-WEB-CureIt.shtml), SAS (http://www.softpedia.com/get/Internet/Popup-Ad-Spyware-Blockers/SUPERAntiSpyware.shtml).

I would definately run an AV, but only use an AS on demand. I would have recommended AntiVir, but they are ending support for 98 in a few months !!!

As you said "there wont be much in the way of installations if any on this computer after im done with it" So installing the excellent free Winsonar 2007 XP would prevent any unknown executables from running, including badware. I've been using it for years on 98se computers, highly recommended.

http://digilander.libero.it/zancart/default.htm

The previous versions of Zonealarm free like v4.5 are very light and favoured by a lot of people. Still available from Zonelabs or oldversion.com.


StevieO

so if i had to choose only 1 memory sucking real-time program, what would offer the most overall protection? firewall, antivirus, or antispyware? this is why i like programs like KIS 6 because they supposedly have all three with minimal system impact. though i dont know how thorough the firewall and antispyware is.

-{ Quote: "so if i had to choose only 1 memory sucking real-time program, what would offer the most overall protection? firewall, antivirus, or antispyware? this is why i like programs like KIS 6 because they supposedly have all three with minimal system impact. though i dont know how thorough the firewall and antispyware is." }-



IMO, as recommended by TheTOM_SK, stay with the FW and KIS 6. Add NoScript. Use the AS as on demand only.I think that is about as good as you are going to do for an underpowered PC and an un-learned user.

For a super lightweight combo i'd recommend avg free + ghostwall combined with firefox + noscript. With ghostwall you can configure the rules then disable the gui so no one can mess with it.

Another option is ghostwall + system safety monitor free. Configure the computer, configure ssm then disconnect the UI and nothing bad can execute.

hello,
nod32 is a great av for windows 98 its very light and can be made automatic.
www.eset.com
then you could use superantispyware as on demand antisppyware and use firefox with no script.

you could if you wanted to use ssm free.
you heard me correctly ssm free does work on windows 98 and ME.
http://www.syssafety.com/
Jetico at a firewall
http://www.jetico.com/
lodore

You could give them decent protection with:

1. Avira Antivir (free)...Excellent Antivirus Protection
2. Spyware Terminator...Great at keeping a PC clean with it's active protections. Mediocre at detection. Also Free
3. Spyware Blaster
4. Not sure on the Firewall. Comodo is good but maybe not light enough. PC Tools Fierwall is supposed to be good. Not sure if works with Win 98. Maybe an older version of Zone Alarm Free. Fiewall is the only question I have. If you sit behind a good router, this could be skipped.

But all of the above could be used by novice users with no problems and provide a pretty high degree of protection. I also don't believe these programs conflict with each other.

I have an almost identical older computer.

Buy a cheap router and put it behind it. That is the most important thing. Forget a software firewall unless you use an old version of ZA. I believe it was 2.6 of Zone Alarm that was the last lightweight firewall I used on that computer. NOD32 runs fine on 98SE. Another one that uses even less resources is AVS...if it will activate. I can't get AVS to activate and AOL and KAV forum have not been at all helpful. It runs fine but cannot get current definitions because of the activation error. But I can see when I check resources that it uses less than even NOD32 used to use and that was an older version of NOD32. (But I have read that the current version is also light on 98SE).

If you have 98SE properly tied down and have a good AV it is quite secure. (The opposite is true if the situation was like my current one where I have the 98SE box networked and also have a one year old XP Pro box. In this situation I have file sharing enabled and that makes 98SE very vulnerable if taken out from behind the router. Last time I did that, I had NOD32 active and updated on it, thank goodness, as it got Opaserv within 5 minutes of being on the internet and while not protected by the router. NOD32 caught it).

Fx works quite well on 98SE and should be used instead of IE. I also have Spyware Blaster for when IE has to be used and Spybot (no Teatimer). That old computer boots with 84% resources free. I also use Script Sentry on it (and my XP computer).

-{ Quote: "You could give them decent protection with:

1. Avira Antivir (free)...Excellent Antivirus Protection
2. Spyware Terminator...Great at keeping a PC clean with it's active protections. Mediocre at detection. Also Free
3. Spyware Blaster
4. Not sure on the Firewall. Comodo is good but maybe not light enough. PC Tools Fierwall is supposed to be good. Not sure if works with Win 98. Maybe an older version of Zone Alarm Free. Fiewall is the only question I have. If you sit behind a good router, this could be skipped.

But all of the above could be used by novice users with no problems and provide a pretty high degree of protection. I also don't believe these programs conflict with each other." }-

Avira plans to stop supporting Windows 98 later this year. From what I read, PC Tools firewall is not supported on Windows 98. LookNStop which is what PC Tools FW was based on does support Windows 98 but it is not free. I have used ZA 6.1.744.001 on a Windows 98 desktop and it has never had a problem running on my machine (it is the last icon to appear on the system tray, so it is a "laggard" and takes up RAM).

Your choices for free AV, AS, and FW programs are limited (and even more so for Windows 98 users). For AV, there is Antivir (again Windows 98 support is ending soon), Avast, and AVG. There are very few free AS programs that offer realtime protection (Among those are Spyware Terminator, Spyware Guard, Spyware Blaster). For free Firewall programs, those that can use Windows 98, are usually no longer updated- such as Zone Alarm 6.1.744 and earlier versions, Outpost Free 1.0, Sygate, Jetico, and several other lesser known programs. Filseclab is currently supported and does work on Windows 98, but setting it up is not that simple.

This is a problem that I've also been struggling with. Since Win98 no longer gets security updates, I've thought about getting people to upgrade to Windows 2000 Professional. Unfortunately, it will also lose support from Microsoft in a few years, so it is difficult to justify the cost of upgrading.

At the moment, I am thinking that Linux might be a good solution. There are number of lightweight Linux distros that should run well on older computers that are still running Windows 98 or Windows ME. In addition, there are flexible Linux distros, like Debian, that can be set up in many different ways-- these can often be used to create a lightweight system.

Rather than get rid of Win98, my plan is to set up a dual-boot system. That way, if need be, Windows is still available for occasional use. And I plan to emphasize to the users that they should avoid going online while using Windows. I think this could work well since many people only use their computers to browse the web and send/receive e-mail.

Phil

I stopped running a resident AV on my 98 box when AntiVir released version 7. That was about a year ago. My 98 box is no less secure and is much faster without one.

With vendors either dropping support for 98 or producing apps that are too heavy to run properly on it, those running 98 should consider alternate methods of securing it. The necessary software is still available, all free. One of the best tools is right on the 98 CD, poledit.exe. The free version of SSM can also protect 98 units very well. These combined with a good firewall (like Kerio 2.1.5) and some content filtering for your browser are more than sufficient to protect 98 on the net. An alternate browser also helps, not just from a security standpoint, but from a performance perspective. On my under-powered unit, using IE6 for an extended period drained its limited resources. The Mozilla browsers didn't.

The conventional approach to PC security is to block malicious code while allowing everything else to run. The shortcoming to this approach has always been trying to identify and catch all the malicious code. The sheer quantity and endless forms it takes is one of the main reasons that detection software is becoming a heavier load on systems. Securing 98 with the apps and tools mentioned above requires a basic change in the users approach to security. Instead of basing your security strategy on blocking malicious code, a blacklist approach, take the opposite approach. Specify what apps and system components are allowed to run, and block everything else. It's much simpler to enforce a security policy that allows a hundred or so known processes to run that it is to identify and block hundreds of thousands of unwanted processes or code sequences. The policy editor from your 98 CD enables you to set restrictions on what apps are allowed to run. System Safety Monitor can also let you specify what other processes each app is allowed to start, or be started by. Both SSM and the policy editor can lock down critical areas of the system from change by users or malware.

While some users won't like the idea of being restricted to using a specified set of applications, it isn't as bad as you might think, especially on a 98 unit. If you're running a 98 box, you're already restricted by availability alone. Quite often a new version of an application either won't be compatible with 98 or will be too heavy to run well on it. I can't run the newest version of Yahoo Messenger, version 8.1 but I can run version 5.6, or GAIM. I can't use IE7 but I can use Sea Monkey (http://www.mozilla.org/projects/seamonkey/), the new Mozilla suite. For most any common usage, there's still good software available for 98, much of it free.

Setting up such a security policy isn't that difficult. If anything, it's a bit time consuming, but it's not really that complicated. The concept behind it is very simple.
If it can't run, it can't hurt you.
It's much easier to enjoy your PC and the net when you don't have to worry about your AV missing something.
Rick

Might as well say this: if they don't depend on specific programs that only run on Windows, go GNU/Linux. Free and safe. Really free, they can do what they want, choose what kind of OS they want.

Yes, users could install Linux and learn to use it. That has its own problems on 98 boxes, especially if they're using dialup service. I never did find drivers that worked with the modem my box came with. When you have to start learning Linux on terms like that, it's frustrating.

There's no reason someone with a 98 box has to switch to Linux. At the local computer shop, I picked up a couple used hard drives in the 5-10GB range for about $10 each. They can just as easily add another small hard drive, put Linux on it, and use 98 while they learn Linux. If Linux gives them trouble for whatever reason, they still have a working OS that can be safely used. Why switch when you can have both?
Rick

Just as an aside to expounding on my most cherished beginnings to the internet and computers in general, 98SE O/S!!!

I think it bears noting that i was running VISTA!! type transparency 3-D! Thats Right!! On 98's ;D Long before Vista and only shortly before XP. LoL

Mandotate is the 3-D enhancement program that had it's origins in 98, Google for it or check into NeoWin's Forums for it, it is still around and free as always. Vista's Flip/Scroll 3-D demands a heavy penalty on resources and is yet another reason why Vista is as INPRACTIBLE! as it was for Microsoft to abandon 98/Me before FIRST re-writing them and re-releasing them with the improvements their user's/consumers really expected of a so-called high-tech business. :thumbd:

Although i get plenty of mileage from my XP Pro drive i will never be without my 98 on the other drive to boot to. That O/S gave many their first start like me in all this and also in some instances it can still outperform XP, it is also just like herbalist alludes to, more safe than XP and even more so with HIPS behavior programs that are compatible like SSM.

In the past I've worked on a couple dozen computers running either 98se or 95. Can't remember any of them having virii. So if they're not into porn or warez. I wouldn't install an AV of PF. Now I did find plenty of adware & spyware. So I'd install SSD wo teatimer & Adaware. And sorry to say this teach them how to use these 2. Thats it. Don't knock me around too much folks for being the lone desenter. ;D

The main problem for me that i found on 98 was IE exploits that crippled and replaced wmplayer.exe 72Kb so i eventually kept a fresh copy of it and whenever that exploit hit (AV Alert!) i simply restore it.

Now theres an O/S that could have really benefitted from WFP .

-{ Quote: "I stopped running a resident AV on my 98 box when AntiVir released version 7. That was about a year ago. My 98 box is no less secure and is much faster without one.

With vendors either dropping support for 98 or producing apps that are too heavy to run properly on it, those running 98 should consider alternate methods of securing it. The necessary software is still available, all free. One of the best tools is right on the 98 CD, poledit.exe." }-
It's nice to see a fellow pragmatist; at least Bill Gates did one thing right -- he allowed us MS Policy Editor.

Dave

-{ Quote: "Hello everyone, ive been fixing some older computers lately for my computer illiterate friends and could use some advice in the security department! Im currently working on a gateway machine w/ 500mhz/198ram/win98se installed, not much to work with here. Resources are practically non-existent, so my priorities for security software are in this order-

1) lightweight on ram and cpu
2) little to no user maintenance required automatic/scheduled updates and scans are a must. looking for programs that do the job and stay out of sight.
3) effective in preventing/removing any malware you might get from browsing the web and using web based email. occasional downloading

At the moment Im having the some success using Firefox 1.5.9, KIS 6 with web-scan disabled, superantispyware, spywaregaurd and spywareblaster.
KIS and superantispyware are a little heavier than i would like them to be but they seem relatively light compared to the other apps ive tried. (Im working with a dinosaur here RaWWwr!) Its gotten to the point where im considering skipping on either the antivirus or the antispyware for the sake of keeping precious system resources free for music and browsing. Spyware scanners always seem to turn up more than virus scans so im thinking maybe just a good antispyware program and some on-demand av? :wacko: i dont know this is getting to be a real pain in the ass!

question: there wont be much in the way of installations if any on this computer after im done with it, would it be possible to use just a firewall (no AV or AS) to keep out all the badness without any "allow/deny" prompts?" }-

You could try setting them up with a virtualization tool that requires no signatures or updates. That might be the lightest solution and maintenance free.

-{ Quote: "It's nice to see a fellow pragmatist; at least Bill Gates did one thing right -- he allowed us MS Policy Editor.

Dave" }-
As useful as the policy editor is, on 98 boxes it has weaknesses, especially in its application restriction abilities. A user or malware that knows its limitations can easily defeat it.
188929
Allowed applications are specified by name only. The path to the executable isn't checked. Neither is its authenticity. If Iexplore.exe is an allowed process, any application or malware named Iexplore.exe will also run, regardless of its location. This has long been a commonly used technique by malware writers. On 98 boxes, the policy editor isn't strong enough to use on its own, especially to control applications. I haven't worked with system policy on XP so I don't know if they've fixed these weaknesses. If they haven't, a lot of people have a false sense of security. This is easily tested with a bit of application renaming.
Rick

It's always heartening for me to see continued 98 and Millenium discussions because it wasn't so really long ago when the masses rushed to XP after it's first official/public release only to discover it was crammed full of microsoft's newest and more available exploitable features, for one, the bloated and mostly unneccessary services as well as other holes very well exploited. A malware's writer showcase no doubt, the same can never been said of 98/Me even with it's own problems.

The XP default GUI almost made me puke as bad as the 98's gray (dull) one but at least they offered silver & green options if there was any consolation in that. With 98 i could apply several freeware developer's artistic craft's in the form of customizing the window frame etc., to dress things up a tad so far as looking like a high-tech invention goes.

I think what bugs me most is that 98 customers/users didn't deserve to be abandoned and so rushed to get onto the XP bandwagon as fast as they could get to one. $M was counting on that and it worked, XP is pretty nice and has it's advantages, but for pity's sakes, if $M had simply revisited 98/Me just one last time for a complete rewrite shortly after realizing XP sales success, that would have been the coup de grais so to speak IMO. A major windfall plus loyalty for microsoft, and a renewed desire for microsoft's other compatible or newest creations . Not to mention today's surviving software developers would have had a much wider and more broader market in which to serve then being constrained to just this one-dimensional field of view, aka XP/server systems alone. Yeah i know, now is Vista, i suppose it can now count for some variety.

As things stand, many have long since turned to Apple (Mac) Systems/Linux and whatever else they can suit their IT needs as well as ease the blow of their trust in anything $M having been so fashionably compromised by them if not entirely deceived. Strong words i know but for good reason no less.
I still like 98SE and theres plenty i do with mine, plus theres still more left to discover & do with it that keeps my interest reasonably high enough that it continues to be useful, especially network-wise since the introduction of HIPS and chiefly System Safety Monitor which serves to secure it like no AV ever could.

This might be beating a dead horse but i cannot sit idly by and completely or ever discount 98/Me as not worthy of attention anymore. By stark contrast, it could be said even now, that those old O/S's can not only be (finally) safely secured, thanks mostly in part to HIPS, but also continue to be very useful in many respects as XP is today; minus much less frustrations suffered of XP users. You can read tons of issues that eclipse any you ever thought so overwhelming with XP then 98/Me. Just a little of my impressions of the $M machine.

-{ Quote: "For a super lightweight combo i'd recommend avg free + ghostwall combined with firefox + noscript. With ghostwall you can configure the rules then disable the gui so no one can mess with it.

Another option is ghostwall + system safety monitor free. Configure the computer, configure ssm then disconnect the UI and nothing bad can execute." }-

I endorse this. When you feel uncomfartable without AV try Antivir, with the Guard's configuration set to:
- use smart file extentions
- scan only at write

Regards K

-{ Quote: "As useful as the policy editor is, on 98 boxes it has weaknesses, especially in its application restriction abilities. A user or malware that knows its limitations can easily defeat it.
Allowed applications are specified by name only. The path to the executable isn't checked. Neither is its authenticity. If Iexplore.exe is an allowed process, any application or malware named Iexplore.exe will also run, regardless of its location. This has long been a commonly used technique by malware writers. On 98 boxes, the policy editor isn't strong enough to use on its own, especially to control applications. I haven't worked with system policy on XP so I don't know if they've fixed these weaknesses. If they haven't, a lot of people have a false sense of security. This is easily tested with a bit of application renaming.
Rick" }-
Using echo and buffer files, Policy Editor is quite effective on Win 9x/ME systems. If installed through buffer and echo files, Win9x/ME systems cannot be hacked or infected, a mathematical proof of which resides in my publication "Logic in Quotes, Call by quotation" J. Phil Logic, (16) No. 1 Feb. 1987; the problem is, most people resort to AV apps, antispyware apps, etc., before they consider even the use of buffer and echo files.

Nod32, I think they support 98, not sure.
I haven't had 98 for 8 years..lol

Yes, NOD32 continues to support 95, 98 and ME as their so-called support of Legacy Operating Systems. Norton even continues 9x/ME support, as shall many other vendors. The 95 IS ALIVE group, 98 IS STILL HERE group, and ME LIVES ON group consist in a combined membership of well over -- GET THIS -- 700,000,000 members and even more casual supporters. The "2000/XP/2003/Vista rule the world" misconception is a myth even Microsoft denies.

Dave HAL

-{ Quote: "Using echo and buffer files, Policy Editor is quite effective on Win 9x/ME systems. If installed through buffer and echo files, Win9x/ME systems cannot be hacked or infected, a mathematical proof of which resides in my publication "Logic in Quotes, Call by quotation" J. Phil Logic, (16) No. 1 Feb. 1987;" }-
I'd like to see this. Do you have a link to it?
rick

-{ Quote: "I'd like to see this. Do you have a link to it?
rick" }-
No, unfortunately, I do not have a link, but I published the paper. J. Phil. Logic might have an online archive. Should this be the case for papers written over two decades ago, the publisher would be D. Reidel Pub. Co. of Kluwer Academic Pub. Group and Springer Academic. Look for the name "David Wray." Other papers of the same genre would be found in "Algebraic-Valued Quotational Logics" Communication and Cognition, Belgian Minisrty of Higher Education, and my special edition with Sir Stan Martens and Vladimir Yu. Sazonov of The Journal for The Integrated Study of Artificial Intelligence, Applied Epistemology and Cognitive Science entitled "Truth, Names Combinators and Quotes." I'm certain that the latter is on the net. Of special interest to you might be Vladimir's treatment of computation and recursion via self-referential predicative arithmetics. Win 9x/ME and DOS are sub-primitive recursive; whereas, 2000/XP/2003/Vista are fully recrursive. Hence, the limitations of DOS forbid certain calls, while the fully recursive systems yield an endless loop when attempting such a call. The forbidden DOS "no-go's" can thus be used to protect the DOS OS. A similar attempt to protect, say, Vista by the same means, would yield a processor lock-up

Dave HAL

@ dw2108

I'm very interested to try and find out more about malware prevention by using the "buffer and echo" etc techniques in 98se you described. I tried to locate the information you referred to, but was unable to.

If you could possibly discover and post any links, or describe how these methods could be integrated, i and i'm sure others would be very grateful.

Thanks in advance.


StevieO

Likewise is of interest myself.

Never seen that concept mentioned or even practiced by anyone i knew that run 98 let alone explained or journaled, So one might think it would indeed be useful as well as prudent to practice with those "buffer and echo" techniques if you could offer some ready-link when you find time.

Thanks EASTER

I've had no luck finding it so far. Might have better luck tomorrow when I don't have 6 other projects running at the same time. You wouldn't happen to have any of the files you described, would you?

I've found DOS to be a powerful ally in securing 98, but that's a new one on me. I'd like to see if 98s policy editor could be made more effective than it is.
-{ Quote: "If installed through buffer and echo files, Win9x/ME systems cannot be hacked or infected," }-
I take it that this isn't something that can be done with an existing OS and must be done as part of the initial install process?
Rick

I appreciate your interest, and shall post back within a few days the rudiments of one process which is really a very simple technique using DOS to force an unorthodox installation of Win 9x/ME. This same method can be employed in Win 9x/ME systems to emulate the NTFS structure of 2000, XP, etc., without incurring the 2000/XP/2003/Vista (unicode) vulnerabilities. (After all, NTFS is nothing other than one large unicode ZIP file! And I use this method to run F-Prot 6 on a Win 95 16B system.)

I e-mailed some people at Springer Academic Pub. Co., and it seems as though my publications shall have to be accessed via the conventional university library.

Dave

I'll be very interested to see it. Thanks.
Rick

Let me pick up this topic on the 24th of this month -- I just have too much on my slate at the moment, and this needs to be presented coherently.

Dave/8 HAL/3

-{ Quote: "Let me pick up this topic on the 24th of this month -- I just have too much on my slate at the moment, and this needs to be presented coherently.

Dave/8 HAL/3" }-

Thanks, we'll be looking forward to it with some real interest.

Ladies and Gents, please bear with me: several jackassed editors want me to reduce 480+ pp. to approximately 320 pp., which is why I hate editors.

Dave HAL

Damn :(
This document is very interesting.

-{ Quote: "shall post back within a few days the rudiments of one process which is really a very simple technique....." }-
-{ Quote: "editors want me to reduce 480+ pp. to approximately 320 pp." }-
I hope these are 2 separate subjects. If the rudiments of a simple technique uses 480 pages, I'd hate to see a detailed explanation.:blink:

We begin this Friday. Bring your PCs and DOS. As one who once wore a Green Beret in Nam for Uncle Sam, I regard now the hackers and the crapware writers as those who need give now THEIR LIVES for the sake of safe (web) surfing. www.groups.sfahq.com

Dave HAL

P.S. The 420 pp. refers to a paper on fundamental particles and gauge fields -- not to this!

Make sure that your PC is clean of viruses and other junk-ware. CHECK MY SPELLING FOR ERRORS SO THAT YOUR PC SHALL OPERATE WELL! LET ME DOUBLE-CHECK MY ENTRIES FOR ERRORS BEFORE YOU ATTEMPT THIS!

STEP ONE:

Assuming C is your main drive, create on C:\ five folders, say STORE1, STORE2, STORE3, STORE4 and STORE5. On C:\ you shall find many critical files. Copy these files -- including COMMAND.COM and AUTOEXEC.BAT to each of STORE1 through STORE5. Copy the entire C:\Windows\Command folder to each one of these folders. Open C:\AUTOEXEC.BAT and place the following lines at the very end, and keep these lines:

SUBST P: C:\STORE1
SUBST Q: C:\STORE2
SUBST R: C:\STORE3
SUBST S: C:\STORE4
SUBST T: C:\STORE5

BUT USE ONLY LETTERS WHICH HAVE NOT BEEN ASSIGNED DRIVES!
Reboot, and make sure that you now see the 5 new drives P throguh T showing in Windows Explorer or My Computer.

STEP TWO:

Create a folder on DRIVE P called REGISTRY. Create on DRIVE Q a folder called WIN and on DRIVE R a folder called PROG.

VERY INTERESTING! Please continue................

And thanks.

STEP THREE:

Once again, edit your AUTOEXEC.BAT saving in it the following lines:

XCOPY32 /c /e /h /r /k /y C:\WINDOWS\SYSBCKUP\*.cab P:\REGISTRY
XCOPY32 /c /e /h /r /k /y C:\WINDOWS\*.INI P:\REGESTRY
XCOPY32 /c /e /h /r /k /y C:\WINDOWS\*.DAT P:\REGESTRY
XCOPY32 /c /e /h /r /k /y C:\WINDOWS\*.COM P:\REGISTRY
XCOPY32 /c /e /h /r /k /y C:\*.SYS P:\REGISTRY

COPY OTHER FILES YOU NEED FROM C:\

USE THE FOLLOWING LINES IF AND ONLY IF YOU HAVE A PC WHICH IS FAST ENOUGH TO PROCESS THESE TWO LINES AS YOU BOOT UP!

XCOPY32 /c /e /h /r /k /y C:\WINDOWS\*.* Q:\WIN
XCOPY32 /c /e /h /r /k /y C:\PROGRA~1\*.* R:\PROG

This has saved your registry, critical files, Windows directory and Program Files Directory to virtual drives, and you may recover them at any time. I recommend that ANY browser, IE, Opera, FF, Maxthon, be removed and be installed so that its cache is on a virtual drive so that malware shall have to try to create a path to try to do its work, and most crapware cannot execute from a virtual drive, BUT SOME CAN! The point of having the COMMAND.COM and the COMMAND directory on the virtual drives is this: SHOULD HAVOC STRIKE, you may use XCOPY32 /c /e /h /r /k /y to restore data to its original state.

STEP FOUR:

Rename the AUTOEXEC.BAT files ON THE VIRTUAL DRIVES ONLY to AUTOEXEC.OLD -- ON THE VIRTUAL DRIVES ONLY!

Copy the newly modified AUTOEXEC.BAT FILE on C:\ , the one with all the SUBST and XCOPY32 commands to DRIVE S.

DELETE the AUTOEXEC.BAT on C:\

Open NotePad and create a new batch file with the these lines:

SUBST P: C:\STORE1
SUBST Q: C:\STORE1
SUBST R: C:\STORE3
SUBST S: C:\STORE4
SUBST T: C:\STORE5
S:\AUTOEXEC.BAT

Save on C:\ as files of all type as AUTOEXEC.BAT. Exit NotePad.

This file echoes the S:\AUTOEXEC.BAT -- your REAL AUTOEXEC.BAT -- remotely from a virtual drive.

I'll have to pick up later, but, the shift and choice commands can be used to rearrange folders, virtual drives, and all data so that the drives can be safe. Another trick is as follows. Download a freeware password protector for your virtual drive folders, and because your entire system is backed up, you can hit CTRL + ALT + DEL in an emergency, hit F8, use XCOPY32 to restore all data, and keep the virus or crapware as a trophy.

TO BE CONTINUED IF ANYONE IS STILL INTERESTED.

-{ Quote: "TO BE CONTINUED IF ANYONE IS STILL INTERESTED." }-

VERY INTERESTED!!!!

AND APPEALING!!

Still taking this all in. Extremely intriguing procedure beyond any i know that i ever seen before for use with 98/Me system.

Very interesting :thumb:
I'll setup a VM to test this when I get some spare time.
Thanks.

Yes, please continue. I'm just now getting the opportunity to look at this. From the looks of it so far, I'll have to set up a separate test unit to try this. This could easily clash with similar entries I've already got in my autoexec.bat that back up/restore several of the same files your entries do.

Is there any problem with using a different selection of drive letters? I didn't see any problems with different letters in what you've posted so far. Is there any reason the drive letters need to be sequential, possibly for something you haven't yet posted? I'm already using a couple of those drive letters with encrypted partitions and containers.
Rick

Will have to pick up next Wednesday. By the way, I need to edit some typos from my command switches above. I'll pick up on the random file regeneration which spits out a fresh file when crapware tries to head for critical data.

Thanks very much,

Dave

And Thank You dw2108 for this effort. Looking forward to it. Already obvious this is some extremely useful technique. Have to ready my 98SE system again. LoL

Seems this so-called obsolete Operating System is not so unsecurable after all. :thumb:

Thanks to all for the kind words.

UPDATE: The command line paramaters above are OK, but I regard them as typos because some are unnecessary. Also, before we get into random file regeneration, I forgot that we need to go through the Windows reboot and shutdown files to secure safe reboot or safe shutdown: the Windows sequence triggers some malware, and it's best to avoid the
START > SHUTDOWN > RESTART or REBOOT etc., by writing some simple files which can be used also to execute certain tasks you may wish to do at times prior to shutdown or reboot.

Finally, registry monitors and AV apps need to be tweaked if you plan on keeping them for security, even though you shall not need them. E.g. the batch files we write are best excluded when possible from an AV resident shield and SSM or WinSonar have to be told that these new virtual drives are actually new hardware, because Windows reads them as such!

So, I'll pick up with the shutdown and reboot files, and get to the regeneration later. This will set up the entire start up and shutdown sequence.

Thanks,
Dave

-{ Quote: "So, I'll pick up with the shutdown and reboot files, and get to the regeneration later. This will set up the entire start up and shutdown sequence.

Thanks,
Dave" }-

Understood. I'm sure herbalist and other 98/Me systems buffs like myself will be following this thread with much continued interest. Look forward also to their questions and the resulting answers from you.

Again our thanks. Amazing sometimes how long it can take to surface alternative safety techniques & methods that otherwise might forever escape our attention and surely the appreciation also that goes along with them. LoL

1. HOSTS file (various sources, mpv, hpguru, etc.) - Free
2. PC Tools Firewall (licensed version of Look'n'Stop, very light on CPU) - Free
3. NOD32 or DrWeb for antivirus or maybe even Avast if you like free
4. No use of IE, Messenger, Outlook (or OE), Windows Media Player at all (unless really a must), use alternatives instead
5. Hardening fixes that fix some holes, but do not stay resident, wmpscriptfix, noscript, spybot s&d (immunize, don't use resident portions), spywareblaster (immunize), secure-it (be careful with this) + many others (see : http://www.wilderssecurity.com/showthread.php?t=111264&page=48 for more info)

No other resident programs, esp. deeply hooking antimalware drivers, most of which really slow down a system.

DW,
Found several problems with your DOS entries.
1, These entries are in both C:\autoexec.bat and S:\autoexec.bat.
SUBST P: C:\STORE1
SUBST Q: C:\STORE2
SUBST R: C:\STORE3
SUBST S: C:\STORE4
SUBST T: C:\STORE5
The 2nd set is redundant as they were just performed by the first set.

2, I'm assuming these are typos in red:
XCOPY32 /c /e /h /r /k /y C:\WINDOWS\*.INI P:\REGESTRY
XCOPY32 /c /e /h /r /k /y C:\WINDOWS\*.DAT P:\REGESTRY

This creates an additional directory with the wrong name. The XCOPY lines also need a backslash following REGISTRY to prevent DOS prompting about whether the destination is a file or directory.

3, The switches used on XCOPY32 work fine when used in a DOS window, but when executed by autoexec.bat they result in "invalid switch" errors. I got this error for the following switches: /c /h /k /r. Only /e and /y worked from autoexec.bat, which prevented the copying of all hidden, system and read only files. It may work better to use COPY here instead of XCOPY32 or use the ATTRIB command first.

4, The last line XCOPY32 /c /e /h /r /k /y C:\*.SYS P:\REGISTRY is a problem. The source and destination are on the same physical drive, even if "P" is a virtual drive. It results in a cyclic re-copying of everything in STORE1 to P:\, which is the same location. This command wouldn't execute via autoexec.bat. DOS refused to run the command. When run thru a DOS window, it doesn't catch that the source and destination are the same physical location and just keeps copying over and over.

Your setup has several things in common with one I use (http://www.freewebs.com/herbalists/index.htm). I use a physical backup directory and call a separate batch file via an entry in autoexec.bat. Had trouble with the XCOPY command not performing as expected too. I'm going to work with this tonite and see where it goes.
Rick

This might explain a few things that are happening here.
When I enter XCOPY32 /? in a DOS window, it returns the following:
Copies files and directory trees.

XCOPY source [destination] [/A | /M] [/D[:date]] [/P] [/S [/E]] [/W]
[/C] [/I] [/Q] [/F] [/L] [/H] [/R] [/T] [/U]
[/K] [/N]

source Specifies the file(s) to copy.
destination Specifies the location and/or name of new files.
/A Copies files with the archive attribute set,
doesn't change the attribute.
/M Copies files with the archive attribute set,
turns off the archive attribute.
/D:date Copies files changed on or after the specified date.
If no date is given, copies only those files whose
source time is newer than the destination time.
/P Prompts you before creating each destination file.
/S Copies directories and subdirectories except empty ones.
/E Copies directories and subdirectories, including empty ones.
Same as /S /E. May be used to modify /T.
/W Prompts you to press a key before copying.
/C Continues copying even if errors occur.
/I If destination does not exist and copying more than one file,
assumes that destination must be a directory.
/Q Does not display file names while copying.
/F Displays full source and destination file names while copying.
/L Displays files that would be copied.
/H Copies hidden and system files also.
/R Overwrites read-only files.
/T Creates directory structure, but does not copy files. Does not
include empty directories or subdirectories. /T /E includes
empty directories and subdirectories.
/U Updates the files that already exist in destination.
/K Copies attributes. Normal Xcopy will reset read-only attributes.
/Y Overwrites existing files without prompting.
/-Y Prompts you before overwriting existing files.
/N Copy using the generated short names.

When I make the same XCOPY32 /? entry in pure DOS mode, it returns:
Copies files (except hidden and system files) and directory trees.

XCOPY source [destination] [/A | /M] [/D:date] [/P] [/S [/E]] [/V] [/W]

source Specifies the file(s) to copy.
destination Specifies the location and/or name of new files.
/A Copies files with the archive attribute set,
doesn't change the attribute.
/M Copies files with the archive attribute set,
turns off the archive attribute.
/D:date Copies files changed on or after the specified date.
/P Prompts you before creating each destination file.
/S Copies directories and subdirectories except empty ones.
/E Copies any subdirectories, even if empty.
/V Verifies each new file.
/W Prompts you to press a key before copying.
Interesting that neither acknowleged the "32" in the filename.
XCOPY and XCOPY32 behave differenly in real DOS than they do in a DOS window, with a completely different set of valid switches.
Rick

Good point, herbalist -- I had this nagging thought that I put all the switches in the wrong place somewhere! I'll have to fix that later.

Dave

P.S. herbalist, since different Win 9x systems somtimes have subtle DOS differences owing to Bill Gates' software piracy fear, toss in as many alternatives as you can to prevent the problems which you have addressed. With the right switches, all these work fine on 3 of my Win 9x systems. There's a fourth which rejects a switch. These Gates-induced inconsistencies need to be avoided. Your link presents some very nice work.

Thanks. I tried using several methods to copy the windows directory via that batch file, but every tool I used truncated the names when I ran it in DOS mode, including XCLONE. This was on both my 98 and 98SE boxes. Both have the 6.22 DOS supplement added.

-{ Quote: "I had this nagging thought that I put all the switches in the wrong place somewhere! I'll have to fix that later." }-
Normally the switches are put after the source and destination instead of after the command itself. I tried making that change in the entries but the results were the same. Invalid switches.

The differences in the behavior of XCOPY could also be due to variations in the config.sys and autoexec.bat files, and what drivers are loaded at the exact point in time the additional entries or batch file runs. On the 98SE unit I tried this on, the autoexec.bat had one line in it. I'll try to look into this as I get time. In the mean time, I'm interested to see more of this.
Rick

It looks like we're getting off to a good beginning with respect to weeding out DOS eccenticies. I'll try to correct my errors above in the next few days. and thanks for pointing them out. No doubt, I shall make more errors because an illness is affecting my mental clarity, and I may be off or on for several days at a time. So do jump me when it looks as though I stated 2 + 2 = 5, and bear with my physical limitations. WE MUST FIX THAT UP WHICH BILL GATES GOOFED! (Never end a prepositon with a sentence?)

Dave

Thanks dave:

We know you're doing your best and will continue at it. You really given us something flavorable to chew on here and personally i can't wait to impliment this technique myself.

@herbalist

Thanks to you again my friend for your ever present sense of mind where it concerns 98 systems/techniques and most of all security. I've learned a lot from your own experiences you've shared and never given up on 98 thanks to your attention to detail. LoL

Minor *BUMP to see if dw2108 might continue the procedure he started.

Many Thanks.