How To Protect Older Microsoft Operating Systems ?

Hello;

I have a couple of questions- maybe more- regarding how to best protect an older Windows operating system that is no longer receiving security updates and hotfixes.

First, let me say that I am not interested at all in Linux or any Apple OS, so suggesting those alternatives is not what I want.
What I am wondering is within Windows, can an older OS be hardened to offer safe surfing ?

Considering, for instance, the case of Windows 98 SE or (in 2010), Windows 2000.
Would the use of virtual technology (including SandboxIE), cloud computing technology, and/or using Firefox with NoScript and AdBlock or Opera make this or any other non-supported Microsoft OS safe enough to use for everyday web surfing ?

 

IMO you can only protect the best you can. Your solutions are pretty good ones. As for AV, AS apps, you won't be able to find one that has Min98 in the system requirements, so online solutions as you suggest would be the way to go. On the other hand, an upgrade to XP would cost $100 if you can find a disk, which would buy you time. Then of course you can get a descent Vista computer without the monitor for about $300.

 

Thanks for the reply, twl845.

My suspicions are pretty much a mirror of your reply.
The truth is I currently own;
-Windows 95
-Windows 98 SE
-Windows 2000
-Windows XP Professional
-Windows XP Media Center Edition
-Windows XP Home Edition
-Vista Ultimate
-And have downloaded Windows 7 Beta.

My needs are modest; web surfing, e-mail, and the occasional DVD backup.
My computer (Dell e510) is borderline Vista and Windows 7 capable; Pentium 4 630 Prescott (3.0 ghz w/hyperthreading), 2.5 gb of pc2-4200 RAM, ATI Radeon x300 video card, DSL 1.5 mbs broadband service.
My monitor is a 17" Westinghouse (analog) LCD.

While I believe Windows 7 is (to date) an improvement over Vista, I am almost certain I won't be using it;
too complex/advanced/resource hungry for my taste.

Vista is out of the question. Although I bought Ultimate, I never really liked the OS and consider it to be one of the most boneheaded computer-related purchases I've made; I just won't run it.

In short, I'm not willing to upgrade my hardware in order to properly accommodate an operating system that does nothing I need better than XP or W2K/Win 98 SE.
XP Home is actually my default OS, but I often go back to W2K and '98 SE.

All I want is familiarity and simplicity, but I know support for '95 and '98 has ended and support for W2K is scheduled to end next year.
Hopefully, VM/Cloud technology along with the remaining security applications available for Win 98 and W2K (plus XP of course) will allow for my needs to be met.

I hope to get additional comments.

Again twl845, thanks.

 

With Sandboxie, make sure you read the system requirements in regard to older operating systems. http://www.sandboxie.com/index.php?FrequentlyAskedQuestions#Requirements
"Sandboxie does not work on Windows 95, 98 or ME, or on Mac operating systems. There are no plans to support these environments."

 

I think you'd be fine with just a router, a good AV, and a good browser such as Opera or Firefox. With a router in place, the only real way in would be via the browser. No need for any fears if you're a halfway sensible user.

 

I agree with Kerodo. I use Win2K as the desktop workstation. A good way to stay prepared is to keep up with exploits and see if you are protected from the attack method.

Take the USB exploits.

If you received a digital picture frame, would you just hook it up?

I didn't know until I investigated, that it essentially is USB U3 device, meaning that it can execute an AutoRun.inf file. It turns out that there are a number of ways that the frame can become infected, including some rare examples of being infected before purchased.

But if you already have in place policies with dealing with AutoRun, then you are protected against this attack vector, and this applies to all Operating Systems.

You can deal with other attack methods in the same way.

Kerodo mentions a Router, which takes care of exploits via Ports. And Opera or Firefox which pretty much eliminates browser remote code execution exploits. Again, not OS specific.

Kerodo also says,

This calls to mind a comment in a Prevx blog,

----
rich

 

That quote about social engineering is especially true. Whether you are using Win95 or Vista, you can be tricked into installing malware such as the infamous *Antivirus 200* variety. Some of these go as far as trying to fake Secure Desktop (the UAC darkening) to make it look official. But the giveaway is that only the browser window goes dark, not the entire desktop as in the real SD.

It just proves that the brain is the most effective defense against malware. You can have 20 security apps (some of you are approaching that already, lol) but it doesn't mount to a hill of beans without some common sense. As they say Knowledge is Power.

 

The older versions of Windows can be secured against most any threat, save one, the user. Many of the options for XP will run on 2K, including Sandboxie and many of the better HIPS.

Most vendors have or are dropping support for 98. Most AVs already have. That said, 98 can be secured quite well without one. Presently available software can secure 98 at little or no cost. The biggest adjustment a 9X user has to make is understanding that they are totally responsible for its support. In order to provide that support, the user needs to understand 98, it strengths and weaknesses. Compared to XP, 98 is simple and straight forward.

IMO, the best way to secure 98 (or any other version of windows) is with a default-deny security policy. Whitelist the system executables and user apps necessary for normal usage and block everything else. One of the best tools for this is the free version of System Safety Monitor. As far as I know, it's the only software of its kind that runs on 9X systems. It's also lighter than any AV. When combined with a good firewall and web content filtering, 98 can be made just as secure as the new versions of Windows.

I've been running 98 without an AV for several years using a default-deny security policy. My security package includes SSM free, Kerio 2.1.5, and Proxomitron. All three are extremely light and run very well on 98.

These apps require a fair amount of knowledge to configure well, but with 98 users being left to their own resources, a good working knowledge of the system will be necessary to keep it running well.

Unofficial support for 98 is available. This site has a very active 98 section and some excellent unofficial service packs. If you like 98, this site is very useful. MDGX is another incredibly good site for 9X users.

One of the best things you can do for 98 is not use internet explorer. It's 98s biggest weakness. SeaMonkey is an excellent browser suite that runs very well on 98. DOS can also be one of the best security assets on 9X systems. A batch file can be used to protect your registry and autostart locations from unwanted changes. Found this link posted here some time ago.

I'm running a multi-boot setup with Win98, Win2K, and 2 versions of Linux. 98 still gets the majority of the usage. On my hardware, it outperforms all the others and stays clean, no matter where I go.

 

Hello again and many thanks to everyone who took the time to post with your suggestions and advice.
I definitely feel better about running those older Microsoft operating systems now, and plan to utilize many of the ideas you've presented.

This is what's so great about Wilders;
Lots of really smart people willing to help.

Again, my thanks to all of you !

 

A decent imaging program such as Norton Ghost or True Image should be your last line of defense on older systems.

 

Use HARDENIT http://www.sniff-em.com/hardenit.shtml

Will harden the TCP stack from exploits, use the router and a good AV and implement Limited User Account and you will be safe.