No Fix for Critical Windows 98, Me Flaw

I had windows 98SE on my old computer. 2 years ago I read M$ are planing to phase out support for windows 98/98SE, so I bought a licensed copy of Windows XP w/SP2 and also put in a new HD. I am lucky I can afford this, many people can't for different reasons. For people who just can't afford it (third world countrys) there is Windows XP starter edition.

 

I am surprised that he is surprised, if you see the money that is involved to upgrade to a newer version. Specially if you have more than one computer to maintain at home.

Lamehand

 

They sure try to make it sound like impending doom for 98 users.
From the article:

Any decent security suite should accomplish this. Then again, users could always close this port manually.
http://www.grc.com/su-bondage.htm
From Microsoft Security Bulletin MS06-015

You may be compromised if:
1, you can be convinced to click on something you shouldn't,
and
2, Your not using a firewall,
and
3 You haven't closed these ports manually
I can't hardly call this a critical vulnerability to anyone who practices even semi-reasonable security. If the first 2 items describe any user and their PC, it won't matter what OS they're using. They're probably compromised horribly already and one more won't make a difference.
Rick

 

So my openbsd box that is exposed to the internet is in danger

Come on, many OS's don't need a firewall, and since there is no malware in the wild for many os's, then clicking on things isn't going to pose a problem.

Now, any version of windows your statement will apply to.

Cheers,

Alphalutra1

 

I was definitely referring to windows OS. Anyone running BSD is already very security minded.

 

It's just another 'make them scared' -tactic to drive the hurd into the direction of XP or even Vista.
It could backfire though, one could be driven into the direction of a linux-distro.


Lamehand

 

Pretty much. Yes, the vulnerability is real but the user has to be nearly unsecured and then be deceived on top of that. They initially did the same thing with the .wmf exploit, saying they wouldn't patch 98 against it. Turned out it wasn't vulnerable in the first place, at least not in the form it was released, but a lot of XP users took a beating.
Rick

 

herbalist, i know you are a big fan of windows 98, but what are you gonna do when in the future a real vulnerability pops up in 98?, you know one of those things you can't fix in a easy way or with security applications.

Lamehand

 

It's not so much that I'm a fan of 98. I just badly dislike XP and everything I've read about Vista. I also like DOS and rely on it to secure windows.
If one turns up that I can't block out with a firewall, filter out with Proxomitron, keep from executing with SSM, isn't caused by my doing/clicking something stupid, and I can't find any other way to stop it, I'll probably switch to Linux or a BSD version. Then again, I could get stubborn about it, figure out exactly what files, registry entries, etc are being compromised and include it into the restore process that runs in DOS when I reboot. I'm hoping to get a multi-OS box put together in not too much longer. Still downloading BSD, got Ubuntu burned to CD. Once I get the boot setup figured out, I'll have new toys to learn and play with.
I'm still waiting to see such a vulnerability. It might happen, it might not. I'll deal with it one way or another.
Rick

 

I understand what you're saying, why not use it when it's not broken.
There are other things to consider aswell, i realised that after reading that Firefox 3.0
won't run on windows 98.
So when the applications used don't support 98 anymore it could get more difficult to maintain a secure level of some sort, with or without the presence of a critical flaw.

Lamehand