Jump to content

Patching Win98


Cluttermagnet

Recommended Posts

Cluttermagnet

It's last call for patches for Win98SE. Microsoft is ending support within months. I have copies of most that I need for this venerable old OS, but the question of IE vulnerabilities has always confused me. Only rarely have I bothered to 'upgrade' to IE6 because I don't like the browser anyway and I don't ever use it except for downloading patches. Therefore, most machines I have 98SE on have IE 5.00.2614.3500, a real oldie. But I do know, or think I know, that you don't have to be actively using the browser for weaknesses within it to be exploited. You can get in trouble simply by making a poor choice as to what website you happen to navigate to (or get suckered to through 'human engineering'). So even if you're scrupulously careful and never get blindsided by any email nasties, 'they' can sometimes still 'get you'. The same is true for whatever OS version you may be running. A lot of the XP nasties fly right by me.I do understand that IE is tightly integrated with the OS, and that various other software relies on its functionality for their own operation, so I have always sort of caved and accepted the existence of IE in my OS as a lesser of two evils and not excised it. It seems like most virus and malware activities have been directed against the more modern OS (XP) and browser (IE6). I often read that I was not affected with my outdated software. Other times, it seemed I was. I do patch regularly. I eventually developed what amounts to a gut hunch that I was better off never moving to IE6 and the neverending patches for it.Well, now I'm re-examining that assumption because it's last call for patches. I already have a copy of the huge download that installs IE6, plus a lot of patches to IE6. My question to the group- am I better off with the very old IE5 overall, or should I be the most up to date?One last thought to round this discussion out and draw back to see the 'big picture': Microsoft Says Recovery from Malware Becoming Impossible That's right, the era of the rootkit is upon us, and the really clever invasions go unnoticed now. It may be that frequent total OS + utilities + data refreshes are going to become routine. And that may well be the salvation of us all, including folks like me who run obsolete software on current hardware. I am skeptical, though, as to whether I can forever keep from getting infected and then spreading the contagion from machine to machine (all non-networked) through files transported via various media. Indeed, so far as I know, I could already have undetectable nasties on every computer I own, not a comforting thought. :thumbsup: :blink: Comments?

Link to comment
Share on other sites

MS has a free tool (Shared Computer Toolkit 1.1) for locking down your machine. It creates a "scratch" disk from unallocated space (displays no drive letter) behind the primary partition. The primary install partition is protected from disk writes.Nothing writes to the install partition. Everything is written to the scratch drive. Seems a bit harsh but if you protect the install partition from writes, nothing can compromise or corrupt files.You can set the level of memory on the scratch disk to delete everything after one reboot, remember once and then delete or remember always.Oops... Supported Operating Systems: Windows XP Home Edition ; Windows XP Professional N; Windows XP Service Pack 2; Windows XP Tablet PC Edition.Just another reason to move forward.

Edited by Marsden11
Link to comment
Share on other sites

Gotta get that obligatory upgrade or die! in there, eh Marsden? ;)Clutter, what do you use for email? I guess it's probably safe to assume it's not Outlook or Outlook Express, both of which are vulnerable to IE exploits because they use the IE HTML rendering engine to parse email messages. Others do not, such as Eudora (optionally), Thunderbird or Pegasus.

Well, now I'm re-examining that assumption because it's last call for patches. I already have a copy of the huge download that installs IE6, plus a lot of patches to IE6. My question to the group- am I better off with the very old IE5 overall, or should I be the most up to date?
Better off? I can't really say. I mean, you don't use IE, and I'm guessing you don't use any IE-based email clients either. IE6 and Windows 98 have never gotten along. In my experience, it has two major problems, only one of which can be worked around.1. It hangs. A lot. Since Windows' explorer is also affected by an upgrade to IE6, hangs and lock-ups may occur even if you don't actually use the browser aspect of it.2. You will notice one very distinct (and annoying) thing with IE6 on Win98: when you delete a moderately large file or sum of files, the system will hang inevitably. I guarantee it. However, there is an unofficial fix for this problem that can be found here: http://www.frankprovo.com/win98ie6filesproblem.htmI have personally tried it and it does work with two drawbacks. Fortunately, niether of them should really affect you. First, it disables the "Lock Toolbars" feature included in IE 6...but, since you're used to not having such a feature in IE 5, it should be no big deal. Second, there's always a Windows Update nagging you to download it because it thinks that the DLLs are out of date. But, since updates will discontinue for Windows 98 -- also no big deal!I would base the decision on how things are working for you with IE5, as far as system stability and reliability goes. Edited by epp_b
Link to comment
Share on other sites

Well, I don't want to stir up a hornets nest, there have been wise words spoken in this thread.To add just my 5 cts, I would say let's look at how Clutter uses its system, he described it in his first post above. Now you can say 'you have to upgrade because your system is hopelessly outdated', but you can look at that from several points of view; For one it's indeed outdated en no more patches will be available very soon. But on the other hand why upgrade when the system in question is well maintained , does work ok and does all one needs?Let them push XP or even worse Vista down your throat and at the same time rip your wallet ? Can his machine handle that ? Can he afford that ? It's a difficult decision to make here. I don't know if Clutter ever worked with a Xp system, but XP has its own problems, just like any other OS. I would tend to agree with epp_b, but also Marsden did make a point. Another question Clutter : how old is that system ?And eh epp_b : you made some strong remarks there, to which I personally only can say 'you're right'. But there will be some others soon who will just try to tell you the opposite and say 'never saw any problem with it'.Mark my words. I would say it depends.

Edited by striker
Link to comment
Share on other sites

I guess it's probably safe to assume it's not Outlook or Outlook Express, both of which are vulnerable to IE exploits because they use the IE HTML rendering engine to parse email messages.
How wrong you are... you have not kept up with today's technology. I can't speak for Outlook Express but I can for Outlook 2003. It is NOT vulnerable to IE exploits.Outlook 2003 does not display email in HTML format by default. ALL HTML email is rendered as plain text.Images are not downloaded by default.no-images-by-default.pngHyper links are disabled by default.(I don't currently have any examples to post but I will when they appear.)
Link to comment
Share on other sites

How wrong you are... you have not kept up with today's technology. I can't speak for Outlook Express but I can for Outlook 2003. It is NOT vulnerable to IE exploits.
Not to start a holy war here, Marsden, but not everyone needs or can afford to keep up. My grandparents still use a P133 with a 2GB hard drive and 24MB of RAM running Windows 95. And it's perfectly adequate for them.
Link to comment
Share on other sites

Convert to plain text.convert-to-plain-text.pngMy final blurb on this topic is this...Is there any regular poster on the ATL threads using a 7 year old Linux distro as a main workstation today?Did you move on and if you did why?

Link to comment
Share on other sites

FWIWMy notebook uses Win 98 SE and IE 6, is always kept up todate, including the Critical Updates released this week, and I have no problem with the hangs or lockups that epp_b experienced. (One should note that epp_b has problems with XP also.) In that my nb has only 64MB of RAM and that the price of more RAM for it is in the same price range as a new nb (the problem with proprietary hardware) it will not be upgraded to XP or Vista. So it will eventually die as a Win 98 machine, but in the interim I will keep it's AV updated, it's SpywareBlaster updated and etc and it's firewall up plus an image backup so should the protection fail I can recover. In some cases, its all one can do.

Link to comment
Share on other sites

(One should note that epp_b has problems with XP also.)
Hey... B)
and I have no problem with the hangs or lockups that epp_b experienced.
Every machine I've ever used with Win98 and IE6 has lock-up problems.
Link to comment
Share on other sites

98SE and IE 6 here - I get all updates (for the OS, IE and OE even though I never use IE and OE) and I don't have lockup problems. (HP tower purchased April 2000). I'll keep the computer, I just won't take it on the internet when support dies, in windows, after July. I have linux on it so if I want to surf, that's what I'll fire up. It has programs and my old scanner uses it. I don't use the scanner enough to justify purchasing a new one, so I'll keep it hooked up and running on this old computer.

Link to comment
Share on other sites

Cluttermagnet

Thanks, guys, lots of good responses so far. I'll throw in comments to a few issues you raised-Regarding hardware platforms, almost every computer of mine is in theory capable of supporting XP. The fact that I'm not running XP was and is a very calculated thing. I do have several oldies around 233-300MHz but most are P4's at 1.6, 1.7, 1.8, 2.4GHz and MB that are 1-3 years old. I also have a 2.4GHz Celeron D.Regarding connecting to the net, I'm contemplating trying to continue to run 98SE online after the end of formal support. My theory is that one could build a known good (stable, infection free) system and refresh it totally on a regular basis, somewhat like daily brushing of teeth, etc. But it is scary to contemplate the rapidly increasing sophistication of the threat environment. I remember 'viruses' which were passed around via removable media. They contained 'boot viruses'. I have an older, smaller HD here which alarmed AVG on one of my machines one day when I first connected it. I simply disconnected it and have it in storage. The virus it had seemed to be relatively harmless, according to info online- but it loves to replicate, and is well known to AVG. But I'm rambling. Here's my point- I'm wondering just how sophisticated the infections have become, I'm wondering if they can conceal themselves within ordinary documents- text, photos, audio, video, but especially simple text and graphics extensions? If it gets that bad, nobody will be safe. It wouldn't matter which platform and which software package you're running, because you would continue to spread the infection simply by migrating your files package from machine to machine as you vainly attempted to put down infections.Yes, my 98SE packages are pretty stable and reliable in day to day use, and they meet my needs. Remember, no broadband here- I'm totally dialup. No big files zinging around, like videos and Linux distros etc. I want to continue to use 98SE on the net, so long as I can avoid getting hacked routinely just by being online. No, I don't waste my time browsing any questionable areas of the internet, but of course I could eventually get suckered to a 'bad' website through 'human engineering'. It's extremely rare that I venture into any 'chat' type environments (AIM, IRC, etc.) So my proposition is- can I run well-patched 98SE OS's and frequently reinstall known clean drive images, and thereby avoid becoming infected on the net?Last thought- I appreciate the apparent logic of upgrading along Microsoft lines, but I simply have made a firm decision that I will not migrate into XP or Vista and that's that. I'll ignore the politics, no interest at all in discussing them, but the decision is pretty firm. Although there's a fairly wicked learning curve for it, I nonetheless see myself migrating onto Linux platforms with my aging machinery, and being the better for having done that. So for now, all I want to examine is how tenable my continued use of 98SE on the net can be.

Link to comment
Share on other sites

Guest LilBambi

As many of you may remember, until last summer, I ran both Win98SE with all updates including IE 6 and like zlim, never had a problem with lockups. That being said I know many have had problems so I am thinking that it might have something more to do with some third party app on the system, or a plugin in IE, than with IE 6 itself.As far as OE, I can speak to that. OE does use IE for it's rendering engine. And prior to Outlook 2003, if I remember correctly, so did Outlook.But I digress...Cluttermagnet's last posting asks how sophisticated these pieces of malware crap have become. Two words: RATs and rootkits...these are the order of the day. And it doesn't matter what version of Windows you use because they can be devastating even on a SP2 for WinXP Pro if you get one.So yes, they are increasingly sophisticated, and more targeted as well.Having said that, if you follow the following, most any OS will be ok as long as you walk carefully around the Internet and don't fall prey to social engineering tricks:1. backup data regularly and image partitions if possible2. run a personal firewall (software) and keep antivirus software updated and run scans3. keep anti-malware software updated and run scans4. empty temporary spaces often, particularly when something seems a little odd, or you end up somewhere you didn't expect while browsing, and particularly before you reboot the computer5. use as few browser plugins as possible and keep them updated as often as available6. keep up on all software updates when available (media players, office software, etc.)7. use an email client that can be set to plain text email, preferably with no images inline, and where the email client does not have the ability to run code, period - and be careful with emails!8. use an alternate browser that may be safer than IE for general browsing - and be careful where you go9. Set IE's normal Internet settings to High (same as for Restricted Zone) and place *.microsoft.com in the trusted zone for windows updates (just in case they provide one out of their good graces patches - they have been known to do this); along with any other trusted sites that may need to use IE10. Broadband and/or networked computers with shared internet access - use a router with a built-in stateful inspection firewall between your computers and the Internet.These things will keep any OS, current or not, safer, however with an out-dated OS ALL of these things become more important.There is NO secure OS. So you do the best you can with what you have and be a good netizen by making sure your computer is NOT part of the problem.Just my two cents.Any other items to be added to the list? I just know I am forgetting something important.

Link to comment
Share on other sites

You said it all Fran, we should make a sticky of this :D .And Temmu is right there too, it's getting nasty out there.Be carefull !

Link to comment
Share on other sites

Guest LilBambi

Thanks Temmu .. added imaging to the list!Striker thanks!I will update the list here, as other items are listed (just in case there are other things to add), and maybe we can start a new thread once it's mainly completed and sticky and it can be updated by folks as needed.

Link to comment
Share on other sites

Fran - I agree. You should make a sticky and add what Temmu stated. :D Cluttermagnet - all the best to you for trying to keep Windows 98 up and running. And I would consider what Temmu suggests - create a image of your OS with all fixes and patches in place. :thumbsup:

Link to comment
Share on other sites

What good is all the security effort, images, what have you, and someone comes along and targets a 98 component with a zero day exploit? There won't be any patch... there will be no fix. He may not even know he has been compromised... He is not behind a router, so every time he goes online with his dial-up account, his machine is just screaming, "Here I am..."There is a hard rule of security you are all forgetting... if your base OS can't be patched past the cut off date, everything you do security wise is a waste of time. The assumption being that along with your security measures, you keep the OS up to date with patches/fixes. That key part goes away in July...I would think 98 will make a perfect "bot" candidate for all the script kiddies out there. Attack an OS that will never be "fixed" again.But what do I know?Hey, just cross your fingers, stick your heads in the sand, and ignore reality.

Link to comment
Share on other sites

There is a hard rule of security you are all forgetting... if your base OS can't be patched past the cut off date, everything you do security wise is a waste of time.
It's hard to forget something noone's ever heard of before. I'm also not sure I agree with it.
Link to comment
Share on other sites

If I'm wrong , everyone would still be running RH 5.1 (Manhattan May '98) or even earlier like 0.9 (Halloween Oct 31, 1994)Does Red Hat still support these early distros? Nope. They will just tell you to download the latest version...

Link to comment
Share on other sites

Cluttermagnet

(Ahem!) Not to be repetitive, but Microsoft Says Recovery from Malware Becoming ImpossibleThanks for more good input, guys! Fran, if you reread my Post #1, you will see that *imaging was my suggestion* at the outset. But I have reason to worry today because we are indeed seeing the very beginnings of a trend that may spell the end of anything really meaningful so far as PC 'security'. Again, I acknowledge that *any* OS can be vulnerable, especially to zero-day threats, even if optimally patched. So my question to the group mainly is: has the state of the art r.e. infection vehicles advanced to the point that we are now routinely encountering 'plain vanilla' file type extensions which are intrinsically able to infect the machine they are on? This would be various text or graphics documents such as .txt, .doc (not using Microsoft Office software, using Wordpad to view, and ignoring any docs that require Word for Windows to render). Also .gif, .jpg, .bmp, .tif, .png, and such?I am, of course, running a software firewall and am not at all screaming "here I am". I also use current updated AV software and various well known anti adware/malware utilities. I do maintenance fairly often including purging all temp files and such. So again, the second part of my question is still- can a well-patched copy of 98SE survive in the current threat environment if it is well kept and if it is purged prophylactically through drive imaging, perhaps on a daily basis? But the bottom line question in the entire thread is- has data infection reached the point where it contains self-launching nasties embedded that would cause *everybody* to constantly reinfect their freshly cleaned machines (all platforms, all OS's)? IOW, self-launching nasties embedded in 'plain vanilla' file types. A text file that can play 'gotcha!' just by being on your drive? I'm truly getting *that* paranoid lately. Let me rephrase for clarity- have we reached the point where our collections of data- files and folders- can become infected such that we continually re-infect ourselves simply by migrating our data onto our freshly sanitized platforms?Nobody has strongly addressed my sub-question in this thread regarding IE in 98SE. Am I substantially safer upgrading the dreadfully out of date IE 5.0 to 6.0? That would allow me to add numerous patches I know of and have copies of, which will not install right now. My gut hunch is that it makes substantially no real difference in my vulnerabilities overall. Not considering just how nasty the nasties are rapidly becoming. Seems we are rapidly reaching the point where we should *assume infection exists* on our drives and slap images like morning pancakes! Again, platform and OS independent. Remember, I never use IE except for updates. I never have it open, but I do have it on my drive. I also never use or have open Outlook, Outlook Express, etc. Only rarely do I have any components of the Microsoft Office suite installed on any given drive. I wouldn't use it ever aside from the fact that some folks insist on sending me undecipherable Word docs once in a while, and my curiosity prevails. Heh! Word for Windows is vastly overpowered and totally unnecessary for the vast majority of users, who would do just fine with Wordpad, had they not already long since been spoiled by those excessive capabilities in Word. But what about the specific issue- IE on my drive. It's there. It makes me nervous. I wish it weren't there.Last thought- is there any known activity of late among the bad guys so far as *boot sector viruses*? Is there anything out there which can survive a round of full drive imaging? Anything that can insert itself on any copy of a floppy, zip disk, or HD clone an infected machine might make? And how about appending itself to a batch of files placed on a CD or DVD made by an infected computer?

Edited by Cluttermagnet
Link to comment
Share on other sites

Cluttermagnet

One loose end-To epp_b, yes I use Thunderbird as my main email client, also an older copy of Poco occasionally, and Pegasus. I never have Outlook Express open. I rarely have IE 5.0 open.It's gotten very quiet in here. I never really got all the answers I'm looking for. I'm still wondering:*Have threats gotten so sophisticated that they can survive drive imaging? (i.e. could they hide as a boot sector virus or similar?)*Considering my unique situation, is it at all worth it to upgrade IE 5.0 to 6.0? (Remember, well-patched and maintained otherwise, frequent drive image refreshes)*Have threats gotten so sophisticated that they can hide in data and re-infect freshly sanitized platforms? (...by hiding in text or graphics files and being essentially self-executing)Thanks, guysClutterP.S. Regarding IE 5.0 to 6.0, isn't it true that many exploits which target 6.0 do not work with 5.0? I have heard soooooo many versions of this argument, cutting both ways.

Edited by Cluttermagnet
Link to comment
Share on other sites

Cluttermagnet

Bambi- help!I tried your suggestion r.e. tightening security in IE and listing *.microsoft.com in the trusted sites. Now I have IE so screwed up that it always pops up an 'active X disabled' type message no matter how I configure the browser. How can I recover from this? BTW my initial settings appeared to be Internet= highest security, Trusted Zones = lowest security. I basically hate and detest IE, I never use it, and am therefore near-clueless as to how to configure the stupid thing. Fortunately I can use my other machines with IE to gather patches from Windows Update, but for the moment, this copy of IE is hosed. :thumbsup:

Link to comment
Share on other sites

Guest LilBambi

Hey Clutter,Are you using IE 6 and having these problems? If you were using IE 5, had you been to the update site recently and been able to get updates?Either way, if you are having an error with activeX use, you may need to go in and customize the 'low' settings to allow some things in the trusted zone till you are able to get what you need from Microsoft. You can always change it back to standard 'low' settings after you are able to get the updates.Don't forget to clear your cache before trying again.You may also need to add *.update.microsoft.com to the trusted zone as well as microsoft.com.If you are still using IE 5 and are trying to get IE 6, what version of IE 5 are you using? There is a point of no return on it.But if you have a MSN disk with IE 6 on it, you may still be able to update to IE 6 (if that is what you are trying to do.I have not been in IE 5 for a long time, you may have to see in the status bar the specific site it's trying to get to, to add that to the trusted zone as well (like the update.microsoft.com or v4.whatever.microsoft.com)

Link to comment
Share on other sites

*Have threats gotten so sophisticated that they can survive drive imaging?(i.e. could they hide as a boot sector virus or similar?)*Considering my unique situation, is it at all worth it to upgrade IE 5.0 to 6.0?(Remember, well-patched and maintained otherwise, frequent drive image refreshes)*Have threats gotten so sophisticated that they can hide in data and re-infect freshly sanitized platforms?(...by hiding in text or graphics files and being essentially self-executing)
1. Yes. (Remember a drive image is a snapshot of every bit. Imaging software does not remove bad bits)2. That all depends.3. Yes. There is nothing to prevent malicious code from being embedded in a graphics image, text file, mp3 or whatever. There is even new discussions on a new form of virus written in assembly code to infect Windows or Linux machines.
Link to comment
Share on other sites

There is even new discussions on a new form of virus written in assembly code to infect Windows or Linux machines.
Woah! If it's in assembly code, could it theoretically infect any machine regardless of operating system?
Link to comment
Share on other sites

Cluttermagnet

OK, two threads going here. Regarding IE, Bambi- it's 5.0.2614.3500, that comes stock with 98SE, and despite trying all the little tricks you mention, I have failed to make the (new) active x warning windows go away. Also I get a redirect and get shunted to some stupid page telling me about needing an admin, etc. *Yes, I had been to the update site with it recently and downloaded patches.* Now I've screwed it up. As I said, it's not the end of the world as I can use any of several other machines to run IE5 and download patches. But I'd like to repair this copy of IE if I can. No, I'm not 'trying' to upgrade to IE6 per se, I'm looking prospectively at whether I'd ever want to or not- whether it's worth it or not. At this point I have no intention of doing so. I do have on hand all the downloaded IE6 install files from Microsoft, plus all but the most recent IE6 patches, which include the latest IE6 cumulative patch, among others.BTW I suppose I could fix it by refreshing my 98SE install over itself. That is kind of a blunt instrument, but probably would work. I'm just trying to finesse it a little. Seems a waste of time, but I probably should learn what I've screwed up and fix it myself. Would appreciate a little help, however. Heh!Regarding the state of the art in infections, that is chilling but not altogether unexpected news. I don't know near enough about how such beasties would work. Usually any executable requires some sort of human intervention at some point, even if it is simply to initially download the thing from a remote server to set things in motion. But have they reached the point that they have become 'self-executing'? I'm not sure I even understand what I'm asking. Can your data files become contaminated such that just by copying those files or folders, you cause the execution of malicious code? Because obviously if that is so, the entire concept of 'computer security' becomes pretty much moot- and obsolete. It wouldn't matter one whit which particular platform and software you're running, at that point.Last thought- it is obvious that *if one imaged an infected hard drive, one would reinstall an infected copy of an OS + utilities + files.* My assumption is that it is still possible to build a non-contaminated fresh installation in the first place. Assuming one can still do that (and I figure you still can), then the question is whether imaging is truly enough 'security' in the present threat environment. And of course that question definitely "depends" on your platform and OS and such, obviously- but it *also* depends greatly on one's habits so far as internet use. So, getting back to the imaging question, my inquiry remains mostly unanswered- can any present known threat survive imaging if the image restored is truly clean- known clean, not infected? Can it hide in the boot sector and re-emerge? Can it burrow down into ordinary text or graphics files and then somehow self-execute? Without any operator intervention? If so, especially if it can hide in and strike from our data files, then we're all cooked.If you get rootkitted, and you wipe that OS and reinstall a fresh, clean image, you don't have that rootkit any more. Just so long as your image truly *is* clean! *And* if there is no way for the infection to then reinstall itself. Which goes to the heart of my question.

Edited by Cluttermagnet
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...