herbalist

That bank incident sounds like they had help on the inside. I would think that an institution like a bank would have disabled those attack vectors (the CD, floppy, USB, etc). I've also wondered if they remove the old stuff from their detections. Since most of them have dropped 9X support, they may have also dropped detections for code that only attacks 9X or DOS. I have no idea how you'd be able to tell. Would they admit it if they did? I couldn't imagine trying to dismantle their detection lists to see what's there. Way too much to look thru and manually check. They still have the problem of getting it on your system and getting the user to launch it. CDs autoplayed if the user didn't change that setting. CDs are still used to install malicious code. Remember the Sony DRM rookit? A lot of PCs are still infected by that thing. IMO, running 9X without some security measures in place is asking for trouble. The operating system itself may not be targeted as much as it used to be but the user software is. Just because most conventional security software is either incompatible with 9X or is too heavy/bloated to run on it decently does not mean that 9X users have to run unsecured. There's better ways to secure a 9X system that won't slow it down, starting with a default-deny policy. Keeping tract of 50 or so known good applications that are permitted is much more efficient that trying to detect and keep up with hundreds of thousands that you don't want. My security apps combined use 17.2MB of disk space, over half of which is used by alternate setups and configuration files used for testing purposes. Resource usage is even better. Add a batch file to the above that replaces your registry, core system files, and autostart locations with clean copies at bootup. Take the applications that can potentially open malicious code and/or infected files and isolate them as much as possible from each other and from the OS itself. Top it off with a good system backup plan. If these are done, there isn't much left that malicious code can do to your system. Your system remains unchanged from day to day, month to month until you decide to change or update something. Occasionally you do have to change the settings for some user application or modify the rules in the internet or application firewall, especially if a vulnerability is found in the user software and the 9X version isn't going to be fixed. That's normal with any security package. It takes a little time to get everything configured the way you want it, especially if there's multiple user profiles involved, but when it's done the package is quiet. It doesn't alert or prompt you unless it's important. Best of all, it takes the decisions away from other users. No prompts = no user mistakes. Rick

There is no way to even guess what the odds would be. It's estimated that between 66% and 91% of all PCs are infected with something. There are thousands of trojans. Many will use whatever port the sender chooses. Here's a list of some of them. Quite a few apps need to listen on certain ports. These include: P2P apps, can use any port the user chooses. Some games. I not a gamer so don't ask which ones. Some IM programs. When I last used Yahoo, it listened on port 5051. Call Wave internet answering machine. VOIP software Remote access software. If that router is also connected to an XP unit, UPnP will do most of that for them. The average user is not aware of any of it. It's clear that we're not going to agree on this. You have no use for outbound control while I consider it necessary. If that makes me a control freak, fine. Rick

The moment the thread gets moved out of the 98 section of the forum, the "get with the times" posts start.

I haven't seen regional targeting used by the malicious code itself, but I have seen where malicious (or compromised) sites will only attack visitors with IPs from certain countries or that will attack all users except those from a certain country or IP range. I've also heard of instances where a malicious site will use dozens of different exploits, and the visitors IP will be one of the factors that are used in deciding which exploit it will try to use. Sometimes a vulnerability is language dependent, eg it will infect the Chinese version of a PC but not the German or English version. Quite often, javascript is used to determine the potential victims OS, browser in use, etc. Sometimes the user agent from the headers is used. Spoofing the user agent and blocking those particular scripts can help protect you. Sites that use the browser headers to determine your OS and browser see mine as XP and IE6. Rick

OldVersion has links to quite a few versions of ZA, all the way back to 2.0. http://oldversion.com/program.php?n=zalarm How do you get that out of what I posted? There's more to security than keeping malware from gaining access to your system via an internet connection or detecting its presence on your system. It also includes keeping your data and personal info from being sent out of your system. It includes preventing unwanted changes from being made to your system. It's keeping nosy users out of your data. It's preventing software vendors, websites, etc from monitoring your habits and usage. It's preventing adware and spyware (that an AV doesn't detect) from connecting out and either burying you with popups or downloading more adware. I consider security and privacy to be one and the same. If your PC isn't secure, nothing you do with it or keep on it is private. Yes, I have seen a software firewall alert to the presence of a trojan that the resident AV missed, twice as a matter of fact. On both occasions it was a PC I was servicing for someone else. Both had up to date AVs. When I installed a firewall on them, it immediately alerted to the suspicious traffic. Yes, some malware does that. Most of that malware doesn't target 9X. That problem can be somewhat addressed by a system policy that limits what can run, but an application firewall or HIPS gives very good protection against the termination of an AV or firewall on several layers. There's even a system scheduler that has a "watcher" function that can be used to restart an AV or firewall if they're terminated. When "legitimate" software updates or alters your system without asking your approval, it is very much a security issue. It's becoming common for the updates of legitimate software to break functions on 9X systems. Example, Flash Player updates after 9.0.47 makes sites like this one unusable with 9X systems. I don't believe that this is accidental or that it's the result of fixing something for its use on newer systems. I think it's deliberate and is intended to make 9X systems less functional so that users will update. IMO, that makes it a security issue. Malicious code can also exploit legitimate processes and applications, and not just Internet Explorer. On 9X systems, rundll32.exe is exploited for such purposes, much as svchost.exe is exploited on XP. Hardware firewalls are no help here but a software firewall can be. For me, this comes down to a much more basic issue, namely: who decides what is allowed and what isn't. A software vendor can claim that they own the software but I own the PC it's installed on. I will decide what it does, how it's used, when and if I update, what activities are permitted on it, etc, and I will enforce that on software vendors and users alike. To me, this isn't micromanagement. It's maintaining control over what I own. Not true. While both can be configured to permit inbound traffic on a specific port, using a specific protocol, and coming from a specific IP address or range, only the software firewall can allow it for a specific application and not the rest of the applications and system components on the PC. A firewall like Kerio 2.1.5 is extremely light and has little if any effect on system resources. On my 98 box, Kerio uses 1.7MB, slightly over 1% of my physical memory. I've installed in on Win98 PCs with 32MB of RAM and had no problems. When well configured, a software firewall can actually speed up your browser slightly by preventing other processes from wasting the bandwidth. A DSL user won't notice it, but a dialup user can feel the difference. 9X users are faced with many vendors dropping support. There aren't many AVs left to choose from. It's also a fact that AVs don't catch everything, especially adware. IMO, the loss of AV support makes a software firewall more important. When combined with an application firewall, the user has a very effective security package. A software firewall may not be the solution to all security problems, but they're by no means useless. Given a choice between an AV and a software firewall, I'll choose the firewall. Rick

System Safety Monitor 2.0.8.583 will be the last 98 compatible version. Available at http://www.syssafety.com/files.html Development for all versions of SSM has stopped. http://www.syssafety.com/forum/viewtopic.php?p=5298#5298 Not commercially viable. It's a shame since SSM is one of the most effective and powerful security apps available. Rick

A software firewalls primary duty is controlling traffic, not keeping malware off of your system. If a software firewall is detecting unexpected outbound traffic, then the rest of the security package or the user has failed to protect the system. Hardware firewalls which includes routers, and software firewalls fill different roles. Hardware firewalls can only control traffic on a global level. A software firewall can control traffic for individual applications. Some call that being a control freak. I call internet access control a necessary part of my security policy. Rick

Except for one very odd WinME unit, the only thing I'm aware of Kerio 2.1.5 clashing with is a defragmenter, Perfect Disk I believe. Other than that, I haven't seen it conflict with anything. Some others haven't been so fortunate but that can happen with any software. Shields Up is OK for scanning the lower ports. Beyond port 1055, it can only scan 64 ports at a time. Scanning all the upper ports with Shields Up would take forever. The port scanner at AuditMyPC scans ports 2500 at a time. It doesn't show "stealth", only open or closed. Stealthed ports are not as important as GRC makes them out to be. Most trojans use ports above 1055 which are too time consuming to scan at GRC. Some DSL modems and routers have an open port in the upper ranges too, especially ones supplied by ISPs. Scanning all the upper ports may surprise you. Rick

I'm running a 366mhz Celeron and 98FE. Does that count? Those who think that it's too risky to run 98 on todays internet don't know how to take care of it properly. I enjoy browsing anywhere I want and not having to worry about it, downloading exe's on P2P, or collecting the latest zero day exploits and finding that they don't do anything of consequence to a 9X system. The only ones I'm concerned with are ones that target the specific applications I use. They can be dealt with as well. The "get with the times" crowd can say what they want. When your OS of choice does what you need, safely and reliably, that's all that really matters. As long as you can get back to where you started from, registry trashing experiments are good learning experiences. The project I'm working on has trashed it several times. When I get back to it, I'll probably trash it a few more times. Today, busy trashing bigger things, like my home network. Actually I'm trying to undo the trashing I did to it.

Thanks. Forgot all about being able to do that. The whole thing's getting frustrating enough that I'm overlooking the obvious.

My approach is similar. I have a "call" entry in autoexec.bat that calls a batch file. It's for a 2 profile setup and includes more system files and the users autostart folders. There's no visible indication that it's running unless the user presses the "1" key. @echo off CHOICE.COM /N /C:1234567890qwertyuioplkcjhgfdsazxvbnm`~!@#$^&*()-=_+[]}{;:'",.? /T2,6 > nul IF ERRORLEVEL ==2 GOTO :RESTORE IF ERRORLEVEL ==1 GOTO :CANCEL :RESTORE if not exist C:\backup\Standard\systemd.std GOTO ERROR if not exist C:\backup\Standard\user.std GOTO ERROR if not exist C:\backup\Standard\autoexec.std GOTO ERROR if not exist C:\backup\Standard\config.std GOTO ERROR if not exist C:\backup\Standard\protocol.std GOTO ERROR if not exist C:\backup\Standard\systemi.std GOTO ERROR if not exist C:\backup\Standard\win.std GOTO ERROR if not exist C:\backup\Standard\msdos.std GOTO ERROR if not exist C:\backup\Standard\user1.std GOTO ERROR if not exist C:\backup\Standard\user2.std GOTO ERROR attrib c:\windows\system.dat -s -h -r attrib c:\windows\user.dat -s -h -r attrib c:\msdos.sys -s -h -r attrib c:\autoexec.bat -s -h -r attrib c:\config.sys -s -h -r attrib c:\windows\win.ini -s -h -r attrib c:\windows\profiles\XXXX\user.dat -s -h -r attrib c:\windows\profiles\YYYY\user.dat -s -h -r copy C:\backup\Standard\systemd.std C:\windows\system.dat /v /y > nul copy C:\backup\Standard\user.std C:\windows\user.dat /v /y > nul copy C:\backup\Standard\autoexec.std C:\autoexec.bat /v /y > nul copy C:\backup\Standard\config.std C:\config.sys /v /y > nul copy C:\backup\Standard\protocol.std C:\windows\protocol.ini /v /y > nul copy C:\backup\Standard\systemi.std C:\windows\system.ini /v /y > nul copy C:\backup\Standard\win.std C:\windows\win.ini /v /y > nul copy C:\backup\Standard\msdos.std C:\msdos.sys /v /y > nul copy C:\backup\Standard\user1.std C:\windows\profiles\XXXX\user.dat /v /y > nul copy C:\backup\Standard\user2.std C:\windows\profiles\YYYY\user.dat /v /y > nul attrib c:\windows\system.dat +s +h +r attrib c:\windows\user.dat +s +h +r attrib c:\msdos.sys +s +h +r attrib c:\windows\profiles\XXXX\user.dat +s +h +r attrib c:\windows\profiles\YYYY\user.dat +s +h +r del C:\windows\profiles\XXXX\startm~1\programs\startup\*.lnk > nul del C:\windows\profiles\YYYY\startm~1\programs\startup\*.lnk > nul xcopy C:\backup\startup C:\windows\profiles\XXXX\startm~1\programs\startup > nul xcopy C:\backup\Cstartup C:\windows\profiles\YYYY\startm~1\programs\startup > nul goto :EXIT :CANCEL echo. echo. echo. echo ÉÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍ» echo º º echo º *** RESTORE CANCELLED! *** º echo º º echo ÈÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍͼ echo. echo. goto :EXIT :ERROR echo Backups missing pause goto :EXIT :EXIT command /c exit Edited to remove non applicable parts of batch file.

Your first link redirects to a blank page at http://byet.org/web/index.html edit Working now. Disregard.

9X might not be targeted by as much malware as XP, but don't make the mistake of thinking it isn't targeted. A lot more malware targets applications than before, and not just Internet Explorer. Recent vulnerabilities in Adobe Acrobat and FlashPlayer work on 9X systems. Other member here have sent me a copies of trojans that behave very much like a rootkit on 9X systems. The files, registry entries, and the process itself are hidden from conventional tools. Not all the malware writers have forgotten 98. That is a serious exaggeration. 9X would be more like an old vehicle that still used a carburetor and points instead of fuel injection and electronic ignition. They needed more maintenance but when they were tuned well, they performed just as well as the modern engines. Just like an old engine, tuning them was half the fun, especially if they had a big 4-barrel. That holds true for most operating systems. Most of the instances I've seen of users having to repeatedly reinstall their OS are due to their not having control over who uses that PC or what they do with it. I used to maintain a PC for a disabled woman whose kids and their friends didn't care what they did to that PC. At least one of them knew enough to make it a real battle, uninstalling firewalls and AVs so they could deliberately install porn (with dialers) and P2P apps, usually Kazaa. When I installed and set up SSM, I finally won that battle. That may have been true when 9X was the recent OS. Only the 3rd applies now. On XP having many of those remote services turned on by default was a big mistake. Most users never used those "features". A user that's knowledgeable enough to set up remote access or administration would also be smart enough to turn on the service. It can happen. A poorly designed malicious page, An install that goes bad. A power failure during an install (a cat that pulls the plug out of the wall by playing with the wiring). I've managed to trash a 9X registry without actually trying. I don't remember what I was installing but it went wrong and the PC wouldn't boot afterwards. Had to restore the registry. Some of my recent experimenting has destroyed the registry but I can't call that accidental. If you really want to protect your 9X registry, make copies of the files after a good cleaning and optimizing, then use a batch file called from autoexec.bat to overwrite the existing files with those backups. This way, you'll boot up with a clean, optimized, and MRU free registry every time. Since most malware adds entries to the registry, this will defeat most of them. No matter what version of Windows you use, (with the possible exception of Vista) a registry backup is a necessity. A full system backup should be considered necessary as well.

I've got that version of USBASPI from your site, but can't find that version of aspidisk.sys. Got a link to it? Thanks. Rick edit I found a copy at Adaptec's site but I think it's a much older version. It's 15060 bytes. MD5 is f667369e2b45c4696892daef93549cba So far, it's the only one I've found.

Tried using USBASPI.EXE. No change. DOS still refers to sda6 as drive H, (Win98 calls it drive I) says "not format". DOS doesn't see sda8 at all. Rick

I don't see a version number on my copy of DI1000DD.SYS but the size matches. I've been using usbaspi.sys. Been trying 4 different versions. Wasn't aware of an exe version. I'll give that one a try. Thanks

I use Kerio 2.1.5. It has always worked well for me. No problems on any OS I've put it on. Rick

I'm almost positive that there's just one primary partition with one drive on it, drive F. Everything else is on one extended partition. I'm not sure why the logical drives are in that order, not matching the order of the devices. Might be the order I formatted them. Sda7 was originally Fat32. I used Scramdisk to convert it to Blowfish after all the drives were formatted. I have resized some of them later on with GParted since then. I did have problems with "H", the backup image storage. Most of the files there are Acronis Images, which will be eliminated when I get this access problem solved. Win98 showed one of the files with a large negative size. I wouldn't have noticed it if I had not had 2 different apps open that both showed available space on the drives. One said I had over 4GB. The other said it was almost full. GParted couldn't access the external drive at the time. Just kept scanning. I deleted the 2 files (it was part of a set), ran Scandisk, then was able to read the external drive with GParted, but it didn't fix the DOS access problem. Right now, Scandisk is checking the last of the 4 drives, the biggest one, which I've been able to access in DOS all along. No errors of any kind on the other 3. I'm still not sure if this is a drive/partition problem or a limitation of the DOS USB drivers. All the drives are usable with every other OS I have, except DOS. Need to take a break from this thing. Rick

I don't have partition table doctor and the demo version does nothing. Too much to pay for something I'm not likely to use more than once. Is there something else that will work, preferably freeware? Gparted, Win98, Win2000, and Linux have no problems accessing all the drives. All of them find no problems with any of the drives/partitions.

I'm trying to build a DOS bootdisk that will read all of the FAT32 formatted drives on my USB hard drive with LFN support, DPMI, mouse, sound, etc. Everything works except for one problem. I can only access 2 of the 4 FAT32 formatted drives, sda1 and sda5 (F and H as read by Win98). All of the Windows versions read the entire drive, as does a Knoppix Live CD and a GParted CD. This is the partitioning of the USB drive. Drives C through E are internal. Drive G is the CDRW. Sda7 is a blowfish encrypted logical drive. Is it possible to read the sda6 and 8 drives from DOS with the presently available drivers? The USBASPI driver seems to detect sda6 but says it's "not formatted". I'm running out of ideas and am hoping that I'm just overlooking something simple. Any ideas? Rick

On my 98FE box, version 9.0.151 has the same problem that 115 and 124 had. See http://www.msfn.org/board/Adobe-Flash-Play...11-t115186.html Try this link and see if the "browse" button works for you. http://www.imageshock.eu/ With version 151, the browse button won't work. With version 47 it does. Element-IT makes this flash uploader. They have demo's for the one used on that site and a newly released one. Neither will work with 151 on 98FE. Do they work with 151 on 98SE or WinME? Rick

There's no need to reboot when installing a USB mouse. Plug the old mouse back in and reboot. When everything is back as it was, plug in the USB mouse and let windows detect it and install the drivers. Leave the old mouse attached until you're sure the new one is working. You might want to keep the old mouse. A USB mouse may not work in safe mode or when you boot to DOS. You'll need to load a driver for the USB mouse if you want to use it in DOS. Rick

I didn't see this thread until after I'd delivered the card reader. I don't have access to the reader or its package right now so I can't comment on SDHC compatibility. I think it was listed on the package but I'm not positive. Her phone uses MicroSD and the chip I was reading was a 4GB. Regarding SIM cards, the CD installed a SIM editing tool so it should to be able to read them. I have Orangeware USB drivers ver 2.3 installed. Unless they were part of another install, I haven't installed NUSB. There's several USB keys in that part of the registry but no entries for USBREADER.

A friend was having trouble finding a card reader that would work with her phones memory card. The store kept selling her either the wrong one or ones that didn't work. I bought her a universal reader, this one. Since she'd already had enough problems with this, I decided to try it on my PC before I delivered it to her. The package (and website) said it required 98SE or newer and also said that a downloaded driver would be needed for 98SE and ME. I plugged it into my 98FE box and went through all the "new hardware found" prompts. Everything appeared to proceed normally. Never did download the driver. In "my computer", 4 new removable drives appeared. I could read the memory card just fine. The "safely remove hardware" icon appeared in the tray (was installed by the external hard drive software, which wasn't supposed to be 98FE compatible either.) Everything looks good in the device manager. I've run into this repeatedly with hardware on 98FE. The vendors claim that 98SE or newer is needed but their devices work fine on my 98FE box. So far, this includes the external hard drive, the card reader, the USB datafax modem, even my USB card, all from different vendors. If the website or packaging didn't mention 98FE, I'd assume that they didn't test it or forgot to mention it. But when a vendor says specifically that their product won't work on FE when in reality it works just fine, I have to wonder why they did that. When this many vendors wrongly claim incompatibility, I start asking who wants 98FE out of the picture so badly. Rick

6MB is quite small for the entire registry. Even if you can shrink it down more, I doubt you'll see much in the way of improved performance. I'd delete the MRUs and usage tracks with the cleaning tools mentioned in this thread, then use RegCon to compact it. It's one of the utilities in Regutils.7z, linked in the above mentioned thread. Once that is done, make copies of system.dat and user.dat. You can replace the existing files with these from DOS or you can write a batch file to automate the process. Automating the process will allow you to always boot with a clean, compacted, and unfragmented registry. Rick