herbalist

It's for a live CD experiment I'm working on. If the hosts file is left in the windows directory, it'll be part of the CD and uneditable. I'd like to be able to specify another location for it such as a separate CD or ideally, on an encrypted hard drive. It's not absolutely necessary but it fits with the overall idea I'm trying build. It would also help reduce the amount of space used on the CD. I saw a string for specifying the location of LmhostFile in My Computer\HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\VxD\MSTCP Tried adding a similar string for hosts but it didn't work. Rick

Is the location of the hosts file on Win98 stored in the registry or hard coded? Can this be changed? If so, where? Rick

I don't want it. I don't trust it, and will not use it. 98 is the newest Windows I will use. Rick

Got the same results with 98SE loaded into the PC. Can only get 32 bit with the ATI updated driver, Rage IIC AGP. I'm surprised it's still listed there. http://ati.amd.com/support/drivers/98me/legacy-98me.html Rick

A friend sent it in an e-mail joke some time ago. No idea where it originally came from. It doesn't look completely real to me, no places for limbs to attach, looks like a plastic novelty toy. I'd like to have a mouse that looked like that. Those files are as close to 98 rootkits as I've seen. It seems to embed its code into another instance of explorer without changing its signature. Haven't finished working with them. Got sidetracked with other projects. Too much started, nothing getting finished. I do have some extended time off for the holidays. Hopefully, I'll get caught up and more organized. Rick

It's a big improvement over the default drivers. I'm still working with it but 256 color looks good, all screen sizes available. With 16 bit, the colors are way off. White is a lite, bright blue. With 24 bit, the colors are good, both web pages and image files. Unfortunately, this PC has always had a problem with 24 bit. Screen scrolls in waves, shutdown issues. I can't get it to switch to 32 bit at all. Might be different on another PC but it'll be a while before I'm ready to move this setup to a CD. Still have a ways to go, apps to add, excess to strip out. Rick

If it works, it's exactly what I'm looking for. Hopefully, I'll know by tonite. Thanks. Rick

Is there a generic display driver for 98 that does better than 640x480, 16 color? It needs to be generic as it's for a live CD experiment. Rick

If "that WMV video" is a clip of choosing a custom color, the codec seems to work fine on my 98FE box. WVC1DMOE.DLL did not copy or register. Couldn't register it manually. WVC1DMOD.DLL copied and registered normally. Rick

Doesn't work anymore. Killed by a virus.

Proxomitron addresses some of the methods used by websites to determine your OS and browser. It can modify the user agent in the headers and block specific javascripts. Java and ActiveX can also be used to determine what you're running. It might be possible with flash as well. The best Proxomitron can do with these is whitelisting sites that are allowed to run them and removing specific Java applets. The old JDList filter set had that feature but the site it was available on is now Search Portal. I have a copy of it but it's 4 years old now and needs updating. The Grypen and Sidki filter sets are still maintained as far as I know. Rick

For malicious code delivered via web content, have you looked into Proxomitron? It performs many of the functions of NoScript, plus a whole lot more. It also works with all browsers. It's filter rules can be a bit intimidating if you don't know a little HTML, but there are filter sets available in addition to the default ones it comes with. It's the kind of app that gets more powerful as you learn it. I've had it for 2 years and am still learning more of what it can do. Incredible tool. The best part is that it's not an installed app. Just unzip it, set your browsers proxy settings and use it. SSM can also help with web based attacks by controlling what your browser and WSH can do. A lot of browser exploits use the browser to gain access to another app or process that wouldn't normally be accessible. By limiting the parent-child settings, SSM can help defeat a lot of these. One of the biggest things you can do to reduce the risk from new/unknown exploits from the web is to limit what can be launched in the browser. Whenever possible with web content, run it outside of the browser. That would include most media, PDFs, etc. Are you familiar with the PDF exploit that was fairly recent? Info here. If the PDF is opened in the browser, the exploit succeeds. On mine, it worked with both IE6 and SeaMonkey via Adobe. Downloading the PDF and opening it with Foxit defeats it, this time. When opened in Adobe, SSM blocked Adobe's attempt to access the browser, something it can't do when the browser has already launched Adobe. Eliminating browser integration with other apps makes web browsing a bit inconvenient, but it does prevent a lot of exploits from working. For scripts that are run from your PC, changing the default app for scripts to Notepad prevents a lot of their misuse. You can always add a context menu entry for scripts to open them with WSH as an option, keeping notepad as the default app for them. This way, you can view them first. An app like Script Sentry will also do this for you. It will also let you whitelist specific scripts if you want. Rick

It runs fine until it uses up your resources and forces you to reboot. The only pages I've had any problems with are those using ActiveX. Outside of MSN, they've been very few. Yes, there are attack vectors that don't involve user interaction, but they are not responsible for the majority of the compromised PCs. The vast majority of infections are caused by something the user chose to install, open or click on. The next most common sources are weak Internet Explorer settings (and users who run it with those out of the box settings) and browser exploits, specifically IE6. Yes, there's other ways to infect a system, but the user and IE6 are responsible for most of the problem. A five year old AV, Norton of all things, then tell me that I'm the one being foolish? That AV uses more disk space and resources than my entire security package combined. The last virus I've had was one allowed by the exact AV you suggest, and it was up to date. Every infection and system compromise I've experienced happened while using Norton products. Never again will anything Norton be used on any PC I own or maintain. I mentioned that when I said to close the NETBIOS ports. Aside from that, 98 itself might not need firewall protection but the installed apps do. Most of that malware doesn't run on 9X systems. On a PC with a default-deny policy enforced in the manner I suggested, malware doesn't run, period. If it can't run, it can't infect you. Then you do admit that IE is responsible for most of 98s vulnerabilities. In all fairness, most of the recent exploits involving IE6 do nothing to a 98box. With the next one, who knows? Getting rid of IE gets rid of most of the vulnerabilities in a 9X box. If a user wants or "needs" IE, they should at least tighten up its settings. Ideally, they should run it thru Proxomitron and filter out the unwanted content. Out of the box, 98 did little to control who uses it. That can be largely fixed too. The NT systems are better at user control, but that came with a whole new set of vulnerabilities to external attacks and the ability to hide files and infective processes from the OS and the user, the rootkit. A very bad trade. How flawed is that :It starts with how these tests are treated. The users chooses to start them and expects the software to contain them. Their responses to the security prompts are influenced by the fact that they know it's a test, such as allowing the initial process but blocking the hook it tries to set, then thinking they passed the test. The test never ran. If that "test" was a piece of malware bundled into an install, they'd probably have allowed the hook as part of the normal install process and be owned by someone. Responses to alerts don't reflect real life behavior because the user knows it's a test. Using the pcaudit2 leaktest as an example, most users will allow the process then block the hook. All that does is test if their firewall or separate HIPS will block a hook when they tell it to. On most systems, if the hook is allowed, the system will fail the test. The site leads the user to believe that they failed the test because their firewall allows the hooks. Their firewalls actually fail because loopback connections aren't properly controlled, poorly configured. The result is an emphasis on hook control features, aka HIPS over properly written firewall rules and system configuration. The user needs a better firewall instead of learning to configure the one they have. That is flawed. Look at his results. Only the newest "Pro" versions do well. My system passes that test and most of the ones that apply to 9X with an old firewall, Kerio 2.1.5 and SSM shut down. I don't agree with his reasoning that application control should be part of the firewall. IMO, both traffic and application control are important enough that they should be controlled separately to reduce the risk of common vulnerabilities taking down both at once. On a combined package, one piece of vulnerable code is enough to make that possible. Rick

98 runs very well with an alternate browser. Using one eliminates a very large part of the entry points used by malware, leaving bad decisions by the user as its worst vulnerability. Even if IE6 and the alternate browsers were equal in security, the alternate browsers are usually faster, more user friendly, and don't waste resources like IE6 does. AVs are going to be a problem for 98 users who want to use one. Of those still supporting 98, several are dropping it very soon. Instead of relying on a dwindling number of AVs, consider using the opposite approach to securing your 98 system. Whitelist the user applications and your systems executables, then block everything else. A default-deny security policy enforced by system configuration and a few good apps does better than any AV, and leaves you with a much faster system. An interesting read regarding AVs and security in general. http://www.ranum.com/security/computer_sec...ditorials/dumb/ I've been using a combination of Kerio 2.1.5, SSM free, and Proxomitron to protect my 98 box for a couple years, no AV installed. It has never failed to protect me, which is more than I can say for the AVs I've used. Firewalls are another story. There's several that work good on 98. My favorite is Kerio 2.1.5. It's no longer supported but is very effective and lightweight. A software firewall might not be an absolute necessity if you've closed the NETBIOS ports, the only ones open on a default 98 system, but being able to control inbound and outbound traffic on a per application basis not only improves your security, it can actually speed up your connection slightly. With dialup, the difference can be very noticable. As for the leaktests, using them to compare and promote one firewall over another is a gross disservice to users. The entire concept is flawed. How well a firewall performs with them depends largely on the rules in place. Leaktests favor features over configuration, suites over separate components, and are used heavily to push firewalls with HIPS components. Few if any of them will run on 98. Leaktests should be treated as configuration aids, not advertizing tools. If you're really worried about passing leaktests, combine a rule based firewall and a separate HIPS, block Internet Explorer, and you'll pass them all, at least all the ones that run on 98. The common opinion, one promoted by M$, hardware vendors, and the big name security companies is that 98 is too insecure and unsupported to use on the net. This forum is a rare and welcome exception to that planned obsolescense mentality. With a few good apps and a user who will say "NO" to the unknown, 98 can be made equally as secure or more so than XP. Rick

Annoying is putting it nicely, especially if you wait too long and the system doesn't want to reboot, just crash. Until someone figures out how to fix the problem at its source, the best you can do is minimize it. What makes the problem bad is applications that waste those limited resources. Shortly after I got this PC, I updated it to IE6 and installed Norton Internet Security 2002, only brand I knew of back then. Learned quick that NIS was a major resource hog. I was down to 48% just from booting up and starting IE6. On the average, I'd get about one hour of good browsing before the resources dropped low enough to make it unstable. Getting rid of Norton doubled my usable online time, but still had the gradual draining of resources. To make a log story short, the worst drain on my resources proved to be Internet Explorer. When I tried out another browser, the Mozilla Suite, it didn't solve the problem, but the rate of drain was a fraction of what it was using IE6. I could browse all day with it instead of just an hour or two. Efficient use of resources is a priority for apps on 9X systems. When an app is closed, you should get back most of the resources it was using, something IE6 didn't do on mine but Mozilla did. AVs and security suites are among the more wasteful apps. When I stopped using a resident AV, I not only gained a lot more free resources, I got a big speed increase as well. Not including security apps, on mine the worst software for wasting resources was everything from Microsoft. The less MS I use, the better it runs. I'm inclined to think that this is deliberate, to coerce users into buying new hardware, with a new OS installed of course. Work your way thru the apps you use one at a time. Check your free resources before starting one, use it for a while, then shut it off and see which one(s) are responsible for the bulk of the draining. If you can isolate and replace them, you'll like the results. Rick

A few more items for the list. Command line checksum utility MD5 and SHA1. Free. Windows-KB841290-x86-ENU.exe Microsoft claims that Win 2000 or newer is required, but the utility works fine with 98 in a DOS window. System Scheduler-popup reminder ONGD, free and pay versions. Far superior to the built in Windows scheduler. http://www.splinterware.com/products/wincron.htm Multiple Clipboard Utility 9 separate clipboards. Free. Also works on Win 2K. http://www.splinterware.com/products/clipboards.htm Launchkey Command line tool to launch an application and send it keypresses. Useful to run from batch files or from other applications. Free. http://www.splinterware.com/products/launchkey.htm File Sharing Shareaza, ONGD, free Open Source. Multiple Network Program. http://shareaza.sourceforge.net/ Host Intrusion Protection System (HIPS) System Safety Monitor. ONGD free. http://syssafety.com/ Registry Protection TestRun by BB. Free. His site is down, expired. Copy of page from Archive.org. Download link not working. I've uploaded it to Rapidshare. IMO, this is too useful to let it just disappear. Website Copier-Offline Browser WinHTTrack. ONGD, free. http://www.httrack.com/ MP3 Splitter Free. http://www.megax.it/mp3split/index.htm Flash/Tutorial maker Wink. ONGD. Free. http://www.debugmode.com/wink/ File/Partition Encryption Scramdisk 3.01r3c Free, Last. http://www.samsimpson.com/cryptography/scramdisk/ Animated GIF maker UnFREEz 2.1 Free. http://www.whitsoftdev.com/unfreez/ Time Sync AnalogX Atomic TimeSync. Free. http://www.analogx.com/contents/download/network/ats.htm CD\DVD BurnAtOnce. Free. Last? For data, music, ISO. http://www.burnatonce.net/ Script Protection Script Sentry. Free. At Jasons Toolbox. System Lockdown Utility System Lock 1.2.1. Free. www.r2.com Let me know if any of the links don't work. Rick

I recently picked an old PC with Win 2000, no upgrades done on it. Put the hard drive in my 98 (not SE) box, set up a dual boot, and updated 2K to SP4. Got all the unnecessary services disabled, drivers updated, tweaked and tuned. My hardware is old, an HP Pavilion 4463 with a 366mhz Celeron and 160 MB RAM, upgraded from 64 MB. Hardware upgrades include a new USB card, network card, and CDRW. I removed the original combined modem/sound card and put in an old Sound Blaster. So far, I haven't found one instance where the Win 2000 OS outperforms my old 98 install. 98 boots faster, even with the batch files I added to the startup, shuts down faster, and navigates the file system faster, including the external USB hard drive. With the same browser on each, internet speeds are about equal, both browsing and download. So far, I haven't found any apps I use or want that don't run as well on 98 as they do on 2000. Was very disappointed to find that my file/partition encryption program of choice (Scramdisk 3.01r3c) wouldn't run on 2000. There's supposed to be a 3.02 beta version that was around for a while but I haven't found it. I didn't really expect to see any significant improvements in performance from 2K on this old hardware, but some of what I've observed has suprised me. On web pages with large animated images like weather radar loops such as this one, the CPU demand on 2000 and 98SE stays at or near 100%, and the speed the animation moves slows down quite a bit. With 98FE, the processor usage is still high, approaching 100% at times but the animation runs at the proper speed. This is using the same hardware and browser on all OS, except for the hard drives they're installed on. 98SE is using my best hard drive at the moment. I would have expected 2000 and 98SE to handle such a page better that 98 first edition, or at least equally as well but in this instance, 98FE works much better. As for stability, my 98 box runs 24/7. I can't remember the last time I shut it completely down. It does see an occasional reboot, but not because it needs it. It's usually to finish an install or to switch to an alternate configuration. Can't remember the last time I saw a BSOD that wasn't the fault of something I did. On my hardware, newer equals little if any gain in function and compatibility, lower performance, and a less secure system. Why use 98/SE/ME? I can't find a good reason to update. Rick

You don't have guess or feel if it's faster. Test it both ways. There's speed tests that use java or flash here. I've had more consistent results with the java tests. They handle higher speeds as well. You might want to check out the tweak test while you're there. Rick

On mine, USB hasn't worked well with DSL modems, even with a new USB card and drivers. I couldn't get drivers for the Westell Modem, an ISP provided unit. The previous one, a Netopia worked erratically, and at less than half the speed it when compared to ethernet. Performance got worse yet if I tried to access my external hard drive at the same time. It wasn't worth trying to make it work with USB when ethernet works as good as it does. Rick

The question you need to ask is "Do I have all the apps I need and am I happy with them?" The application compatibility issue cuts both ways, especially if you use older apps. I have both 98 and 2000 installed. My hardware is slower than yours, 366mhz, 160mb RAM. On mine, 98 runs circles around 2000. On faster hardware, this may change. As for 2000s alleged stability advantage, I haven't seen it. It may be more stable "out of the box" but properly configured, 98 is very stable. IMO 98 is also easier to secure against web borne threats but not as secure against malicious activity at the keyboard. Since 2000 has many similarities to XP and Vista, it will also be at risk from exploits and malicious code that affects them. That could become a big problem when its support ends. Malicious code that attacks 9X systems is declining as there aren't near as many of them to exploit. A lot of the present malware has no effect on it. If 98 and 2000 were completely equal, I'd still choose 98 just to have DOS. There's just too many things you can do with DOS that you can't do with command line in an NT system. Rick

Once you get all the bloat, wasted space, and MRUs out of the registry and have it optimized, you can take steps to keep it that way. For protecting the registry from damage or undesired changes when testing new software or just as a failsafe when tweaking, check out Testrun by BB. The site is down at the moment, but here's a link to a copy in Archive.org. Testrun is a collection of batch files that make backups of the registry and system configuration files and enables you to load a duplicate set while keeping your normal registry out of harms way. Archive.org didn't have the batch files thmselves so I uploaded them here. The batch files are easily modified to expand their uses. I modified them to automatically restore the systems registry and core files on every reboot. Details here. This puts an end to the registry bloat, fragmentation and stored MRU problems. It also protects it from modification by users and malware. The batch files can just as easily be altered to allow the usage of 2 completely different sets of registry files. Possible uses for such a setup include: *Switching between 2 different network configurations without having to re-enter the settings. *Storing configuration data and the registry entries for apps installed on CDs or in encrypted containers so that there's no evidence of their existence in your normal registry. *Setting up multiple configurations on one operating system for application testing. DOS is a 9X users best friend. Rick

Eraser deletes them during restart by adding an HKLM..run entry to the registry. Index.dat suite deletes them by adding an entry to HKLM...runonce for run.bat, which contains entries much like the ones I posted earlier. Index.dat suite can read the index.dat files while windows is running but has to restart windows to delete them. It's simpler to get rid of them by using the delete commannd in DOS, by adding the delete entries directly to autoexec.bat or putting them in a separate batch file and running it from autoexec.bat with the "call" command. The advantage to a separate batch file is that it can be temporarily bypassed by unchecking it in msconfig. I tried editing an index.dat file with notepad+ while windows was running, and was able to delete its contents, but not the file itself. Windows Notepad and Wordpad would not access the file at all, "in use" error message. Apparently, they can be accessed with most non-Microsoft text editors, but editing them while windows is running causes problems. On mine, I got both Windows explorer and internet explorer errors the next time I tried to open a folder. Rick

Have you tried MRU blaster to clear out the usage records? It does also wipe those userassist entries mentioned earlier. I have to wonder how much of your registry is being used up by usage tracking as I have most of the apps you're removing, including Net2.0 and Real Player, and my system.dat is 6.29MB. Rick

All the basic DOS commands will show you the switches and proper usage by following the command with /? To see the usage for "Copy", type "copy /?" without the quotes. If you plan on using 98 for anything more than simple web browsing, I strongly suggest that you take the time to learn the basics of DOS. DOS can be a 9X users best friend. It doesn't take a "DOS freak" (whatever that is) to learn basic command line. It's not that hard. DOS batch files are extremely useful tools. Here's a couple of links to sites that cover the basics. http://www.computerhope.com/msdos.htm http://dos.rsvs.net/ Rick

The first batch file is nothing more than a series of delete commands. @echo off deltree /y C:\WINDOWS\COOKIES\INDEX.DAT deltree /y C:\WINDOWS\PROFILES\RICK\COOKIES\INDEX.DAT deltree /y C:\WINDOWS\PROFILES\RICK\HISTORY\HISTORY.IE5\INDEX.DAT deltree /y C:\WINDOWS\PROFILES\RICK\TEMPOR~1\CONTENT.IE5\INDEX.DAT deltree /y C:\WINDOWS\PROFILES\CONNIE\COOKIES\INDEX.DAT deltree /y C:\WINDOWS\PROFILES\CONNIE\HISTORY\HISTORY.IE5\INDEX.DAT deltree /y C:\WINDOWS\PROFILES\CONNIE\HISTORY\HISTORY.IE5\MSHIST~1\INDEX.DAT exit I put together a page a while back that describes 2nd batch file in detail. There's 2 batch files involved, one for making the backups and one for restoring them. Both are covered at http://www.freewebs.com/herbalists/index.htm. As long as you add the appropriate entries to both the backup and restore batch files, you can use it to replace or restore any file with 8 characters or less in its name and a 3 character or less file extension. Just be very careful with the syntax. A mistake will be costly. In both cases, I added a call line to autoexec.bat call C:\cleanup.bat call C:\restore.bat Rick