herbalist

The IP supplied by my ISP is entered on the WAN interface. The vendor support page reads: If I have xxx.xxx.xxx.217 entered for WAN, what's the appropriate entry for LAN with NAT disabled? Rick

galahs, Got a link handy to one of the sites that flash would crash on? I'm running flash 9.0.28 on a 98 box with 366mhz and 160MB RAM and haven't seen this problem. Rick

None of the above. Stopped using signature/reference file based antispyware apps a few years ago. Not of them can be counted on to catch everything, no matter how many you run. Been involved in too many disputes with their vendors over what should or shouldn't be targeted. I use System Safety Monitor to prevent all unwanted processes and installers from running. When tightly configured, it can prevent most any malware from running or installing. Rick

I need to disable the NAT on a Netopia 3341 DSL modem. I have Smoothwall installed on another PC and everything behind it works fine. I'd like Smoothwall to use my actual IP and handle the NAT duties, which is what they recommend. I've tried to follow the instructions on the vendors page but the settings won't validate. On the WAN interface, I unchecked address mapping per the instructions. Left the rest of it alone. On the LAN interface, I entered my IP address. Left the subnet as is, 255.255.255.0. The settings won't validate, says IPs are on the same subnet. With NAT disabled, shouldn't it be the same? I don't understand what this wants. My understanding of this is very limited. AFAIK, I have one static IP address, which I tried to enter on both the LAN and WAN interface. Can someone help me figure this out? Rick

Until very recently, WU was working for me, using a 98 first edition box. Today it didn't work. Using fix 1.21, tried the first option. Didn't work, even after reboot. 2nd option worked. IE6 is sitting on the update site now. What it's telling me doesn't make sense. It shows I need 7 critical updates. I've used Inctrl5 to record every install I've made on this box, including their updates. I have records of the installs of those updates. I've also installed several of the fixes and patches from MDGx, including the U891711. 891711 is one of the patches WU claims I need. I can only assume that either WU is wrong about my PC, or some of the unofficial patches remove the official ones and I don't need them anyway. When I'm ready for a headache, I'll try to sort that mess out. In the mean time, I'll capture copies of their updates. One question. If a user has his PC up to date on patches, what purpose does it serve to make WU usable when they're not releasing anything new for my OS? For users who work with multiple PCs or who are constantly reinstalling the OS for experimental purposes, why not save copies of each patch or update for later use? Rick BTW, tried the zip file link. Works, contains 3 files, 2 text one exe, which works. U asked for a 3rd party 2 check it.

IMO, 98 can be made more secure than the newer windows versions, and not just because it's isn't being targeted. It can also be done at little or no cost. To effectively secure 98/ME, the user or administrator needs to address a few key items. Control over traffic in and out of the PC. Control over the content of traffic that is allowed, filtering. Control over processes, what is allowed to run and their activities. Control over user activities. Traffic control on 98 is easier to accomplish than it is on XP. Most if not all of the system components of Win98 can be denied internet access with no ill effects. There are no unnecessary services opening ports that need to be disabled. If there's no server software running, all of the ports on a 98 box can be closed by system configuration. On PCs that need to be able to receive incoming traffic, it can be limited to IPs that are necessary. Kerio 2.1.5 is a light rule based firewall that's very effective and works well on 98. Content control of the allowed traffic can remove much of the malicious web content. Filtering apps like Proxomitron can be tailored to block most any undesirable web content. Proxomitron works with all browsers. While other browsers like Firefox, Sea Monkey, and Opera are more secure as installed, all can benefit from tighter settings. IE6 is extremely unsecured as installed but can greatly improved by proper configuration. That said, I've found 98 to be much more stable and reliable when another browser is used. On every 98 box I've worked with, prolonged use of IE6 will eventually drain the systems resources until it becomes unstable and crashes or forces a reboot. Controlling processes and their activities is central to securing 98. The policy editor on the 98 install CD (not installed by default) can be used to restrict both system and users, but its ability to control processes is weak, and is easily defeated. A separate application firewall or HIPS does a much better job at controlling processes and their activities. While many of the HIPS and application firewalls don't run on DOS based systems, one of the best does. The free version of System Safety Monitor runs very well on 98 and is quite light. SSM is most suitable for PCs that are finished, equipped the way the user or administrator wants them. It's not a good choice for the casual or novice user. In the hands of a knowlegable user or administrator, it's extremely effective. It enables the user to set the parent-child dependencies for each allowed process independently and can effectively prevent many potential vulnerabilities from being exploited. By preventing all but the whitelisted processes from running and controlling their activities, SSM can effectively replace the resident AV. Control over users and their activities has always been a weak point on DOS based systems. This can be largely offset using the same tools and software that controls processes. Both the policy editor and SSM can be configured with separate rulesets and settings for each user. SSM also has a window filter module that will serve effectively as user or parental control program. One of the most overlooked security tools on 98 is DOS. DOS can perform tasks and supply services that require separate software to accomplish on XP. A couple of batch files can be used to secure the registry, core system files, autostart folders, etc. They're outlined here. They will need to be edited to match the system they're used on. Combined, these form the core of an effective lightweight security package for DOS based systems. The firewall of your choice can be substituted. Try to avoid using a security suite, especially one with a HIPS component on 98. Most are too heavy of a load for the older hardware. I'm not aware of an effective substitute for SSM that runs on 98 and is lightweight. Add an AV scanner of your choice. If desired, add a script monitoring program like Script Sentry and file/folder monitoring software. Top it off with a solid system backup utility. 98 systems are usually small enough to fit on 1 or 2 CDRWs if the users data is stored separately. Then sit back and watch the XP users repeatedly scrambling to get patches for vulnerabilities, many of which 98 isn't vulnerable to. Regarding the FAT32 vs NTFS security debate, IMO any security increase that can be attributed to the NTFS file system is more than offset by the ability to hide malicious files, processes, and registry data in it with rootkits. Regarding its alleged superior stability, 98 can be very stable. Much of the time, instability on 98 units is due to a lack of system resources. It's partially because the PCs that came with 98 installed didn't have a lot to start with and partially because apps like IE6 don't use it efficiently. Properly equipped and configured, 98 boxes are very stable. Mine runs 24/7 with no problems. Rick

does anyone know of another test page for this exploit besides ZERTs? The test page has no effect on my 98 box with either IE6 or Sea Monkey and all filtering disabled. I have 891711 installed but not running. Rick

This link didn't work the other day, but is working now. Just checked it with 98 first edition, no problems. Rick

This is a switch. A forum with a Windows 98 section that actually gets posted in more than once a month. Maybe the thread title should be "Why not continue to use Windows9X?" I haven't found any reason to switch to anything newer, save the Linux distro that's also installed on this old box. My reasons for not switching or "upgrading": My 98 box is stable. Runs 24/7 with no problems. It's fast, even on low power systems. On good hardware, it screams! It performs all the tasks I ask of it. Much less bloat. It isn't vulnerable to many of the exploits and pests that take down the newer "more secure" operating systems. I can perform multiple tasks using less resources that XP can even run on. I have full access to all system files without interference from Windows. It's easier to stop "calling home" and other forms of "babysitting-ware". No DRM problems. No validation issues. I can deny the operating system internet access with no ill effects. No "services" trying to connect out. I don't have to worry about kernel rootkits There's more than enough freeware and Open Source software available to cover all my needs. Developers do tend to underestimate the old DOS based systems. Fortunately, a few recognize it's potential and the fact that millions still use it, whether by choice or necessity, and chose to support these systems. I do a fair amount of beta testing with this old box too, primarily security software. Testing the early beta versions of System Safety Monitor was pure joy. As long as apps like SSM are available, 98 can be used very securely for whatever the user chooses to. That's pretty close to what's happening. Operating systems are becoming spyware. Windows has always had some spyware capabilities, but they're far worse than earlier versions. With 98, it was index.dat files and hidden history folders. Now it's ADS, DRM, and rootkits. Now consider Vista and M$ locking security-ware out of the kernel. It's already proven that they haven't actually secured the kernel, but they've made it illegal for security software (or users) to hook it. It wouldn't suprise me at all to find this is government ordered to allow for NSA snoopware under the guise of national security. Think about where that leads. Anyone who 'discovers" such an item in the kernel had to comit an illegal act to do so. Maybe I am paranoid, but the "official" answers to questions regarding kernel security don't hold up. It isn't so much Win98 that concerns them. It's DOS and its ability to access files free from interference from windows. Windows can't defend or hide files/processes when it isn't running. Why keep using 98? Because it runs good for me and I don't trust anything newer from M$. Besides, I can always boot to Linux. Rick