98Guy

I'm trying to use Netcat (version 1.11 for NT - nc111nt.zip) to monitor a pop-3 login session on the local machine and either nc.exe doesn't run properly on win-98 or I'm not using it correctly. The command I'm using is -v -l -p 110 I've changed the pop server setting to 127.0.0.1 and have also used 192.168.1.6 (same machine). When the e-mail client does a check for mail, the Netcat window indicates that a connection has been made, and in that window I type + (then enter) but I don't think the e-mail client is seeing it. When I try a telnet connection to port 110, again the Netcat windows says that a connection has been made, but nothing I type in the netcat window appears in the telnet window, and vice-versa. Any ideas?

Besides the mania surrounding the claims that "you must run a firewall" on your win-98 system, there is the hysteria that you "shouldn't use IE". Don't get bent out of shape over it. Any win-98 system IS NOT COMPLETE unless it has a functional and up to date version of IE6. There will be times when you need to purchase something over the internet, like plane tickets, and you will need to use IE6. If it makes you feel better, install and use Firefox for general browsing (what-ever version still works on win-98 - I'm using firefox because IE6 is badly broken on the system I'm using at the moment and will not even start for some reason). Bottom line is that the torrent of web-based exploits that surfaced 1 to 2 years ago have faded as the holes were plugged, and many or most of them didn't work at all (or didn't work coherently) on win-98/IE6 systems anyways.

ARP poisoning attacks are rare and I doubt very much that the typical home or SOHO user will ever experience them. It is only a threat on a local LAN, so there is no threat directly from the internet. There are monitoring programs (WinARPWatch.exe) that can monitor a LAN and the ARP cache. So while it is true that win-98 does not really keep a static ARP entry as static (and NT4 was this way too) you can monitor the ARP cache for changes. I would bet that some routers, switches or other network appliances can detect ARP spoofing and block specific MAC addresses. The thing with ARP poisoning is that it's mostly a way to collect information transiting through a LAN (or cause lan DOS). I think it would be hard to use arp-spoofing to install malware on a clean system on the lan. ARP spoofing has been know for at least 5 years, yet it really doesn't register as an intrinsic threat to most users today (home and SOHO users anyways). In larger organizations (that have REAL lans) I'm thinking that their network routers and switches can detect and neutralize ARP spoofing.

Just to answer your question more directly, a software firewall won't prevent your system from getting infected - at least not by the first stage of a multi-stage infection. If the firewall works as advertized, it will (a) tell you that an unauthorized process is attempting to communicate with the outside world, and (b) it will prevent the download of any secondary or second-stage payload. Again, this is assuming that the primary payload hasn't deactivated the firewall (and also hasn't deactivated your AV software) in the first place. Your best bet at preventing infection is as follows: a) harden or "innoculate" your browsers by using something like spybot or spyware blaster b) obtain a third-party hosts file (I use MVPS hosts file) c) run a real-time registry monitoring program d) either disable java, or always install the most recent JRE version (AND UN-INSTALL THE OLD VERSION). e) hard-code your DNS server setting (DNS spoofing is becoming more common). f) if your OS is windows 98, then make sure it's updated to the best extent possible. g) if you download any file (audio, movie, software, etc) and you have doubts about the security of the file (and the file is less than a few mb in size) then upload it to virustotal.com and have it analyzed before you open or run it. Note that AV or firewall software is not on the above list at all. I think that AV software is almost as useless as firewall software.

Your taking a chance though bud,my firewall blocks many port scans,etc.... Your letting them scan and who knows if and when they may try something!Win98se is one of the BEST os's out there and one mustnt do foolish things (Just in case) If he has a NAT-router, then he won't be exposed to any port scans. And also note the following: Windows 98 has practically no vulnerabilities to port scans or network worms anyways. If you turn file and printer sharing off (which is the default setting) then I know of no such vulnerability - period. Windows 2K, and (I believe) also XP-gold and XP-sp1 were legendary at being vulnerable to infection simply by having a working internet connection (no user intervention, no web browsing or e-mail reading required). Win-9x was never that vulnerable.

If your DSL or cable modem has more than 1 LAN port (ie if you can connect more than 1 computer into it via RJ45 jacks) then it has a built-in NAT-router. Or if you have a separate router between your modem and your PC (or PC's) then you have a NAT-router. Yes, a NAT-router will function as a MORE EFFICIENT in-bound firewall than any firewall software you install on your PC. And unlike your software firewall, your NAT-router can't be deactivated or bypassed by any malware or trojan that has infected your PC. What a NAT-router can't do is perform *out-bound* fire-walling. But that particular function is useless as a protective method because it doesn't keep malware from getting into your PC, it only prevents malware from contacting the outside world once it's already installed itself. But even in that case, it's well known that many different types of viruses and trojans attempt to deactivate your software firewall (or find ways around it) so that the malware can contact the outside world without you knowing about it anyways. What most people here use their software firewall for is to prevent certain software (trusted software that the users obtained and installed for one reason or another) to prevent that software from communicating to the outside world on it's own. Those people have a fundamental opposition to any software that performs automated communication or data transfer to an external host and use a software firewall to prevent that communication. Those people consider that sort of "unauthorized" communication as being a security issue, hence that's why they are insistent that a software firewall should be a standard item on any PC that's connected to the internet. To the extent that that sort of communication really is a "security" issue, vs an ideological issue, is debatable.

I have just read your link. I think I will repeat some of my tests at some point soon. The /Z switch is useless - it won't let you specify anything other than the default cluster-size for a given volume size. As for software, I've used the OnTrack clone software that's been re-branded for use on Seagate and Samsung hard drives. For example: http://www.seagate.com/www/en-us/support/d...oads/discwizard Or the Samsung version HUTIL (ver.1.21)

You've got a lot of experience with software and hardware. You probably should have done a little more research into the Dell. Sounds like you could have built your own system from scratch. If so, then you could have chosen a motherboard like the Asrock Dual or Quad-core VSTA (which runs win-98 just fine on SATA drives). To answer your question, the last Intel chipset to have win-98 support was probably the 875 (which I think was ICH 5). ICH-6 is the 910 to 925 chipset, and ICH-7 is 945 and higher. The 82801 is an old chip (dates to ICH-2) but perhaps the "G" version is recent (ICH-7?). In any case, this page claims to offer a win-98 driver for it: http://www.bioticaindia.com/intel-82801g-ich7.html Or try this one: http://www.software.com/downloads/drivers-...CB-1121634.html In Win-98, if you can install the correct SATA driver, then it will appear in device manager as a SCSI controller. But in the system's BIOS you must first configure the SATA drives as RAID, not IDE.

This is not a flame war. This is just a clarification. It's a popular myth that FAT-32 *requires* the cluster size to increase on large volumes (resulting in inefficient storage for small files). I'm pointing out that for win-98, and especially for NT-based OS's like 2K and XP, that they can work with pretty much any cluster-size (even 512 bytes) on FAT-32 volumes (regardless of volume size). That you must use (readily available) tools other than from Micro$oft to prepare and format the volumes in that way is a secondary issue, and has no bearing on the merits or capabilities of the FAT-32 file system.

Yes - besides the NAP service, the white paper really doesn't mention how a system with SP3 differs from SP2 going forward. This part is interesting: ------------------- As in Windows Server 2003 SP2 and Windows Vista, users can now complete operating system installation without providing a product key during a full, integrated installation of Windows XP SP3. The operating system will prompt the user for a product key later as part of Genuine Advantage. As with previous service packs, no product key is requested or required when installing Windows XP SP3 using the update package available through Microsoft Update. This update affects only new operating system installations from integrated source media. This update affects the installation media only and is not a change to how activation works in Windows XP ------------------- I take it that the above pertains to installing XP from a CD that has SP3 rolled into it (something that I bet few people have experienced). If so, then how does that work? How long can the installation operate without requiring WPA? ----------------- The operating system will prompt the user for a product key later as part of Genuine Advantage. ----------------- What is the trigger for WGA in that case?

Note that the behavior of cluster-size increasing along with volume-size is NOT a necessary characteristic of FAT (at least not FAT-32). There is nothing in the FAT-32 spec that demands that cluster-size increase as volumes get larger. That phenomena is a characteristic of Microsoft format.com utility, which enforces a rule that tries to prevent cluster-counts from exceeding 2 million on any given volume, and will scale up the cluster size to enforce that rule. I've used third-party drive and partition software to create FAT-32 volumes as large as 500 gb, with 4 kb cluster size (same size as NTFS) and have installed and run Win-98se on such volumes. While it is true that some software (scandskw, defrag, norton utilities) can't handle volumes with "larger than normal" cluster-counts, their limits are generally several times higher than the default 2 million, and win-98 itself has no problems when the cluster count rises from 2 million into the 10, 20, even 40 million number.

Please explain what you mean when you say that Win-9x runs "on top of DOS-X". Win-98 is invoked from DOS. It does not "run on top of" DOS. Win-98 uses the FAT-32 file system. FAT-32 does not equal DOS.

If I keep an installation of XP pro (sp2) fully updated and patched, then what is the difference between that and SP3? I thought that SP3 was (at the time of it's release) just a roll-up of various SP2 patches. No? I also heard some claims back when SP3 was in beta that SP3 system performance was 5 to 10% faster than current SP2. Are the previously-claimed performance benefits of SP3 true? Do they still hold? Were they bogus? If there are differences in important system files between fully updated SP2 and current SP3 versions, then what files are we talking about, and what are the differences? For example, has DRM been strengthened in SP3?

Totally stupid to run without a firewall!!Anyone can get in if you dont have one!! (Why chance it with something as good as 98/98se?) Firewall software is completely useless and not necessary on Windows 98 unless you are really anal and want to control how various *trusted* apps or services connect (or not) to the internet by themselves. If you have a NAT router between your PC and modem (or if your modem has more than 1 LAN port) then you have defacto in-bound firewalling (not that win-98 really needs inbound firewalling, unlike win 2K or XP). A firewall will not prevent your system from being infected by a virus or trojan, and it's most likely that in the event of an infection, your precious firewall would be deactivated anyways. Also, you're far more likely to encounter DNS poisoning, especially if you don't hard-code your DNS server settings (but this is more of a threat for laptop PC's that connect to public hot-spots, hotels lan's, etc).

> Sygate Personal Firewall Pro works very well in Windows 9x. Firewall = useless waste of CPU cycles > Office XP worked well too. What are the benefits or extra capabilities of Office XP vs Office 2K ? > Norton Partition Magic 8.0 I wouldn't think that a rarely-used drive configuration / volume preparation tool like PM was part of what the OP of this thread had in mind when it was started. My impression is that the "key software recommendations" were along the lines of software that's used every day (ie the reason you have a computer in the first place). > IrfanView An alternate image-viewing program is Microsoft Photo Editor 3.01: Based upon HALO Desktop Imager Copyright 1991-1998 Media Cybernetics LP File name: photoed.exe File date: July 10, 2001 File version: 20010710 File size: 760 kb Microsoft Photo Editor ships with Microsoft Office 97 and the stand-alone versions of Microsoft Word 97 and Microsoft PowerPoint 97. Microsoft Photo Editor is installed when you perform a custom or complete installation from the CD. It does not ship with the stand-alone versions of Microsoft Excel 97, Microsoft Access 97, or as part of the Microsoft Office 97 ValuPack. Microsoft has replaced Photo Editor with Microsoft Office Picture Manager, a new photo editing and cataloging program in Office 2007 and in Office 2003. I believe the one I have was installed as part of Office 2K. But it can also be downloaded from here: http://www.brothersoft.com/microsoft-photo...tor-128651.html

It is available for system builders but I haven't seen a consumer version.The last time I bought a System Builder copy of XP (about a month ago) it was still the "2002" version, SP2. It was not SP3.

Why was it moved? Who moved it? This was specifically a win-98 discussion about firewall software. Moving it to a non-win-98-centric forum has the effect of watering it down and introducing tangents. > > A software firewall's in-bound filtering is exactly comparable to a > > hardware device's in-bound filtering in terms of scope and function. > > If you have a NAT router, then half the capability or functionality > > of a software firewall (in-bound fire-walling) has been rendered > > irrelavent and useless and nothing more than a drain on system > > resources. > Not true. While both can be configured to permit inbound traffic > on a specific port, using a specific protocol, and coming from a > specific IP address or range, only the software firewall can allow > it for a specific application and not the rest of the applications > and system components on the PC. Give me an example of opening up a *specific port* on a router for inbound connections, aimed directly at a specific machine on the local lan, where that open port will pose a risk to that specific machine because a specific app on that machine can't be isolated as the only app that should receive connections on that port. In other words, if I am running an app that expects unsolicited inbound connections on a certain port, and if I enable that port on my router to pass those unsolicited connections through to the machine in question, then what are the odds that some future piece of malware will be running on the machine and also be expecting unsolicited inbound connections *on the same port* ? That is the *only* situation where a NAT router is different than a software firewall. The overwhelming majority of people with nat-routers never configure them to allow unsolicited inbound connections anyways because they never have any reason to do so. I still say that the inbound firewalling that a NAT-router does is exactly equivalent to what a software firewall does, and that if you already have a NAT-router then half of the functionality of a software firewall will never be used, but that half will still be present and will be degrading system performance. And I still say that the other half of what a software firewall does (out-bound filtering) is one of the most useless things that can be running (on a win-98 system) in the name of system security.

I believe that MS will (at the end of January 2009) stop taking orders for XP OEM CD's (system builder edition). No doubt it will still be available from distributors for a few months after that until they run out. Does anyone know if MS will (or has) rolled up SP3 into that system-builder CD, or will XP end it's days as only being available from MS as an SP2 CD, with SP3 being an additional patch that is applied later?

> A software firewalls primary duty is controlling traffic, not keeping > malware off of your system. I said exactly that in my previous post, except that I made a distinction between in-bound and out-bound fire-walling. In-bound fire-walling _will_ keep malware off your system (network worms) but the degree to which your system is vulnerable to them will depend mainly on what OS you're running. > If a software firewall is detecting unexpected outbound traffic, > then the rest of the security package or the user has failed > to protect the system. I said exactly that. > Hardware firewalls which includes routers, and software firewalls > fill different roles. Hardware firewalls can only control traffic on a > global level. A software firewall can control traffic for individual > applications. A software firewall's in-bound filtering is exactly comparable to a hardware device's in-bound filtering in terms of scope and function. If you have a NAT router, then half the capability or functionality of a software firewall (in-bound fire-walling) has been rendered irrelavent and useless and nothing more than a drain on system resources. > Some call that being a control freak. I call internet access control > a necessary part of my security policy. You just admitted that a software firewall is not part of a system's security infrastructure, because it doesn't directly detect the presence of malware or keep it off a system. So it's not really part of a system's security infrastructure. How many times has it alerted you (or anyone else reading this) to suspicious activity that you later discovered was malware related (viral, trojan, etc) ?? You also disregard the fact that software firewalls (like AV software) are usually deactivated by active malware that has just infected a system. You might consider the automatic contact that certain trusted software makes with the outside world to be a security issue (MS WGA or other checks, Adobe, Quicktime, Java update checks, etc) but it's nothing more than micro-management of the system and has nothing at all to do with security. This thread started with the question "What firewall do you use in Win9x". A better question would have been "why do you use a firewall with Win9x". I bet many people think that firewall software is as much a normal or necessary part of a (win-98) system as AV software is, which is naturally not correct by a long shot.

You bought the wrong motherboard. Any board with VIA PT880 Pro/Ultra Chipset will function well with Win-98. That motherboard uses the VIA VT8237A SATA raid controller, for which there are windows 98 drivers available. That board has both an AGP and PCIe slot. I still can't see how you got the video card to work (presumably at something higher than 640 x 480) without a functioning motherboard chipset driver installed.

> > How did you get a PCI express video card to work under win-98? > Using the tweaked nvidia driver you can find on this forum. > > Where did you find win-98 drivers for the chipset? > I only found drivers for the builtin network card I don't get it. Unless you have a win-98 chipset driver, I wouldn't think that you'd be able to install anything in the AGP or PCIe slot and get it to work.

If you are running (or if you want to run) a dual-boot system (Win-98 and 2k/XP) and want full access to all volumes using both OS's, the answer is simple: Format all volumes using FAT-32, and then install 2K/XP on the fat-32 volume of your choice. This gives you that added benefit of being able to boot DOS from a floppy or your win-98 volume and then access all files on the 2k/XP volume. It lets you boot win-98 and perform an AV scan on your 2K/XP volume. NTFS is crap. There is no practical need for it for the home or SOHO user. The 4-gb file size limit is rarely encountered by most people. You can use On-track Disk Manager to prepare a FAT-32 volume using any cluster-size you want (I use 4 kb size regardless the size of the volume). Using a SATA drive configured in the bios as raid-controlled, win-98 has no problem with volume size of up to 500 gb (no 137 gb problem). Raid driver availability will depend on your motherboard.

If I have "hidden" kb095474 when performing manual updates, will XP still try to download it if I fully enable automatic updates? Can I fool XP into thinking that it downloaded and installed kb095474 (windows genuine advantage notification) so that if automatic updates are fully enabled then it will not download it? Perhaps by installing certain modified files that I might be able to find on the net? Or changing/adding registry entries? Bonus question: Why did MS re-use the same kb number 095474 for the recent WGA notification tool as it used for the same tool 2 years ago?

If you've got a SATA hard drive, and it's larger than 128 gb, then in the BIOS settings you should have it controlled by your motherboard's raid controller, and NOT have it appear as a legacy IDE drive. Then in Win-98, install the appropriate raid driver (hopefully there will be a win-98 raid driver). The raid controller will appear in device manager as a SCSI controller. How did you get a PCI express video card to work under win-98? Where did you find win-98 drivers for the chipset?

Windows 98 doesn't need a firewall. I've never known anyone running a firewall (9x, 2K, XP, etc) that's ever had their firewall alert them of any real malware threat. If you're running a firewall, it's mainly because you are a control freak and want to prevent various third-party accessories, utilities, etc (adobe, flash, quicktime) even m$ software from "phoning home". That's ok, if you want to preoccupy yourself with petty stuff like that, but a software firewall isin't going to really give a win-98 system any protection from malware. To keep junk like port scans and intrusion attempts off your local home or SOHO lan, you use a NAT router. Once you've got that, your software firewall won't see any incoming unsolicited attempts. And your software firewall won't keep malware OFF your system. if your software firewall tells you that there's some unauthorized outgoing attempts, then your system has already been hacked, and you're lucky your software firewall is telling you because odds are the malware will deactivate your firewall anyways (along with your AV software).