Nomen

> KB2670838 is only required when installing either IE10 or IE11, not IE9. > plus there's KB2834140, which provides a fix for KB2670838. My Win-7 SP1 install image (created with RT7) I believe currently contains both 2670838 and 2834140. Because my install image also includes IE 11, you're saying I can remove 2670838 and keep 2834140 - yes? > KB2670838 is no longer "evil" - it was only evil when installed on laptops > with hybrid or switchable amd/intel or nvidia/intel graphics adapters using > outdated graphics drivers. The Dell laptop that I use for my test platform does indeed have both Intel and Nvidia graphics adapters, and I'm pretty sure that my win-7 install image has the most recent Nvidia / Dell drivers. > to answer pointertovoid's question about servicing stack updates, > install either KB3020369 or KB3177467 servicing stack update first > before any other update. I see that my install image does have 3020369, and not 3177467. I find that windows-update queries seem to complete just fine, taking maybe a few minutes.

Opera 2.12 and the 20-byte phantom "default" file Sometimes while browsing sites with Opera 12.02, and often on msfn, I click on a link and Opera asks me what I want to do with file "default" (20 bytes). I can either open it, or save it, or just cancel. When I save it, I end up with a zero-byte file. A recent example: I had a notification that someone replied to one of my posts. The URL for the reply was this: www .msfn .org/board/topic/176709-win7-post-sp1-patches/?do=findComment&comment=1139680 When I click on the URL, or if I right-click and copy the URL and try to open it in a new tab, Opera does the same thing - tells me that I've got to choose what to do with file "default - 20 bytes". The same thing happens immediately after I post something. The post obviously goes through regardless if I download this phantom default file or if I tell Opera to cancel. Any ideas what's causing this? I can open the URL with FF 2.0.0.20 for what that's worth, without FF seeing or asking me about this "default" file, and in it's own fractured way will display the page.

So here's the story. I created my reference Win-7 install image on Aug 30, 2016 (using RT7). As of that date, after sitting back and watch it install itself on my reference system (complete with drivers, all .net updates, the install of IE10 and it's updates), I tell it to do a windows-update check and all I get (for Important Updates) are a handful of KB's I don't want. OK, so far so good. It's got everthing I want it to have, and nothing I don't want. Fast forward 8 months. I do another update check a few days ago. Remember, at this point, I've not downloaded *anything* from WindowsUpdate on the reference system. As of yesterday, WU is offering me (in terms of Important Updates) these: KB4019264 2017-05 Security Monthly Quality Rollup for Windows 7 for x86-based Systems (KB4019264) KB3124275 Cumulative Security Update for Internet Explorer 10 for Windows 7 (KB3124275) KB4019112 May, 2017 Security and Quality Rollup for .NET Framework on Windows 7 (KB4019112) KB3042058 Security Update for Windows 7 (KB3042058) KB3086255 Security Update for Windows 7 (KB3086255) KB3138612 Update for Windows 7 (KB3138612) (there's also a windows defender update, and maybe IE11, but let's ignore that for now) Lets look at the last 3. They are in my Bad book, so my system doesn't have them, WU says I should have them. Patrion/Simplix update package also thinks they're good, and they have them. That's nice - I'll continue to pass on them. So there's a .net update (4019112) and apparently there's a vulnerability patch associated with this (CVE-2017-0248). So even though WU is offering 4019112 to me (win-7 SP1 Ultimate 32-bit) the following KB's are all tied together some how as a solution for that CVE: KB4016871 KB4019108 KB4019109 KB4019110 KB4019111 KB4019112 KB4019113 KB4019114 KB4019115 KB4019472 KB4019473 KB4019474 https://www.catalog.update.microsoft.com/Search.aspx?q=KB4019112 Not sure if the one for me is the 104.9 mb one or not. Doesn't say x86. But it's huge. Can I trust it? Has MS implanted any telemetry or other junk in Important .net updates? Patrion/Simplix is not showing this .net kb BTW. Next we have KB3124275. Always the same kb number for IE10 updates. Why is that? Same question - can IE updates be trusted? Lastly we have KB4019264. Simplix has this. The x86 version is 100 mb. Now there's about 30 CVE numbers that came down the pipe, for which the following KB's address: KB4016871 KB4018196 KB4018556 KB4018821 KB4018885 KB4018927 KB4019149 KB4019204 KB4019206 KB4019213 KB4019214 KB4019215 KB4019216 KB4019263 KB4019264 KB4019472 KB4019473 KB4019474 Note that 4019262 is just one of many. 4019262 is a monthly roll-up. Do we know how to de-construct or pick apart these roll-ups? Are all those others also rollups? See here for details: https://www.qualys.com/research/security-alerts/2017-05-09/microsoft/

Ok, here's a writeup of the KB's that I've assembled for my win-7 SP1 installation image, the kb's that I've seen mention in various forums as being "bad", and what I've found in the patreon/simplix UpdatePack7R2-17.5.15 and how it compares with my stuff. From what I can tell, the patreon list would want to add 33 kb's to my August/2016 set of KB's, and of those 33, 14 are on my "bad" list, 9 I already had (as part of my 800+ repository of msu files as of Aug/2016), and 10 I didn't have (but have now). Of those 10, I think maybe 6 are "new" since Aug 2016. Not many for the 8-month stretch of time we're talking about here. win-7 kb info.txt

Here's a better link, to the creator of the update pack, written in English: https://www.patreon.com/simplix Website: http://update7.simplix.info or auto-translate in English The UpdatePack7R2-17.5.15.exe is a self-extracting 7-zip archive, some 654 MB in size. I've downloaded the torrent and verified the SHA-256 hash. It is current to 2017-05-15. I will be checking the contents tomorrow against where I left off my updating last year. From the included excel spreadsheet: ============ The following updates are undesirable and excluded: KB971033- x86-x64 (Update for Windows Activation Validation Technologies) KB2952664- x86-x64 (System Compatibility Update for upgrading to Windows 10) KB2977759- x86-x64 (Diagnostics of compatibility problems for switching to Windows 10) KB3021917- x86-x64 (System Diagnostics and Telemetry for the transition to Windows 10) KB3035583- x86-x64 (Update installs the "Get Windows 10" application) KB3068708- x86-x64 (Update for quality improvement and telemetry diagnostics) KB3075249- x86-x64 (Update adds telemetry points to the file consent.exe) KB3080149- x86-x64 (Update for CEIP program and telemetry diagnostics) KB3081954- x86-x64 (Update to improve working folders and telemetry) KB3123862- x86-x64 (Updated features for upgrading to Windows 10) KB3139923- x86-x64 (Update adds telemetry points to the file consent.exe) KB3150513- x86-x64 (Updated Configurations for Compatibility Diagnostics) KB3161608- x86-x64 (Update adds telemetry points to the file consent.exe) KB3163589- x86-x64 (The message about work under the control of the out-of-date Windows version) KB3172605- x86-x64 (Update adds telemetry points to the file consent.exe) KB3173040- x86-x64 (Update expiration notice for Windows 10) ========== Of the above, 3161608, 3163589 and 3173040 are new additions to my list of 90-odd "bad" Win-7 KB updates. All the others are already on my bad list.

I would like to know if 9x/me is vulnerable. The details to the EternalBlue SMB vulnerability is here: https://packetstormsecurity.com/files/142548/ms17_010_eternalblue.rb.txt A short but very technical explanation is here: https://security.stackexchange.com/questions/159654/how-does-the-eternalblue-exploit-work If someone can compile an executable (that can run on XP/7) that probes the local lan (or be pointed to a specific lan IP where a win-9x machine is operating) and can display a basic pass/fail message to indicate if the target machine was exploitable (or cause the target machine to do something lame, like start the calculator app) then I'd be willing to test it.

It does seem that nobody here, or at least no group here, is actively managing any sort of KB update list for win-7. Picking apart the monthly roll-ups, providing direct download links to individual updates/patches, etc. Is anyone doing that over at sevenforums? I was somewhat deep into doing that last year, and had a tweaked set of .MSU files (no telemetry, no MS spyware, no win-10 nagware) that I rolled into a win-7 sp1 ultimate 32-bit install image using RT7. It was up-to-date as of August 2016 and on the 1 machine I've used it on, I haven't done any updating on that system (hardly use it). Since MS went to monthly roll-ups, I really don't know if the roll-up package can be "un-packaged" to reveal individual .MSU files so that I (we) can continue to pick and choose which ones to install. So I've kindof lost interest in the whole thing. I have a couple of nice laptops (Dell Latitude E6230) that I bought as retail re-furbs (something like $250 each) and they came with win-10, and my plan is to create a custom win-7 install image for them (including all drivers, updates, etc) and blow away the win-10 crap that's on it (take the drive out and slave it to another system to format it). So if there's a list of *useful* .msu files released since Aug 2016 (and a way to get them) then I'd like to know. (I'll probably install XP on these dells first, on a FAT32 partition because I really like running XP from FAT32, then make it dual-boot with 7. Triple-boot actually because the FAT32 would have DOS too).

I'm not that familiar with the inner workings of Win-7. Is the "Malware Protection Engine" an optional component? Is it a service (that can be turned off / deactivated / uninstalled) ? It just proved itself to be more trouble than it's worth. "The flaw allowed attackers to access mpengine by sending emails to users (reading the email or opening attachments is not necessary), having them visit links in a web browser, or through instant messaging. The vulnerability allows remote code execution if the Microsoft Malware Protection Engine scans a specially crafted file. " Wow. Microsoft's Motto: If it works, it's not complicated enough. ------------- Over the weekend, two of Google’s Project Zero security researchers announced that they had discovered a "crazy bad" Windows exploit, describing it as the "worst in recent memory." Project Zero gives firms 90 days to fix such discoveries, but Microsoft swiftly jumped on this problem, and just two days later has come up with a fix. The Project Zero team explains that the problem was found with Microsoft's Malware Protection service, MsMpEng. Vulnerabilities in MsMpEng are among the most severe in Windows, due to the "privilege, accessibility, and ubiquity of the service." The flaw allowed attackers to access mpengine by sending emails to users (reading the email or opening attachments is not necessary), having them visit links in a web browser, or through instant messaging. The Security Update for Microsoft Malware Protection Engine, detailed in Security Advisory 4022344, fixes the issue. Microsoft explains: The update addresses a vulnerability that could allow remote code execution if the Microsoft Malware Protection Engine scans a specially crafted file. An attacker who successfully exploited this vulnerability could execute arbitrary code in the security context of the LocalSystem account and take control of the system. The fix, for Windows 7, 8.1, RT and 10, is available now via Windows Update. https://betanews.com/2017/05/09/microsoft-fixes-crazy-bad-windows-vulnerability/

My trick of turning a link like this: https://www.youtube.com/watch?v=wUcdb6xHybo Into this: https://www.youtube.com/v/wUcdb6xHybo for playback on FF2 has recently sometimes not worked for some video's. I still get a full-screen preview frame and all player controls are there, but when I hit play I get a screen full of static with the message "watch this video on youtube. Playback on other websites has been disabled by the video owner". Which is strange, since I am playing it on youtube. Same thing happens on Opera 12.02 (but I can play the original un-modified video URL on Opera 12.02). So if anyone knows why the modified URL is causing youtube to throw this error message and refuse to play the video, let me know...

MrMateczko said: > I love 98SE, but even I think it's high time not to > bother with web browsers for 98SE at all. My office and home PC are both win-98, running on a intel 845 chipset with P4 socket 478, about 2.5 ghz with 1 gb ram and nvidia 6200 AGP 256 mb video card. It's normal to have several browsers open, multiple tabs on each, outlook 2000 running in the background for email, an old dlink IP-view program monitoring 1 or 2 ip cameras (doing motion-detection on them). Last few days I was doing that and running utorrent (downloading those french emails (several gb worth) that were hacked - lots of .eml files that I click on and voila - Outlook express opens and displays them perfectly!). > it's probably not powerful enough to run modern YouTube/Facebook I tend to look down on anyone who includes Faecebook as part of their lives. I've never had it, joined it, touched it. Then again I don't own a cell phone either (I'll take my computer with a full size keyboard, monitor, OS and file system that's under my full control). > Unless you're doing another ASRock motherboard Socket 775 > 98SE overkill build. Then maybe it is powerful enough, Sorry, but the ancient P4 2+ ghz socket 478 with at least 512 mb ram is perfectly good at surfing any web site these days, and rendering youtube video. Be it win-98 or XP. Now maybe win-7+ needs more horsepower...

Secunia.org (don't know if they're still around) kept track of security advisories on dozens if not hundreds of hardware and software products. They would rank the advisories in terms of critical (or not) and vendor-patched (or not). For win-98, they listed something like 37 advisories up until EOL in 2006, with none of them rising to the top-critical level, and I think maybe 1 of them un-patched. For XP, by the same time in 2006, it was well over 200 advisories, many were critical, and some of those were unpatched. Remember that many win-98 systems were still in-use and on-line in 2006, and it would have been a common OS during for home and soho use during the early years of the mainstream internet (1999 - 2004) and more importantly with direct IP connectivity (very little NAT-routing being used during those years). But it wasn't until XP began to replace 98/ME in home and SOHO situations that trojanized XP machines is what enabled spam to take off during 2004 - because win-98 systems were far less vulnerable to being trojanized (not because they were "obscure" during those years). Win-2k machines were also a favorite (and easy) target between 2000 - 2004, regardless that again there were probably far more win-9x/me systems still in use and on-line during that time. Microsoft would inflate the tendency for people to think that win-9x/me was equally vulnerable as 2K or XP to a given CVE or exploit because they would often list 9x/me in their security bulletin as being one of the affected platforms but when you drill down into the bulletin details you'd find no mention at all of 9x/me. Win98/me got the rap for being unstable because of the pathetic systems they were being installed on at the time. When having 128 mb of ram was a big deal, and they spent most of the time thrashing the hard drive with virtual memory access and dealing with buggy video drivers for the new AGP bus.

When you read about the capabilities of the CIA malware packages and what they can do on "modern" versions of windoze: https://wikileaks.org/vault7/releases/ It's clear that the NT-line of Windoze has become less trustworthy as its internal complexity grows and access to it's internal workings are being cut-off from users regardless what permissions or authority they have on the system. I wouldn't trust a win-8 or win-10 system further than I could throw it. I honestly don't know why anyone who is keeping up on current events would doubt that there more holes (intentional and otherwise) in these OS's than we can imagine, and the fullness of time (and wikileaks) will no doubt reveal.

> Vulnerable to being decrypted by a third party somewhere between your browser and the server you connect to Assuming we're not talking about MIM situation, I simply don't see how a "bad guy" can gain access to the telecom or networking equipment in the path between me and my bank to be able to monitor the data. Regarding the ciphers, would the server I'm connecting to (ie - my bank) choose an insecure cipher in the first place to conduct the session? Or am I assuming that all IT / web admins everywhere are sufficiently up on things to configure their websites to use / not use certain ciphers?

Just to add (I can't edit my previous post because I can't find the "save" button using Opera 12.02) I see that Opera 12.02 has SSL3, TLS 1, TLS 1.1 and TLS 1.2 (I have all enabled). There are about 2 dozen SSL3/TLS1 ciphers that can be individually enabled/disabled (all mine are enabled). I want max flexibility to connect to a website, so I enable everything. Isin't the choice of protocol up to the website anyways? > There are 7 vulnerable TLS protocols in Opera 12.02. Do you mean ciphers, or protocols? Like I said above, I see only 4 protocols. If I can add more, tell me how.

> There are 7 vulnerable TLS protocols in Opera 12.02. Vulnerable to what? How does a vulnerable TLS protocol lead to remote comprimise / control of my PC? What if my PC is on ethernet (not wifi) and is wired all the way to my modem and out of my house?

Regarding Netsurf: I just downloaded and installed it. Didn't seem to run right-off-the-bat, so I re-started just to be sure. Using Kex default setting, running Netsurf I get this: netsurf.exe is linked to missing export KERNEL32.DLL:VerSetConditionMask Changing Netsurf Kex setting to Win-Me gives same error. Changing to Win-2k or XP gives a small window with Title "Warning" and the message is simply "CSSBase". Click OK. Netsurf browser window is on-screen, but no page-area is rendered. Menu options can be selected (File, Edit, etc) but no surfing is possible.

> Yieks! That can't be too secure. I have an older relative that I set up a win-7 system for (Zotac Zbox). Created a win-7 install image using RT7 and rolled in a bunch of MS updates. So it was a pretty tweaked system. Office 2010 (has gmail account which is accessed via outlook 2010). I forget which version of FF. A few days ago she was doing on-line banking (TD I think) and got an on-screen message claiming to be from Microsoft, saying something about her computer, wanting her to dial a certain phone number. She freaked and pulled the power-bar cord out of the wall (which naturally shut down everything, cable modem, VOIP adapter, router, PC, monitor, etc). So when you tell me that doing on-line banking with Opera 12.02 on a win-98 system is risky, I think about stuff like this that my poor old aunt gets from time to time and I would LOVE to get this on my win-98 PC so I can have a detailed look at the browser cache files, use cctask to see if anything new is running, and just generally figure out what URL triggered what server to put up this or that message. Truth is, I think for any win-7, win-8 or win-10 PC, using any of those to do on-line banking is more risky vs win-98. Those stupid browser exploits that are being discovered every day just plain fall flat on their face if they hit a win-98 box with an old browser.

> See to me, there is ABSOLUTELY NO up to date browser that works on Win9x. > By that I mean one that can render HTML5 and do banking. I use Opera 12.02 on this win-98 pc to do on-line banking. I just did a bill payment on TD not 5 minutes ago in fact. I do the same on RBC also.

From the "older is better / more secure but they won't tell you that" department: --------------- This Phishing Attack is Almost Impossible to Detect On Chrome, Firefox and Opera http://thehackernews.com/2017/04/unicode-Punycode-phishing-attack.html ---------------- Firefox 2 renders the example URL (as displayed in the location bar) as this: https://www.xn--80ak6aa92e.com/ Opera 12.02 renders the URL as a not-quite-right looking apple.com (looks like appie.com).

Just doing a bit of searching and there was a Biostar PT880 Pro-A7 board with VT8237R and the specs say SATA-1. So it must be the S version of the 8237 that can do SATA-2? The Biostar board has DDR + DDR2, PCIe +AGP, but (and get this) it has AC-97 audio (Realtek ALC-655) so this means there are win-98 drivers for sound - yes? RAM limited to 2 gb. I don't see this board on ebay at the moment. Something I found out about the 8237S from wikipedia: "The SATA-II feature of VT8237S is limited to 300 MB/S Data Transfer Rate bearing no NCQ functionality."

This is the board I have: http://www.asrock.com/mb/via/4coredual-vsta/ 4core dual-vsta. So it's not the dual-core VSTA you mentioned in your previous post. Yes, it is SATA-1. If the 4core dual-sata has a SATA-2 controller, explain how because I thought the sata controller was in the chipset and I thought both boards have the same chipset (PT880 / VT8237A). If the dual-sata has SATA-2 controller, and there are win-98 drivers for it, then that's going to be the only sata-2 controller I know with win-98 drivers.

> What's wrong with VIA-Chipsets? Ruthan said he's never gotten a PCIe video card to work on VIA-chipset boards (or at least the Asrock 4coreDual boards, specifically the VSTA which I have). Aside: What's the difference between the dual-VSTA and dual-SATA anyways?

First thing: As a result of fooling around with swapping the Q8200 core2 cpu with a xeon cpu (had to mod the bios to do that) and disabling the on-board IDE controller in the bios, XP decided that it needed to re-validate itself, which I got a chuckle from and I did do the re-validation and checked using XPinfo.exe and I'm back to full-power valid state. The board is now running with an E5450 ($25 from ebay). Second thing: Intel ICH10 2-channel and 4-channel SATA controllers now show up in device manager in the hard drive controller tree, in the same branch as the ide controller devices (which still show up despite having disabled the IDE controller in BIOS?). In XP, do SATA controllers show up under a separate branch in device manager, like they do in win-98 (typically or always as "SCSI" controller) ? Third thing: BIOS is still set to IDE-mode because XP fails to start when set to AHCI (a blue-screen with some text flashes briefly during XP-spash-screen before the screen goes black). But (as I said above) SATA controller shows up in device manager as "present and working" so I don't know how both of those things can happen at the same time. My primary question now is -> what sort of utility program can I run to know exactly if the drive is being controlled under a "SATA" paradigm or an IDE paradigm? Device manager does not explicitly give that information (it does not say which controller the drive is connected to) but a thought just occurred to me - there are different device-views in device manager and I haven't tried them all yet...

775i915PL-SATA2 ? 915 chipset has win-98 drivers? Too bad it's not DDR-2. Even though there *appears* to be many boards, the reality is different. The search results show many boards that don't show win-98 in the actual page. Besides the 915-based boards, I see AMD SiS756 based boards. And it seems all of them are DDR, perhaps DDR 400 at that. And they all have HD-Audio, so you're not gaining anything there because there will not be HD-audio drivers for win-98 (has anyone checked the driver download for the 775i915PL-SATA2 ?) Funny how it looks like SATA-2 in the model name, but is actually SATA-1 controller. And there are win-98 SATA drivers for the 915? I thought the 875 was the last Intel chipset to have Win-98 SATA drivers. Even if there are win-98 drivers for the 915PL (including SATA, USB and LAN controllers) I don't see the point in getting these boards over a socket-478 board unless they have DDR-2. Fully-functional PCIe is a good thing, but for win-98 it's not going to out-perform AGP so the DDR vs DDR2 thing becomes more relevant. Having win98 sound drivers for the 915PL would, however, tilt this in favor of the 915. Show me a non-Via chipset board with socket 775 and DDR-2, with win-98 drivers for LAN, SATA, USB, PCIe bridge, not necessarily having audio driver. Or show me the same except without PCIe slot but with AGP slot. I'm not familar with AMD CPU's of the same vintage and performance of the Intel 478/775 models and the level of win-98 driver support for such AMD-based boards. Maybe there are some?

> > > PCI-E cards work fine under 98SE > > > > Based on what I'm reading here about video cards, I just bought these off e-bay: > > BFG Tech GeForce 7950GT DirectX 9 256MB PCI Express x16 ($30) > > BFG Tech GeForce 7900GS DirectX 9 256MB PCI Express x16 ($28) > > Will use one or the other on an Asrock 4-Core DUAL-VSTA > > I had this board and i have failed to make Geforce 7600 PCI-E running Nice to find that out now. > PCI-E cards work fine under 98SE Tell me - what motherboard with PCIe has decent win-98 driver support?