Jump to content

bristols

Member
 View Profile  See their activity

  • Posts

    485

  • Joined

  • Last visited

  • Donations

    0.00 USD 

  • Country

    United Kingdom

 Content Type 

Posts posted by bristols

    Application Proposal: XP Start Menu for 98

    in Windows 9x Member Projects

    Posted · Edited by bristols

    Personally speaking, if I had programming skills of any kind I would want to try to apply them to help keep 9x alive in other ways - by perhaps maintaining a 9x branch of Firefox, or Media Player Classic, or VLC Media Player, for example. It's nice that you're doing something - all power to you. But it's a shame, I think, that the point of your project is cosmetic, and not functional.

    0

    anybody using Firefox 2.0.0.22pre with 98?

    in Windows 9x/ME

    Posted · Edited by bristols

    Further to my earlier positive post: I have to report that I've found Flash movie/FLV playback in 2.0.0.22pre to be not as smooth as in the last official Firefox release. In 2.0.0.22pre, playback is somewhat jerky and choppy. This was the case with both a clean install of 2.0.0.22pre and Flash, and an installation of the 2.0.0.22pre after having uninstalled 2.0.0.20 (using the usual Firefox uninstall routine, which leaves Firefox plugins and settings intact). In this latter scenario, I also experienced errors that stopped the playback of FLV movies.

    Adobe Flash plugin version 9.0.159.

    Shockwave version 10.2.0.23.

    0

    PDF Reader Suggestions

    in Windows 9x/ME

    Posted · Edited by bristols

    [...] security is based upon having an infected PDF document (AFAIK), so one might have the foresight to not download just "any old PDF".

    While any information about staying clear of and protecting against compromised PDFs files is relevant (edit: and I welcome it!), it's beside the point of my question, strictly speaking. In other words, "it goes without saying".

    The big difference between Adobe and Foxit (failing) is the footprint. Also, any PDF created with a higher-than 6.x and opened with a lower version may give a warning but still opens. I still use (or have used) them both with no problem (Foxit gives me fits).

    Thanks for pointing these things out. They are indeed additional reasons for looking for an alternative to Adobe Reader.

    [...] this subject may have already been visited

    Probably it has. But I'm not sure that anyone has asked for a list of Adobe alternatives for 9x, and I'd nevertheless like to have an up-to-date one. Maybe others would too.

    0

    PDF Reader Suggestions

    in Windows 9x/ME

    Posted · Edited by bristols

    Post here the PDF Reader of your choice for Windows 9x.

    It is often said these days that more and more malware attacks 3rd-party applications, instead of the underlying OS. There have been a few notable vulnerabilities in Adobe Reader. Us 9x users of course cannot upgrade to the latest 'secure' release, so for this reason alone it makes sense to look for other solutions for reading PDFs.

    Right now, Adobe PDF Reader is at version 9. The last versions for 9x are (corrections welcome):

    Adobe Acrobat 5.1 [Windows 95 with IE5x]

    Adobe Acrobat 6.06 [Windows 98 FE, 98 SE, and ME]

    Foxit Reader 3 is at best problematic; at worst, doesn't work at all (version 2 was no good for me, with crippling GDI leaks on 98 SE). Foxit Software no longer supports 9x in its testing (thanks noguru). The latest version of Sumatra PDF is for Windows 2000 and above. We're running out of up-to-date options.

    So what do you use? Suggestions please.

    0

    Unofficial updates and modifications

    in Windows 9x/ME

    Posted · Edited by bristols

    More arguments? You give us zero :)

    Well... you're wrong. Below is an argument, in brief:

    Maybe MSFN is a good place to test malware out. If it gets past that relatively 'techie' audience, it's far more likely to thrive in the wild.

    I'm playing devils' advocate a bit here, as a means to asking a 'what if...?' question.

    As long as there is no real proof of any bad unofficial updates I simply have to assume that you are wrong. I don't have to proof or argument anything.
    You state something here so it's your job to come up with arguments and proof.

    It seems you're assuming that I'm making definitive statements about updates posted here. I made it clear that I'm not. Not making statements, but asking questions. No-one here is saying that you have to prove or argue for anything. Don't misunderstand me. I have no interest in scoring points, winning arguments, or combat for the sake of it. But I do want to ask some questions that I haven't seen asked. Questions I think should be asked, to explore some aspects of this community's efforts to keep 9x alive that haven't been much talked about. The whole point of me bothering to use my time to post here is that I want to 'keep 9x alive', and keep the efforts here strong by addressing any weak points in them. We may disagree on what the weak points are, of course, and you may not see the value of these questions. I'm not a programmer, and I'm not one of your wise men.

    Besides, programming something like Uberskin is really not the most efficient way to spread malware or compromise systems. There are less complex ways to do that. And a techie site like MSFN is the wrong place to look for malware victims right smile.gif
    A malware/virus will be targetting the XP/Vista machines, because that'll enable the malware/virus its maximum spread. We are less of a target than the Linux/Free BSD users, for the single reason that we're, by now, less than 1% of the total computer user community.
    IMO releasing the malicious code here would increase the chances of it being discovered. Many of the members here know how 9X systems work in far more detail than members elsewhere. They're much more likely to notice unusual activity. Some of us have some potent security setups in place that don't miss much.

    So, above are three arguments against the likelihood that any intentional malicious code is in the updates posted here.

    But to dream about scenarios of a deliberate spread is just ludicrous. :whistle:

    To state that there has been - or probably has been - a deliberate spread, without evidence to back this up, is ludicrous. However, to consider the possibility - while unlikely - is not.

    Again, don't misunderstand me. What I'm really asking is whether we should as a community be concerned at all from a security point of view - even just in theory - about the unofficial updates posted here.

    If we should be concerned, how should that concern translate into action? Maybe a list of guidelines for authors of patches, asking them to explain what patches are intended to do, give a detailed account about changes made to users' systems, provide assurances that the files included were tested by named anti-malware products, suggest any possible downsides to applying their patches (form a security and functionality point of view), and so on? I think a set of guidelines along these lines would have some value for our community. It may be of little use to the wise among you. But for the less knowledgeable, and for the paranoid, it could provide reassurance, and maybe increase their understanding of patches. The feedback from users to authors would likely be more useful if users had a better understanding of their work.

    To create a patch that works (unless one is so incredibly lucky that turning to a lottery ought to be much more profitable), one must be a knowledgeable programmer and/or reverser. It involves long hours of effort and dedication. And many more of plain bitter failure! :yes:
    An couple examples of my own. I posted a Screen saver that I was working on for myself. The 0.1 revision worked fine (used it since then with no problems), but when I did the 0.2 revision, it seemed to work fine for me. But when I played with it some more after I put it into the thread and realized that I wasn't detecting the screen coming back up right. Did I do it purposefully or negligently? Definitely not! In fact, I felt very bad that I turned the software out with such a problem. I think you'll find that with most if not all programmers when they turn out something that isn't working right.

    I can appreciate the (often thankless) painstaking, long hours of effort that goes into a programmer's work (I experience this myself sometimes). I don't mean to bash such folks. I applaud conscientious programmers. But however conscientious a programmer is, I'm not likely to install his or her product if he either can't or won't communicate to me what it is that I'm installing, and for what purpose. When it comes to installing anything, my default position is wariness. I need to be reassured somewhat as to the quality, effectiveness and reliability of the product before I'll even consider it. Any other evidence of the trustworthiness and intentions of the author is also massively persuasive.

    By adding these functions to 98, it's entirely possible that some of this malicious code will be able to run on 9X when it couldn't before. In this respect, malware is no different that any other software. KernelEX definitely will not cause 9X to be vulnerable to all the malware that XP has been hit with, but it will have an effect. There's no way to know how much effect unless you have a crew of programmers available that know how to reverse engineer malware and have an in depth understanding of both types of operating systems at a kernel level. Microsoft has plenty of programmers and they can't prevent vulnerabilities in their own products, and they have the source code. KernelEX would have to become a lot more popular before malware writers start looking to write exploit code for it, but the additional functions may allow some of it to work, at least partially, which could lead to some very unexpected behaviors. It's just a potential problem we need to be aware of, one that could become more significant as KernelEX grows. When you get right down to it, this wouldn't be a KernelEX problem. Being targeted by all kinds of malicious code is just reality for NT systems. Adding NT functions to 9X systems gives them some of the NT systems problems.

    Thanks Rick, for providing some clarity to exactly the kind of issues that I think need to be aired. Perhaps they have been already aired here already - please correct me if I'm wrong. But if so, I haven't seen it, and that's why I ask the questions. There are members here far better placed than I am to provide useful answers to the security-related questions that arise from a project like KernelEX.

    Perhaps some sort of test case can be devised to see if a function vulnerable in NT, introduced to 9x by KernelEX, can be exploited on a 9x system, where before KernelEX was installed that system was not vulnerable.

    The bare fact that you raise this question doesn't mean that there is any real danger.

    This goes without saying, clearly.

    Well, I'd better stop here. I guess I'm entering the ranting mode.

    No, please continue with the rant!

    0

    Unofficial updates and modifications

    in Windows 9x/ME

    Posted · Edited by bristols

    I have never questioned [Maximus Decim, MDGx, Gape, Sporific and Xeno86], if they do release something and it's faulty, they work to get it right.
    I think that there is no question whatsoever about the reliability of sources like MDGx and Tihiy.

    There is a distinction to be made between:

    • the reliability and intentions of those individuals who make unofficial patches
    • the patches themselves, including all files, modified or otherwise.

    Just for a moment, imagine that an unofficial patch was found to be 'compromised' in some way. It does not follow that the patch-maker intended it to be that way. It might be that the patch-maker has used files that are compromised, unknown to him/her - maybe because his/her own system is compromised. Also unintentionally, it might be that:

    ...creating a new vulnerability is possible, especially with KernelEX. It's difficult to determine what vulnerabilities may be created by the added functions. It's largely unexplored territory.

    Anyway, we can have some idea about the intentions of patch-makers, but can't really know for sure. It would help if we were all programmers with the time to study patches, or even if patch-makers went into more detail about their work (explaining for example how and why they made changes to a system file).

    The above point might seem a pedantic one. And yes:

    Unofficial updates are no different than user software, official patches, etc.
    Have you ever thought that in most of the official updates and upgrades the commercial interests of MS are logically the first, being your real needs the last?

    Yep, most any file could be 'compromised' to work in some way against users' interests, regardless of its origin - whether 'official' (like possible backdoors for example in Microsoft products), from a well-known vendor (like, say, Skype), or from a dedicated open-source project.

    Is it really any different with official updates? When WGA is passed as a security update, how are official updates better? As far as malicious code or backdoors that are deliberately inserted, I'd worry more about the official updates.

    One difference is that software produced by vendors like Microsoft, Skype, Mozilla, and, say, the VLC media player guys is under much more scrutiny and has much more testing by more (knowledgeable) users and contributors than patches posted here. The patches posted here do not have the same safeguard. How many people 'test' the updates posted here?

    @herbalist: I hear your concern about 'official' products, but I know of no evidence. Do you have any evidence to back up your suggestion that MS has inserted backdoors? And for what purpose? On the other hand, most of us believe that there is plenty of malware out there for which Microsoft can't reasonably be held responsible - although that could be a whole 'nother debate. Maybe MS has deliberately engineered Windows to be vulnerable, or is indirectly culpable via neglect? At least, I don't think MS is responsible for, say, the Sinowal/Torpig bank account-stealing trojan:

    http://www.theregister.co.uk/2008/10/31/si...l_trojan_heist/

    Again, I'm not suggesting that any MSFN member has anything to do with malicious software! I have little reason, no evidence, but most of all, no desire to believe it. But I do have reason to question what exactly any update I apply to my system does, and what it's for.

    What I am suggesting, at least, is that patch authors reveal more about the patches they release. I think they should assume that we want to know about exactly what we're installing, including any changes made to system files. Then, the more knowledgeable, curious and time-rich among us could check them out if they wanted to.

    This would mean more work for patch-makers. If there is any other reason why more detail can't be supplied, please let us know.

    Anything unofficial is at your own risk.
    There's some risk in every install, every patch, every update, no matter where it comes from.

    Understood. To make it clear: I have been a visitor to these forums for some time and have used many of the unofficial updates posted here. The 'risk' I'm trying to highlight is to do with security, rather than simply something that doesn't work.

    Besides, programming something like Uberskin is really not the most efficient way to spread malware or compromise systems. There are less complex ways to do that. And a techie site like MSFN is the wrong place to look for malware victims right :)

    Leaving the names of any update out of it, I can easily think of arguments against the ones you outline above. :( Maybe MSFN is a good place to test malware out. If it gets past that relatively 'techie' audience, it's far more likely to thrive in the wild.

    Please come back at me with more arguments - I'd like to be wrong about this.

    But what I don't like is that some "updates" are plugged by their makers without proper information about what the update does and how it must be installed. Advising someone to install your Polish update pack on a English windows is a sin but I've seen it happen.

    Totally agree. Even if the maker made an innocent mistake, he has done no good to the chances of his pack being installed by many people.

    Unofficial is unsupported offcourse. But some things must be clear before I will install it on my system. First I must be sure what the update is doing and why I should (not) have it. A list of changed files scores extra points. Second, system requirements/dependencies must be clear and also the (in)ability to uninstall.

    We have here the start of a possible set of criteria for the information that patch-makers should include with each patch, update pack or modification that they release. The more detail, the better.

    0

    Unofficial updates and modifications

    in Windows 9x/ME

    Posted

    Like just about everyone who visits these forums, I'm very grateful to all those folks who produce patches and modifications to extend the life of 9x. They've helped improve my computing life, no doubt.

    But a lot of trust and faith is involved in installing unofficial updates produced by individuals about whom, really, we know nothing - particularly when the updates include modified system files or files that modify system files.

    Many of the members here are not programmers, and would have little or no idea themselves about what exactly has been altered in a modified system file.

    I'm not suggesting that any person who has posted unofficial updates in these forums has, in doing so, malicious intentions - but it is a possibility. Perhaps more likely is the possibility that infected files might be unintentionally passed on to users through an unofficial patch, when a patch-maker's system is infected.

    Am I alone? Do you trust all the unofficial patches and modifications posted here 100%? If so, why?

    0

    Unofficial NT 4.0 patch for MS08-067

    in Windows 2000/2003/NT4

    Posted · Edited by bristols

    All very good information, but the poster asked about an unofficial patch.

    Read closely.

    So unless some customer has already asked for this (and actually gotten approval to have it built, and paid for it), then it would not exist.

    So, I did a quick search on the Patch Management Mailing List, and sure enough, there's a blurb about NT4 being vulnerable, and that a fix can be built for any customer who has a current Premier contract, and CSA and EHSA for NT4. I find no binaries (official or otherwise) listed anywhere on the searchable net.

    We have then, it seems, a different understanding of what "unofficial" means in this context. As far as I'm concerned, the channels you outline above for obtaining patches are not the only means of obtaining patches for systems no longer supported by Microsoft. The reason I say this is that, of course, Microsoft is not the sole source of patches for otherwise unsupported systems.

    Take the 9x community here for example. Members there regularly produce patches for 9x systems that are unofficial, insofar as they are derived from official MS patches not intended for 9x - from, say, an MS patch for Windows 2000. I think that it's with this kind of unofficial patch in mind that the poster asked the question (correct me if I'm wrong, Bleeder!).

    Anyway, more to the point: could anyone create an unofficial patch for NT4 based on, say, the MS Windows 2000 patch?

    0

    Unofficial NT 4.0 patch for MS08-067

    in Windows 2000/2003/NT4

    Posted

    If an organization wanted this to be patched for NT4, they would have to have a Custom Support Agreement (CSA) for NT4 with Microsoft, on top of having an Extended Hotfix Support Agreement (EHSA) with Microsoft for this platform as well. The only platforms that will receive a patch for a security issue are those in Mainstream or Extended support. NT4 exited Extended support on January 1, 2005 - therefore, ANY hotfixes (security OR bugfix) would need to be requested, and can only be requested by customers with the above 2 contracts added to their existing Premier support agreement with Microsoft.

    Considering Windows 2000 is vulnerable, it is highly likely NT4 is as well. If a customer wanted a patch to fix this (or any other security vulnerability found since January 2005), it would have to be requested by a customer covered under all 3 agreements (Premier Support contract, CSA, and EHSA). So unless some customer has already asked for this (and actually gotten approval to have it built, and paid for it), then it would not exist.

    All very good information, but the poster asked about an unofficial patch.

    0

    CD ripper

    in Windows 9x/ME

    Posted

    I agree with herbalist - sounds like you've got the unicode version.

    Meanwhile, have you tried to get your current version working by putting a copy of the file unicows.dll (the Microsoft Unicode Layer) into your CDex directory? Assuming you have the unicode layer already installed, you should find a copy in your System folder (usually c:\windows\system). Copy (don't move) it over, and let us know.

    0

    CD ripper

    in Windows 9x/ME

    Posted

    Sure. Many swear by Exact Audio Copy (EAC). I use CDex:

    http://cdexos.sourceforge.net/

    The non-unicode version 1.70 (Beta 2) for 9x works fine.

    It's very light, highly customisable, and works great with the LAME MP3 encoder version 3.98 (but not 3.98.2 it seems):

    http://www.free-codecs.com/download/Lame_Encoder.htm

    (close CDex if open, download the latest LAME .zip file, extract from it the file lame_enc.dll, and then use it to replace the lame_enc.dll file in your CDex program directory).

    If you install it with LAME 3.98, I recommend that you go to Options > Settings > Encoder and, under Quality, choose "preset fast extreme". Under VBR Quality, "VBR 0" is the highest.

    0

    98 FE + 98 SE + ME updates + patches + (hot)fixes

    in Pinned Topics regarding 9x/ME

    Posted · Edited by bristols

    SCR579X:

    http://www.mdgx.com/add.htm#MSE

    Reverted back to older JSCRIPT.DLL 5.7.0.20550 from WinXP SP2 Q933873 Fix because of JScript errors with newer JSCRIPT.DLL 5.7.0.18066:

    * Unofficial Windows 98/98 SP1/98 SE/ME Scripting Engines (MSE) 5.7 include: VBScript (VBS) 5.7, JScript (JS) 5.7, Windows Script Components (WSC), Windows Script Host (WSH) 5.7 + Windows Script Runtime (WSR) 5.7:

    http://msdn2.microsoft.com/en-us/library/ms950396.aspx

    Unofficial MSE 5.7 5.7.0.18066 + JSCRIPT.DLL 5.7.0.20550 for Windows 98/98 SP1/98 SE/ME [732 KB]:

    http://www.mdgx.com/files/SCR579X.EXE

    Requires MS IE 5.5 SP2 or newer already installed:

    http://www.mdgx.com/toy.htm#IEX

    I tried to install this newer SCR579X.EXE on a 98 SE computer that had JSCRIPT.DLL 5.7.0.16535 and received the following error messages:

    WSCRIPT.EXE file is linked to missing export Kernel32.dll:GetUserDefaultUILanguage

    then:

    Error creating process <C:\windows\system\wscript.exe -regserver> Reason: A device attached to the system is not functioning.

    then, back in Windows immediately after rebooting:

    Error 429, ActiveX component can't create object in INIAccess.Read_INI

    This is not the first time I've had problems with a SCR579X.EXE installation. To the unsuspecting Windows 98 SE user, I recommend that they stick to Javascript/MSE 5.6/SCR569X.EXE, and stay clear of MSE 5.7.

    [edited to correct pre-install JSCRIPT version number]

    0

    Last Versions of Software for Windows 98SE

    in Pinned Topics regarding 9x/ME

    Posted

    Adobe Flash Player

    Adobe Flash Player 9.0.124.0 is the last version available for 98/98 SE/ME. Flash Player 10 (e.g. version 10.0.12.36) requires Windows 2000 or higher:

    http://kb.adobe.com/selfservice/viewConten...1&sliceId=2

    Adobe Flash Player 9.0.124.0 for Internet Explorer (direct download link):

    http://download.macromedia.com/pub/flashpl...player_9_ax.exe

    Adobe Flash Player 9.0.124.0 for Mozilla, Opera, Non-IE, etc (direct download link):

    http://download.macromedia.com/pub/flashpl...sh_player_9.exe

    0

    98 FE + 98 SE + ME updates + patches + (hot)fixes

    in Pinned Topics regarding 9x/ME

    Posted

    CRYPTME has 128SC.DLL file! Remove it and any references to 128SC.DLL as it is NOT needed and outdated for WinME. Revise the CRYPTME.EXE patch. WinME has built-in 128bit SSL encryption for IE.
    You're right.

    SCHANNEL.DLL is ver 5.131.2133.2 on WinME.

    I took schannel.dll from WinME CD, renamed it to 128sc.dll and added it to cryptme.exe for completeness.

    * Unofficial Windows ME CRYPT32.DLL 5.131.2133.6, CRYPTDLG.DLL 5.00.1558.6072, CRYPTUI.DLL 5.131.2133.2, ENHSIG.DLL 5.00.1877.8, MSASN1.DLL 5.00.2195.6905, MSCAT32.DLL 5.131.2133.2, MSSIP32.DLL 5.131.2133.2, RSAENH.DLL 5.00.2133.2, SCHANNEL.DLL 5.131.2133.2, SOFTPUB.DLL 5.131.2133.2, WINTRUST.DLL 5.131.2133.2 + XENROLL.DLL 5.131.3659.0 128-bit SSL Encryption Security Vulnerability Fixes:

    http://www.microsoft.com/technet/security/...n/ms04-011.mspx

    Direct download [721 KB, English]:

    http://www.mdgx.com/files/CRYPTME.EXE

    Hi MDGx,

    I notice that you've also added 128sc.dll to your CRYPT9X.EXE package (intended for 98/98SE). But you have removed schannel.dll from it, too. Could you please explain the reasoning here? Do you intend for 128sc.dll to replace schannel.dll, for example?

    Just by way of comparison, Gape's USP3 installs schannel.dll.

    0

    NVidia drivers 82.69

    in Windows 9x/ME

    Posted

    And even if this driver would support Windows 95, please note that AGP is only supported by Windows 95C OSR 2.5 (OEM), not by original/retail/RTM/Gold/FE (First Edition) Windows 95 or by Windows 95a SP1 or by Windows 95B OSR 2.0/2.1.

    Hmm, thanks for the reply. At the moment I have Windows 95B OSR 2.0 OEM installed on an old test board (not the board I had in mind when I asked my original question), with all updates that I'm aware of installed (the USBUP, etc.). I thought that installing all updates for 95B OSR2.0 effectively turns it into 95C OSR 2.5 (even though System Properties still says 95B).

    I also have a (really awful) 8 MB SiS AGP card installed on this test board, with the last drivers for that card. Video playback using higher than 16-bit colour is horribly discoloured (a card/driver limitation, I think), but otherwise I have 24-bit colour and 1024x resolution, without problems.

    When I come to trying Win95 with a NVidia card, perhaps extracting the NVidia files as you mention and installing the card only after all other updates have been applied will work...

    If my mind is not too hazy, I believe the last that works on w95 out-of-the-box would be 61.76 but that was many moons ago the last I tested ... If I'm not mistaken above 66.94 has cpl api issues ...

    However, I do believe 82.69 will also work if we remove cpl modules ...

    Thanks PassingBy, very helpful. I will try 82.69 first, and then revert to 61.76 if any issues that arise are unresolvable.

    0

    My experience installing Windows 98SE

    in Windows 9x/ME

    Posted

    The Windows 95 VXD driver works fine on 98, whereas Via uses a .sys driver in the default installation that doesn't allow AGP acceleration. Choose the AGP 2.0 3.0 Compatible Driver if that's what your board has. If your motherboard has a 4X slot, that's the one. If only a 2X slot, you can use either driver but the plain Jane one without the 2.0, 3.0 support has better compatibility with older motherboards.

    Eck (and anyone else!), what's your opinion on using this Win95 VXD driver with an AGP 3.0-compliant 8x slot? The VIA board I have has a KT600 chipset, and the card I'll use with it is an NVidia GeForce FX 5500 (256 MB), probably with MDGx's unofficial NVidia drivers.

    0
×
×
  • Create New...