Jump to content

What next after Lavasoft/Grisoft drop support for 98 S.E


Recommended Posts


98 runs very well with an alternate browser. Using one eliminates a very large part of the entry points used by malware, leaving bad decisions by the user as its worst vulnerability. Even if IE6 and the alternate browsers were equal in security, the alternate browsers are usually faster, more user friendly, and don't waste resources like IE6 does.

AVs are going to be a problem for 98 users who want to use one. Of those still supporting 98, several are dropping it very soon. Instead of relying on a dwindling number of AVs, consider using the opposite approach to securing your 98 system. Whitelist the user applications and your systems executables, then block everything else. A default-deny security policy enforced by system configuration and a few good apps does better than any AV, and leaves you with a much faster system. An interesting read regarding AVs and security in general. http://www.ranum.com/security/computer_sec...ditorials/dumb/

I've been using a combination of Kerio 2.1.5, SSM free, and Proxomitron to protect my 98 box for a couple years, no AV installed. It has never failed to protect me, which is more than I can say for the AVs I've used.

Firewalls are another story. There's several that work good on 98. My favorite is Kerio 2.1.5. It's no longer supported but is very effective and lightweight. A software firewall might not be an absolute necessity if you've closed the NETBIOS ports, the only ones open on a default 98 system, but being able to control inbound and outbound traffic on a per application basis not only improves your security, it can actually speed up your connection slightly. With dialup, the difference can be very noticable.

As for the leaktests, using them to compare and promote one firewall over another is a gross disservice to users. The entire concept is flawed. How well a firewall performs with them depends largely on the rules in place. Leaktests favor features over configuration, suites over separate components, and are used heavily to push firewalls with HIPS components. Few if any of them will run on 98. Leaktests should be treated as configuration aids, not advertizing tools. If you're really worried about passing leaktests, combine a rule based firewall and a separate HIPS, block Internet Explorer, and you'll pass them all, at least all the ones that run on 98.

The common opinion, one promoted by M$, hardware vendors, and the big name security companies is that 98 is too insecure and unsupported to use on the net. This forum is a rare and welcome exception to that planned obsolescense mentality. With a few good apps and a user who will say "NO" to the unknown, 98 can be made equally as secure or more so than XP.

Rick

Link to comment
Share on other sites

> 98 runs very well with an alternate browser.

And it runs very well with IE6, and in some cases (like booking air travel) you need to use IE6.

I find too many web sites that are not rendered correctly with Firefox, for example.

ALL browsers are affected by system-level file associations and file handling or parsing. The application of the "innoculation" feature by Spybot SD and Spyware blaster protects both IE and Firefox (and maybe other browsers) from the same threats. So too does a hosts file, and so too does the use of the most updated JRE.

Active-X is perfectly safe if a few simple settings are changed, and that is exactly what Spybot does to IE.

> leaving bad decisions by the user as its worst vulnerability.

The characterization that the user is usually responsible for web-based malware intrusion is wrong. There is DNS poisoning and server-farm hijacking that can result in infection that has nothing to do with the judgement of the user.

> AVs are going to be a problem for 98 users who want to use one.

The use of older versions of NAV (Norton Anti Virus) - say, the 2001 and 2002 versions, make a suitable AV solution for win-98. Those older versions will update themselves with the latest scan engine DLL and definition files via the LiveUpdate feature. In addition, simple un-install and re-install them to gain another year of free updating. While NAV is universally recognized as being bloat-ware, that is only true of versions 2003 and newer. Another option is Symantec Corporate AV (versions 8, 9 and maybe 10). That package runs on win-98, and does not expire.

In general, I am not a big advocate of AV software since quite a lot of malware these days are polymorphic (fast-flux) and most AV packages (even Kaspersky) doesn't always detect them. In addition, most AV does not do a good job (possibly ANY job) of removal.

The use of a firewall on a win-98 system is also stupid and a waste of resources.

Win-98 was never vulnerable to network intrusion the way win-2k and XP were. The most effective, efficient way to block unsolicited incoming attempts is to use a NAT-router between your broad-band modem and your computer.

As for un-authorized out-going attempts, such an attempt would have to require that your system is already infected with something, and most likely that something will have already turned off your software firewall anyways, so again the usefullness of a software firewall is pretty close to zero.

> I've been using a combination of Kerio 2.1.5, SSM free, and Proxomitron

> to protect my 98 box for a couple years,

Then you are foolish.

> It has never failed to protect me

Win-98 doesn't need protecting from unsolicited incoming requests. In other words, win-98 doesn't need the protection of a firewall UNLESS you've enabled file-sharing on TCP/IP.

> The common opinion, one promoted by M$, hardware vendors, and

> the big name security companies is that 98 is too insecure and

> unsupported to use on the net.

The big con with that argument is that M$ and IT people are really talking about desktop or login security (the ability to turn on a computer and access it's files or use it to access the network connected to it). They say that Win-9x is insecure, but that's what they really mean. It means they can't control who is using the computer. Naturally, home and SOHO users are not concerned with that type of security, but the popular or tech-press doesn't differentiate between login security and internet security.

I've operated an office with about a dozen win-98 systems (and some win-nt and win-2k systems) each with their own unique IP address, all of them directly facing the internet with NO firewall. That was between mid-2000 to late-2005. Guess what -> none of the win-98 systems ever had a network-based trojan or worm infect them, while the same couldn't be said for the NT and 2K machines.

> This forum is a rare and welcome exception to that

> planned obsolescense mentality.

And I suggest that more people here also participate in the win-98 usenet newsgroups (microsoft.public.win98.*) because quite frankly usenet is easier to use than these web-based forums.

Link to comment
Share on other sites

> > The threat caused by IE6 when running win-98 is heavily over-rated.

> > I have no fear running win-98 and IE6.

> > I also run:

> > - Adaware

> > - Spybot SD (browser innoculation)

> > - Spyware Blaster (browser innoculation)

> > - a good hosts file

>

> You just defeated your own argument.

No I didn't.

I wouldn't run Firefox either without innoculating it with Spyware Blaster and also use a hosts file.

Link to comment
Share on other sites

> I don't think outgoing firewalls are useless and far from it.

They are more of a nuisance for the average user and the only real use for "power" users is to monitor what their software is doing on their box.

Almost all malware these days are designed to deactivate software firewalls (and AV software) or even modify them to make it look like they're still running.

> Jetico 1.1.

> On my machine it blocked several 0-Days trojans

> that got dropped in my system while I was browsing with IE.

Obviously you didn't lock down your IE properly, or your JRE.

> It would be foolish to believe 98 systems are not at risk

Win-98 has vulnerabilities because of the integration with IE (and those vulnerabilities don't go away just because you're using another browser like Firefox). But while the vulnerability exists, the exploit code probably won't function properly on win-98 like it was designed to do.

> AFX Rootkit 2003 which is a user mode rootkit (running in ring3)

Yea, but win-9x doesn't run Ring3.

> and 9xRX which is a kernel mode rootkit (running in ring0).

Archphase posted 9xrx a year ago so it's very new, and most probably nobody will use it.

Link to comment
Share on other sites

> 98 runs very well with an alternate browser.

And it runs very well with IE6, and in some cases (like booking air travel) you need to use IE6.

It runs fine until it uses up your resources and forces you to reboot. The only pages I've had any problems with are those using ActiveX. Outside of MSN, they've been very few.

> leaving bad decisions by the user as its worst vulnerability.

The characterization that the user is usually responsible for web-based malware intrusion is wrong. There is DNS poisoning and server-farm hijacking that can result in infection that has nothing to do with the judgement of the user.

Yes, there are attack vectors that don't involve user interaction, but they are not responsible for the majority of the compromised PCs. The vast majority of infections are caused by something the user chose to install, open or click on. The next most common sources are weak Internet Explorer settings (and users who run it with those out of the box settings) and browser exploits, specifically IE6. Yes, there's other ways to infect a system, but the user and IE6 are responsible for most of the problem.

The use of older versions of NAV (Norton Anti Virus) - say, the 2001 and 2002 versions, make a suitable AV solution for win-98.

A five year old AV, Norton of all things, then tell me that I'm the one being foolish? That AV uses more disk space and resources than my entire security package combined. The last virus I've had was one allowed by the exact AV you suggest, and it was up to date. Every infection and system compromise I've experienced happened while using Norton products. Never again will anything Norton be used on any PC I own or maintain.

Win-98 doesn't need protecting from unsolicited incoming requests. In other words, win-98 doesn't need the protection of a firewall UNLESS you've enabled file-sharing on TCP/IP.

I mentioned that when I said to close the NETBIOS ports. Aside from that, 98 itself might not need firewall protection but the installed apps do.

As for un-authorized out-going attempts, such an attempt would have to require that your system is already infected with something, and most likely that something will have already turned off your software firewall anyways, so again the usefullness of a software firewall is pretty close to zero.

Most of that malware doesn't run on 9X systems. On a PC with a default-deny policy enforced in the manner I suggested, malware doesn't run, period. If it can't run, it can't infect you.

Win-98 has vulnerabilities because of the integration with IE (and those vulnerabilities don't go away just because you're using another browser like Firefox). But while the vulnerability exists, the exploit code probably won't function properly on win-98 like it was designed to do.

Then you do admit that IE is responsible for most of 98s vulnerabilities. In all fairness, most of the recent exploits involving IE6 do nothing to a 98box. With the next one, who knows? Getting rid of IE gets rid of most of the vulnerabilities in a 9X box. If a user wants or "needs" IE, they should at least tighten up its settings. Ideally, they should run it thru Proxomitron and filter out the unwanted content.

The big con with that argument is that M$ and IT people are really talking about desktop or login security (the ability to turn on a computer and access it's files or use it to access the network connected to it). They say that Win-9x is insecure, but that's what they really mean. It means they can't control who is using the computer.

Out of the box, 98 did little to control who uses it. That can be largely fixed too. The NT systems are better at user control, but that came with a whole new set of vulnerabilities to external attacks and the ability to hide files and infective processes from the OS and the user, the rootkit. A very bad trade.

As for the leaktests, using them to compare and promote one firewall over another is a gross disservice to users. The entire concept is flawed.
How flawed is that :

It starts with how these tests are treated. The users chooses to start them and expects the software to contain them. Their responses to the security prompts are influenced by the fact that they know it's a test, such as allowing the initial process but blocking the hook it tries to set, then thinking they passed the test. The test never ran. If that "test" was a piece of malware bundled into an install, they'd probably have allowed the hook as part of the normal install process and be owned by someone. Responses to alerts don't reflect real life behavior because the user knows it's a test. Using the pcaudit2 leaktest as an example, most users will allow the process then block the hook. All that does is test if their firewall or separate HIPS will block a hook when they tell it to. On most systems, if the hook is allowed, the system will fail the test. The site leads the user to believe that they failed the test because their firewall allows the hooks. Their firewalls actually fail because loopback connections aren't properly controlled, poorly configured. The result is an emphasis on hook control features, aka HIPS over properly written firewall rules and system configuration. The user needs a better firewall instead of learning to configure the one they have. That is flawed. Look at his results. Only the newest "Pro" versions do well. My system passes that test and most of the ones that apply to 9X with an old firewall, Kerio 2.1.5 and SSM shut down. I don't agree with his reasoning that application control should be part of the firewall. IMO, both traffic and application control are important enough that they should be controlled separately to reduce the risk of common vulnerabilities taking down both at once. On a combined package, one piece of vulnerable code is enough to make that possible.

Rick

Edited by herbalist
Link to comment
Share on other sites

> > The threat caused by IE6 when running win-98 is heavily over-rated.

> > I have no fear running win-98 and IE6.

> > I also run:

> > - Adaware

> > - Spybot SD (browser innoculation)

> > - Spyware Blaster (browser innoculation)

> > - a good hosts file

>

> You just defeated your own argument.

No I didn't.

I wouldn't run Firefox either without innoculating it with Spyware Blaster and also use a hosts file.

Yes, you did. You said running IE6 was not a serious threat, and then you present the use of software to mitigate threats by IE6.

Firefox is generally safe from threats. At least if you disable plug-ins, because those have their own sandbox that Firefox can't do anything about.

Link to comment
Share on other sites

I have been researching a/v for 98se.

AVAST claim support using their older version and currently say threat lists will continue. (wrong name corrected!)

ClamWin (opensource) and its parent ClamAV look good BUT have NO ACTIVE SCANNING.

I'm still looking for other alternatives.

For firewall I've had a lot of goodluck with Sygate - which Symantec bought and destroyed. You can still download it if you search for it.

Win98SE is fine up to 512Mb - using it here with no special settings. Its best to have windows updated (official or a service pack from here). Above 512Mb you can edge up to higher figures (approx 768 enabled) but you have to set a few obscure settings or install fixes to stop win98 confusing itself.

The strongest advice is to use a whitelist program that stops unapproved executables running at all. This stops all but script/browser based attacks. I've been steered towards SSM. Have yet to try it. I have a similar thread running at WildersSecurity which had generated a mixture of useful advice and typical win98 derision. None of the detractors offered to buy me a better PC though - I did ask :whistle: - or explained how to overcome the 20% loss of processing power each windows revision would cost me.

Edited by KevinR
Link to comment
Share on other sites

There are still tons of software titles that run just fine on Windows 98 or ME.

My advise concerning a bi-directional firewall is probably an over-simplification of the matter:

"Keep your PC clean of malware and you won't need a BI-Directional Firewall."

Then every time you install or upgrade a program, go into MSCONFIG and make sure that the program didn't install a TSR to do automatic updates or otherwise access there web site on the internet.

If you find a new TSR there, shut if OFF.

Keeping a system clean, lean and mean isn't rocket science, but it does require a modicum of effort and persistence.

Merry Christmas Everyone!

Andromeda43 B)

Link to comment
Share on other sites

And it runs very well with IE6, and in some cases (like booking air travel) you need to use IE6.

I find too many web sites that are not rendered correctly with Firefox, for example.

Mozilla Site Evangelism

What to do if you have problems with a Site

Frankly, my own Windows 95 installation runs well without IE at all!

Active-X is perfectly safe if a few simple settings are changed, and that is exactly what Spybot does to IE.

ActiveX by design gives websites full control over access to your computer. That alone is enough to make it unacceptable IMO.

The characterization that the user is usually responsible for web-based malware intrusion is wrong. There is DNS poisoning and server-farm hijacking that can result in infection that has nothing to do with the judgement of the user.

Not that they aren't relevant, but I'd say those problems lay chiefly in the server side.

In general, I am not a big advocate of AV software...

Frankly, I agree on that note: I put more trust in my own two eyes and computer knowledge than software packages from defending myself against viruses and malware. I sometimes keep a copy of AVG on hand to scan isolated download files, etc., but the tests always come up dry.

Windows 9x is indeed more resistant to network intrusion by design than NT/2000/XP, given its lack of open ports with processes running.

The big con with that argument is that M$ and IT people are really talking about desktop or login security (the ability to turn on a computer and access it's files or use it to access the network connected to it). They say that Win-9x is insecure, but that's what they really mean. It means they can't control who is using the computer. Naturally, home and SOHO users are not concerned with that type of security, but the popular or tech-press doesn't differentiate between login security and internet security.

I get tired of the popularly-touted "insecurity" spiels myself. The "additional security" that Windows NT/2000/XP/Vista provide on that note consists largely of user-account and password schemes that for a single-user computer constitute inconvenience, not security.

And I suggest that more people here also participate in the win-98 usenet newsgroups (microsoft.public.win98.*) because quite frankly usenet is easier to use than these web-based forums.

If I found Usenet easier to use than web-based forums (which I don't), I'd be posting there instead of here.

Edited by Andrew T.
Link to comment
Share on other sites

And I suggest that more people here also participate in the win-98 usenet newsgroups (microsoft.public.win98.*) because quite frankly usenet is easier to use than these web-based forums.

If I found Usenet easier to use than web-based forums (which I don't), I'd be posting there instead of here.

Agreed! :thumbup usenet had its moment, way back when. I should know, for I'm on the net since BITNET. Now, nobody even remembers it. One must go where the people are, like it or not. And web-based forums are way better than usenet news, same as search engines like google just show how difficult life was in gopher's times. You can be resistant to change, and BTW, so am I, but that doesn't mean CP/M rules, because it doesn't :whistle:

Link to comment
Share on other sites

And I suggest that more people here also participate in the win-98 usenet newsgroups (microsoft.public.win98.*) because quite frankly usenet is easier to use than these web-based forums.

If I found Usenet easier to use than web-based forums (which I don't), I'd be posting there instead of here.

Microsoft Windows 98 usenet Newsgroups on the web :whistle: ?

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...