8 years after, Newbie Ain't Desperate Anymore

[Herry_D]

Hi, I need a lot of help. The only computers I have used are at library's. I just got a

very old one that had no hard drive but it did have a CD of Windows 98 SE. I know from

surfing around that the first thing I have to do is put in a firewall (ZoneAlarm free??)

and then get all of the updates. After that the usual anti-virus, trojan killer, ad killer,

etc.... But what I don't know is where to go and what to download and in what order to

install the 98 SE updates.

Also, exactly where can I find all of the updates put out since

Microsoft stopped doing it that will bring 98 SE's security up to date?

Also, should I stay with Internet Explorer 5 or use 6 or just use Firefox?

Thanks for any help you can be.

[Monroe]

Hi ...

Go to this "sister" forum dealing with Win 98SE and you will find all your updates there for Win 98SE plus extras.

... http://www.msfn.org/board/Windows-9x-Member-Project-f91.html ....

Look on Page 2 for this update by Maximus Decim ....

.... Maximus Decim Cumulative Update ver.3.05 (New!) .... inside that update is a list of what to put on your machine step by step after you freshly install Win 98SE. ... then look for

... Maximus Decim InternetExplorer 6.0sp1 Component Update 2.4 .... on Page 1 ... that will be on the list as one of the updates ....

I use Zone Alarm v4.5.594 with Win 98SE ... it works very well and later versions seem to be resource hogs and more than you need, that version is a good, simple firewall .... you can find that version on Google or at Zone Alarm itself .... get that first update and follow his (Maximus Decim) instructions and steps .... you can find almost everything else on that list at this site.

... http://www.mdgx.com/add.htm#HHU ...........

duffy98

Edited October 25, 2008 by duffy98

[98Guy]

> ... the first thing I have to do is put in a firewall (ZoneAlarm free??)

Software firewalls are useless, especially for win-98.

If your ADSL or cable modem is NOT also a NAT-router, then get yourself a hardware NAT-router (can be had for as little as $30) and put it between your modem and your PC. Let the router do the firewalling.

Software firewalls are a PITA and it's well known that malware will try, and likely will succeed, in turning off your software firewall. Your software firewall will not PREVENT your PC from becoming infected by malware. What it *might* do is prevent the malware from communicating to the outside world (ie communicate with the bot-master).

> After that the usual anti-virus, trojan killer,

After years of using AV software (I still use NAV 2002 and if I care I will manually download the latest Symantec Intelligent Updater) but I've never been infected and I've visited some pretty weird sites. Some times I've gone out of my way to follow spam links just to get malware samples to investigate. The polymorphic viruses that were circulating a year or two ago pretty much made most AV software useless. And truth is, when an AV software alerts you to something, the problem is that they don't remove it for you and leave you in more of a panic than it's worth.

> ad killer,

Yea, a hosts file is good - probably the single most effective way to keep malware off your system. I use the MVPS hosts file. The browser innoculation features of Spybot SD and Spyware Blaster is useful.

Something to consider is a real-time registry monitor that can detect changes to important registry keys caused by malware. Moosoft's "The Cleaner" has this feature.

> Also, exactly where can I find all of the updates put out since

> Microsoft stopped doing it that will bring 98 SE's security up to date?

Fact is, Win-98 se (out of the box) is / was WAY more secure (internet secure) than win-2k or XP was (XP up until SP2, some might argue even until today).

> Also, should I stay with Internet Explorer 5 or use 6 or just use Firefox?

If you want to do anything *really useful* with your PC, like on-line banking, or buy stuff on-line like airplane tickets, then you will almost certainly need the most updated version of IE6. There's no harm in having both IE6 and Firefox and switching between them as needed.

[Sfor]

I know from

surfing around that the first thing I have to do is put in a firewall (ZoneAlarm free??)

and then get all of the updates.

It is true for the NT based systems. Since the Windows 98 does not have server type of services (as NT based windows do), all you really have to do is to patch the browser and E-Mail client.

The simplest solution is to use Firefox or Opera.

If you do want to use IE, then yes. You have to patch a lot. The hardware router as a firewall could be a nice addition, but it is not necesary.

[glocK_94]

It is true for the NT based systems. Since the Windows 98 does not have server type of services (as NT based windows do), all you really have to do is to patch the browser and E-Mail client.

The simplest solution is to use Firefox or Opera.

I back you up on that.

However, I'd still advise a good firewall like Zone Alarm... at least for outgoing connections (autoupdates, programs who want to "call home" without asking you...). It's also warn you about changed programs and unusual programs trying to connect to internet.

Oh, and download a good AV and check every file you download.

[jaclaz]

I just got a very old one that had no hard drive ....

I guess before everything else, a hard drive is needed...

jaclaz

[Monroe]

..... yes, I thought the same thing about the "hard drive" ... I guess that is really "Step 1" and then go for it !

In an earlier post I mentioned that I use Zone Alarm v4.5.594. I've tried later versions but they don't seem all that great with Win 98SE and I just wanted a good firewall. I use my cell phone and/or WiFi to connect to the internet mostly (notebook) so this works for me. If you like some other firewall or some other arrangement, that's fine. However, for anyone interested in that Zone Alarm version OR other versions of Zone Alarm for Windows 98SE ... I am posting a download page that can be very hard to locate at times. There are other good firewalls and I have tried several but I personally like v4.5.594. I just wanted a good firewall and not all the "extras" that have been added in later versions .... but others have good opinions also ... I only post this for anyone interested in trying that version of Zone Alarm in general.

... http://download.zonelabs.com/bin/free/info...aseHistory.html ......

HTH

Edited October 25, 2008 by duffy98

[BenoitRen]

Lock down IE so it can barely do anything, and use an alternative web browser like Firefox or SeaMonkey. You can use the Adblock Plus extension for the two mentioned to block ads if you want.

[98Guy]

However, I'd still advise a good firewall like Zone Alarm... at least for outgoing connections (autoupdates, programs who want to "call home" without asking you...). It's also warn you about changed programs and unusual programs trying to connect to internet.

Oh, and download a good AV and check every file you download.

You are crossing a line between the user wanting simple security, and wanting in-depth reporting and monitoring of all apps and programs. You might just as well advise the user to install wireshark too.

If someone has never used a software firewall before, then it is a real pain to configure and the cost/benefit in having it is not really good. I've asked everyone I know that runs a firewall (typically on 2K or XP systems) I've asked them if their firewall has ever detected any *real* malware and they've always said no. It's not really about security these days, it's about the technical or "power user" wanting to know every detail about every process or program running on their box. Besides, the firewall consumes system resources and reduces performance.

As far as in-bound firewalling - I agree that there are almost no known exploits for win-98 as far as in-bound network connectivity goes, but also remember too that for the past 2.5 years nobody has been testing new exploits for win-98 vulnerability. A NAT-router is cheap cheap cheap, and if your DSL or cable modem is 3 years old or newer then it probably has NAT built in. There's a lot of network junk knocking on your front door, and I'd rather keep it off my local home lan.

Given a situation where you have a NAT-router, there is VERY LITTLE left for the software firewall to do, and most of that is just to satisfy the curiosity or the (largely irrational) control needs of the user.

[herbalist]

You're going to receive varying opinions about software firewalls on 98. I consider them necessary. Others don't. I won't comment on choosing Zone Alarm.

It is true for the NT based systems. Since the Windows 98 does not have server type of services (as NT based windows do),

When used "as installed", 98 has the NETBIOS ports open. These are regularly targeted by port scans and can be used to compromise 98. Blocking them with a firewall is good, but closing them with system configuration is better. 98 might not have built in services opening ports like on the NT systems, but software installed by the user can. Apps that open ports and act as servers include, P2P apps, instant message software, internet answering machine software like Call Wave, anything that needs to receive incoming traffic. Routers can block or allow incoming traffic on a system-wide basis. Software firewalls let you control the traffic on a per-application basis. When and if you install a software firewall is up to you. It's strictly a matter of how important traffic control on an application level is to you unless you don't have a router and your modem doesn't use NAT, then I'd definitely install one first. Myself, I always install the security package first, no matter what version of Windows I'm working with. Again, a matter of personal choice. Some firewalls are extremely light and won't slow your system at all. Kerio 2.1.5 is such a firewall, but it's not for inexperienced users. The pros and cons of a software firewall on 98 and details of its usage should really be its own thread.

Whether you use it or not, Internet Explorer is part of the operating system and is 98s biggest vulnerability. Either update to IE6 and patch it completely or rip it out with IEradicator. There are complications to using IEradicator, starting with its breaking software that uses Internet Explorer components. Not for the inexperienced. An alternate browser like FireFox, or Opera is a better choice. If you'd be interested in a browser suite that includes a mail/newsgroup component, addess book, webpage composer, and IRC chat component, SeaMonkey is really good on 98. It used to be called the Mozilla Suite and it's an excellent replacement for all the components that come with IE6. That's another good reason to have a software firewall, to block Internet Explorer from having any internet access, in or out.

Regarding updates, Windows update still works with 98. Microsoft hasn't removed the existing updates. http://v4.windowsupdate.microsoft.com/en/default.asp

Gape's unofficial service pack is good. So are Maximum-Decim updates. Make sure to look for updates from your vendors sites too. This includes updates for your sound card, video card, chipset, network card, other drivers, maybe even a BIOS update. Be careful with BIOS updates. Using the wrong one or improperly installing it can kill a PC completely.

AVs that work on 98 are getting scarce. They're also getting very heavy for 98 systems that are using the original hardware. Hosts files make good ad blockers but are not up to date or complete enough to deal with the more malicious sites. They change too quickly. The hosts file is more effective against the adware sites that don't move much. An alternate browser will do more to protect you.

The majority of the malicious code in circulation doesn't affect 98, but some still does. Code that attacks individual applications besides Internet Explorer and Windows Media Player is on the increase and can be used against 98 via the installed software. It's not nearly as common as the stuff that attacks XP but it's out there. The details of securing 98 should really be a separate topic. Depending on how far you want to go, this can include a lot of information. Only a few vendors of conventional security apps offer anything for 98. Soon, they will drop support too. The reality of security for 98 is this. The burden of security and support rests solely on the user now. The user has to rely on their own skills and knowledge. There's enough free security software available to secure 98 as tightly as you want, if you understand the workings of your system well enough. Unsupported operating systems like 98/ME are not for the casual user anymore. If you want a security setup and policy that doesn't rely on continuing vendor support, research default-deny as a security policy.

Back on the subject of setting up 98. One utility you will likely need early on is an unzipping tool like WinZip, WinRar, or 7Zip. Unlike XP, 98 has nothing built in that opens these archives. Quite often drivers and updates come as compressed archives. 7Zip is free, Open Source, works with most all types of archives, and runs fine on 98.

I don't know how you have your hardware set up or what point you're at in the setup. If you're just starting and your hard drive setup permits it, using separate drives or partitions for your system and data makes everything much easier down the line. System backups are smaller. If there's problems with the system partition that require starting over or the using of a backup image, your personal files aren't lost. I put 3 internal drives in this PC, a 9 year old HP Pavilion. Check your local computer store. The one here sold me a small used hard drive for $10. Depending on the age of your hardware, you might have to add a USB card in order to get decent use of external hardware. The built in USB on mine is very slow, even with the Maxim-Decim USB update. A new USB card and 2.0 Orangeware drivers made a huge difference, enough for an external hard drive to work well. There's a lot to update on PCs running 98, especially if it's hardware that came with 98.

Rick

Edited October 26, 2008 by herbalist

[98Guy]

When used "as installed", 98 has the NETBIOS ports open. These are regularly targeted by port scans and can be used to compromise 98. Blocking them with a firewall is good, but closing them with system configuration is better.

Unlike XP Gold (and possible all versions of XP) the default installation setting of win-98 has file and printer sharing turned off.

If netbios ports are _still_ open when file and printer sharing are turned off, well then that might be the case, but even in that case win-98 had no known vulnerabilities to open netbios ports *except* a single known DOS vulnerability (which I don't really consider a threat because there is no advantage for an unknown attacker to waste resources launching a DOS against a random, unknown user).

We ran a small office with about a dozen win-98 PC's from 1998 until Dec/2005 where they each had direct, naked, static, routable internet addresses (no NAT router, no firewall). File and printer sharing for all of them was turned on - BUT - bound only to Netbeui. We never had anything (network worms, trojan, virus) attack or infiltrate those systems.

Regarding IE6/Win-98, I think the level of paranoia regarding it's current vulnerability status is absurd and off the scale. Even when IE6 patches for win-98 were coming fast and furious several years ago, I've never experienced a malware intrusion caused by an IE6 weakness. Now that might be because I've been running 3'rd party hosts file for years, as well as Spybot and Spyware Blaster innoculations, but those things also strengthen any installed browser.

> AVs that work on 98 are getting scarce.

NAV 2002, when used with the manually-installed "Symantec Intelligent Updater" package, does still work on win-98.

> The majority of the malicious code in circulation doesn't affect 98, but some still does.

The biggest issue currently regarding the vulnerability status of Win-98 and the internet is that nobody is *testing* new threats against win-98. So we really don't know if there's much to be worried about, or a lot to be worried about.

[Monroe]

herbalist ....

I mentioned Zone Alarm in an earlier post. It seems to always work for me and I test it every so often with the Shield UP test at Gibson Research ....

.... http://www.grc.com/default.htm

but I also have an interest in the Kerio 2.1.5 firewall that you mention ....

--------------------------------------------------------------------------------------------------------------------------------

Some firewalls are extremely light and won't slow your system at all. Kerio 2.1.5 is such a firewall, but it's not for inexperienced users. The pros and cons of a software firewall on 98 and details of its usage should really be its own thread.

--------------------------------------------------------------------------------------------------------------------------------

.... I have tried to work with it off and on and have never completely understood how to set everything up. Are you familiar with any web site that might have setup instructions or a "step by step" guide ... I use "The Proxomitron" with my Windows 98SE setup and I never was sure about getting that to work with Kerio 2.1.5 ... I have the download and I have searched Google for some sort of help guide .... it looks like a great firewall if I could just set it up. I would compare my Zone Alarm version and Kerio with Memload to see which one uses less resources but they might be close.

duffy98

[herbalist]

The biggest issue currently regarding the vulnerability status of Win-98 and the internet is that nobody is *testing* new threats against win-98. So we really don't know if there's much to be worried about, or a lot to be worried about.

That uncertainty is the reason I install my security package first, before the OS ever goes online. Whenever I can, I try to keep up with newly found vulnerabilities, exploit code, POCs, etc, and try to make time to test some of them that look like they might be a problem for 9X systems. There's never enough time unless it's all you do. Some of the members here have sent me copies of malware that comes very close to rootkit behavior on 98. Still have more of them to test when I can find time. These have convinced me that at least some of the malware writers haven't forgotten the 9X systems.

Regarding IE6/Win-98, I think the level of paranoia regarding it's current vulnerability status is absurd and off the scale. Even when IE6 patches for win-98 were coming fast and furious several years ago, I've never experienced a malware intrusion caused by an IE6 weakness. Now that might be because I've been running 3'rd party hosts file for years, as well as Spybot and Spyware Blaster innoculations, but those things also strengthen any installed browser.

Consider yourself fortunate. Before I switched browsers, it happened to me a couple of times. Once when I was using Norton Internet Security, a malicious page crashed both the AV and firewall, then my system. When I restarted it, it was infected. This happened just from clicking a link in a Google search regarding a medicinal plant, so it's not like I was looking for trouble.

Not including user mistakes, my primary concern regarding security and 98 is code that attacks user applications instead of the OS itself. Not too long ago, a POC that used PDFs for delivery worked against all versions of Windows and would function automatically if the browser was allowed to open PDFs. When the OS can't use the latest "not vulnerable" versions of the exploited software, the solution is in system configuration, how the files are handled. I now save PDFs to disk, then open them in their own process, which doesn't have permission to launch any other processes.

Duffy98,

Regarding Kerio and Memload, this is taken from my system. The circled apps are my security package.

I've seen a couple of general guides regarding setting up Kerio but don't remember where they are. A few of us made this one last year. It's primarily for NT systems but should help give you some more ideas. As far as using Kerio with Proxomitron in such a way that your browser has to run through it, this will require a couple of rules. The browser will need a "loopback rule" that permits it to connect to port 8080 (assuming that you're using Proxomitrons default port. It would look like this:

You'll also need a rule that allows Proxomitron to connect out to the internet with port 80 (and port 443 if you're using it for https). You also have to change the browsers proxy settings to use 127.0.0.1 and port 8080.

The main thing to remember with Kerio is that it starts at the top of the ruleset and uses the first rule that applies, so the order the rules are in is important.

Rick

[Herry_D]

Wow. I didn't think I'd get this much response. THANK YOU ALL for much

good advice and those links.

Now for a few clarifications......

98Guy Said:

"> ad killer,

Yea, a hosts file is good - probably the single most effective way to keep

malware off your system. I use the MVPS hosts file."

Thanks, I found it at http://www.mvps.org/winhelp2002/hosts.htm

and I'll get it.

How do I "lock it" to keep it from being changed as I've read some bad guys can do?

---------------------------------------------------

"Something to consider is a real-time registry monitor that can detect changes

to important registry keys caused by malware. Moosoft's "The Cleaner" has this

feature."

Unfortunately, I've seen that v4 has been killed and v5 is not for 98SE.

http://www.moosoft.com/TheCleaner/Download

Do you know of another real-time registry monitor I can use?

***********************************************************************

Also....

There's a guy out there named Al Camp who has posted a bunch

of really good advice about Windows 98SE and using Norton's Ghost,

so doing a fresh (read 1-2 hour) reinstall is a thing of the past.

Basically what he is saying is to do your fresh install, do your

offline updating with pre-aquired downloads, tweak to your hearts

content and then make a Ghost image so that from then on a "fresh"

install becomes a 5 minute task, not an all day affair.

Here is one of the links I found:

http://www.helpscreen.com.au/index.php?cid...msgid=884833521

I also found this from "Big_Al" (I think it might be the same guy)

about DOS batch files to use Ghost automatically.

http://radified.com/cgi-bin/yabb2/YaBB.pl?num=1150190239/9#7

I await your replies.

Herry_D

[Sfor]

The partition image to restore a Windows 9x system is like using a cannon to kill a fly.

To make a copy of the whole system it is enough to copy just two folders WINDOWS and Program Files. Also it is possible to do it in an automated way with XCOPY command. To switch between the main system and the copy it is enough to change the folder names, in such a case. It is also possible to keep multiple system copies on the same partition and to switch between them.

http://www.msfn.org/board/lofiversion/index.php/t121287.html

Edited October 30, 2008 by Sfor