Vista putting a dent in 98 userbase?

[Tarun]

BenoitRen, calm down and keep this discussion civil. If need be, please read the Forum Rules. Remember to respect MSFN's members and respect that everyone has a different opinion.

-----

The word "security" is used far too loosely these days.

Back in 2002 (and 2003 and 2004 and 2005 ...) MS and the tech press were telling us that XP was more secure than Win-98. But that turned out not to be true.

Now we're being told that Vista, with even more services running in the background, is the most secure OS yet.

Again, it's just more sugar-coated lies. Too bad you're falling for it.

You don't choose Vista because of the claim that it's more secure, because that claim isin't worth sh*t. You choose Vista either because you have no choice (it came with your shiny new PC) or because you want to be thrilled and ride the roller coaster of updates, patches, and new malware threats.

Windows actually is the most secure OS. Be sure to check the frontpage news sometime. There have been studies by Symantec and others that have found Windows, and even Vista, to be more secure than Red Hat Linux and Mac OSX.

[BenoitRen]

BenoitRen, calm down and keep this discussion civil.

Why are you singling me out? He's been just as civil as I have been.

Windows actually is the most secure OS.

Best joke I've heard all day.

There have been studies by Symantec and others that have found Windows, and even Vista, to be more secure than Red Hat Linux and Mac OSX.

How? By looking at the source code? Oh wait, it's closed-sourced... Those studies, knowing Microsoft, are also likely paid for. It would not be the first time that M$ tries to buy the people's trust, or make false claims.

[georg]

BenoitRen, in resonse to "Windows actually is the most secure OS."

"Best joke I've heard all day."

www.informationweek.com/software/showArticle.jhtml?articleID=198701907&cid=RSSfeed_IWK_News

"Microsoft was first alerted to the .ANI vulnerability back in December...Mark Miller, director of the Microsoft Security Response Center, said...that slightly less than 100 Microsoft technicians have been working "around the clock"...and said it has taken the company more than three months to come up with a patch for the bug because it's simply a long, complicated process...Where it is in Windows, it is a core area. The time line is longer because you have to deal with this core area."

Internet Explorer is the main attack vector for the exploits.

http://redmondmag.com/news/article.asp?EditorialsID=8386

"...attacks have been limited to Web surfing with Internet Explorer versions 6 or 7. Firefox, the open-source browser from Mozilla, does not yet seem vulnerable..." said Craig Schmugar, a virus researcher for McAfee Avert Labs.

Source: www.shanghaidaily.com/sp/article/2007/200704/20070403/article_311244.htm

"The worm author's objective seems to be money-oriented as a sentence found in the source code read: "I will by (buy) one BMW this year."

The full list of affected operating systems includes, according to eWeek.com:

Microsoft Windows 2000 Service Pack 4

Microsoft Windows XP Service Pack 2

Microsoft Windows XP 64-Bit Edition Version 2003 (Itanium)

Microsoft Windows XP Professional x64 Edition

Microsoft Windows Server 2003

Microsoft Windows Server 2003 for Itanium-based Systems

Microsoft Windows Server 2003 Service Pack 1

Microsoft Windows Server 2003 with SP1 for Itanium-based Systems

Microsoft Windows Server 2003 x64 Edition

Microsoft Windows Vista

[98 Guy]

Windows actually is the most secure OS.

Best joke I've heard all day.

Well, he'd be right, if he was talking about Windows _98_.

Win-98 was never vulnerable (in it's default installation state) to network-based exploitation simply by being plugged into a lan or the net.

XP was vulnerable to a total of 5 such exploits, and they weren't fully patched until SP2. 2K and XP shared many vulnerabilities back in 2002 and 2003.

98 wasn't even affected by half of the IE vulnerabilities the way 2K/XP was.

Why did spam really start to explode in 2003? Because XP was really starting to replace win-98 in SOHO situations. You couldn't even connect a win-2K or XP machine to the net to download patches fast enough for them to become infected first. What a joke that was. Look up "internet survival time".

On their security bullitens, Microsoft had a strange habbit of saying that 98 was affected by this or that vulnerability, but when you drilled down into the details 98 wasn't mentioned. Many IT people and the tech journalists simply never followed those details, and simply believed that 98 was just as vulnerable as XP was. It would be an embarrasment to MS if their "ancient" OS was actually not vulnerable to these exploits - if only because of dumb luck.

[DigeratiPrime]

Im confused, it seems like the discussion has veered off and is about hardware now?

A video/brower/etc will run at about the same speed on 98/XP/nix whatever if the hardware matches.

BTW a P2 powered the 'Ultimate Gaming Machine' one time

http://www.youtube.com/watch?v=O1qHt0DpIhg

[Eck]

I feel it's all been pretty civil around here.

Wasn't sure about the "being fooled" line but I've been accused of worse. It's not a question of believing promotional speak by Microsoft though. They do, as anyone would expect, try to diminish fears of a new thing and drum up excitement so that their product will sell.

It was just that at the time my system was botched up I wasn't in the mood to go through the whole setting up of several operating systems once again and was more in the mood to play with the newest toy. That was Vista, and for me these days, OpenSUSE 10.2.

Once I got Vista installed I experimented with some programs and games that hadn't worked for me on Vista while I was using the beta and RC versions. I was pleased to see that with a little mucking about I got an assortment of those things working.

I am back to using Firefox and Thunderbird even on Vista as I had gotten used to them again while using Linux. It was nice to see that that combination appears to get along with the new Office 2007 without a hitch so far.

I just got back to Vista today after about a week and a half just on Linux. Gosh, updating from the previous version of Nero 7 to the latest was a chore. See, I came back because I had ripped a DVD using k9Copy in Linux. It came out perfect. I wanted to test out the same process using the latest tools in Vista to compare. I just got done updating Nero and needed to install the rest of my various Audio/Video tools as I hadn't done that yet as well.

Only the Nero update gave me headaches but I got through it. Trying the automated update failed as the process in an error message the installer asked me to close and identified by number was not in the list in Task Manager. So I used add/remove and rebooted then ran the downloaded full version. That said it was successful but when trying to open NeroScout (so I could make sure it was set at off) an error told me the files it needed weren't there and to reinstall Nero. So I ran the installer again and chose to repair. During that process an error told me it couldn't find the first cab file. At least it gave the location. I browsed to it and noticed that it was looking in a parent folder and not in the Cab subfolder. So I copied all the cab files from the subfolder to the parent temp install folder and surprisingly this worked as the installer found and installed the whole package again. That fully worked and Nero is back and all updated. They really need to work on that stuff!

I think I'm an oddity in the Linux and Windows world as I honestly enjoy working in both Linux and Vista. Frankly Vista is easier as if I encounter challenges I am more familiar with the Windows world in general and so quite intuitively can try specific procedures to attempt to get things done. In Linux it's necessary to roam the internet reading and searching for clues as to what things I might try. So far so good in both though.

One cool thing about Linux, it's like if you have a problem and post somewhere about it you never know who'll you'll get to reply. I posted in the official Compiz forum about something and the actual developer of the thing replied to me. I could only compare the feeling to how I would feel if after opening a thread in a Microsoft forum, the next post would be an answer from Bill Gates giving me a status report on the problem. Felt kinda strange!

I see nothing wrong with folks still using 98, and wise decisions regarding security like using the software and tools available to make it so can keep it completely viable depending on what one uses their computer for.

That said, it is not as if Microsoft has been sleeping. Improvements, fixes, fancier tools, etc will obviously be a benefit of using the latest version of the operating system. Just like folks who get attached to an older version of a Linux distribution can, depending on what they want to do, continue to use it. However they of course will not be taking advantage of the latest work that the distro makers have done to the operating system. A lot of the updates can be adjusted to work on an older distro (like with older Windows) but the user who wants to stick to the older version will have to do a lot of work themselves to get the newer stuff going on the older OS. Work that has already been done in the labs and can be more easily taken advantage of by just installing the newer version of the operating system.

Just sayin', there just may be some folks now still on 98 that will say the heck with it and take the Vista plunge. Either with a new computer or with a retail purchase if their computer isn't that old.

[mike_morley]

You don't get much choice as to wether or not you upgrade to Vista. If you buy a new computer / laptop you wll get it as standard. Everyone will eventually have Vista. Trading standards should stop MS software from being installed on all machines as standard from stores and offer the consumer more choice. See how long it would be before they release a decent OS without bugs that take a couple of years to fix. My guess is quite quickly. Microsoft isn't an answer, it should be the question.

[BenoitRen]

"Microsoft was first alerted to the .ANI vulnerability back in December...Mark Miller, director of the Microsoft Security Response Center, said...that slightly less than 100 Microsoft technicians have been working "around the clock"...and said it has taken the company more than three months to come up with a patch for the bug because it's simply a long, complicated process...Where it is in Windows, it is a core area. The time line is longer because you have to deal with this core area."

Considering that other security groups have released several patches that fix the problem in a short time since the announcement, I'd say M$' claims are bogus.

Win-98 was never vulnerable (in it's default installation state) to network-based exploitation simply by being plugged into a lan or the net.

Not entirely true. There are a couple IE shell extensions, and of course NetBIOS is installed by default.

You don't get much choice as to wether or not you upgrade to Vista. If you buy a new computer / laptop you wll get it as standard.

I've heard that if you look harder, you can get laptops with a version of Linux on them. For desktop computers, you can let a hobby store assemble one for you, or assemble it yourself, with the OS (and parts, of course) of your choice.

[Eck]

That's right. And even if you just walk in and buy a preconfigured computer you can put whatever you want on it once you get it home. Those with a recovery DVD option are pretty safe to go ahead and repartition, eliminating the hidden recovery partition and partition and format, installing whatever you like. Those who don't get that option can ghost the whole thing and do the same.

Of course the caveats are that folks who do that need to burn the installed drivers to a backup first to be sure the hardware will work, and if not installing the same operating system they need to be sure they are able to get drivers that will work with their OS of choice first.

Then they need to install their own software since the preinstalled goodies won't be available to them.

Will a lot of people do that? I doubt it. Most people who will still be using 98 will have either older computers or build their own boxes.

And, because of the driver issue especially on laptops the success rate might not be too good.

Now, Linux is a different story. Those open source folks will usually wind up designing working drivers for many, many forms of hardware. And with Wine, Crossover Linux, and Cedega folks will be surprised just how much of their old Windows stuff can be jimmied up to run reasonably well on Linux. As time goes on that compatibility will increase. For most things there is no need to run Windows versions of things as quite often the available native Linux software is even better than that available in Windows versions. But favorite old games and even new games are of course the exception. That's getting better and better though.

[johnroberts]

Don't mean nothing!!

As long as I have hardware able to run 98, I'l keep 98 (and I hove some spare parts stacked just in case...) in order to use software that only 98 may handle. Just as I will keep using Win2K NO MATTER WHAT!!! Just as I will keep my XP even beyond the end-of-support. I will NOT switch to Vista. (period!!). And even when they are unsafe to use on the net, I will still keep them because I have the remedy, tried and tested 100%:

A Puppy Linux liveCD running 100% on RAM on a diskless machine and behind 2 firewalls (router+software). *N*X viruses are a rarity and in the event that something happens, the only thing you have to do is press the RESET button. I am not writing this to badmouth Windows. It is THE absolute necessity. You can use even the most unpatched and at-risk version of Windows; Just disconnect your disk (e.g. via a removable tray...), pop-in the LiveCD, reboot and you are fortified!!!

Edited April 4, 2007 by johnroberts

[eidenk]

Win-98 was never vulnerable (in it's default installation state) to network-based exploitation simply by being plugged into a lan or the net.

Not entirely true. There are a couple IE shell extensions, and of course NetBIOS is installed by default.

Can you clearly elaborate on both the points you make ?

[Eck]

Um, johnroberts, that post kind of makes it appear that you intend to use every single Microsoft operating system in semi-recent memory except for the latest. And you are quite strong in that usage of every single thing they've put out that you can get your hands on!

Boy, that's sending 'em a message! Er, what exactly, "don't mean nothing?"

Puppy looks cute though. I chose OpenSuSE for my first Linux as it looked like it had enough tools to make a crossover Windows fella comfortable (especially YaST) as well as a full featured software package. I'm not one who looks for the minimalist approach but that Puppy Linux looks pretty functional for such a small footprint. You might want to check out Zenwalk Linux as well. That looks more like my style for a Linux on older computers. I like the GUI software installer tools, the XFCE default desktop, but still with KDE available if you want it (they started with KDE originally). Small though, with a single application for each need. Very good package.

Aww, you seem like the kind of player who'll wind up with Vista too. How can you resist the latest toys? Direct X 10, a GUI that is at least half as good looking as KDE with Compiz running offers at least on a fairly recent computer, etc.

Hey, I run Vista on that AthlonXP 3200+ with 400 MHz FSB and a gig of Crucial memory and it doesn't seem sluggish to me. It will at first while your installing software and Vista is indexing for its quick searching and imaging at every restart because of all the changes. It images to keep up with its restore file versions feature. But once you've settled in it really picks up speed.

Why so angry sounding? Heck, I'm running mostly the same stuff I've always liked to run. I've kept up with some of the major software packages over the years so yes, Office, Nero, and major stuff are new versions. But you can get away with less expensive or even no cost alternative for the same purposes. OpenOffice.org, something like DeepBurnerPro instead of Nero, etc. The usual browser players work fine and FFDSHOW, MediaPlayerClassic (dropped in the Windows folder and renamed to mplayer2.exe), and the IndeoCodecXP fill in some of the missing cracks in the codecs. PowerDVD works fine too. Even the old QuickTime 2.1.2.59 lets older games that used that play fine. (I install the new one as well, so I get the web stuff.)

The hardware guys are catching up with the driver compatibility. My Audigy 2 ZS works okay with the latest from Creative. HP made a new driver for my Deskjet 4160 (with a full software package) and a basic driver for my Scanjet 3970. If I want better there's VueScan. ATI is improving with each month's driver release. I wish they would do the same for Linux! Both Thrustmaster and Saitek have gamepad drivers for Vista.

Things are moving along pretty well for the new OS. No, at this point using it is not a NEED. But it's enjoyable to see things get better and better with it. Kind of fun to see the progress.

I'd never try to talk a 98 lover into giving up the old favorite, but you seem like someone who likes to see what he can get out of lots of different OS's. Vista is just one more new one.

[BenoitRen]

Can you clearly elaborate on both the points you make ?

I can't elaborate on the IE shell extensions, though it makes sense since IE is integrated to the system and desktop, with all the webby stuff. As for NetBIOS, well, what's there to elaborate? It's installed by default, as far as I know, and listens for connections, which is known to be a big security risk. NetBIOS is that protocol that allows you to share files and printers.

To get back on the subject of AJAX on IE for a moment, I remembered something that support my argument. To have AJAX on IE, you have to write IE-specific code. Hence, you can't say that IE supports AJAX. Proprietary features don't count. If you didn't have to write IE-specific code, but it would use ActiveX behind the scenes, then we'd have something to disagree about.

[eidenk]

Can you clearly elaborate on both the points you make ?

I can't elaborate on the IE shell extensions, though it makes sense since IE is integrated to the system and desktop, with all the webby stuff. As for NetBIOS, well, what's there to elaborate? It's installed by default, as far as I know, and listens for connections, which is known to be a big security risk. NetBIOS is that protocol that allows you to share files and printers.

It would be nice if you could give some examples.

Say I have my machine connected to the internet without a firewall, and with file and printer sharing disabled, and I let it sit like that, what can happen ?

[BenoitRen]

If you disable the file and printer sharing (which would disable NetBIOS), then yes, I guess you'd be pretty safe. Though there are still those IE shell extensions... I think it was someone in this forum that mentioned it, but he/she wasn't more specific.