Jump to content

Security in Windows 98


Recommended Posts

This is from Wikipedia Discussion:

* In 2006, Check Point and Microsoft conspired to eliminate support for the Windows 98 operating system, leaving 40% of the world's computer users vulnerable to a massive internet attack allowing Windows 98 users' computers to be comprised, resulting in large scale identity theft and denial of service attacks on all internet conected computers. It was felt at the time that Microsoft was attempting to force Windows 98 users to upgrade to the soon to be released Vista operating system.

* In 2007, Senator Joe Lieberman, head of the Senate's Homeland Security Committee was contacted and told of the severe threat to the internet and internet users computers that the Microsoft - Check Point failure to protect Windows 98 systems meant. Due to Check Point being an Israeli company, Senator Lieberman refused to take-up the matter.

*End of Citation*

As is well known support including security patches for Windows 9x systems has over few months ago. Many companies use the system because they cannot afford to change it but it brings to them some security threaths. There are antiviruses, there are firewalls and spyware detectors, but question is for how long the software developers will be able to keep their software widely compatible with all MS systems old and new...

I want to ask some people here if there is possibility to make windows 98 so safe (or more safer) as new systems by creating system module/application able to download and use some kind of updates, as WXP do...

Link to comment
Share on other sites


Firstly Windows 98 isn't as vulnerable to attack as Windows 2000, XP and Vista because by default it has less services running.

Update all the previous patches for Windows 98. Most vulnerabilities will be removed.

By using a supported web browser (Opera, Netscape or Firefox) instead of Internet Explorer 6 goes a long way to avoiding many problems on the internet.

Run a supported and up-to-date Virus Scanner and Adware remover.

use a firewall (either hardware or software)

You'll be pretty **** safe! :thumbup

Link to comment
Share on other sites

I was trying to find the link to where I posted this previously but I couldn't find it so I'll post it again. Sorry :wacko:

How to keep using Windows 9x way into the future,

Life after Microsoft Support Ends (for Dummies!)

Introduction

=============

There is alot of advice available on the internet for older operating systems but rarely is there an easy to follow guide for the less informed users on the net. The Dummies, the Noobs, the casual PC user. So I thought I'd write this to help them out.

In saying this if you are an advanced user, some of this advice is probably not for you. This article will offer the easiest, most common methods available to secure their computers.

Lets Get Started

=============

Well you should beaware that on the 11th of July 2006, Microsoft officially ended support for the following operating systems.

- Windows 98

- Windows 98 Second Edition (Windows 98 SE)

- Windows Millenium Edition (Windows Me)

These operating systems along with Windows 95 are designated as being based on the Win9x code base.

Microsofts decision means no more security patches will be released by Microsoft for these operating systems. So what do should you do?

This guide will give you some suggestions on what path you should take.

My Win9x system is NOT connected to the Internet

=============

Meaning you DON'T play online games, use email or browse the web on your PC.

Well the good news is you can keep using your computer like you always have. You see Microsofts end of support means it will no longer offer updates that prevent nasty's on the internet from affecting your PC. So if your not on the internet you can't be affected by these nasty's anyway.

Remember you can still get computer viruses that may damage or delete your computers files from infected media (floppy disks, CD-ROMS, USB drives, and MP3 Players like iPODS etc etc)

So either

1. don't put other peoples media in your machine

2. have a good up-to-date virus scanner running on your system

My Windows 9x system IS connected to the Internet

=============

Meaning you DO play online games, use email or browse the web on your PC.

Now if you do connect to the internet you ARE affected by Microsofts decision to end support of the Win9x operating systems.

But the good news is you can MINIMISE most risks to you computer. The following will tell you how.

1. Win9x isn't as unsecure as people would like you to think!

=========================================================

Firstly lets dismiss a rumour that Microsoft has even helped to create. Win9x systems DO NOT have to be considerred as un-secure operating systems for use on the internet. In fact they CAN be quite secure IF appropriate steps are taken.

A benefit of Win9x systems is that they DO NOT include as many inbuilt online and network features as newer operating systems like Windows 2000, Windows XP and Windows Vista.

What does this mean? Well it means your operating system doesn't have as many access points (think unlocked door ways) for nasties to get into your PC from the Internet. That means if we can find a way of securing the remaining access points (guarding the doors we need to use) we can infact have a very secure system. (See Point Note 4)

A side benefit of using an aging operating system like ones based on Win9x are no longer in the hackers and virus writers spot light. Banks, Governments, Big Business and the more popular operating systems are the usual targets for online attacks.

As the usage rate of Win9x drops, so does its profile from the hackers and virus writers radar. Another good thing! That is why many of the big viruses of late DID NOT affect Win9x systems!

2. Get Windows as up-to-date as possible!

=========================================================

Over the years since Win9x was launched Microsoft has produced many security updates for these operating systems. Get them, and install them!

These updates will close many access points and weaknesses in the operating system that the bad stuff (Viruses, Trojans, Hackers, Spyware) on the web try to exploit.

Thankfully Microsoft makes it easy to get the updates if you have an internet connection thanks to Windows Update.

Just enter the following address into Internet Explorer: http://www.windowsupdate.com

Now click for it to Scan for Updates and agree to install Critical Updates and Service Packs.

3. Upgrade Windows Critical Components (Internet Explorer, DirectX and Media Player)

=========================================================

- Internet Explorer

Now for the average user of Windows 98, Windows 98 Second Edition and Windows Millenium Edition it is recommended you upgrade to the latest avaialbe version of Internet Explorer (for advanced users there are reasons for and against this) you can.

Why? Because for these operating systems Internet Explorer is built into its foundation. Therefore weaknesses in Internet Explorer are actually weaknesses in Windows.

The most Current (and most likely final) version is Internet Explorer 6 Service Pack 1, with the June 2006 Cumulative Update.

You can also get these updates from Windows Update

or directly from Microsofts Internet Explorer webpage: http://www.microsoft.com/ie

- DirectX

DirectX is an inbuilt component of Windows that allows you to play games, listen to music and play videos among other things on your computer.

For improved graphics, sound, games and online security upgrade your DirectX version to the latest release:

Windows 95 - DirectX 8.0a

Windows 98, Windows 98 Second Edition, Windows Millenium Edition - DirectX 9.0c

Get it from http://www.microsoft.com/windows/directx

- Media Player

This upgrade is optional. There are both for's and againsts for doing this which we wont mention here in too much depth.

For: Latest codecs for better sound and support of newer sound formats, mp3 players and online music content.

Against: May not run as quick on slower computers, and may opens a few new security concerns.

Latest Version avaialble:

Windows 95 - Windows Media Player 6.4

Windows 98 - Windows Media Player 7.1

Windows 98, Windows Millenium Edition - Windows Media Player 9

If you choose to upgrade to the latest version get it from: http://www.microsoft.com/windows/windowsmedia

4. Lock the doors! Use a Firewall

=========================================================

Computer have access points (door ways) that allow software to communicate with the Internet.

Some of these access points are used for good purposes such as allowing you to send and recieve emails, visit websites, use online messaging or to play on-line games.

The problem is there are so many ways for un-wanted nasties to sneak in through these access points and run-a-muck on your system. realmad.gif

So how do we help to protect our PC from nasties getting onto your computer or keep those already hiding on there from sending personal information out?

Easy, get a door man! laugh.gif

A computers version of a doorman is called a Firewall. It only allows approved processes in and out of your system. So if you jump onto your web browser it will allow you to access the net, but if a naughty hacker try's to gain access to your PC, it will deny then access!

Now there are two basic types of Firewall available. Software (an installed program) and Hardware (a physical device you can touch).

Hardware Firewalls are built into some modems and routers and close certain know access points to your PC. Check your modem, routers, networks documentation to see if it includes a built in firewall.

Software Firewalls are a program that is installed onto your PC that acts as an internal doorman. Data from programs like your web browser, or online game approaches the software firewall (doorman), and then has to prove they have appropriate clearance to pass on through. If the doorman has suspisions about the data it will ask you with a prompt to allow or deny the data to pass. If you don't know the program asking for access, just deny it permission.

Many of the virus scanning and security products you can buy from the likes Norton and McAfee include Firewall software.

Otherwise an easy to use free (for personal users, must purchase if to be used by businesses) firewall is ZoneLabs ZoneAlarm.

For Windows 95, Windows 98, Windows 98 Second Edition and Windows Millenium Edition, the latest version you can use is: 6.1.744.001

Get it here: http://download.zonelabs.com/bin/free/1012..._744_001_en.exe

You cannot use the newer ZoneAlarm versions from 6.5 + as they are no longer supported on Win9x systems.

Please Note: There are many other free firewalls available on the web.

A firewall will protect you from MOST nasty's trying to access your computer, and a combination of Hardware and Software firewalls will offer the best protection.

5. Have an up-to-date Anti Virus software and Spyware detector

=========================================================

Viruses are programs that can do many bad things such as delete or corrupt files, send emails from your email account, allow other viruses in, make your computer crash or at worst un-able to run.

Viruses can get on your computer by different methods.

1. From infected media (floppy disks, CD-ROMS, USB drives, and MP3 Players like iPODS etc etc)

2. through email attatchments

3. through the internet (websites, online games, instant messaging, other programs that access the internet)

4. through netwrok connections

So install a Virus Scanner and keep it up-to-date so it can catch and remove the latest nasties.

A good free Virus Scanner is made by GrimSoft called AVG Anti-Virus Free.

Get it from: http://free.grisoft.com

Spyware and Adware are little programs that get on your PC and can among other things;

- spy on what websites you go to and then send this information to companies so they can sell this information to marketers.

- steal your passwords by means such as recording what keys you hit on your keyboard, then sending the information gathered back to the creator so they can access your back accounts.

- make those annoying ads pop up

- Change your web browsers home page

- slow your computer down or make it crash

So there are plenty of reasons to get rid of them.

A good free spyware remover is made from Lavasoft called Ad-Aware SE Personal Edition (becarefull, there are alot of trick products that are named similar that are infact spyware!)

Go to http://www.download.com and so a search for Ad-Aware and download and intall it.

Remember:

Virus Scanners and Spyware Detectors must have their databases kept UP-TO-DATE!

The database is what the Virus Scanner or Spyware detectors refer to a this database (big list) to help them determine what a virus looks like. If you don't keep the list up-to-date your scanning software WILL MISS VIRUSES that are on your computer. Thankfully most scanning software has in-built auto-update features. Use them!

6. Get a new safer Web Browser!

=========================================================

Lets face it, Internet Explorer 6 is no longer a safe option for browsing the web. Internet Explorer 6 on Win9x systems will by default allow some programs and scripts to run automatcially on your computer. This allows many viruses, trojens and spyware to be installed without your knowledge. Not good!

Unfortunately Internet Explorer is still often required for Microsoft services, for some programs to run and to access certain websites. So you can't easily uninstall it (throw it away).

But, you can minimise the risks by using a safer web browser for the majority of your web browsing. As they are not integrated into Windows itself, they don't allow websites as much access to the system. These newer web browsers not only prevent many nasties from automaticaly installing themselves on your computer without your permission, they can also offer new and improved features.

These include:

- blocking pop up ads

- help to varify that sites are secure and valid (important when doing online banking)

- have tabbed browsing

- are standards compliant

- Offer integrated serach engines

+ more

Two top class web browsers worth considerring are:

Mozilla Firefox - http://www.firefox.com

Opera - http://www.opera.com

(Ensure you get the latest Win9x compatible versions)

7. Make wise decisions!

=========================================================

The truth is most viruses, spyware and hackers gain entry because of a users mistakes or carelessness.

A little vigilance from the user can prevent most nasties from gaining a foothold on your PC.

1. If your computer is doing strange things or you are recieving strange pop ups, run a FULL SCAN with your Virus Scanner and Spyware detector. Go to Start, Program, [YOUR VIRUS SCANNER] and select to sun a full system scan.

2. Keep all of your software up-to-date especially ones that utilise the internet! (eg. including: Java, Abobe Acrobat Reader, Flash Player, Shockwave, Microsoft Office, Media Players, MSN Messenger, AOL Instant Messenger, Yahoo Messenger, ICQ, Limewire, Kazaa etc etc among many others)

3. If a pop up comes on your screen whilst browsing the net informing you that your computer is at risk (from a program you do not have installed), just close the window and ignore it. Don't follow its advice to install anything or run a system scan. Nearly 99% of all pop ups of this kind are bogus!

4. Keep away from un-trust-worthy websites. This includes many porn, warez (free illegal software and game downloads), crackz, online system scans and gambling sites.

5. If an email looks suspicious, or is offering something free, cheap deals, viagra, sex services etc etc, DON'T open or even view it! Just delete it! And never ever reply to them! And don't open attatchments that you don't know or need, EVEN FROM FRIENDS.

Often viruses can get onto your friends computer and send you a copy of the virus from their email address! So becarefull of ALL Office files, or programs sent to you. Either ensure your virus scanner is set so it scans your emails or use a free online email service that does it for you (Hotmail, Yahoo Mail, Gmail)

6. Either Switch off your internet connection when you aren't at your computer for extended periods or if you can't do that turn off the computer. Computers that are connected to the internet for long periods of a time are more prone to being hacked. So turn it off when its not in use and you have just minimised the risk.

7. IF THIS IS ALL TOO MUCH FOR YOU, IT MAY BE TIME TO UPGRADE YOUR OPERATING SYSTEM!

Microsoft, Apple and Linux have many new operating systems that are still supported (but remember many of the recommendations made here are still required on newer systems too. There is no hands off way to secure your computer yet)

LONG LIVE Win9x

=========================================================

So in summary just because Microsoft has pulled the pin on Win9x based systems DOESN NOT mean you have to. But as has been show you do now have to take your security concerns into your own hands.

Hopefully this guide will help you have many more years of faithfull service from your Win9x computer.

GALAHs

END OF GUIDE

=========================================================

Quick Disclaimer: Recommended software and websites were accurate at the time of writing. The mentioned approach taken will protect you from MOST security issues CURRENTLY known at the time of writing. By continuing to use an un-supported operating system, you do so at your own risk. But in saying that, I for one will still be using Windows 98 for a long time to come.

Link to comment
Share on other sites

What if i need public IP adress and opened port? (gaming, data transfers, or for other purposes). How can i avoid a hacker to track it and enter the system which could contain valuable data?

Link to comment
Share on other sites

I would argue that Win9x is safer to use on the internet for the same reason it is safer to use Linux, OS X, etc. Today Win9x makes up such a small percentage of the machines on the internet it is simply no longer a target. Many of the newer nasties won’t work on a Win9x machine because the weaknesses that they are taking advantage of only exist on newer machines. This is not to say there is no risk. I’m just noting that the risk is probably much less than it was even a few years ago and will likely continue to drop.

Also keep in mind that many people spend a lot of time worrying about things like obscure security patches and forget about the much more common risks to their data (accidental deletion, data corruption, hardware failures, fire, etc.). What good is it to have the most up-to-date system patches if you don’t have at least one backup copy of your data?

My recommendation is that before you spend time worrying about virus checkers or firewalls, make sure you put in place a good system for making backups of your data. Don’t worry so much about doing complete system backups (your OS, application programs, etc). You can always reinstall Windows.

It is the documents you create (letters, papers, financial data, pictures, etc) that are probably impossible to replace. Every few weeks everyone should at least copy their “My Documents” folder (or wherever you put your data) to a CD-ROM, flash drive, whatever and then store it far away from the computer. After all that backup CD-ROM probably won’t do you much good if it is sitting next to your computer when your house burns down.

Link to comment
Share on other sites

PeteK27:

Please keep in mind that the title of this topic is "Security in Windows 98".

IMHO:

In this context, the word "security" implies that all computer users nowadays [unless never using the internet or a network to connect/share] should protect themselves [their data or even their hardware] from attacks usually generated over the internet and/or networks.

On the other hand, being smart/learning how to protect/back up one's data from corruption, "man made"/"nature made" accidents/disasters/etc consist separate subjects.

If you wish to open such a topic, please do so, but please read first other similar topics that may already exist here, at MSFN forums, to make sure we do not post/link to information that has been discussed before.

And besides, most of us here are Win98 or WinME users, and we already know that these OSes are becoming less and less of a target for internet based attacks nowadays, but we still prefer to use them anyway.

That's why we post stuff like this, and that's why we create unofficial [security] patches for our OSes, even if we know M$ and everybody else stopped supporting them. ;)

Best wishes.

HTH

Link to comment
Share on other sites

  • 2 weeks later...

I heard many rumors how are windows 98 not safe, just because of FAT32, but as long i know many of them are just gossip. If somebody enters the system and he wants to get acess to files (lets say we have numbers of credit cards here) he may be able to broke throught firewalls, and other security, how much time shall take if he want to read files from NTFS or from FAT32?

how to protect them more?

http://en.wikipedia.org/wiki/Windows_98

read the article "Advantages and disadvantages" where is written about FAT32 and NTFS safety. I started that article few weeks ago, but now i suspect that there is a lot of bulls*** (sorry for that word) if we are speaking about security under NTFS and FAT32.

Personally i use nonstandard system folder. lets say "C:\sys". how to use system without paths in config sys, or with hidden system folder (i experienced some errors).

Link to comment
Share on other sites

I heard many rumors how are windows 98 not safe, just because of FAT32, but as long i know many of them are just gossip. If somebody enters the system and he wants to get acess to files (lets say we have numbers of credit cards here) he may be able to broke throught firewalls, and other security, how much time shall take if he want to read files from NTFS or from FAT32?

how to protect them more?

read the article "Advantages and disadvantages" where is written about FAT32 and NTFS safety. I started that article few weeks ago, but now i suspect that there is a lot of bulls*** (sorry for that word) if we are speaking about security under NTFS and FAT32.

Personally i use nonstandard system folder. lets say "C:\sys". how to use system without paths in config sys, or with hidden system folder (i experienced some errors).

I think this is just another crusade from XP die-hard fans against older OSes. :rolleyes:

NTFS is not the solution to protect your computer... It can be usefull but it's not the solution.

Sure, NTFS can prevent access files but if you log in as an administrator (which you need to do to fully use your computer), you lost most of the protection.

Ok, you can still protect specific folders but that means you need a password to open them -> dedicated programs can do the same on FAT32.

> Than, just use AES encrypted storage to protect your sensitive files.

Besides, it's not a good idea to rely on your files system to protect your data !

I mean, if they're already on your computer, where you've kept your credit card numbers, you've already lost ! :wacko:

Nobody should ever be able to break in your computer. You can do your best to prevent this from happening.

Indeed, the biggest security threats are open ports and Win98 can be secured within minutes -> Get a firewall that stealth your ports outside, then close your ports from inside (get an offline port scanner, find what ports are open and close the programs that opens them).

Eventually, unbound file sharing from TCP/IP and you'll be fine.

A fully networked computer (local and internet) does NOT need any open port (despite what XP makes you think)! :yes:

When you boot, all ports should be closed. The when you start your browser, related ports will open to allow data transmission.

Finally, do what Galahs wrote: :)

Get a good firewall that will ask for your permission before opening any connection. (-> use best security settings and never allow connection without warning)

Get Firefox / Opera / anything you want but IE.

Get a good (free/commercial) updated antivirus and scan every file you download (you don't even need a real-time shield if you do that).

Keep only needed programs at startup (disable auto-updates, report functions, programs you use but that don't need to start with your computer -many-...).

Use a program that protects your system files (like the excellent Winpatrol).

and make Windows backups.

Link to comment
Share on other sites

IMO, 98 can be made more secure than the newer windows versions, and not just because it's isn't being targeted. It can also be done at little or no cost.

To effectively secure 98/ME, the user or administrator needs to address a few key items.

  1. Control over traffic in and out of the PC.
  2. Control over the content of traffic that is allowed, filtering.
  3. Control over processes, what is allowed to run and their activities.
  4. Control over user activities.

Traffic control on 98 is easier to accomplish than it is on XP. Most if not all of the system components of Win98 can be denied internet access with no ill effects. There are no unnecessary services opening ports that need to be disabled. If there's no server software running, all of the ports on a 98 box can be closed by system configuration. On PCs that need to be able to receive incoming traffic, it can be limited to IPs that are necessary. Kerio 2.1.5 is a light rule based firewall that's very effective and works well on 98.

Content control of the allowed traffic can remove much of the malicious web content. Filtering apps like Proxomitron can be tailored to block most any undesirable web content. Proxomitron works with all browsers. While other browsers like Firefox, Sea Monkey, and Opera are more secure as installed, all can benefit from tighter settings. IE6 is extremely unsecured as installed but can greatly improved by proper configuration. That said, I've found 98 to be much more stable and reliable when another browser is used. On every 98 box I've worked with, prolonged use of IE6 will eventually drain the systems resources until it becomes unstable and crashes or forces a reboot.

Controlling processes and their activities is central to securing 98. The policy editor on the 98 install CD (not installed by default) can be used to restrict both system and users, but its ability to control processes is weak, and is easily defeated. A separate application firewall or HIPS does a much better job at controlling processes and their activities. While many of the HIPS and application firewalls don't run on DOS based systems, one of the best does. The free version of System Safety Monitor runs very well on 98 and is quite light. SSM is most suitable for PCs that are finished, equipped the way the user or administrator wants them. It's not a good choice for the casual or novice user. In the hands of a knowlegable user or administrator, it's extremely effective. It enables the user to set the parent-child dependencies for each allowed process independently and can effectively prevent many potential vulnerabilities from being exploited. By preventing all but the whitelisted processes from running and controlling their activities, SSM can effectively replace the resident AV.

Control over users and their activities has always been a weak point on DOS based systems. This can be largely offset using the same tools and software that controls processes. Both the policy editor and SSM can be configured with separate rulesets and settings for each user. SSM also has a window filter module that will serve effectively as user or parental control program.

One of the most overlooked security tools on 98 is DOS. DOS can perform tasks and supply services that require separate software to accomplish on XP. A couple of batch files can be used to secure the registry, core system files, autostart folders, etc. They're outlined here. They will need to be edited to match the system they're used on.

Combined, these form the core of an effective lightweight security package for DOS based systems. The firewall of your choice can be substituted. Try to avoid using a security suite, especially one with a HIPS component on 98. Most are too heavy of a load for the older hardware. I'm not aware of an effective substitute for SSM that runs on 98 and is lightweight. Add an AV scanner of your choice. If desired, add a script monitoring program like Script Sentry and file/folder monitoring software. Top it off with a solid system backup utility. 98 systems are usually small enough to fit on 1 or 2 CDRWs if the users data is stored separately. Then sit back and watch the XP users repeatedly scrambling to get patches for vulnerabilities, many of which 98 isn't vulnerable to.

Regarding the FAT32 vs NTFS security debate, IMO any security increase that can be attributed to the NTFS file system is more than offset by the ability to hide malicious files, processes, and registry data in it with rootkits. Regarding its alleged superior stability, 98 can be very stable. Much of the time, instability on 98 units is due to a lack of system resources. It's partially because the PCs that came with 98 installed didn't have a lot to start with and partially because apps like IE6 don't use it efficiently. Properly equipped and configured, 98 boxes are very stable. Mine runs 24/7 with no problems.

Rick

Edited by herbalist
Link to comment
Share on other sites

Hi All,

With regards to Win98 security I came across this link: http://www.geocities.com/siliconvalley/2072/whyxpbad.htm

On MDGx's site among the links for WinXP.

Does anybody else have any thoughts on this. Personally I found two areas of interest "Windows XP is not real" and "Services-based architecture".

I'm currently running a dual-boot 98 & XP, but this page has made me seriously consider dropping XP altogther and "migrating to Linux" when Win98 is no longer viable. Or am I having a "knee-jerk" reaction?

Regards,

waywyrd :unsure:

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...