Microsoft releases VML fix for Windows 98 - Page 5

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View

Re: Microsoft releases VML fix for Windows 98


Quoted text here. Click to load it

The really sad part is most of the attacks are caused by the user at the
controls clicking something they shouldn't. :)



--
Dustin Cook
Author of BugHunter - MalWare Removal Tool
Version 1.9.3 Released September 8th, 2006
Last Pattern Update: September 28th, 2006
http://bughunter.it-mate.co.uk
Awarded 5 doves by completelyfreesoftware.com
100% clean award by softpedia.com
http://www.softpedia.com/progClean/BugHunter-Clean-50616.html


Re: Microsoft releases VML fix for Windows 98

Quoted text here. Click to load it



That's safety, rather than security.  

Security is more about regulating who can do what, rather than placing
hard limits on what can be done at all, and David's right; there's
nothing in Win9x that allows you to regulate whatever risks you've
made possible, on a per-user basis.

OTOH, the user security model is inherently flawed, because:
  - every process during a session has at least the rights of the user
  - no matter how limited, every user can edit their own data
  - so any process running during a session can kill data

What you need, and what Vista is beginning to provide, is a
permissions modem that is set on a per-application basis.  At least
now, we see IE as running with less rights than that of the user who
has logged on, and that's a start.

But limiting rights to do dangerous things is itself a weak approach,
if there is never a reason for those dangerous things to be possible.

Quoted text here. Click to load it

The benefit was because NT was designed to be a network chew-toy
(sorry, "client") whereas Win9x was designed as a stand-alone
single-user system that could be connected to networks.

But within the smaller and safer bubble of Win9x's ambitions,
cluelessness abounds; unsolicited HTML "message text" is processed
with the same imprudent rights as web sites you choose to visit, MIME
content isn't properly checked against file type, "View As Web Page"
allows any shared folder to act as a malware auto-launch point and
can't be properly disabled in Win98xx, etc.  

It's a mess, but a less-dangerous mess precicely because Win9x has no
pretensions to being secure.  The safety of Win9x may have been
stronger in the pre-IE4 days; IE4's desktop integration was the start
of a lot of bad ideas that we're still trying to stamp out in XP SP2.

Quoted text here. Click to load it

Rootkits would be a shrug, because you'd just do a 1.44M DOS mode boot
and scan for them.  Without being able to run, they're just roadkill.

It's interesting that there hasn't been a single pure network worm
(like Saphire, Lovesan, SQL Slammer, Sasser, etc.) that has attacked
Win9x, unless it has a SQL Server added to it.

The closest to pure worm clickless attack would be things entering via
File and Print Sharing, which Win9x cluelessly bound to TCP/IP on DUN
if it was enabled at all.  OpaServ is the classic example.

Other than that, all attacks on Win9x have been store-and-forward
(email) and/or user-initiated (visiting bad web sites) in nature.
These attacks are often clickless, e.g. thanks to IE's brain-dead MIME
handling that permeates OE and Outlook as well.  

But at least you don't get raped within 30 minitues of connecting to
the Internet, without even running any Internet apps.  You'd have to
mode "up" to "more secure" NT for that experience.

Quoted text here. Click to load it

No, not really.  MS is no longer allowing any software, irrespective
of what it claims to be, to fiddle with the bowels of the kernel.
This is a logical continuation of the trend from DOS to NT, where NT
disallows direct hardware access in the interests of stability.

Some av vendors would prefer an ongoing power struggle between malware
and av.  In an age of war, the warlord is king; force a peace, and the
ex-warlord is just another funny old man in jail.

Norton's track record is particularly dire in this regard; they have
already exploited deep system integration for their own ends, such as
deliberate persistance after uninstallation, and their embedded
commercial malware that DoS's you if it "thinks" you've broken
licensing terms (or malware changes mimic that effect).

So, would I trust them to be an exception to the "nothing gets to
screw up the kernel" rule?  No %^&$ing way... and even if I did, would
I extend that largess to other av vendors?  What about the 200+ fame
spyware scanners, should they get that access too?  If not, why not?
On what basis are some av seen as legit while others are not?

Nah - for once, I'm with MS on this one - if they do it properly.

Quoted text here. Click to load it

No, I think the next generation of computer needs to be be fully
controllable by the user, who should be able to:
  - boot Safe Mode while running NO integration points at all
  - boot a HD-independent maintenance OS to scan for infected code
  - manage all integration points from mOS and Safe Mode
  - have full control over all paths and storage locations
  - have full control over the new account template
  - have a safe viewing mode in normal Windows
  - have no auto-processing of newly-discovered HD volumes
  - do fully-interactive file system repair
  - do fully-interactive file system auto-repair after bad exit
  - have easy-to-understand data vs. code risk indication on all files
  - have the OS disallow any attempts to escalate this risk

I don't see all of this happening; in fact, I predict the shell will
be dumbed down to the point of unusability, where you won't really
know what files have been dredged up from where by the auto-search.

But it's possible that MS may get some things right, such as improved
control over integration points, and even a proper mOS!

Quoted text here. Click to load it

"Trust me, I'm a software vendor" heh heh.

No, I don't trust the ethics of any sware vendors at all, because
we've caught most of them (certainly, representitive vendors from
every sector) being not only clueless, but downright shifty.  

Sony heads the list, of course, followed by Norton, Real-daat-caam,
Apple, Adobe, Yahoo, etc. on maliciousness, with Sun taking the prize
for design cluelessness, Winamp for recurrent exploitability, and
Black Ice Defender beating out Trend for worst securityware disaster.

If you'd like to contest the above list, or add your own examples, do
reply and we can swap a few CCTV mugshots and horror stories  :-)

I'd say MS is something of a saint, compared to most of the above.
Think about it; we hear most about MS because they are common and
pervasive to all Windows systems, and prolly 90% of the code we run
(certainly in terms of bulk) may be theirs, unless we get into games
of course.  There's a higher disgust-per-byte factor with most of the
other vendors I listed, but because we use little or none of their
products, we are generally less disgusted with them   ;-)

The "tall poppy" problem is the biggest reason why I would not want to
see MS becoming a dominant av vendor.  Norton's relative market
dominance is enough of a "tall poppy" problem for them as it is.



Quoted text here. Click to load it
  Drugs are usually safe.  Inject? (Y/n)
Quoted text here. Click to load it

Re: Microsoft releases VML fix for Windows 98

<snipped for length concerns>

Thanks Chris and I copied and saved this as usual.

Re: Microsoft releases VML fix for Windows 98

David H. Lipman wrote:
Quoted text here. Click to load it

How come secunia.com mentions so many critical vulnerabilities in XP
Professional, XP Home and Windows 2000 Professional compared to only 3
less critical vulnerabilities in 98SE.

Re: Microsoft releases VML fix for Windows 98


Quoted text here. Click to load it

Wowa.. I missed this thread...

It really depends on what you guys mean by security. win9x has no file
system level security of any kind, and certainly no user privledge based
security. It can be hardened some by setting policies and removing the
policy editor from the machine. As for as securing it against an outside
attack, it handles better than XP has so far. :)


--
Dustin Cook
Author of BugHunter - MalWare Removal Tool
http://bughunter.it-mate.co.uk
Awarded 5 doves by completelyfreesoftware.com
100% clean award by softpedia.com
http://www.softpedia.com/progClean/BugHunter-Clean-50616.html


Re: Microsoft releases VML fix for Windows 98

Dustin wrote:
Quoted text here. Click to load it

Your last sentence is what I am most interested in because it is nice to
have a machine that is hardened against outside attack.  I really feel
this should be made more known to users that 98SE is stronger against
outside attack than XP is especially if XP is not configured properly.
Many users leave on such defaults as remote assistance and allowing
their machines to be controlled remotely.  That is like saying the door
is unlocked and enter anytime and come on in and take over all my
functions because I am too lazy to learn how to fix things myself and
must rely on another user to fix the issue for me.

Re: Microsoft releases VML fix for Windows 98


Quoted text here. Click to load it

That's the trick tho Dan, outside attack.  :)
I blame the major marketing forces for making security a second thought,
when it should be one of the first things you learn.
 



--
Dustin Cook
Author of BugHunter - MalWare Removal Tool
http://bughunter.it-mate.co.uk
Last updated: September 28th, 2006


Re: Microsoft releases VML fix for Windows 98

<snipped for length concerns>
Quoted text here. Click to load it

Exactly and even Gary S. Terhune, MVP who mentioned how he was working
on a machine remotely needed or needs to actually go to the machine to
fix the problem.  Gary or anyone else can correct me if I understood
this wrong.

Re: Microsoft releases VML fix for Windows 98

I'm still working on that one, Dan. Major issue is that when working
remotely one needs networking enabled. It's tempting to use Safe Mode w/
networking, but that's a bit scary to this novice administrator. I also
needed to wait until the machine wasn't needed for business and was hoping
that would be today. Unfortunately for me, it would appear that businesss is
booming. Just looked in on that machine and it looks like someone is using
it, someone who is too busy to answer the phone! Either that or someone
forgot to close out yesterday, which is quite unusual.

--

Gary S. Terhune
MS-MVP Shell/User

Quoted text here. Click to load it



Re: Microsoft releases VML fix for Windows 98

On Thu, 28 Sep 2006 20:55:45 GMT, "David H. Lipman"

Quoted text here. Click to load it

Bullcrap, David :) You must have a myopic, peculiar, and prejudiced
view of what constitutes hardening (and security).

Back around 1999, when I was a user of a single machine for home
use, I did quite a number of things to harden Win 98 original against
the then current types of malware. The two main things were:

1. Eradicate IE (and OE) quite thoroughly, starting with the use
of IERADICATOR. Note that this particular form of hardening is
impractical on all later versions of Windows, including Win ME,
since too much of Windows functiionality gets destroyed. But it
can realistically be done to Win 98.  
2. Disable NETBIOS and bind the internet adapter to TCP/IP
only. There was another item along these lines as well, for
which I can't now recall the details, but it had to do with
disabling something or other via renaming a file in plain
DOS to get rid of a "listening on a port" and get the machine
to the point where the netstat -an result was complelely
empty.

Other items included at least one critical OS patch (I consider
patching to be part of hardening), and uninstalling WSH to
eliminate at least one kind of scripting malware susceptability.
I ran that machine for years without any realtime av, firewall or
router .... and without any malware problems. For some
reason, I never missed not having IE, even though today I
would kinda miss it because of certain stupid web sites that
don't work without it.

Art
http://home.epix.net/~artnpeg

Re: Microsoft releases VML fix for Windows 98

Art wrote:
Quoted text here. Click to load it

These stupid websites probably need and use the Active X component of
Internet Explorer.  What is WSH <!?!>

Re: Microsoft releases VML fix for Windows 98


Quoted text here. Click to load it

Windows Scripting Host.

Art
http://home.epix.net/~artnpeg

Re: Microsoft releases VML fix for Windows 98

Art wrote:
Quoted text here. Click to load it

Of Course --- Brain Fart on my part. <grin and thanks for replying>

Yeah, I see that now in the Windows Accessories and I do not have that
installed.  Like I or anyone else here in this newsgroup needs Windows
to help us write our own scripts.  Please and give me and us a break. <grin>

Re: Microsoft releases VML fix for Windows 98


Quoted text here. Click to load it

Binding the Internet adaptor to netbeui or ipx/spx wouldn't make any
difference because tcp/ip is the only valid internet protocol.


Quoted text here. Click to load it

There's a bug which left a port listening if the client for ms
networks was bound to tcp/ip even if file and printer sharing was
unbound. However, there's no documented exploits of this bug and
unbinding file and printer sharing from tcp/ip is sufficient to stop
netbios sessions. It isn't necessary to unbind the client for ms
networks (whatever grc.com says)


Jim.


Re: Microsoft releases VML fix for Windows 98

On Thu, 28 Sep 2006 20:55:45 GMT, "David H. Lipman"

Quoted text here. Click to load it

Security, no.  Safety; oh yes... none of that RPC and LSASS stuff
exposed to direct Internet attack, no hidden admin shares, is
maintainable from DOS mode via HD or 1.44M boot, full user control
over Scandisk actions, fewer integration opportunities for Safe Mode!

Ironically, Win9x is often safer *because* it is "less secure".
There's no big Network Admin God set of functionalities for arbitrary
Internet entities to grab and use.

OTOH, out of the box it has lethal versions of IE and OE.

For someone on dial-up - who is never going to keep up with patching
etc. and doesn't understand firewalls and user account rights, Win9x
may be a far safer place to be than vintage XP or Win2000, and even XP
SP2 may be a debatable proposition.

That's as long as no MSware is used for web browsing or email.



Quoted text here. Click to load it
  Drugs are usually safe.  Inject? (Y/n)
Quoted text here. Click to load it

Re: Microsoft releases VML fix for Windows 98

cquirke (MVP Windows shell/user) wrote:
Quoted text here. Click to load it

    Great replies as usual, Chris.  Your posts almost always seem to
make lots of sense to me.  It is too bad that the general user does not
know about this information and just buys the cooperate line that since
it is old then it is outdated meaning a user must upgrade to the latest
and greatest.  LOL, I actually only access this newsgroup in 98SE due to
security reasons and now use Mozilla Thunderbird instead of Outlook
Express which is no longer supported at least on 98SE boxes.  The
solution seems to be to use open source products that are not tied to
Microsoft end of support and are relying on people like myself who use
98SE.  Heck, I think it is so sweet that Logitech is willing to have a
laser mouse come out for 98SE as well as supporting current os like XP.
I think I will have to buy one of these mice just for fun to see how
well it works in 98SE.  I may even end up using it at work since I am
pleased with the two mice I have -- an optical Internet Explorer 3.0
mouse connected via USB and an older PS/2 mouse with an actual wheel
inside that has a DOS driver for older DOS games that I play and enjoy.
  Actually, I find it surprising that so few people have fairly current
boxes such as myself and do not use 98SE for functionality with older
software.
    It would take up too much space to have multiple computers set up
around my home and then there is the issue of making sure the hardware
still works on the older machines.  I much prefer to have one computer
going at a time at home so it is not too overwhelming.  Hmm, I may just
have to connect my old IBM PCjr computer again from when I was really --
really young -- <grin> and relive the days of 3 sounds at once in King's
Quest 1 with EGA (Extended Graphics Adapter), no hard drive, no sound
card of course and a smaller monitor, and also having only 640 kb's of
memory --- Ahh, the days of simplicity <smile>
    Actually, it was gaming that originally contributed to my love of
computers and then the Internet that made me really interested in
computers.  It is just amazing that something like Google exists and you
can use it to find places, downloads, information, etc.  The cell phone
and email are nice too but the convenience of a search engine like
Google's engine is just amazing.

Re: Microsoft releases VML fix for Windows 98

Dan wrote:
<snip>
Quoted text here. Click to load it
<snigger>

Dustin? Is that you Dustin?



Re: Microsoft releases VML fix for Windows 98

Re: Microsoft releases VML fix for Windows 98

Great. Does this mean you will FINALLY stop torturing everyone
here with your incessant prattling on this largely irrelevant
subject?

Re: Microsoft releases VML fix for Windows 98

thanatoid wrote:
Quoted text here. Click to load it

It is not irrelevant.  It is important to keep 98(+98SE) machines up to
date especially since world-wide the usage is above Apple at around 3%
and above Windows ME as well which is about 1%.

http://news.softpedia.com/news/Microsoft-Owns-96-97-of-Global-OS-Market-33363.shtml

<copied below for those who do not go to potentially unsafe web sites>

OneStat.com, a provider of real-time intelligence web analytics has
revealed via a press release that Microsoft's solutions are dominating
the OS global market. In this context, the analytics company
has centralized data from an estimated 50.000 subscribers in excess of
100 countries. The conclusions emitted are that Microsoft amassed a
global usage share of 96.97% with just three products.

While Windows 2000 is the second most popular operating system in the
world being found on 6.09% of machines, Windows XP is the incontestable
leader, amounting 86.80% of the OS market. Coming in third is another
Microsoft solution. Windows 98 was deemed obsolete by the Redmond
Company that has even stopped delivering support for the operating
system that still runs 2.68% of the world's computers.

Macintosh is fourth with 2.32%, but immediately followed by yet another
Microsoft title, Windows ME with 1.09%. Open source solutions have
scored a disappointing position, Linux accounting just for 0.36%, while
Windows NT came in seventh position with 0.24%. With a 0.15% Macintosh
Power PC closes the rank in last place.

21st of August 2006, 12:37 GMT | Copyright (c) 2006 Softpedia |

Site Timeline