 sj |
||
|
||
Tech: Win98 and WinME Security
|
|
|
|||||||
|
Tech: Win98 and WinME Security |
Share Thread
|
||||||
|
Subject: Tech: Win98 and WinME Security From: JohnInKansas Date: 11 Mar 05 - 04:14 AM Win98 and WinME are no longer supported versions, and Microsoft has indicated that no future updates will be released for them except in the case of "Serious Security Patches." Two such "Serious" patches have been released for Win98 and for WinME during the past week. These patches were released for WinXP, Win2K, and other "autoupdated" versions a couple of months ago. Information on these two fixes, particularly for Win98 and WinME users, is at: Microsoft Security Bulletin MS05-002 Microsoft Security Bulletin MS05-015 Both patches can be obtained by Win98 and WinME users from the Windows Update Web Site Although Win98 and WinME cannot get automatic updates, Microsoft has offered to provide email notification of any future updates for those who register for: Microsoft Security Notification Service: Comprehensive Version Note that some "localized versions" of Windows may not be able to use the Windows Update Web Site. The MS05-002 bulletin gives separate places to get that patch for users of Windows localized for Slovenian, Slovakian, and Thai users. The links above are from US English sources, so other users should verify that they are appropriate for their localizations. John |
|
Subject: RE: Tech: Win98 and WinME Security From: gnomad Date: 11 Mar 05 - 10:53 AM I propose a vote of thanks to John, who regularly beats the "official" service I use in bringing such things to my attention. I am no techie, and I regularly learn things from John's postings, so.. THANKS A LOT, JOHN. |
|
Subject: RE: Tech: Win98 and WinME Security From: JohnInKansas Date: 11 Mar 05 - 12:03 PM I don't usually post "routine" stuff, because most people who get automatic updates will get them. Since Mickey doesn't routinely update the old systems, and hasn't had a way set up to notify people who use them, this one seemed worth noting. We do still seem to have a lot of Win98 and WinME users - and some of them might like to sign up for the email notices in case another one comes along. John |
|
Subject: RE: Tech: Win98 and WinME Security From: Bonnie Shaljean Date: 12 Mar 05 - 10:08 AM I second Gnomad's vote of thanks to John, without whom I too would miss a lot of stuff. I was going to write this yesterday but clicked off instead to sign up for the email notifications and got side-tracked... I have one puter with XP and an older one with W98 which I keep specifically because it's old and at least some of the nastier bilge floating around out there is not written for it. Great work, John - |
|
Subject: RE: Tech: Win98 and WinME Security From: The Fooles Troupe Date: 12 Mar 05 - 09:48 PM No offence, but that MS security notification site wants a .NET password - a highly proprietry thing that seems to not like Win98... the window just hangs... |
|
Subject: RE: Tech: Win98 and WinME Security From: JohnInKansas Date: 12 Mar 05 - 10:40 PM Foolestroupe - The .NET password probably needs you to allow cookies for that site. It shouldn't matter what OS you're using, but it may work best with IE as your browser. You don't have to turn on cookies for anything but that ONE SPECIFIC SITE if you don't want to. In IE, click Tools, click the Privacy Tab, Click Advanced and type the site name/URL, then click either Allow or Deny to tell IE whether to accept or refuse their cookie. Other browsers should have similar options, but I can't advise on them. The purpose of the .NET password is to allow you to log in once, to .NET, and get a cookie. Other sites who are .NET members can look for the cookie and for most routine purposes don't have to make you log in separately at each site. It will NOT allow them to let you into sites/pages for secure transactions without whatever login they (the other sites) normally use for such business. If there's a problem with getting onto .NET, it's more likely browser settings than that you're using Win98. John |
|
Subject: RE: Tech: Win98 and WinME Security From: The Fooles Troupe Date: 13 Mar 05 - 08:45 AM Ta John - I automatically deny cookies without thinking - even manually when asked... Now I know that the .NET passport is just another cookie, I won't wipe it... |
|
Subject: RE: Tech: Win98 and WinME Security From: JohnInKansas Date: 13 Mar 05 - 12:48 PM The .NET passport has worked, sort of, to let you wander around a few places without constantly loggin in at each site; but they never got quite the site participation they had hoped for. There have been rumors of plans to discontinue it and provide "something stronger." For now, it's sometimes a help and seems to do little harm. In order for it to do any good, you have to log into .NET when you start to browse. The .NET login lets sites that you visit - if they're >NET participants - know that you've identified yourself as "the person who normally uses your machine." If you need to access personal information, the site should require a separate secure login in addition to your .NET credential. Hotmail email is a prime example of a site that "doesn't understand .NET." Hotmail (usually) uses your .NET login for access to your personal email; but they often don't accept your "general login" and make you do it over, just for them, when you open your email. You should log out when you leave any "personal account," to prevent someone from "spoofing" their way into your "open" account; but if you log out at hotmail, it logs you out of all .NET functions. Another evidence that MSN doesn't understand Microsoft. They don't play well together. The number of sites that actually use .NET is pretty low, so it's not a big deal to log back in if you happen to go to another one that wants it, but hotmail misuses it in a way that makes it less useful to everyone else. When you log in with .NET, the cookie you get shows a ".NET identity." It doesn't carry any significant personal identification. It just shows, when you log back in, that you are "likely to be the same person who originally got that .NET ID." If you have your .NET cookie when you go through the user registration required by some sites, the site can look for the .NET ID to confirm that you're the "same person who registered," and can let you "autologin" for routine access. The individual site should still require its own site and account specific login before connecting you to any "personal information" like billing and orders, etc. John |
|
Subject: RE: Tech: Win98 and WinME Security From: The Fooles Troupe Date: 14 Mar 05 - 08:18 AM Ok John, now I'm scratching my head, and thinking 'and the whole point was'... :-) Was that designed by the guy who painted the office walls & windows black, smashed the light bulbs and put sand on the floor? God Save Us From The Helpful Idiots At Microsoft! Sort of like leaving the key under the door cause you don't want to take it to work in case you leave it there.... |
|
Subject: RE: Tech: Win98 and WinME Security From: JohnInKansas Date: 14 Mar 05 - 09:05 AM Foolestroupe - Its not as bad as it sounds, perhaps. When you log in for the .NET Passport cookie, the login itself is as "secure" as most bank logins. You get a temporary cookie that identifies you as .NET user #16943590743 or something. If that's the same number you had when you did a login somewhere else, they can assume it's you, with reasonably safety, since you're the only one who's supposed to be able to log in and get "your" cookie. Since the .NET cookie is a temporary one, it should disappear immediately if you close your browser. Any site that intends to exchange personal information about you should require a separate login AND transfer you to a secure connection before making any of that information accessible - to you or to anyone else. They should NOT USE YOUR .NET PASSWORD to log you in for exchange of personal info on their own site. Hotmail does use your .NET password to log you into your email, which "ain't how it's supposed to be done" - according to their own rules. The .NET cookie is helpful, since a site that "knows you" by your .NET cookie can send you directly to their login page, but would likely send someone they "don't know" to a page to "open an account" or some such other place where you'd need to jump through a bunch of hoops for them. John |
|
Subject: RE: Tech: Win98 and WinME Security From: GUEST Date: 22 Mar 05 - 12:56 AM Hey John -- I downloaded those "serious" patches (I use W98SE) and my Internet Explorer has been crashing ever since, and so does Mozilla Firefox. I get the dreaded blue screen. The only way I can be online is to use Opera. Any ideas what's going on here? Thanks, Michael |
|
Subject: RE: Tech: Win98 and WinME Security From: michaelr Date: 22 Mar 05 - 01:01 AM Oops, that was me! |
|
Subject: RE: Tech: Win98 and WinME Security From: JohnInKansas Date: 22 Mar 05 - 04:44 AM Michael - Sorry, I don't have Win98 running to look at it. My last survivor with Win98 committed suicide by frying the graphics card. My recollection is that most of the Win98 bluescreens I ran into were largely a matter of more programs than memory, or programs that tried to use "unapproved" methods for accessing memory or drives. It's possible that the security patches blocked an "illegal access" method that one of your programs is still trying to use. I believe that some of the fine print said that Microsoft will provide support for the patches, even though Win98 and WinME themselves are "out of warranty." I'd suggest checking with Mickey's support to complain. Most of the features affected by recent patches can be modified by fairly simple tweaking of settings, but I have no way of looking at what might work. John |
|
Subject: RE: Tech: Win98 and WinME Security From: JohnInKansas Date: 22 Mar 05 - 04:50 PM Michael - Both of the Update Articles (first two links in first post of the thread) include: "Customers in the U.S. and Canada can receive technical support from Microsoft Product Support Services at 1-866-PCSAFETY. There is no charge for support calls that are associated with security updates." "International customers can receive support from their local Microsoft subsidiaries. There is no charge for support that is associated with security updates. For more information about how to contact Microsoft for support issues, visit the International Support Web site." The US/Canada phone number, if I translated it right, is: 1-866-PCSAFETY = 1-866-727-2338-9 (The "extra 9" at the end may connect to a local extension, or may be just extraneous to make it spell something.) A general article that might be helpful, if you can find a reference to the specific symptoms you're getting, is at Issues after you install updates to Internet Explorer or Windows. I don't see an indication of whether the Win98 and WinME included cumulative security issues, but the usual procedure for "Critical Updates" is to include all prior such patches, so problems caused by earlier patches could have popped up. This article is a "cumulative summary" with separate links to more specific info on each of over a dozen separate issues. Although only a few of the issues are specific to Win98 or WinME many of them relate to IE issues that could apply to any OS version. I don't find any indication that a significant number of people have had problems with these patches, and everything included in them was widely distributed to users of current OSs some time ago. Use with Win98 and WinME is still fairly "new" so something may pop up later. The support guys may have identified "common glitches" that haven't been published yet. One common "user specific" cause of failure after security update is the presence of something on the machine that uses an "unapproved/illegal" process that got blocked by the update. 1. Viral malware is commonly in this category, but we can assume that you've been using AV with current definitions, so that's unlikely. There is the possibility that an old infection was not completely removed, and remnants in Startup and/or registry could still be making a call to a blocked service. 2. Spyware is a common source of problems like this, but we can assume that you've been using current versions with current signature updates of both Spybot and AdAware on a regular basis. Here, as well, there's the possibility that a very old infection, not completely cleaned out, could have left remnants, especially if you've just "deleted" the .exe file but didn't look for registry entires, startup .dll or data files, etc. 3. Adware is a separate category. Much of this is detected by the AntiSpyware utilities, but quite a lot of it - especially search toolbars - looks like "a program you want" and will be ignored. (Your Google/Yahoo toolbar is one of these, and others can disguise themselves in the same manner.) "Freebie" games often carry Adware that isn't removed when you uninstall the game. As an example only: "This problem can occur if you open the e-mail attachment game "Yo Mama, Osama". This is a game that offers free phone products if you can shoot Osama Bin Laden…." Info at KB Article 312931, but this is just an example, so look only if curious - (or you've played the game). But we can assume that you have never run a game or installed a program just because it's free and looks harmless.? 4. Multiple applications of the same kind, that use shared resources can theoretically cause a problem. As an example, the browser set as your default browser should load it's utilities at startup. Another browser, with the new rules after update, may not be able to load or access its own separate "version" of some shared or similar resource. I don't know that this is, or ever has been, a problem with the common browsers, but it's the kind of conflict that sometimes occurs. (Very rarely in one obsolete OS installation, I saw the situation where opening a specific graphics editing program first prevented subsequent run of a different similar program, but if you opened in the other order they both would work.) You could do a "quick test" by setting a different default browser, reboot, and see if things change. 5. Any "legacy" program that used non-compliant processes could find a required function "missing" after a (security esp.) patch. Normally the problem should appear only when you try to open the specifically affected program, so that's usually obvious. In other words, BTSOOM. No specific ideas here, but until/unless you can identify specifically where the failure happens and what specific process crashes it's impossible to guess where to tweak. John |
| Share Thread: |