From: Shadow <Sh@dow.br>

On Sun, 16 Sep 2018 11:19:32 -0400, Virus Guy <Virus@Guy.C0M> wrote:

Apd wrote:

"Shadow" wrote:

Amazing, Virus guy still uses Win98. I hadn't noticed.
Either that or he munges his headers.

Yes, I still primarily use win-98 on two systems, one of which (the one
I'm posting this from) has 2 gb of ram and several 1TB sata hard drives.

I seem to remember that win 98 could only address up to 64MB
of RAM. That was one of the reasons I switched to XP in 2006 or so.

He's probably safer than if he used Win 10 though, so maybe he
has a point.

Indeed. Malware writers are lazy an will likely be using whatever
development frameworks are currently available.

No, I think its more true that malware writers and botnet operators will
jump on the most recent vulnerability discoveries and leverage them
before updates and patches are installed.

It's unlikely they'll be deliberately targeting systems below XP.
BTW, I'm posting this from Windows 2000, the best version MS ever
made!

Windows 2k and XP were the most vulnerable NT-based operating systems to >ever be put into use. It's more accurate to say that they functioned >primarily more as trojan-hosting systems than end-user productivity
tools. At least for XP, given that Win-2k use was far more limited than XP.

I posted the following in April 2014. The take-home message being this:

Win-9x/me was, either by design or "dumb luck", a far less vulnerable OS
in terms of it being made to reliably be tripped up by exploit code
(heap spray, buffer-over-run exploits) than the NT line. 9x/me was
never vulnerable to network worms the way NT was - because of all the
open ports and services that OS's like 2K and XP turn on by default. In >fact, the default setting for file and print sharing is enabled for XP,
but is disabled for 9x/me.

The truth is that Win-9x/me has alway been harder to break into from a
remote access point vs the NT line (2k/XP etc). The term "internet
survival time" was coined as a way to measure how long it would take for >fresh install of win-2k or XP-SP0/1 to be hacked by a worm when the
computer was directly connected to the internet for the first time (with
no firewall or nat-router).

Typically, back in 2001 to 2004 your win-2k or XP system with a fresh
install would be hacked in 10 to 20 minutes - with no user intervention
or action required! In fact, unless you were behind a nat-router (which
was a new concept for residential DSL connections back 10+ years ago)
you had a hard time performing your first on-line update before your
system was hit by a network worm.

++++++++++++++++++++++++++++++++++++++++++

Posted to various XP newsgroups in April 2014:

When MS stopped supporting Win-98 in July 2006, there was a grand total
of 33 security issues that had been identified during it's 7-year
lifespan:

=======================
Vulnerability Report: Microsoft Windows 98 Second Edition:

http://secunia.com/advisories/product/13/?task=advisories

Affected By:
33 Secunia advisories
22 Vulnerabilities

Unpatched:
9% (3 of 33 Secunia advisories)

Most Critical Unpatched:

The most severe unpatched Secunia advisory affecting Microsoft Windows
98 Second Edition, with all vendor patches applied, is rated Less
critical.
=======================

Now compare that to the most current (and probably very close to the
final tally):

Vulnerability Report: Microsoft Windows XP Professional:

======================== >http://secunia.com/advisories/product/22/?task=advisories

Affected By:
446 Secunia advisories
668 Vulnerabilities

Unpatched:
10% (44 of 446 Secunia advisories)

Most Critical Unpatched: The most severe unpatched Secunia advisory >affecting Microsoft Windows XP Professional, with all vendor patches
applied, is rated Highly critical.
========================

Over the past year, the number of "Secunia" advisories for XP has been >increasing at the rate of about 2.5 per month, and the number of >vulnerabilities has been increasing at the rate of 7 per month. In Dec
2012 there was 44 unpatched vulnerabilities. That number hasn't changed
in 15 months.

The truth is that Win-9x/me has alway been harder to break into from a
remote access point vs the NT line (2k/XP etc). The term "internet
survival time" was coined as a way to measure how long it would take for >fresh install of win-2k or XP-SP0/1 to be hacked by a worm when the
computer was directly connected to the internet for the first time (with
no firewall or nat-router).

Typically, back in 2001 to 2004 your win-2k or XP system with a fresh
install would be hacked in 10 to 20 minutes - with no user intervention
or action required! In fact, unless you were behind a nat-router (which
was a new concept for residential DSL connections back 10+ years ago)
you had a hard time performing your first on-line update before your
system was hit by a network worm.

Win-9x/me was, either by design or "dumb luck", a far less vulnerable OS
in terms of it being made to reliably be tripped up by exploit code
(heap spray, buffer-over-run exploits) than the NT line. 9x/me was
never vulnerable to network worms the way NT was - because of all the
open ports and services that OS's like 2K and XP turn on by default. In >fact, the default setting for file and print sharing is enabled for XP,
but is disabled for 9x/me.

The "security" concept that is frequently mentioned with 9x vs NT is the
idea of being able to control what the local user can do with the
system, and it is true that the local user sitting at the 9x/me keyboard
has access to the entire system (all files, registry, etc).

But in terms of internet security and exposing a system to remote
exploit code, the NT line fell far short of being as invulnerable to
such exploit paths as 9x/me was, and the Secunia numbers posted above
are perfect examples of that.

Nevertheless, I'm still going to use XP. Have not used a
resident AV for more or less 5 years now.
A very large number of softwares no longer work on 98. And Win
8 - 10 (and to a lesser extent Win 7) are just dumb terminals now.
[]'s

PS Anything won't work on XP, I use Devuan 2.0. Except for
Firefox, which is a security nightmare, it's pretty "safe". No
systemDisease.
--
Don't be evil - Google 2004
We have a new policy - Google 2012
--- NewsGate v1.0 gamma 2
* Origin: News Gate @ Net396 -Huntsville, AL - USA (1:396/4)

From: "Apd" <not@all.invalid>

"Virus Guy" wrote:

Apd wrote:

"Shadow" wrote:

He's probably safer than if he used Win 10 though, so maybe he
has a point.

Indeed. Malware writers are lazy an will likely be using whatever
development frameworks are currently available.

No, I think its more true that malware writers and botnet operators will
jump on the most recent vulnerability discoveries and leverage them
before updates and patches are installed.

That's true, and those vulns will likely apply only to the monstrosity
that is Win 10. However, to deliver the exploits they're unlikely to
be using a 32 bit executable built with Visual Studio 6 or a script
that will even run on my system.

It's unlikely they'll be deliberately targeting systems below XP.
BTW, I'm posting this from Windows 2000, the best version MS ever
made!

Windows 2k and XP were the most vulnerable NT-based operating systems to
ever be put into use. It's more accurate to say that they functioned primarily more as trojan-hosting systems than end-user productivity
tools. At least for XP, given that Win-2k use was far more limited than XP.

You have a point about the early NT systems having all manner of
unnecessary services running by default with ports open to the
internet. That's why I've configured my Win2k to have minimal services
running and further tweaked it to close any other listening ports that
I don't specifically require for the current network task. Network
access is also completely disabled when I'm not actively using it.


--- NewsGate v1.0 gamma 2
* Origin: News Gate @ Net396 -Huntsville, AL - USA (1:396/4)

From: Diesel <me@privacy.net>

Virus Guy <Virus@Guy.C0M> news:pnls75$5on$1@news.mixmin.net Sun, 16
Sep 2018 15:19:32 GMT in alt.comp.virus, wrote:

Windows 2k and XP were the most vulnerable NT-based operating
systems to ever be put into use. It's more accurate to say that
they functioned primarily more as trojan-hosting systems than
end-user productivity tools. At least for XP, given that Win-2k
use was far more limited than XP.

Ehm. You're still spewing complete horse #### as factual information.
Win2k and XP are by far, not the most insecure flavors of NT to
exist. You're writing from your arsehole concerning subject matter
you barely understand. We've been over this, many many times before.
Nothings changed since the last time you spewed your nonsense.

The truth is that Win-9x/me has alway been harder to break into
from a remote access point vs the NT line (2k/XP etc).

Actually, no, it hasn't. By default, as in out of the box, netbios
was bound to your tcp/ip stack. Which made remote drive mapping a
very friendly prospect if you weren't behind a 3rd party firewall.

"internet survival time" was coined as a way to measure how long
it would take for fresh install of win-2k or XP-SP0/1 to be hacked
by a worm when the computer was directly connected to the internet
for the first time (with no firewall or nat-router).

That's not a fair or reasonably sound test, either. It had visible
ports with buggy server side software listening. With a firewall,
those ports wouldn't be available to the outside world unless you
made firewall rules stating they should be. If you intentionally
cripple your defenses by limiting and/or disabling them, then you
deserve to be 0wned.

Typically, back in 2001 to 2004 your win-2k or XP system with a
fresh install would be hacked in 10 to 20 minutes - with no user
intervention or action required!

That wasn't a set in stone deal. And, only an idiot would surf the
net on a windows (any windows) system in the dmz and/or with a
disabled firewall. It's a stupid thing to be doing. Btw, your win9x
machines without a firewall were (and still are) vulnerable to a
variety of tcp/ip based exploits. A firewall is your friend.

In fact, unless you were behind a nat-router (which was a new
concept for residential DSL connections back 10+ years ago) you had
a hard time performing your first on-line update before your system
was hit by a network worm.

Bull####. Zone alarm, tinyfirewall, etc would have kept you safe in
the event you weren't behind a nat based firewall. I don't know where
your getting your figures from, but, DSL/cable with firewalls have
been common place for a bit more than a decade now. Atleast in this
area. Perhaps if you live in a very rural place, it took longer...

You write as if the world would end the moment you plugged a cable
into an XP machine to give it internet access and that's just not so
in real life.

Posted to various XP newsgroups in April 2014:

And it was just as wrong then, too. It's no secret that for whatever
crazy misinformed reason you think windows 9x is far more secure than
the later NT editions, but, it doesn't make it so. It just shows that
you're a paranoid and extremely misinformed individual.

When MS stopped supporting Win-98 in July 2006, there was a grand
total of 33 security issues that had been identified during it's
7-year lifespan:

The "security" concept that is frequently mentioned with 9x vs NT
is the idea of being able to control what the local user can do
with the system, and it is true that the local user sitting at the
9x/me keyboard has access to the entire system (all files,
registry, etc).

Not just the user, but any/every single program the user runs.
There's nothing on a windows 9x system to compartmentalize damage or
restrict where and what a program you ran has access too. Nothing
stops it from accessing any file on your hard disk it likes. There's
no permissions, no security, nothing. A simple virus written in the
late 90s/early 00s can *easily* take your entire machine within
minutes. You have NO SECURITY features on your OS which would even
slow the process down. What's more, your OS doesn't have to emulate
the code, it can run it real; which allows full functionality and
minimal risk of a code crash. Where as with NT based systems, it's
emulated and the risk of failure is higher.

That's not even including the security permissions that could
restrict and/or limit what the virus can access and how deep it can
get into your machine as far as infections goes.

I've offered you a sample to play with and get owned by on more than
one occasion, but, you've yet to put your money where your mouth is
and put windows 9x 'security' to the test with something that *will*
take it from you.

But in terms of internet security and exposing a system to remote
exploit code, the NT line fell far short of being as invulnerable
to such exploit paths as 9x/me was, and the Secunia numbers posted
above are perfect examples of that.

No, they aren't. Many of those exploits came via browser surfing with
IE and users doing stupid things, just as they did with Windows 9x.
The only exception being, on NT, the malware they just installed
isn't actually everywhere on the NT machine; it has restricted
access. Where as with the windows 9x system, even the mbr is up for
grabs and modification. Total, 0wnage before windows 9x even boots,
if one wants to go that route.

I know that nothing I or anyone else writes is ever going to change
your opinion, and, I don't much care. I don't respond to you
expecting you to realize you're wrong, it's for the benefit of anyone
who's read your logical on the surface (but still inaccurate results)
rants concerning the so called superior security windows 9x offers
over NT.

There's something else about windows 9x I've never seen you mention.
You either don't run into the problem because your machines don't run
24/7, or you have, and have just learned to deal with it. After so
many days, windows 9x (me included) has to be hard reset. It cannot
run for say, 90 days at one time. NT systems can. I believe around
the 42, 43rd or so day, the systems resources are depleted (due to
memory leaks) and a reset has to be performed to regain use of the
machine. I know this because I've seen it, many times, first hand.
And, it's a documented issue with microsoft, too. It's actually quite
known amongst repair tech circles. It's why windows 9x makes for a
horrible host for an FTP server. It was never fixed, it'll never be
fixed. It was present since windows 3x and carried all the way to
Windows ME.

Another thing you probably don't know about the windows code base
iterations. Everything that isn't NT based still had actual DOS/early
windows 3.x native code present in their executables and libraries.
Yep, you read that correctly. MS recycled and recycled and recycled.

Windows 9x is still, to this day, a glorified (using an MS version of
time slicing to give you the false impression of multi tasking) shell
riding on top of, in lieu of (as is the case with NT based systems)
DOS. It's a shell. An advanced shell, but a shell non the less.
Windows ME tried to hide the fact it was still DOS based by making it
more difficult to reach a command prompt on startup. Flipping a
couple of bytes in IO.SYS would cause it to act like Windows 9x
again; which it was based on, and did so poorly, MS pulled it from
the sales distribution channels three months after it's release.

If you'd like to discuss operating system history in greater detail
sometime, lemme know. It's a subject that's always interested me.
Primarily because I've watched the systems change throughout the
years... When you've been doing I.T professionally for as long as I
have (and many like me), it's not history so much as it's a trip down
memory lane for us.

--
To prevent yourself from being a victim of cyber
stalking, it's highly recommended you visit here: https://tekrider.net/pages/david-brooks-stalker.php ===================================================
Death is God's way of dropping carrier.
--- NewsGate v1.0 gamma 2
* Origin: News Gate @ Net396 -Huntsville, AL - USA (1:396/4)