From: Virus Guy <Virus@Guy.C0M>
Apd wrote:
> "Shadow" wrote:
> > Amazing, Virus guy still uses Win98. I hadn't noticed.
> > Either that or he munges his headers.
Yes, I still primarily use win-98 on two systems, one of which (the one
I'm posting this from) has 2 gb of ram and several 1TB sata hard drives.
>>He's probably safer than if he used Win 10 though, so maybe he
>>has a point.
>
> Indeed. Malware writers are lazy an will likely be using whatever
> development frameworks are currently available.
No, I think its more true that malware writers and botnet operators will
jump on the most recent vulnerability discoveries and leverage them
before updates and patches are installed.
> It's unlikely they'll be deliberately targeting systems below XP.
> BTW, I'm posting this from Windows 2000, the best version MS ever
> made!
Windows 2k and XP were the most vulnerable NT-based operating systems to
ever be put into use. It's more accurate to say that they functioned
primarily more as trojan-hosting systems than end-user productivity
tools. At least for XP, given that Win-2k use was far more limited than XP.
I posted the following in April 2014. The take-home message being this:
Win-9x/me was, either by design or "dumb luck", a far less vulnerable OS
in terms of it being made to reliably be tripped up by exploit code
(heap spray, buffer-over-run exploits) than the NT line. 9x/me was
never vulnerable to network worms the way NT was - because of all the
open ports and services that OS's like 2K and XP turn on by default. In
fact, the default setting for file and print sharing is enabled for XP,
but is disabled for 9x/me.
The truth is that Win-9x/me has alway been harder to break into from a
remote access point vs the NT line (2k/XP etc). The term "internet
survival time" was coined as a way to measure how long it would take for
fresh install of win-2k or XP-SP0/1 to be hacked by a worm when the
computer was directly connected to the internet for the first time (with
no firewall or nat-router).
Typically, back in 2001 to 2004 your win-2k or XP system with a fresh
install would be hacked in 10 to 20 minutes - with no user intervention
or action required! In fact, unless you were behind a nat-router (which
was a new concept for residential DSL connections back 10+ years ago)
you had a hard time performing your first on-line update before your
system was hit by a network worm.
++++++++++++++++++++++++++++++++++++++++++
Posted to various XP newsgroups in April 2014:
When MS stopped supporting Win-98 in July 2006, there was a grand total
of 33 security issues that had been identified during it's 7-year
lifespan:
=======================
Vulnerability Report: Microsoft Windows 98 Second Edition:
http://secunia.com/advisories/product/13/?tas...
Affected By:
33 Secunia advisories
22 Vulnerabilities
Unpatched:
9% (3 of 33 Secunia advisories)
Most Critical Unpatched:
The most severe unpatched Secunia advisory affecting Microsoft Windows
98 Second Edition, with all vendor patches applied, is rated Less
critical.
=======================
Now compare that to the most current (and probably very close to the
final tally):
Vulnerability Report: Microsoft Windows XP Professional:
========================
http://secunia.com/advisories/product/22/?tas...
Affected By:
446 Secunia advisories
668 Vulnerabilities
Unpatched:
10% (44 of 446 Secunia advisories)
Most Critical Unpatched: The most severe unpatched Secunia advisory
affecting Microsoft Windows XP Professional, with all vendor patches
applied, is rated Highly critical.
========================
Over the past year, the number of "Secunia" advisories for XP has been
increasing at the rate of about 2.5 per month, and the number of
vulnerabilities has been increasing at the rate of 7 per month. In Dec
2012 there was 44 unpatched vulnerabilities. That number hasn't changed
in 15 months.
The truth is that Win-9x/me has alway been harder to break into from a
remote access point vs the NT line (2k/XP etc). The term "internet
survival time" was coined as a way to measure how long it would take for
fresh install of win-2k or XP-SP0/1 to be hacked by a worm when the
computer was directly connected to the internet for the first time (with
no firewall or nat-router).
Typically, back in 2001 to 2004 your win-2k or XP system with a fresh
install would be hacked in 10 to 20 minutes - with no user intervention
or action required! In fact, unless you were behind a nat-router (which
was a new concept for residential DSL connections back 10+ years ago)
you had a hard time performing your first on-line update before your
system was hit by a network worm.
Win-9x/me was, either by design or "dumb luck", a far less vulnerable OS
in terms of it being made to reliably be tripped up by exploit code
(heap spray, buffer-over-run exploits) than the NT line. 9x/me was
never vulnerable to network worms the way NT was - because of all the
open ports and services that OS's like 2K and XP turn on by default. In
fact, the default setting for file and print sharing is enabled for XP,
but is disabled for 9x/me.
The "security" concept that is frequently mentioned with 9x vs NT is the
idea of being able to control what the local user can do with the
system, and it is true that the local user sitting at the 9x/me keyboard
has access to the entire system (all files, registry, etc).
But in terms of internet security and exposing a system to remote
exploit code, the NT line fell far short of being as invulnerable to
such exploit paths as 9x/me was, and the Secunia numbers posted above
are perfect examples of that.
--- NewsGate v1.0 gamma 2
* Origin: News Gate @ Net396 -Huntsville, AL - USA (1:396/4)
|
[GNG] Gated, Filtered alt.comp.a... 
