Internet Explorer 6.0 Sp1 Component Update 3.0 for Windows 98
in [Internet Explorer 6]
|
From: 98 Guy on 16 Dec 2009 09:28 Full-Quoter MEB wrote: > So you intend to claim the benefit of installation, verses say, a > different application providing BETTER support for new formats... What the hell does that mean? What do you mean by a "different application"? If you're trying to ask why someone wouldn't use a different browser (Firefox, etc) instead of IE6, then why not just say that? Why are you always obtuse and vague in your use of language? The reason why you'd want to update these IE6 files is because they ARE hooked into by the operating system and using another browser is no garantee that those files will not be called upon for one task or another. > The cost is???? that to use these DOES AND WILL CONTINUE to > place these parties doing so in the position of NO knowledge > of what present vulnerabilities they have and NO way to > protect themselves from them. Why are you stating that the use of these patch files *will* confer vulnerabilities to win-98? How can you make such a claim? Give an example (by CVE or some other identifier) of a vulnerability that will result if these IE6 files are patched into a win-98 system. > The *TESTS* come from the fact that these supposed installable > files WILL be updated by Microsoft *for the supported OSs* > and Win9X will not receive them, Nothing you just said in that statement makes any sense. "these supposed installable files WILL be updated by Microsoft" It's not that they "will" be updated. They *ARE* being updated. What is the significance of that? " *for the supported OSs* and Win9X will not receive them" Microsoft states the applicability for those files. Win-9x WILL receive them if the user gives them to it. Microsoft will not place them in the list of files it serves for win-98 updates on the windowsupdate server because it has closed all new submissions 3 years ago. Microsoft's silience on ALL THINGS RELATING TO WIN-98 does not equate to a blanket statement that no files it releases for win-2K might be operable on win-98. You continue to ignore the fact that Microsoft's complete silence about win-98 does not mean that some patch files it has released in the past 3 years are perfectly compatible with it. We expect Microsoft not to tell us this even when it's true, because their own support policy forbids it. > nor will any fixes be designed to correct vulnerabilities > within 9X created by their installation. That is the largest flaw in your argument, for which you will not address here in public. Any vulnerability that *might* be caused by a peculiar interaction between win-98 and these files would presumably be a unique vulnerability that would not exist on win-2K. You propose that such a vulnerability would leave win-98 users exposed to a problem that Microsoft would never create a patch for, because the vulnerability would not exist under win-2K. The flaw in that argument is that any such hypothetical vulnerability would be extremely unlikely to ever be detected, because it would require that professional analysts, hobbyists or hackers would be examining the combination of win-98 with installed patches from win-2k looking for it. Given that current win-9x usage on the internet is estimated to be 0.1% (1 out of every 1000 computers in current use) it's highly unlikely that people are examining standard installations of win-98 for new vulnerabilities, let alone non-standard installations. A vulnerability that is never discovered by anyone can never become a threat. > If MSFN and those doing the same want to "keep Win98 alive" > then work on the well defined vulnerabilities at EOL and > correct those. How do you know that these "well defined" vulnerabilities are not corrected by the use of win-2k patch files? And note that Microsoft has never admitted to the existance of any vulnerabilities that win-9x has or had at EOL because microsoft became silent to all things pertaining to win-98 at EOL. And even before EOL, Microsoft made vague references to win-98 in their advisory bullitens to make it appear that the bullitens applied to win-98 - when in fact they did not.
From: N. Miller on 16 Dec 2009 10:28 On Wed, 16 Dec 2009 00:09:40 -0500, 98 Guy wrote: > It was speculated back in 2006 that most IE6 patches that Microsoft > released for Win-2K would be easily and seamlessly usable on win-98 > because they both use the exact same version (IE6-Sp1). Would you bet your life on untested speculation? Most parachutists, and rock climbers do not. -- Norman ~Oh Lord, why have you come ~To Konnyu, with the Lion and the Drum
From: MEB on 16 Dec 2009 12:57 On 12/16/2009 09:28 AM, 98 Guy wrote: > Full-Quoter MEB wrote: > >> So you intend to claim the benefit of installation, verses say, a >> different application providing BETTER support for new formats... > > What the hell does that mean? > > What do you mean by a "different application"? > > If you're trying to ask why someone wouldn't use a different browser > (Firefox, etc) instead of IE6, then why not just say that? > > Why are you always obtuse and vague in your use of language? > > The reason why you'd want to update these IE6 files is because they ARE > hooked into by the operating system and using another browser is no > garantee that those files will not be called upon for one task or > another. HAHAHAHAHA, so now you ADMIT that these are part of system activities rather than your other post's comments... SINCE THEY ARE and do affect the working within the OS, then the vulnerabilities included within the files DO affect the other programs AS WELL AS ANY MALWARE PROTECTIONS. > >> The cost is???? that to use these DOES AND WILL CONTINUE to >> place these parties doing so in the position of NO knowledge >> of what present vulnerabilities they have and NO way to >> protect themselves from them. > > Why are you stating that the use of these patch files *will* confer > vulnerabilities to win-98? > > How can you make such a claim? > > Give an example (by CVE or some other identifier) of a vulnerability > that will result if these IE6 files are patched into a win-98 system. Because you have EVERY PRIOR VULNERABILITY AND FIX listed at CERT as well as the present ones either now or will in the future. > >> The *TESTS* come from the fact that these supposed installable >> files WILL be updated by Microsoft *for the supported OSs* >> and Win9X will not receive them, > > Nothing you just said in that statement makes any sense. > > "these supposed installable files WILL be updated by Microsoft" > > It's not that they "will" be updated. They *ARE* being updated. What > is the significance of that? > > " *for the supported OSs* and Win9X will not receive them" > > Microsoft states the applicability for those files. Win-9x WILL receive > them if the user gives them to it. > > Microsoft will not place them in the list of files it serves for win-98 > updates on the windowsupdate server because it has closed all new > submissions 3 years ago. > > Microsoft's silience on ALL THINGS RELATING TO WIN-98 does not equate to > a blanket statement that no files it releases for win-2K might be > operable on win-98. > > You continue to ignore the fact that Microsoft's complete silence about > win-98 does not mean that some patch files it has released in the past 3 > years are perfectly compatible with it. We expect Microsoft not to tell > us this even when it's true, because their own support policy forbids > it. THEY ARE DESIGNED FOR THE SUPPORTED OSs *ONLY*. There is no need now, for Microsoft to include any code specific to Win9X activities and its OS workings in any NEW fixes since 2006, which it did PRIOR to EOL. That you idiots can't figure that out is telling of your mental facilities. > >> nor will any fixes be designed to correct vulnerabilities >> within 9X created by their installation. > > That is the largest flaw in your argument, for which you will not > address here in public. > > Any vulnerability that *might* be caused by a peculiar interaction > between win-98 and these files would presumably be a unique > vulnerability that would not exist on win-2K. You propose that such a > vulnerability would leave win-98 users exposed to a problem that > Microsoft would never create a patch for, because the vulnerability > would not exist under win-2K. > > The flaw in that argument is that any such hypothetical vulnerability > would be extremely unlikely to ever be detected, because it would > require that professional analysts, hobbyists or hackers would be > examining the combination of win-98 with installed patches from win-2k > looking for it. > > Given that current win-9x usage on the internet is estimated to be 0.1% > (1 out of every 1000 computers in current use) it's highly unlikely that > people are examining standard installations of win-98 for new > vulnerabilities, let alone non-standard installations. > > A vulnerability that is never discovered by anyone can never become a > threat. That's the stupidest argument you've made yet. A vulnerability exist when someone OUTSIDE the malware writer/hacker community *discovers* it. OTHERWISE, it *remains* an unknown attack vector to the public. In Win9X, there aren't a sufficient number of QUALIFIED coders and programmers looking for any NEW vulnerabilities produced BY THESE non-standard installations, because NO ONE in the protection community is looking. > >> If MSFN and those doing the same want to "keep Win98 alive" >> then work on the well defined vulnerabilities at EOL and >> correct those. > > How do you know that these "well defined" vulnerabilities are not > corrected by the use of win-2k patch files? > > And note that Microsoft has never admitted to the existance of any > vulnerabilities that win-9x has or had at EOL because microsoft became > silent to all things pertaining to win-98 at EOL. > > And even before EOL, Microsoft made vague references to win-98 in their > advisory bullitens to make it appear that the bullitens applied to > win-98 - when in fact they did not. Many did when applied in a specific fashion, others were included because IE6 was never properly ported for Win9X usage in the first place and Microsoft was unsure since it was not really interested in Win9X in the years leading up to EOL. If it were, it would have corrected the large file manipulation issues and other BROKEN or vulnerable aspects in the Win9X OS. Microsoft DIDN'T; that should spell it out rather clearly to even the most dense on the planet. -- MEB http://peoplescounsel.org/ref/windows-main.htm Windows Info, Diagnostics, Security, Networking http://peoplescounsel.org The "real world" of Law, Justice, and Government ___---
From: 98 Guy on 16 Dec 2009 20:28 "N. Miller" wrote: > > It was speculated back in 2006 that most IE6 patches that > > Microsoft released for Win-2K would be easily and seamlessly > > usable on win-98 > > Would you bet your life on untested speculation? Most > parachutists, and rock climbers do not. Most parachutists and rock climbers do not pack computers running windows-98 as part of their survival gear. Any computer that is running mission-critical or life-support functions should theoretically not have an internet connection and should not allow the user to "surf the web" while in operation. So your hyperbolic analogy doesn't really apply. Microsoft has identified certain reasons to release new versions of files related to IE6-SP1. The have done so periodically over the life of that program, and will continue to do so until Win-2K reaches end-of-life, which I think will happen mid-next year. When those files are copied to a win-98 system (replacing existing files) they allow the system to operate normally, with no errors or lock-ups. That's quite a trick to do given the complexity of how these files and functions interact with the OS. The slightest incompatibility usually renders a system inoperable. The conclusion one can draw from that is that Microsoft would release the exact same files as part of a win-98 update patch if Microsoft's support policy for win-98 allowed it.
From: N. Miller on 17 Dec 2009 02:41
On Wed, 16 Dec 2009 20:28:49 -0500, 98 Guy wrote: > "N. Miller" wrote: >>> It was speculated back in 2006 that most IE6 patches that >>> Microsoft released for Win-2K would be easily and seamlessly >>> usable on win-98 >> Would you bet your life on untested speculation? Most >> parachutists, and rock climbers do not. > Most parachutists and rock climbers do not pack computers running > windows-98 as part of their survival gear. But they do check their gear thoroughly. > Any computer that is running mission-critical or life-support functions > should theoretically not have an internet connection and should not > allow the user to "surf the web" while in operation. Matters not about mission critical. It is my GD computer, and it GD well better work when I need it. And who supports this bastardized OS if something should go wrong? You? > So your hyperbolic analogy doesn't really apply. It damned well does apply, unless you don't mind bailing out the bilge on your own when things go wrong. > Microsoft has identified certain reasons to release new versions of > files related to IE6-SP1. The have done so periodically over the life > of that program, and will continue to do so until Win-2K reaches > end-of-life, which I think will happen mid-next year. So we are going to add Windows 2000 specific files to Windows 98, thus creating a chimera; the legendary monster. > When those files are copied to a win-98 system (replacing existing > files) they allow the system to operate normally, with no errors or > lock-ups. That's quite a trick to do given the complexity of how these > files and functions interact with the OS. The slightest incompatibility > usually renders a system inoperable. The issue is vulnerabilities. > The conclusion one can draw from that is that Microsoft would release > the exact same files as part of a win-98 update patch if Microsoft's > support policy for win-98 allowed it. One can draw all the conclusions one wishes. But they would be wrong. Microsoft actually tests those patches on Windows 2000. They are not testing them against Windows 98. Now, it is your computer, so do with it as you will. But be honest, and add a proper disclaimer; your files are untested against Windows 98, and unsupported in Windows 98. They may introduce more vulnerabilities than they cure. Use at your own risk. Excuse me, now, while I go check the 'chute. -- Norman ~Oh Lord, why have you come ~To Konnyu, with the Lion and the Drum |