Internet Explorer 6.0 Sp1 Component Update 3.0 for Windows 98
in [Windows 98]
|
From: J. P. Gilliver (John) on 15 Dec 2009 16:56 In message <Ob1BBokeKHA.2460(a)TK2MSFTNGP04.phx.gbl>, MEB <MEB-not-here(a)hotmail.com> writes: >On 12/11/2009 03:16 AM, J. P. Gilliver (John) wrote: [98Guy's putative enhancements/updates/whatever] >> Does this set of fixes actually ADD to the vulnerabilities of a system, >> or just CHANGE it - i. e. could it be that it introduces some new ones >> but closes some (while also adding other things, such as a DirectX and a >> web fonts update)? [] > Good questions. If it were the OSs designed for it might fulfill the Thank you. >desired effect, temporarily. However, there is no "patch Tuesday" or >"zero day" hotfixes for Win9x and these will contain vulnerabilities IN >THE OSs designed, for which updates will be received, Win9X won't. > These are for the interface to the Internet, the browser, waving in the >breeze... > > Just as the last posted suggested junk from 98 Guy was patched in a >week or so, and is NOT part of a normal Win9X installation {MS XML4}, so >rather obviously they introduce vulnerabilities that wouldn't be there They certainly have the potential to do so, though whether they actually do so hasn't been tested either. >to start with. NO ONE tests these for 9X vulnerabilities and they DO >introduce new vulnerabilities into the OSs intended; nor even for >compatibility beyond they install... They are more likely to, yes. > > On the other hand, if you want to *manual* check every day to see if >Microsoft has offered any security or file fixes, AND check for whether >they work in 9X, AND are willing to be a "guinea pig" for any new and >COMPLETELY UNKNOWN 9X vulnerabilities, then sure, install; just don't >expect anyone to be able to help fix your system and don't expect your >software will be compatible... including any malware protection. Equally, if you don't ever install any of these patches, you will not suffer from any of the new potential vulnerabilities, but you will also never experience any of the (equally "potential") benefits, either. > > Somewhere along the line since EOL, these people lost track of what >they hoped to accomplish, keeping 9X alive... that requires someone >actually test and NOT JUST FOR INSTALLATION, and creation of NEW >browsers and malware programs... > As I've said before, they can choose to preserve in aspic their 98 system as it was at the instant of EOL, or they can choose to take potential risks for potential benefits. It's their choice. If they choose the latter, they can be reassured to whatever extent they trust 98g, and worried to whatever extent they believe you. -- J. P. Gilliver. UMRA: 1960/<1985 MB++G.5AL-IS-P--Ch++(p)Ar(a)T0H+Sh0!:`)DNAf ** http://www.soft255.demon.co.uk/G6JPG-PC/JPGminPC.htm for ludicrously outdated thoughts on PCs. ** The fetters imposed on liberty at home have ever been forged out of the weapons provided for defence against real, pretended, or imaginary dangers from abroad. -James Madison, 4th US president (1751-1836)
From: 98 Guy on 15 Dec 2009 20:26 "N. Miller" wrote: > > PA Bear top-poasted: > > >> +1 > > > Care to tell us what that means? > > Pretty much the same thing as, "<AOL> 'Me too!" So - he's being a dork about this too?
From: 98 Guy on 15 Dec 2009 20:57 > > However, there is no "patch Tuesday" or "zero day" hotfixes for > > Win9x and these will contain vulnerabilities IN THE OSs designed, > > for which updates will be received, Win9X won't. Another convoluted statement from MEB. If the win-2K patch files for IE6 work for win-98, then use them. If those files introduce new vulnerabilities for a win-98 system, then there two possibilities: a) The new vulnerability is unique to win-98 and is caused by some peculiar interaction between win-98 and the win-2K patch file that does not exist on a win-2k system. b) The new vulnerability will effect win-2K and *might* also affect win-98 equally. Microsoft will issue yet another patch for this vulnerability when discovered, assuming win-2k is still being supported. Now look carefully at those two possible outcomes. Outcome (a) will probably NEVER be discovered because of the simple fact that no security analysts or hackers will be examining or testing or looking for vulnerabilites on a platform consisting of win-98 and IE6 patches derived from win-2K updates. Outcome (b) is much more likely than (a), and it can be presumed that a fix will be made available soon after it's discovery. And until it is discovered - it does not exist. So even if you want to speculate that the use of these files might cause some unique vulnerability to a win-98 system, the odds of that vulnerability being discovered and leveraged is ridiculously small. > > NO ONE tests these for 9X vulnerabilities Bingo. Meb just said it himself. If no one is testing this combination of win-98 and Win-2K patch files, then any vulnerability they may uniquely cause to a win-98 system will go undetected and therefore will never be leveraged by hackers. Security by obscurity. > > and they DO introduce new vulnerabilities into the > > OSs intended If MEB is trying to say that these patches introduce new vulnerabilities into win-2k (the intended OS), then that's complete and outrageously wild speculation. Presumably Microsoft would not create updates or patches for the "intended OS's" that contain known vulnerabilities. If MEB is trying to say that these patches introduce new vulnerabilities into Win-98, then again that is complete speculation without any shred of testing evidence that he claims he is an expert at performing. It would be useful for MEB to cut the bullshit lawyer-speak and behave like a normal person and utter clear and understandable statements.
From: N. Miller on 15 Dec 2009 23:20 On Tue, 15 Dec 2009 20:26:01 -0500, 98 Guy wrote: > "N. Miller" wrote: >>> PA Bear top-poasted: >>>> +1 >>> Care to tell us what that means? >> Pretty much the same thing as, "<AOL> 'Me too!" > So - he's being a dork about this too? Perhaps. OTOH, I wouldn't mix different Windows version system files, unless it was tested, and recommended, by Microsoft. -- Norman ~Oh Lord, why have you come ~To Konnyu, with the Lion and the Drum
From: 98 Guy on 16 Dec 2009 00:09
"N. Miller" wrote: > > So - he's being a dork about this too? > > Perhaps. OTOH, I wouldn't mix different Windows version system > files, unless it was tested, and recommended, by Microsoft. I don't know how much you've been following issues relating to IE (IE6) after the official end of support for win-98 (which happened in July 2006). The fact is that after July 2006, there has been no such files, testing, or recommendations by Microsoft for anything relating to win-98. This was not a surprise - or unexpected. IE6 files are not (technically speaking) system files. Files relating to IE can be stripped out of win-98 (perhaps more easily for win-95). It was speculated back in 2006 that most IE6 patches that Microsoft released for Win-2K would be easily and seamlessly usable on win-98 because they both use the exact same version (IE6-Sp1). By intention, Microsoft has never allowed win-2K to be compatible with IE6-SP2 (the version of IE6 that came with XP-SP2). The binary files for that version are somewhat different and are not compatible with win-9x. So, to re-cap: 1) The end of official support of any kind for Win-98 in July 2006 marked the point at which Microsoft would no long make any comment or statement about win-98 in any of it's advisories or bulletins, and for which Microsoft would no longer identify any new patch or update file as being compatible (or incompatible) with win-98. 2) The lack of mention of win-98 in any patch or update file released for the past 3 years DOES NOT MEAN that the file won't work or is not compatible with win-98. Practically speaking, this is notable mostly when we are speaking about patch files released for Windows 2000. 3) Simple file-substitution of new win-2K patch files onto a win-98 system is enough to determine if win-98 is compatible with the files. If the win-98 system is usable an can perform all operations as expected with the new files, then that is generally enough of a test to determine compatibility. No harm can really be done to a system that does not function as intended during this test, and the original files can be easily replaced. 4) A respectible-sized user base of win-98 systems with these file substitutions can be found at msfn.org. These users pay close attention to the workings and performance of their win-98 systems, and any hint of file incompatibility are discussed at length. There is a very good consensus that the various IE6 updates that have been been made for win-2K over the past 3 years function well on win-98. |