From: MEB on 16 Dec 2009 00:43 On 12/15/2009 04:56 PM, J. P. Gilliver (John) wrote: > In message <Ob1BBokeKHA.2460(a)TK2MSFTNGP04.phx.gbl>, MEB > <MEB-not-here(a)hotmail.com> writes: >> On 12/11/2009 03:16 AM, J. P. Gilliver (John) wrote: > [98Guy's putative enhancements/updates/whatever] >>> Does this set of fixes actually ADD to the vulnerabilities of a system, >>> or just CHANGE it - i. e. could it be that it introduces some new ones >>> but closes some (while also adding other things, such as a DirectX and a >>> web fonts update)? > [] >> Good questions. If it were the OSs designed for it might fulfill the > > Thank you. > >> desired effect, temporarily. However, there is no "patch Tuesday" or >> "zero day" hotfixes for Win9x and these will contain vulnerabilities IN >> THE OSs designed, for which updates will be received, Win9X won't. >> These are for the interface to the Internet, the browser, waving in the >> breeze... >> >> Just as the last posted suggested junk from 98 Guy was patched in a >> week or so, and is NOT part of a normal Win9X installation {MS XML4}, so >> rather obviously they introduce vulnerabilities that wouldn't be there > > They certainly have the potential to do so, though whether they actually > do so hasn't been tested either. > >> to start with. NO ONE tests these for 9X vulnerabilities and they DO >> introduce new vulnerabilities into the OSs intended; nor even for >> compatibility beyond they install... > > They are more likely to, yes. >> >> On the other hand, if you want to *manual* check every day to see if >> Microsoft has offered any security or file fixes, AND check for whether >> they work in 9X, AND are willing to be a "guinea pig" for any new and >> COMPLETELY UNKNOWN 9X vulnerabilities, then sure, install; just don't >> expect anyone to be able to help fix your system and don't expect your >> software will be compatible... including any malware protection. > > Equally, if you don't ever install any of these patches, you will not > suffer from any of the new potential vulnerabilities, but you will also > never experience any of the (equally "potential") benefits, either. >> >> Somewhere along the line since EOL, these people lost track of what >> they hoped to accomplish, keeping 9X alive... that requires someone >> actually test and NOT JUST FOR INSTALLATION, and creation of NEW >> browsers and malware programs... >> > As I've said before, they can choose to preserve in aspic their 98 > system as it was at the instant of EOL, or they can choose to take > potential risks for potential benefits. It's their choice. If they > choose the latter, they can be reassured to whatever extent they trust > 98g, and worried to whatever extent they believe you. So you intend to claim the benefit of installation, verses say, a different application providing BETTER support for new formats... The cost is???? that to use these DOES AND WILL CONTINUE to place these parties doing so in the position of NO knowledge of what present vulnerabilities they have and NO way to protect themselves from them. The *TESTS* come from the fact that these supposed installable files WILL be updated by Microsoft *for the supported OSs* and Win9X will not receive them, nor will any fixes be designed to correct vulnerabilities within 9X created by their installation. If MSFN and those doing the same want to "keep Win98 alive" then work on the well defined vulnerabilities at EOL and correct those. These are supposed coders and programmers,,, So it appears this is just more of an attempt to waste some more time while resting on OLD laurels... -- MEB http://peoplescounsel.org/ref/windows-main.htm Windows Info, Diagnostics, Security, Networking http://peoplescounsel.org The "real world" of Law, Justice, and Government ___---
From: MEB on 16 Dec 2009 00:57 On 12/16/2009 12:09 AM, 98 Guy wrote: > "N. Miller" wrote: > >>> So - he's being a dork about this too? >> >> Perhaps. OTOH, I wouldn't mix different Windows version system >> files, unless it was tested, and recommended, by Microsoft. > > I don't know how much you've been following issues relating to IE (IE6) > after the official end of support for win-98 (which happened in July > 2006). > > The fact is that after July 2006, there has been no such files, testing, > or recommendations by Microsoft for anything relating to win-98. This > was not a surprise - or unexpected. > > IE6 files are not (technically speaking) system files. Files relating > to IE can be stripped out of win-98 (perhaps more easily for win-95). > > It was speculated back in 2006 that most IE6 patches that Microsoft > released for Win-2K would be easily and seamlessly usable on win-98 > because they both use the exact same version (IE6-Sp1). By intention, > Microsoft has never allowed win-2K to be compatible with IE6-SP2 (the > version of IE6 that came with XP-SP2). The binary files for that > version are somewhat different and are not compatible with win-9x. > > So, to re-cap: > > 1) The end of official support of any kind for Win-98 in July 2006 > marked the point at which Microsoft would no long make any comment or > statement about win-98 in any of it's advisories or bulletins, and for > which Microsoft would no longer identify any new patch or update file as > being compatible (or incompatible) with win-98. > > 2) The lack of mention of win-98 in any patch or update file released > for the past 3 years DOES NOT MEAN that the file won't work or is not > compatible with win-98. Practically speaking, this is notable mostly > when we are speaking about patch files released for Windows 2000. > > 3) Simple file-substitution of new win-2K patch files onto a win-98 > system is enough to determine if win-98 is compatible with the files. > If the win-98 system is usable an can perform all operations as expected > with the new files, then that is generally enough of a test to determine > compatibility. No harm can really be done to a system that does not > function as intended during this test, and the original files can be > easily replaced. > > 4) A respectible-sized user base of win-98 systems with these file > substitutions can be found at msfn.org. These users pay close attention > to the workings and performance of their win-98 systems, and any hint of > file incompatibility are discussed at length. There is a very good > consensus that the various IE6 updates that have been been made for > win-2K over the past 3 years function well on win-98. AND the whole moronic idea by these purported supporters of this activity is that you just *IGNORE* that prior files were NOT created the same. Look within the original files during 9X support period and note the various internal patching AND/OR DISTINCT 2K or 9X files in some of the files PER OS and directed via the setup. *THAT* is what was once done by Microsoft to make sure of compatibility AND THAT IT ADDRESSED THE VULNERABILITIES within the *INTENDED* OSs. The supposed respectable user base are users who think those creating the modified files *DO* check for vulnerabilities and are generally as ignorant as 98 Guy. ALL these supposed modifiers now do is make an installer from the NT BASED files and are ONLY concerned with that installation. As for supposed user testing, think of 98 Guy and all this party DOESN'T know and understand... -- MEB http://peoplescounsel.org/ref/windows-main.htm Windows Info, Diagnostics, Security, Networking http://peoplescounsel.org The "real world" of Law, Justice, and Government ___---
From: 98 Guy on 16 Dec 2009 09:28 Full-Quoter MEB wrote: > So you intend to claim the benefit of installation, verses say, a > different application providing BETTER support for new formats... What the hell does that mean? What do you mean by a "different application"? If you're trying to ask why someone wouldn't use a different browser (Firefox, etc) instead of IE6, then why not just say that? Why are you always obtuse and vague in your use of language? The reason why you'd want to update these IE6 files is because they ARE hooked into by the operating system and using another browser is no garantee that those files will not be called upon for one task or another. > The cost is???? that to use these DOES AND WILL CONTINUE to > place these parties doing so in the position of NO knowledge > of what present vulnerabilities they have and NO way to > protect themselves from them. Why are you stating that the use of these patch files *will* confer vulnerabilities to win-98? How can you make such a claim? Give an example (by CVE or some other identifier) of a vulnerability that will result if these IE6 files are patched into a win-98 system. > The *TESTS* come from the fact that these supposed installable > files WILL be updated by Microsoft *for the supported OSs* > and Win9X will not receive them, Nothing you just said in that statement makes any sense. "these supposed installable files WILL be updated by Microsoft" It's not that they "will" be updated. They *ARE* being updated. What is the significance of that? " *for the supported OSs* and Win9X will not receive them" Microsoft states the applicability for those files. Win-9x WILL receive them if the user gives them to it. Microsoft will not place them in the list of files it serves for win-98 updates on the windowsupdate server because it has closed all new submissions 3 years ago. Microsoft's silience on ALL THINGS RELATING TO WIN-98 does not equate to a blanket statement that no files it releases for win-2K might be operable on win-98. You continue to ignore the fact that Microsoft's complete silence about win-98 does not mean that some patch files it has released in the past 3 years are perfectly compatible with it. We expect Microsoft not to tell us this even when it's true, because their own support policy forbids it. > nor will any fixes be designed to correct vulnerabilities > within 9X created by their installation. That is the largest flaw in your argument, for which you will not address here in public. Any vulnerability that *might* be caused by a peculiar interaction between win-98 and these files would presumably be a unique vulnerability that would not exist on win-2K. You propose that such a vulnerability would leave win-98 users exposed to a problem that Microsoft would never create a patch for, because the vulnerability would not exist under win-2K. The flaw in that argument is that any such hypothetical vulnerability would be extremely unlikely to ever be detected, because it would require that professional analysts, hobbyists or hackers would be examining the combination of win-98 with installed patches from win-2k looking for it. Given that current win-9x usage on the internet is estimated to be 0.1% (1 out of every 1000 computers in current use) it's highly unlikely that people are examining standard installations of win-98 for new vulnerabilities, let alone non-standard installations. A vulnerability that is never discovered by anyone can never become a threat. > If MSFN and those doing the same want to "keep Win98 alive" > then work on the well defined vulnerabilities at EOL and > correct those. How do you know that these "well defined" vulnerabilities are not corrected by the use of win-2k patch files? And note that Microsoft has never admitted to the existance of any vulnerabilities that win-9x has or had at EOL because microsoft became silent to all things pertaining to win-98 at EOL. And even before EOL, Microsoft made vague references to win-98 in their advisory bullitens to make it appear that the bullitens applied to win-98 - when in fact they did not.
From: N. Miller on 16 Dec 2009 10:28 On Wed, 16 Dec 2009 00:09:40 -0500, 98 Guy wrote: > It was speculated back in 2006 that most IE6 patches that Microsoft > released for Win-2K would be easily and seamlessly usable on win-98 > because they both use the exact same version (IE6-Sp1). Would you bet your life on untested speculation? Most parachutists, and rock climbers do not. -- Norman ~Oh Lord, why have you come ~To Konnyu, with the Lion and the Drum
From: MEB on 16 Dec 2009 12:57
On 12/16/2009 09:28 AM, 98 Guy wrote: > Full-Quoter MEB wrote: > >> So you intend to claim the benefit of installation, verses say, a >> different application providing BETTER support for new formats... > > What the hell does that mean? > > What do you mean by a "different application"? > > If you're trying to ask why someone wouldn't use a different browser > (Firefox, etc) instead of IE6, then why not just say that? > > Why are you always obtuse and vague in your use of language? > > The reason why you'd want to update these IE6 files is because they ARE > hooked into by the operating system and using another browser is no > garantee that those files will not be called upon for one task or > another. HAHAHAHAHA, so now you ADMIT that these are part of system activities rather than your other post's comments... SINCE THEY ARE and do affect the working within the OS, then the vulnerabilities included within the files DO affect the other programs AS WELL AS ANY MALWARE PROTECTIONS. > >> The cost is???? that to use these DOES AND WILL CONTINUE to >> place these parties doing so in the position of NO knowledge >> of what present vulnerabilities they have and NO way to >> protect themselves from them. > > Why are you stating that the use of these patch files *will* confer > vulnerabilities to win-98? > > How can you make such a claim? > > Give an example (by CVE or some other identifier) of a vulnerability > that will result if these IE6 files are patched into a win-98 system. Because you have EVERY PRIOR VULNERABILITY AND FIX listed at CERT as well as the present ones either now or will in the future. > >> The *TESTS* come from the fact that these supposed installable >> files WILL be updated by Microsoft *for the supported OSs* >> and Win9X will not receive them, > > Nothing you just said in that statement makes any sense. > > "these supposed installable files WILL be updated by Microsoft" > > It's not that they "will" be updated. They *ARE* being updated. What > is the significance of that? > > " *for the supported OSs* and Win9X will not receive them" > > Microsoft states the applicability for those files. Win-9x WILL receive > them if the user gives them to it. > > Microsoft will not place them in the list of files it serves for win-98 > updates on the windowsupdate server because it has closed all new > submissions 3 years ago. > > Microsoft's silience on ALL THINGS RELATING TO WIN-98 does not equate to > a blanket statement that no files it releases for win-2K might be > operable on win-98. > > You continue to ignore the fact that Microsoft's complete silence about > win-98 does not mean that some patch files it has released in the past 3 > years are perfectly compatible with it. We expect Microsoft not to tell > us this even when it's true, because their own support policy forbids > it. THEY ARE DESIGNED FOR THE SUPPORTED OSs *ONLY*. There is no need now, for Microsoft to include any code specific to Win9X activities and its OS workings in any NEW fixes since 2006, which it did PRIOR to EOL. That you idiots can't figure that out is telling of your mental facilities. > >> nor will any fixes be designed to correct vulnerabilities >> within 9X created by their installation. > > That is the largest flaw in your argument, for which you will not > address here in public. > > Any vulnerability that *might* be caused by a peculiar interaction > between win-98 and these files would presumably be a unique > vulnerability that would not exist on win-2K. You propose that such a > vulnerability would leave win-98 users exposed to a problem that > Microsoft would never create a patch for, because the vulnerability > would not exist under win-2K. > > The flaw in that argument is that any such hypothetical vulnerability > would be extremely unlikely to ever be detected, because it would > require that professional analysts, hobbyists or hackers would be > examining the combination of win-98 with installed patches from win-2k > looking for it. > > Given that current win-9x usage on the internet is estimated to be 0.1% > (1 out of every 1000 computers in current use) it's highly unlikely that > people are examining standard installations of win-98 for new > vulnerabilities, let alone non-standard installations. > > A vulnerability that is never discovered by anyone can never become a > threat. That's the stupidest argument you've made yet. A vulnerability exist when someone OUTSIDE the malware writer/hacker community *discovers* it. OTHERWISE, it *remains* an unknown attack vector to the public. In Win9X, there aren't a sufficient number of QUALIFIED coders and programmers looking for any NEW vulnerabilities produced BY THESE non-standard installations, because NO ONE in the protection community is looking. > >> If MSFN and those doing the same want to "keep Win98 alive" >> then work on the well defined vulnerabilities at EOL and >> correct those. > > How do you know that these "well defined" vulnerabilities are not > corrected by the use of win-2k patch files? > > And note that Microsoft has never admitted to the existance of any > vulnerabilities that win-9x has or had at EOL because microsoft became > silent to all things pertaining to win-98 at EOL. > > And even before EOL, Microsoft made vague references to win-98 in their > advisory bullitens to make it appear that the bullitens applied to > win-98 - when in fact they did not. Many did when applied in a specific fashion, others were included because IE6 was never properly ported for Win9X usage in the first place and Microsoft was unsure since it was not really interested in Win9X in the years leading up to EOL. If it were, it would have corrected the large file manipulation issues and other BROKEN or vulnerable aspects in the Win9X OS. Microsoft DIDN'T; that should spell it out rather clearly to even the most dense on the planet. -- MEB http://peoplescounsel.org/ref/windows-main.htm Windows Info, Diagnostics, Security, Networking http://peoplescounsel.org The "real world" of Law, Justice, and Government ___--- |