RE: protect MS Windows 95/98/Me

• Previous message: James Fields: "Re: [fw-wiz] RE: Router Internet Monitoring"
• In reply to: Lee Seidman: "RE: protect MS Windows 95/98/Me"
• Next in thread: Chris Rodgerson: "Advice for someone interested in a security career?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: "'Lee Seidman'" <lseidman@yahoo.com>, "'Spencer D'oro'" <sdoro@comcast.net>, <steve@Lan.com.au>, <security-basics@securityfocus.com>
Date: Tue, 30 Sep 2003 09:09:05 +0400

> But to even the most moderate of
> tech savvy individuals, bypassing those policies
> through safe mode [...] will render that effort ineffective.

Actually, you can
- disable boot-time F[4,5,8], Shift+F5, Shift+F8 keys by adding 'BootKeys =
0' to [OPTIONS] section in MSDOS.SYS,
- disable Ctrl-C at boot time by adding 'BREAK=OFF' to CONFIG.SYS
- disable "Restart in MS-DOS mode" by adding numeric value "NoRealMode"
equals 1 to
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\WinOldApp key

There is tons of other tricks Google can dig out for you from Internet
(Win95 RK also helps), but anyway all this looks more like *fool*proof or,
may I say, obscurity without security, since there is no way (or no way I
know) to secure file system/registry in win9x without third-party software.

Al.

> -----Original Message-----
> From: Lee Seidman [mailto:lseidman@yahoo.com]
> Sent: Monday, September 29, 2003 9:22 PM
> To: Spencer D'oro; steve@Lan.com.au; security-basics@securityfocus.com
> Subject: RE: protect MS Windows 95/98/Me
>
>
> For the average user, the use of POLEDIT to create a
> policy file on the server will secure Windows 9x
> clients somewhat. But to even the most moderate of
> tech savvy individuals, bypassing those policies
> through safe mode or just unplugging the ethernet
> cable will render that effort ineffective. "Genuine"
> security (if there is such a thing, especially in
> Microsoft products) does not exist on Windows 9x
> clients.
>
> --- Spencer D'oro <sdoro@comcast.net> wrote:
> > That's way off-base, at least for 98. By setting
> > system policies on the
> > OS using POLEDIT and storing the config.pol file on
> > the server, you then
> > set restrcitive policies dependent on whatever ADM
> > you use. You load
> > Group Policies from within Windows components. And
> > you set User-level
> > access control to make authentication for ALL shares
> > be done by the DC.
> > If you have a large number of machines, and
> > upgrading just isn't in the
> > budget, then it is totally feasible to secure a 98
> > station. The 98 OS
> > is not as of yet obsolete, IMO.
> >
> > Spencer
> >
> > -----Original Message-----
> > From: Steve McLaughlin [mailto:steve@Lan.com.au]
> > Sent: Thursday, September 25, 2003 2:23 AM
> > To: security-basics@securityfocus.com
> > Subject: RE: protect MS Windows 95/98/Me
> >
> >
> > Yes, that's a very polite way of saying it.
> > There is no security features in win9x OS. They are
> > all totally unsecure
> > operating systems. The security features within are
> > totally flawed in
> > all ways, there is no way of securing these
> > operating systems.
> >
> > The solution is to upgrade to windows 2k or XP,
> > using NTFS.
> >
> > There is no other way.
> >
> > Don't embarrass yourself wasting the organisations
> > capital on totally
> > obsolete and unstable operating systems.
> >
> > Consider the 9x OS Obsolete, upgrade to NT5 or 5.1.
> > Don't bother even
> > looking further into securing Win9x. It is a total
> > waste of time.
> >
> > steve mclaughlin | enlite technologyR
> > T 1300 135 251 | F +61 (2) 9402 8586
> > E steve@Lan.com.au | W www.Lan.com.auT
> > (MCP, A+, Network+, Server+)
> >
> >
> > -----Original Message-----
> > From: French, Mark
> > [mailto:Mark.French@wellington.co.uk]
> > Sent: Thursday, 25 September 2003 2:07 AM
> > To: 'security-basics@securityfocus.com'
> > Subject: RE: protect MS Windows 95/98/Me
> >
> > I don't know of any software, but in this situation,
> > my hardware of
> > choice would be SCISSORS. Cut the network cable,
> > keyboard cable, and
> > mouse cable.
> >
> > This is probably the only way that this level of
> > security can be
> > achieved in these operating systems.
> >
> > Mark
> >
> > (Sorry, I couldn't resist)
> >
> > -----Original Message-----
> > From: Robert Reidenbach
> > [mailto:pominciss@greendot.com.ph]
> > Sent: 24 September 2003 06:25
> > To: security-basics@securityfocus.com
> > Subject: protect MS Windows 95/98/Me
> >
> >
> > Hi everyone!
> > I'm looking for a software that you can install on
> > MS Windows 95/98/Me Machines that won't
> > allow an ordinary user to install any programs or
> > allow any virus to infect any files.
> > Would anybody know what they call these programs
> > and where to get them? Any kind of help will be
> > appreciated.
> > -Robert-
> >
> >
> >
> >
> ------------------------------------------------------------------------
> > ---
> >
> ------------------------------------------------------------------------
> > ----
> >
> >
> >
> ___________________________________________________________________
> __
> > This e-mail has been scanned for viruses by MCI's
> > Internet Managed
> > Scanning Services - powered by MessageLabs. For
> > further information
> > visit http://www.mci.com
> >
> >
> >
> ________________________________________________________
> > The information in this message is confidential and
> > may
> > be legally privileged. It is intended solely for the
> > addressee. Access to this message by anyone else is
> > unauthorised. If you
> > are not the intended recipient, any disclosure,
> > copying, distribution or
> > any action taken or omitted to be taken in reliance
> > on it, is prohibited
> > and may be unlawful.
> >
> > The registered office of Wellington Underwriting plc
> > is
> > 88 Leadenhall Street, London, UK EC3A 3BA.
> >
> ________________________________________________________
> >
> >
> >
> >
> ------------------------------------------------------------------------
> > ---
> >
> ------------------------------------------------------------------------
> > ----
> >
> >
> >
> >
> >
> >
> ------------------------------------------------------------------------
> > ---
> >
> ------------------------------------------------------------------------
> > ----
> >
> > ---
> > Incoming mail is certified Virus Free.
> > Checked by AVG anti-virus system
> > (http://www.grisoft.com).
> > Version: 6.0.521 / Virus Database: 319 - Release
> > Date: 9/23/2003
> >
> >
> > ---
> > Outgoing mail is certified Virus Free.
> > Checked by AVG anti-virus system
> > (http://www.grisoft.com).
> > Version: 6.0.521 / Virus Database: 319 - Release
> > Date: 9/23/2003
> >
> >
> >
> >
>
---------------------------------------------------------------------------
> >
>
----------------------------------------------------------------------------
> >
>
>
> __________________________________
> Do you Yahoo!?
> The New Yahoo! Shopping - with improved product search
> http://shopping.yahoo.com
>
>
---------------------------------------------------------------------------
>
----------------------------------------------------------------------------

---------------------------------------------------------------------------
----------------------------------------------------------------------------

• Previous message: James Fields: "Re: [fw-wiz] RE: Router Internet Monitoring"
• In reply to: Lee Seidman: "RE: protect MS Windows 95/98/Me"
• Next in thread: Chris Rodgerson: "Advice for someone interested in a security career?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]