Re: on the topic of stability

From: Stupified (neosadist@hotmail.com)
Date: 01/24/03 

From: "Stupified" <neosadist@hotmail.com>
Date: Thu, 23 Jan 2003 19:45:07 -0600

"Art Kopp" <artnpeg@claymania.com> wrote in message
news:3e303a61.31512489@news.epix.net...

> Your mileage will vary. I have no stability problems with my Win 98
> original, nor have I found it difficult to secure. I leave my DSL
> service on all day and don't use a firewall (single PC connected to
> the net with TCP/IP unbound). I can round-robin all four of the free
> software firewalls for evaluation without problems. I don't rely on
> any resident or realtime software "protection" at all.

No, I'm not dissing any other operating system. I'm only quoting
statistics. Besides, I use norton utilities, and that adds about a year to
a win98se installation....

>
> The only thing I found recently is that Win 98 is subject to blue
> screening with just the fourth of the many Exploits tests at PC Flank
> ... the exploit called Kiss Of Death (KOD). The freeware firewalls
> except Kerio stop this particular vulnerability. But as I understand
> it, these DOS attacks are merely a annoyance, so it's no big deal.

Yeah, true, no operating system is 100% secure by itself. Firewalls are
important.

>
> I really don't know what you mean about not being able to modify Win
> 98 to build up security. You can eradicate IE and OE as I have and use
> internet apps designed with security in mind. There are all kinds of
> little things you can do as well which I won't get into here. But
> mainly, it's a matter of "safe hex" and using your head.

First off, let me say that I'm talking about the operating systems
themselves, NOT some software you buy to enable the following:

The difference is this:
1. Win2000 has a nice configuration in local security policy for almost all
password, user, and operating system security. That and you can load
templates if you're not that smart. Win98 you can modify a few things in
registry, but it's like comparitively 3 things to 200 or so.
2. Win2000 has file security features and such built into its file system,
NTFS. (That by the way is the main area security comes from. It even tells
you that: if you install win2k on fat32, you lose almost 90% of all the
security.) Win98se has almost no security built into the file system. You
can put passwords on network shares, but you can also brute-force those a
lot easier in win98se than win2k. However, remember that both can be broken
into by simply installing a separate copy of the operating system and
reading files that way and/or taking possession of them.
3. Let's put it this way: it's a LOT easier to lock yourself out of your
own operating system (accidentally) than with win98se. For example, you can
almost never disable the default user, and you can almost always hit cancel
to bypass login. Win2000 you need passwords, and even though you can
specify auto-login, without the password you're eventually screwed. Even
then, you can also use something to encrypt the entire file system in win2k,
forcing two passwords. You can't do that with win98se.
4. You can also specify user names that have access in win2k. In win98se,
face it, if something's shared, it's explicitely shared unless there's a
password enabled. Win2k on the other hand can be told to do things more
strictly, even totally block off all LAN totally. It also can use a higher
form of LAN Manager authentication level than win98se.
5. Beyond all this, the age factor: win2k is newer than win98se, but also
old enough that the service packs fix almost 90% of all vulnerabilities.
This versus win98se, which is "set in its ways". It's set a certain way,
and no matter how many patches they come out with, you can't force it to not
do something it was designed to. Certain patches in win98se can be brute
forced and made almost ineffective.

>
> Art
> http://www.epix.net/~artnpeg
> artnpeg@claymania.com

Relevant Pages

  • Re: on the topic of stability
    ... >> software firewalls for evaluation without problems. ... >Yeah, true, no operating system is 100% secure by itself. ... >> internet apps designed with security in mind. ... >Win98se has almost no security built into the file system. ...
    (comp.security.firewalls)
  • [Full-Disclosure] w32.frethem.k@mm and good reading
    ... Script kiddies deface websites. ... only obfuscating your own perception of security. ... >> vulnerabilities in a particular operating system or server software ... >> Imagine a custom operating system used by only a few servers, ...
    (Full-Disclosure)
  • [Full-Disclosure] w32.frethem.k@mm and good reading
    ... Script kiddies deface websites. ... only obfuscating your own perception of security. ... >> vulnerabilities in a particular operating system or server software ... >> Imagine a custom operating system used by only a few servers, ...
    (Full-Disclosure)
  • Re: Need advice about hacking and security
    ... and look at the Received-From: ... A trojan (from Trojan horse) is a seemingly innocuous ... > systems via various security holes. ... Windows Me is the operating system. ...
    (comp.security.misc)
  • Re: [PHP] Re: hello
    ... statement regarding susceptibility, ... servers, and have a Mac running OS X for testing Safari, and use Windows ... you may well defeat any security and "intelligence" the system has in ... -like operating system. ...
    (php.general)
Quantcast