Re: on the topic of stability

From: Art Kopp (artnpeg@claymania.com)
Date: 01/24/03 

From: artnpeg@claymania.com (Art Kopp)
Date: Fri, 24 Jan 2003 12:01:15 GMT

On Thu, 23 Jan 2003 19:45:07 -0600, "Stupified"
<neosadist@hotmail.com> wrote:

>> Your mileage will vary. I have no stability problems with my Win 98
>> original, nor have I found it difficult to secure. I leave my DSL
>> service on all day and don't use a firewall (single PC connected to
>> the net with TCP/IP unbound). I can round-robin all four of the free
>> software firewalls for evaluation without problems. I don't rely on
>> any resident or realtime software "protection" at all.
>
>No, I'm not dissing any other operating system. I'm only quoting
>statistics. Besides, I use norton utilities, and that adds about a year to
>a win98se installation....

I didn't think you were dissing. I hope we're discussing :)

I've boiled my use of Norton's Futilities down to the use of only NDD
for power fail - reboot (since it finds stuff scandisk doesn't
sometimes) ... and Speed Disk to defrag :) But even the latter can be
dispensed with since you can d/l Win ME defragger for free and it's
much faster than the Win 98 defragger. But yes, I agree that you
should have some extra utilities to help with housecleaning the
registry, etc.
 
>> The only thing I found recently is that Win 98 is subject to blue
>> screening with just the fourth of the many Exploits tests at PC Flank
>> ... the exploit called Kiss Of Death (KOD). The freeware firewalls
>> except Kerio stop this particular vulnerability. But as I understand
>> it, these DOS attacks are merely a annoyance, so it's no big deal.
>
>Yeah, true, no operating system is 100% secure by itself. Firewalls are
>important.

Too broad a statement, IMO. For someone in my situation, firewalls are
of extremely limited to negligible value so far as I can determine.

>> I really don't know what you mean about not being able to modify Win
>> 98 to build up security. You can eradicate IE and OE as I have and use
>> internet apps designed with security in mind. There are all kinds of
>> little things you can do as well which I won't get into here. But
>> mainly, it's a matter of "safe hex" and using your head.
>
>First off, let me say that I'm talking about the operating systems
>themselves, NOT some software you buy to enable the following:

Understood.

>The difference is this:
>1. Win2000 has a nice configuration in local security policy for almost all
>password, user, and operating system security. That and you can load
>templates if you're not that smart. Win98 you can modify a few things in
>registry, but it's like comparitively 3 things to 200 or so.

I have no interest in or need for passwords and that particular type
of security. I'd have to know more about the alleged OS security
aspects of Win 2K to gain a appreciation of whether or not I'd put any
value or stock in it (for my current situation).

>2. Win2000 has file security features and such built into its file system,
>NTFS. (That by the way is the main area security comes from. It even tells
>you that: if you install win2k on fat32, you lose almost 90% of all the
>security.)

Is this something like locking critical files preventing write/erase?
Precisely what is the nature of this file security? But don't feel
obligated to reply to this question. I'm sure I can research it on the
internet. I'm just indicating my ignorance of the alleged security
advantge of NTFS.

I'm a "hard sell" since I've handled thousands of viruses and Trojans
and have never once been infected. From my perspective, NTFS is a
royal PITA since I use nothing but DOS av scanners which don't work on
NTFS unless you have NTFS DOS. A key factor to virus/Trojan prevention
is to scan downloads on-demand using several good scanners. If I used
GUI version scanners I would just be adding tons of unnecessary bloat.

Then if you do get infected, you often should scan in "pure" DOS after
a cold boot using a system disk.

>Win98se has almost no security built into the file system. You
>can put passwords on network shares, but you can also brute-force those a
>lot easier in win98se than win2k. However, remember that both can be broken
>into by simply installing a separate copy of the operating system and
>reading files that way and/or taking possession of them.

Again, I don't see any use for or need of this in my situation.

>3. Let's put it this way: it's a LOT easier to lock yourself out of your
>own operating system (accidentally) than with win98se. For example, you can
>almost never disable the default user, and you can almost always hit cancel
>to bypass login. Win2000 you need passwords, and even though you can
>specify auto-login, without the password you're eventually screwed. Even
>then, you can also use something to encrypt the entire file system in win2k,
>forcing two passwords. You can't do that with win98se.

But I don't want that. I don't have use for passwords.

>4. You can also specify user names that have access in win2k. In win98se,
>face it, if something's shared, it's explicitely shared unless there's a
>password enabled. Win2k on the other hand can be told to do things more
>strictly, even totally block off all LAN totally. It also can use a higher
>form of LAN Manager authentication level than win98se.

Well, I might add a second PC here at home some day and get interested
at that time :)

>5. Beyond all this, the age factor: win2k is newer than win98se, but also
>old enough that the service packs fix almost 90% of all vulnerabilities.
>This versus win98se, which is "set in its ways". It's set a certain way,
>and no matter how many patches they come out with, you can't force it to not
>do something it was designed to. Certain patches in win98se can be brute
>forced and made almost ineffective.

I care little about the M$ patchwork roulette games. I've got it now
the way I want it, and I keep a spare hard drive cloned so I never
have to reinstall Win 98 and get it all screwed up again :)

It seems to me the advantages of Win 2K lie in aspects of security in
which I presently have no need or interest. I don't have grandkids
coming over and using my PC. I'm not networked (yet) with other PCs.

Art
http://www.epix.net/~artnpeg
artnpeg@claymania.com

Relevant Pages

  • Re: on the topic of stability
    ... Yeah, true, no operating system is 100% secure by itself. ... > internet apps designed with security in mind. ... Win98se has almost no security built into the file system. ... lot easier in win98se than win2k. ...
    (comp.security.firewalls)
  • Re: Defense in Depth
    ... What is meant by "layers" of security, is this: the entry points that must be ... Physical Layer - Physical access to the resources. ... attacks and other attacks that go after the software itself. ... "layer" in one long chain (lots of firewalls). ...
    (Security-Basics)
  • RE: Wireless Security for Home Users
    ... for most home users to create and/or manage 2 firewalls and a DMZ. ... As with most network security, ... investigate additional security features available from the WAP ...
    (Security-Basics)
  • [Full-Disclosure] w32.frethem.k@mm and good reading
    ... Script kiddies deface websites. ... only obfuscating your own perception of security. ... >> vulnerabilities in a particular operating system or server software ... >> Imagine a custom operating system used by only a few servers, ...
    (Full-Disclosure)
  • [Full-Disclosure] w32.frethem.k@mm and good reading
    ... Script kiddies deface websites. ... only obfuscating your own perception of security. ... >> vulnerabilities in a particular operating system or server software ... >> Imagine a custom operating system used by only a few servers, ...
    (Full-Disclosure)