View Single Post
  #34  
Old March 3rd 12, 04:30 PM posted to microsoft.public.win98.gen_discussion
98 Guy
External Usenet User
 
Posts: 2,951
Default How to gain access to websites that require latest Java installed

"J. P. Gilliver (John)" wrote:

Inbound filtering:

- effectively dealt with by any NAT router or modem with NAT
capabilities


Indeed. Though some early broadband MoDems used USB-powered MoDems
like the SpeedTouch that, I believe, didn't.


Because of subscriber "churn" (customers moving, changing ISP's, etc)
it's likely that the numbers of old non-NAT modems in current use in
USA/Canada is likely very low.

So anyone running a 98 system as some sort of "working museum
exhibit" is vulnerable, though see below.


Running win-98 on original 10 to 12 year-old equipment is certainly a
museum situation, but the basic Win32 architecture underlying win-98
still enables it to run quite a wide variety of software even today,
especially with the help of KernelEx, and it does so very well on more
modern hardware (ie - any P4 2 ghz machine with 512 mb).

I run win-98 on a Core2 socket 775 CPU running 3.5 ghz with 1 gb ram and
1.5 tb SATA hard drive. I wouldn't necessarily call that a museum
piece.

Anyone running modern equipment, with a modern MoDem, and just
running 98 because they like it, isn't.


Isin't what? Isin't safe from internet-based exploits?

My experience is to the contrary.

windows 98 is simply not vulnerable to any of the 6 different
network worms that have been developed / discovered over the
past 10 years.


Indeed: in practice, I've not heard of anything in the wild that
targets (i. e. runs on) 98 systems for years.


Even back in the prime-time for Win-98, there wasn't much that could
touch it.

When it came to network worms, it wasn't so much that win-98 wasn't
targeted - it was that it simply wasn't vulnerable to anything. Back in
2000 through 2004, there were quite a few win-98 systems in use, but no
worm vulnerabilities were ever discovered for them.

Conclusion: Most people who run firewalls on windows-98 machines
do so more for the control it gives them over legit programs and
how those programs communicate with the internet. These people
are, for lack of a better word, "control freaks" and enjoy exerting
a high level of control and /or awareness over their system.


There I'd rather tend to disagree with you, or at least I don't
like being called a control freak.


I would argue that the vast majority of anyone that has ever run a
software firewall on a win-98 machine did so because it either came with
their AV/security software, or they were told to run it by someone else,
or their computer was setup by someone else.

Which means that most people that had a firewall did not so much care to
manage it or care to know what their software was doing, but just
following the knee-jerk instructions of others that "they should have a
firewall".

I don't think it's unreasonable to want to know when something I've
legitimately installed is trying to use the internet -


That's fine. But don't confuse or associate the software firewall with
part of the security aspect of a system when you're using it more for
it's administrative or system-awareness / monitoring functionality.

especially if it's something that has no reason to be doing so,
such as an image editor.


Where or when does such communication cross a line into being considered
malicious?

Again, most people wouldn't care about such communication because it
doesn't rise to the level of being malicious, or comprimising the
control over their machine.

And it's crazy to be so paranoid about stuff like that when your browser
is opening dozens of connections to beacons, click-trackers, and ad
servers when you surf the web.

Actually, there's a particularly good reason to want to control
such accesses for someone running a 98 system:

some software may try to upgrade itself to a version that won't run
under 98. (Ideally, it wouldn't try to load an incompatible upgrade,
but I've known at least one software on which the upgrade got far
enough under 98 to screw things up a bit.)


An esoteric reason. It's a situation that I've never encountered.

The one piece of software on my systems that auto-updates itself (Flash
player) has been working flawless - so far.

Certainly little or no true malware around now will run on 98.


Doesn't hurt to be able to monitor outgoings from legitimate
software though. IMO of course.


Which proves my point that those that advocate the use of a firewall on
win-98 systems always fall back to what you just said as the core reason
to use it.

Because while it doesn't hurt to monitor outgoings from legit software,
it really doesn't help to do so either. (and all the while it does take
a cut out of your computer's performance to run the firewall).

It's also just as effective (and more efficient) to add a HOSTS file
entry for the offending site or host so that the software can't reach
the external machine.

And what happens after you've been running your computer for a while and
you discover that NONE of your software is performing back-door internet
access? What then is the usefullness of continuing to have the firewall
running?

I *believe* that SP-1 had in-bound firewalling, and SP-2 had both
in-bound and out-bound (or full) firewalling enabled by default.


That's the first I've heard of XP having outbound firewalling


Getting a straight answer on this is somewhat difficult.

Based on some additional research, it appears that XP-SP2 (not SP1) came
with the inbound firewall turned on by default.

The question as to whether XP can do outbound firewalling is murky, and
apparently even if it can, it doesn't do it by default.

The best explanation I've found so far is from he

http://www.corecom.com/external/live...xpfirewall.htm

And in particular, this:

=================
Access to IP Security Policies isn't available from Windows Security
Center, the control panel Microsoft offers as a way to manage your
Windows security settings.

To modify outbound traffic handling policy you must configure Internet
Protocol security (IPSec) policies, which is a difficult configuration
task for non-technical users. By making outbound policy configuration
this challenging, Microsoft has all but assured that relatively few
users will modify the defaults.
=================

So is XP - SP2/SP3 able to perform out-bound firewalling? The answer
seems to be yes - but this functionality is not enabled by default and
not trivial to set up.

This document:

http://technet.microsoft.com/en-us/l...(v=ws.10).aspx

claims that out-bound firewalling is NOT enabled by default in:

Windows 7, Windows Vista, Windows Server 2008, Windows Server 2008 R2

And it goes on to plainly state:

===============
Windows XP and Windows Server 2003 do not support outbound filtering.
===============

Although Micro$haft is known to use phrases and statements that can be
true when interpreted in certain ways to suit their marketing and
product-obsolescence (depreciation) strategies. The above statement
might be true only when seen in terms referring to any GPO or IPsec
(group policies) that come with those versions of windows - not with any
that you create on your own.

Anyone running XP should have SP3 by now -


(Other than those, another reason to be on SP3 is that the end
of support date is later - I'm not even sure if it's already
passed for SP2.)


It has. As of July 2010.

And again I say that there is nothing useful to be gained by
installing a third-party firewall on XP.


I will modify that statement and say that

For those that believe an out-bound firewall is of any
*protective* value on a computer with an NT-based OS
(and specifically XP in this case) then the firewall
integrated into XP may not be user-friendly enough to
be able to setup correctly by the average user, then a
third party firewall is likely the most practical route
to go.

I still say that as of this writing (2012) and even going back 5 to 7
years in the past, that the benefit of running a software firewall on
Windows 9x/ME is/was marginal to negligable.

Again, too much focus here on firewall software. It's an
irrational focus.


If you mean fear of malware on 98 systems, probably. Being able
to monitor the activities of "legitimate" software, perhaps not
so.


I think the prevalance AND consequences of legit software performing
"back-door" contact with the internet is way overblown and does not nor
ever has risen to the level where firewall blocking ever did anything
useful to justify the energy and cost put into acquiring, installing and
maintaining the firewall.

I know that a lot of the "auto-update" and checking for newer versions
that some software does can be disabled by their own config and
control-panel settings. And for any that don't or can't, removing the
offending modules (either through msconfig or by renaming / deleting
their files) is a satisfactory alternative. I frequently delete the
file "jusched.exe" for example as a way to achieve this.

And again, a simple HOSTS file entry can achieve the same purpose as the
firewall would have - to prevent a given program from being able to
contact a specific host.

As to whether there is "too much" focus, that's a matter of
individual preference: one could say your reflex action to
any mention of it is also irrational (-:.


It's never irrational to assert logic and facts into a discussion.