On Sun, 18 Apr 2010 09:40:02 -0400, 98 Guy <98 (AT) Guy (DOT) com>
wrote:

Not we, just you.

Citing a list of vulnerabilities does not prove it would
become infected. It would be like saying if I leave my back
door unlocked when I go for a walk I will definitely be
robbed... hasn't happened.

Fact is, there is no 100% secure desktop PC OS, so a list of
bugs is foolish as if you pretend there is one with no
bugs... it only takes ONE bug, that's the bug the intruder
purposefully targets per which OS it is.

kony wrote:

Sez you.

When was the last time you looked at the logs of your broadband
NAT-modem or router?

If or when you do, you'll see constant attempts to connect to your PC's
netbios ports. Those are coming from infected systems on the net,
trying to spread themselves to other systems.

It's a fact that if you perform a fresh install of win-2K or XP-Gold or
XP-SP1, and give that machine a non-firewalled or non-NAT'd internet
connection, it will become infected with something before your first
Windows Update session is completed.

Your analogy needs one more element: There are zombies constantly
roving your neighborhood and checking to see if your door is locked.
You walk away from your house for 20 minutes, with your door unlocked,
and it *will* get entered by a zombie.

That wasn't the point of what I wrote. I never made such a claim.

What I did claim is that under similar circumstances (initial
installation) that Win-98 is *invulnerable* to infiltration and
infection by internet "zombies" (worms) that infect systems that simply
have a live, non-firewalled, non-nat'd internet connection. Windows 2K
and XP-SP0 and SP1 are vulnerable.

I was posting hard, solid evidence to back up my claim above.

Windows 98 is not, and has never been vulnerable to any of the 6
different varieties or families of network worms that have been
discovered over the past 10 years. There is no pretending involved in
that statement.

Why are you being so dense in the head about this?

If I go beyond considering network worms, it's also a fact that windows
98 is, in general, less vulnerable to a whole host of malware (viruses,
trojans, root kits) compared to NT-bases OS's.

I'm not sure exactly when OS targeting started to be used during the
exposure and exploitation phase of malware installation, but I would bet
that by the time that started to happen, that windows 98 was not on the
list of targeted OS's.

On 2010-05-02, 98 Guy <98 (AT) Guy (DOT) com> wrote:
Pure FUD. I have a Win2k development machine here that gets periodic
reinstalls so to be honest it doesn't tend to get patched and
protected as well as it should. It's probably at least six months
since it was last isntalled, but when I ran its first virus scan
a few weeeks ago it was clean. That is a _fact_, not groundless
speculation based on personal prejudice. If your experience is
any different that is more to do with what sites you visit or not
being naturally cautious as to what you click on or download.

--
Andrew Smallshaw
andrews (AT) sdf (DOT) lonestar.org

Andrew Smallshaw wrote:

I will prove you are an idiot and an ignorant dolt.

Read carefully what I wrote above.

Note the phrase "non-firewalled" and "non-nat'd".

Do you know what those phrases mean?

Do you know what a nat-router is?

Do you know what sort of broadband internet connection most home users
*didn't* have back during 1999 - 2004?

You are a child aren't you?

How old were you back in 2001 - 2004?

Were you still in diapers?

Do you know what a network worm is?

Do you know that a network worm can get into your system without you
doing any web-surfing?

Or downloading?

Name someone that you shouldn't hire as a network admin or consultant:

Come back here after you take a few courses on computer networking
sonny.

And in the mean time, read this:

http://isc.sans.org/diary.html?storyid=4721

Or do a google search on "internet survival time". Then come back here
and tell me that I'm "prejudiced" against win 2k/XP/etc.

The truth hurts, doesn't it?

It hurts to know that win-98 was a more secure OS compared to 2K and XP.

It disturbs you to know that 2K and XP were fully vulnerable to external
intrusion and remote control until August 2004, doesn't it? While
win-98 users were laughing at all you klowns that were being
mind-controlled by Microsoft marketing bullshit.

On Sun, 02 May 2010 15:31:06 -0400, 98 Guy <98 (AT) Guy (DOT) com>
wrote:

If one has a NAT modem or router, the entirety of your
argument is gone. Insecurity, holes only exist where you
let them. I ran Win2k 100% secure, if you didn't I can only
suggest you made excuses why you'd rather not do so.


Yes, "attempts". Attempt != success. Unlike some, I do
not rely on an operating system for security, rather
disabling all as a default and only enabling what I consider
secure. In that context, pretty much every OS is quite
secure.


<yawn>

So you claim, but reality is contradicting you. Yes
haphazardly leaving a box on the internet is risky, but that
does not translate into an inherant definite danger if one
is security minded as you imply they should be.



Perhaps you should lay off the caffeine. I know what a
zombie looks like and will shoot it on sight.



You overlook one fundamental aspect of security. Nothing is
100% secure, but what is most insecure is that which is
targeted. Win2k is not a popular target anymore, so to
claim its bugs matter more than the bugs of OS that are
targeted, is entirely missing the point and an extreme
confusion about what security is and how to handle it.



Yeah, but not in context.



Why are you insisting that others who don't have the
problems you pretend "Must be", need to be more concerned
about what you write than what works ok for them?


Win98 can't even run for many days at a time despite its
many other weaknessess, I assure you that if someone is
capaable to identify the OS, and seeks to target it, Win98
is owned too, to think of it as some kind of security is
laughable... when the fact is, 99.9% of insecurity is user
choice, browser or email client flaws. Win98 can't even
support the more modern versions of browser or email client
that patch flaws in previous versions.




Personally, I have no problem securing win98 boxes, win2k,
or thereafter. I find your implied problems more a sign of
being unable to do basic security steps more than anything,
or just a mental block then excuses to follow...

On Mon, 03 May 2010 21:43:05 -0400, 98 Guy <98 (AT) Guy (DOT) com>
wrote:


Ok, let us know when you finally manage to do so.

On 2010-05-04, 98 Guy <98 (AT) Guy (DOT) com> wrote:
I'm seeing a pattern emerge here. Make outlandish claims, fail to
back them up but then assert them as fact all the same. When
challenged again fail to back them up and resort to ad hominem
insults. It's nice to see that your argument is so solidly reasoned
that it stands up so well to scrutiny.

I would hope so or those Cisco qualifications I have don't mean
much. That's right - _qualifications_, as in, I've actually studied
this stuff and been shown to be competent, instead of making stuff
up on the spot. Your defence of your claims still does not hold
water - no NAT at all here and it is not behind the firewall on
that network - do you know what "protected" means?

Do you? It sure doesn't sound like it. The attack vector doesn't
come out of nowhere you know - it has to leverage an existing
service running on the machine...

....and on Windows 2000 the potentially vulnerable services are
disabled in default trim.

See above. Although I might suggest a few course on elementary
comprehension first since most of this post was raising points I
already addressed.

Do you want to try that link a second time? Because the one you
posted is not what you claim it to be.

--
Andrew Smallshaw
andrews (AT) sdf (DOT) lonestar.org