I've been using a Tyan Tsunami 1830s with a P3 850, a 440BX chipset,
and a Maxtor 40G hard drive with Win98 on it. If I get a P4
motherboard, will I simply be able to install my HD on it and boot up,
or will I have to reformat the HD and reload everything.

Thanks in advance for the info.

Longfellow <> wrote: I've been using a Tyan Tsunami 1830s with a P3 850, a 440BX chipset, and a Maxtor 40G hard drive with Win98 on it. If I get a P4 motherboard, will I simply be able to install my HD on it and boot up, or will I have to reformat the HD and reload everything.

The hardware will boot. Linux or FreeBSD will boot just
fine, although maybe suboptimally depending on what has
been configured into the kernel.

Whether your OS (MS-Win98) will is a different question.
It may recognize the different chipset and want to install
drivers for it.

MS-Win9* also has problems booting with lots of RAM
(512 MB+?) and needs VCACHE and perhaps MAXPHYSPAGE
limits in SYSTEM.INI .

There was a problem with some AMD chips doing LOOP too
fast (MS Win9* needed a patch), but I presume the P4 is
slow enough.

One other solution when migrating hard-drives under
MS-Win9* was to delete all System Devices and shutdown
prior to migrating the drive. The OS would automagically
detect the new devices upon a lengthy, rebootful startup.

Some people might advise you to upgrade OS. I heartily agree!
Linux or FreeBSD would help, and you probably wouldn't need
the new mobo. If it is to some MS product, think twice.
MS-Win2k is probably the most stable (if you can find it)
but has problems with some games/apps/hw. MS-WinXP has other
problems including odious licencing terms. MS-Win98 has
USB and can be stable with sufficient maintenance.


-- Robert

On Sun, 28 Dec 2003 08:34:58 -0500, Longfellow <> wrote:I've been using a Tyan Tsunami 1830s with a P3 850, a 440BX chipset,and a Maxtor 40G hard drive with Win98 on it. If I get a P4motherboard, will I simply be able to install my HD on it and boot up,or will I have to reformat the HD and reload everything.

Maybe, but probably not. The drive will be recognized with no trouble
at all, and if you were running Linux, or *BSD, or just about anything
other than Windows, the OS would work with no trouble as well.

Unfortunately you are running Windows, and that's likely to cause
problems. You can get around these problems sometimes without having
to format and reinstall everything, but other times it doesn't work so
well.

Personally, I think you would have to be absolutely insane, or just a
major masochist, to try and install Win98 on a P4. The huge number of
headaches that Win9x causes are really just NOT worth it. Do yourself
a favor and get either Win2K or WinXP for this P4 system and don't
even bother trying to get Win98 running. Trust me, you will have a
faster, more responsive and SIGNIFICANTLY more stable system that will
cause FAR less hair-pulling.

-------------
Tony Hill
hilla <underscore> 20 <at> yahoo <dot> ca

On Sun, 28 Dec 2003 08:34:58 -0500, Longfellow <> wrote:
I've been using a Tyan Tsunami 1830s with a P3 850, a 440BX chipset,and a Maxtor 40G hard drive with Win98 on it. If I get a P4motherboard, will I simply be able to install my HD on it and boot up,or will I have to reformat the HD and reload everything.

Things could get very messy. One question which needs to be answered
before you start is: is your current mbrd BIOS recognized by Win98 as
supporting ACPI? The new one will and the Device Manager tree would be
drastically altered by it.

You could always start a fresh install of Win98 into a separate folder from
the current one and see how that goes - easy to back out of it without
losing your current drive structure if things get nasty. There is
absolutely no need to reformat any drives or partitions... if your current
BIOS supports the 40GB drive without an "overlay".

If you want to try to keep your current Win98 folder, registry, installed
apps etc., here's one way which I've used:

First you'll have to get any .INF driver definitions for the new chipset.

1) Make sure you have a CD-ROM driver in CONFIG.SYS *and* that MSCDEX is
loaded in AUTOEXEC.BAT. This is necessary since during the transfer to the
new mbrd, you'll lose access to the CD-ROM drive from the Win98 protected
mode driver.

2) In Win98 System Properties/Hardware Profiles make a copy of your current
configuration - call it Dummy or some such name and rename the current
config to say Oldconfig

3) Hook the drive to the new system and boot it. You'll get a msg asking
which config to boot to (Oldconfig or Dummy) - choose "None of the Above".
This will cause the Win98 boot process to create a new "Original
Configuration" with the new hardware, leaving the Oldconfig untouched (more
or less anyway).

4) The creation of the new hardware config is going to require lots of
rebooting to load drivers and you're probably going to have to make
decisions on whether to replace a newer driver with one from the Win98 CD.
At the end, you should be able to delete the Oldconfig and Dummy
configurations.

I've done migrations through three generations of mbrds using the above
procedure (though not to a very recent mbrd) and there is often the odd
hiccup along the way but it usually works with some tweaking. I'd also add
that if this is not Win98SE, it's probably not worthwhile even trying.
Win98 (First Edition) is broken and not worth the effort.

I'd also add that I agree with others who say it would probably be better
to get Windows 2000 or XP and just dump Win98. You should be able to
install into a fresh Windows folder without damaging any of your current
data on the drive.

Rgds, George Macdonald

"Just because they're paranoid doesn't mean you're not psychotic" - Who, me??

Tony Hill wrote:
Do yourself a favor and get either Win2K or WinXP for this P4 system and don't even bother trying to get Win98 running. Trust me, you will have a faster, more responsive and SIGNIFICANTLY more stable system that will cause FAR less hair-pulling.

BS. Maybe more stable (if SP1 doesn't screw it up) but XP isn't "faster and
more responsive) than 98SE. I've been running a P4 system with 98SE (when I
have to use windows) for over a year with no problems and no stability
issues. I think 99% of the stability issues people have with win98 is junk
hardware.

The only think you can trust using XP is being bent over as far as the EULA
and using an OS that allows easy acess to viruses and hackers.
--

Stacey

On Sun, 28 Dec 2003 20:35:02 -0500, stacey <fotocord@yahoo.com> wrote:
Tony Hill wrote: Do yourself a favor and get either Win2K or WinXP for this P4 system and don't even bother trying to get Win98 running. Trust me, you will have a faster, more responsive and SIGNIFICANTLY more stable system that will cause FAR less hair-pulling.BS. Maybe more stable (if SP1 doesn't screw it up) but XP isn't "faster andmore responsive) than 98SE. I've been running a P4 system with 98SE (when Ihave to use windows) for over a year with no problems and no stabilityissues. I think 99% of the stability issues people have with win98 is junkhardware.

I still use Win98SE and Tony does have a point about stability. I still
don't know what causes some of the occasional problems I have but I
strongly suspect that there are certain combos of installed software which
interact badly with each other. In general, through careful management of
the system, I've kept it in pretty good shape but as an example, I've
recently had probs with Acrobat Reader (5.1) hanging the system hard either
on startup or on exit. It's a common problem with no solution I've been
able to find.

As for responsiveness, the multi-tasking response of Win98 is abysmal
compared with Win2K/XP.
The only think you can trust using XP is being bent over as far as the EULAand using an OS that allows easy acess to viruses and hackers.

Yeah that's another story and the product activation thing is an
intolerable intrusion.

Rgds, George Macdonald

"Just because they're paranoid doesn't mean you're not psychotic" - Who, me??

My thanks to everyone, especially George, for the replies. I've been
using Win 98 for sometime now and haven't had any problems at all with
its stability or speed, perhaps because I use my computer mainly for
word processing and websurfing. However, given what's been said here,
I'm considering upgrading to Windows Second Edition or Windows 2000,
considering I've heard that XP still has a lot of bugs to work out.

My next question is "Will I be able to use my Maxtor 40G ATA drives
with the faster bus speeds of newer motherboards, with the built-in
SATA Raid devices some of these motherboards have, or with add-on SATA
raid cards?

I was also wondering which middle-of-the road motherboards with and
without RAID give the best bang-for-the-buck?

Thanks in advance for the additional info


On Sun, 28 Dec 2003 18:06:16 -0500, George Macdonald
<fammacd=!SPAM^nothanks@tellurian.com> wrote:
On Sun, 28 Dec 2003 08:34:58 -0500, Longfellow <> wrote:I've been using a Tyan Tsunami 1830s with a P3 850, a 440BX chipset,and a Maxtor 40G hard drive with Win98 on it. If I get a P4motherboard, will I simply be able to install my HD on it and boot up,or will I have to reformat the HD and reload everything.Things could get very messy. One question which needs to be answeredbefore you start is: is your current mbrd BIOS recognized by Win98 assupporting ACPI? The new one will and the Device Manager tree would bedrastically altered by it.You could always start a fresh install of Win98 into a separate folder fromthe current one and see how that goes - easy to back out of it withoutlosing your current drive structure if things get nasty. There isabsolutely no need to reformat any drives or partitions... if your currentBIOS supports the 40GB drive without an "overlay".If you want to try to keep your current Win98 folder, registry, installedapps etc., here's one way which I've used:First you'll have to get any .INF driver definitions for the new chipset.1) Make sure you have a CD-ROM driver in CONFIG.SYS *and* that MSCDEX isloaded in AUTOEXEC.BAT. This is necessary since during the transfer to thenew mbrd, you'll lose access to the CD-ROM drive from the Win98 protectedmode driver.2) In Win98 System Properties/Hardware Profiles make a copy of your currentconfiguration - call it Dummy or some such name and rename the currentconfig to say Oldconfig3) Hook the drive to the new system and boot it. You'll get a msg askingwhich config to boot to (Oldconfig or Dummy) - choose "None of the Above".This will cause the Win98 boot process to create a new "OriginalConfiguration" with the new hardware, leaving the Oldconfig untouched (moreor less anyway).4) The creation of the new hardware config is going to require lots ofrebooting to load drivers and you're probably going to have to makedecisions on whether to replace a newer driver with one from the Win98 CD.At the end, you should be able to delete the Oldconfig and Dummyconfigurations.I've done migrations through three generations of mbrds using the aboveprocedure (though not to a very recent mbrd) and there is often the oddhiccup along the way but it usually works with some tweaking. I'd also addthat if this is not Win98SE, it's probably not worthwhile even trying.Win98 (First Edition) is broken and not worth the effort.I'd also add that I agree with others who say it would probably be betterto get Windows 2000 or XP and just dump Win98. You should be able toinstall into a fresh Windows folder without damaging any of your currentdata on the drive.Rgds, George Macdonald"Just because they're paranoid doesn't mean you're not psychotic" - Who, me??

George Macdonald wrote:

The only think you can trust using XP is being bent over as far as theEULA and using an OS that allows easy acess to viruses and hackers. Yeah that's another story and the product activation thing is an intolerable intrusion.

Which doesn't equal "stable" to me if it's so easy to get infected. And yes
being called a thief and a cheat doesn't sit too well with me!
--

Stacey

Longfellow <> wrote:
My next question is "Will I be able to use my Maxtor 40G ATA drives with the faster bus speeds of newer motherboards,

I'm using an old 3.2 gig drive on my "web machine" with an XP2100+ athlon so
that 40G drive shouldn't be any problem! :-)

--

Stacey

On Mon, 29 Dec 2003 19:08:08 -0500, Longfellow <> wrote:My thanks to everyone, especially George, for the replies. I've beenusing Win 98 for sometime now and haven't had any problems at all withits stability or speed, perhaps because I use my computer mainly forword processing and websurfing. However, given what's been said here,I'm considering upgrading to Windows Second Edition or Windows 2000,considering I've heard that XP still has a lot of bugs to work out.

Compared to Win98/Win98SE/WinMe the number of bugs in WinXP is next to
nothing... not that this is saying much.
My next question is "Will I be able to use my Maxtor 40G ATA driveswith the faster bus speeds of newer motherboards, with the built-inSATA Raid devices some of these motherboards have, or with add-on SATAraid cards?

Yes you will be able to use the hard drive, though not on a SATA
controller. Not to worry though, even new boards that support SATA
also have standard old-fashion parallel ATA controllers as well.
You're drive will sit on one of those controllers with no trouble at
all.
I was also wondering which middle-of-the road motherboards with andwithout RAID give the best bang-for-the-buck?

Personally I usually stick with boards from Asus, Gigabyte or MSI.
These are the three biggest motherboard companies and their boards
tend to be fairly reliable. Each of them offer a fairly full line of
boards, it's just a question of which board offers the particular set
of features that you're looking for.

-------------
Tony Hill
hilla <underscore> 20 <at> yahoo <dot> ca

On Sun, 28 Dec 2003 20:35:02 -0500, stacey <fotocord@yahoo.com> wrote:Tony Hill wrote: Do yourself a favor and get either Win2K or WinXP for this P4 system and don't even bother trying to get Win98 running. Trust me, you will have a faster, more responsive and SIGNIFICANTLY more stable system that will cause FAR less hair-pulling.BS. Maybe more stable (if SP1 doesn't screw it up) but XP isn't "faster andmore responsive) than 98SE. I've been running a P4 system with 98SE (when Ihave to use windows) for over a year with no problems and no stabilityissues. I think 99% of the stability issues people have with win98 is junkhardware.

I upgraded an older system (AMD K6-2 450MHz, 192MB of memory) from
Win98 to Win2K, and the system was NOTICEABLE more responsive in
Win2K. Win98 was fine with little to no load and/or just running a
single application, but it lagged a lot more when multitasking.

As for the junk hardware, I have NEVER found any system that was
stable running Win9x, regardless of what hardware was used. I've even
sat down at PCs with top-notch hardware who's owner claimed it was
perfectly stable and never crashed and I'll bring the system down in a
matter of hours (sometimes just minutes) without even trying.

Win9x is fine if you reboot your computer at least once a day, never
run any sort of services and only ever run one application at a time.
Beyond that it's totally out of it's league.
The only think you can trust using XP is being bent over as far as the EULAand using an OS that allows easy acess to viruses and hackers.

WinXP has FAR more security features in place than Win9x. Win9x has
absolutely NO concept of user permissions, and everything is ALWAYS
run with 100% full access regardless of what you're doing. The one
and only advantage that Win9x has over Win2K/XP from a security
standpoint is that Windows Messenger is not enabled and listening for
remote connections by default (something I've complained rather
bitterly about before and that MS is FINALLY going to fix with WinXP
SP2). Otherwise Win2K and WinXP are far and away more secure than
Win9x (not that this is saying much).

-------------
Tony Hill
hilla <underscore> 20 <at> yahoo <dot> ca

On Mon, 29 Dec 2003 03:09:14 -0500, George Macdonald
<fammacd=!SPAM^nothanks@tellurian.com> wrote:BS. Maybe more stable (if SP1 doesn't screw it up) but XP isn't "faster andmore responsive) than 98SE. I've been running a P4 system with 98SE (when Ihave to use windows) for over a year with no problems and no stabilityissues. I think 99% of the stability issues people have with win98 is junkhardware.I still use Win98SE and Tony does have a point about stability. I stilldon't know what causes some of the occasional problems I have but Istrongly suspect that there are certain combos of installed software whichinteract badly with each other.

Yup. Win9x combined with essentially ANY other software (including
the bundled apps like IE) is a recipe for disaster. As long as you
just run Win9x all on it's own with no applications at all, you're
usually fine :>

-------------
Tony Hill
hilla <underscore> 20 <at> yahoo <dot> ca

On Mon, 29 Dec 2003 21:38:27 -0500, stacey <fotocord@yahoo.com> wrote:
George Macdonald wrote:The only think you can trust using XP is being bent over as far as theEULA and using an OS that allows easy acess to viruses and hackers. Yeah that's another story and the product activation thing is an intolerable intrusion.Which doesn't equal "stable" to me if it's so easy to get infected. And yesbeing called a thief and a cheat doesn't sit too well with me!

More practically, it just occurred to me recently that the "beauty" of
having three people with approximately the same laptop computer was umm
spoiled by the XP activation scheme. I'd been thinking, rationally:-),
that if any of the systems played up at a conference they could always swap
the hard drive between systems and just keep going. To tell the truth,
after thinking about it, I'm not sure what the hell is going to happen.
E.g. do you want your road-warrior to get up with his presentation and have
the fucking OS nag to the entire world that this person, who is selling
software and services, is cheating on his OS license?

Rgds, George Macdonald

"Just because they're paranoid doesn't mean you're not psychotic" - Who, me??

On Mon, 29 Dec 2003 19:08:08 -0500, Longfellow <> wrote:
My thanks to everyone, especially George, for the replies. I've beenusing Win 98 for sometime now and haven't had any problems at all withits stability or speed, perhaps because I use my computer mainly forword processing and websurfing. However, given what's been said here,I'm considering upgrading to Windows Second Edition or Windows 2000,considering I've heard that XP still has a lot of bugs to work out.

AFAIK if you throw out all the XP eye-candy and run it with the "Classic"
settings the bug load is not any worse though the security Hot-Fixes have
been a PITA. Personally I'd go for Win2K right now but it's not that big a
deal to me... over XP.
My next question is "Will I be able to use my Maxtor 40G ATA driveswith the faster bus speeds of newer motherboards, with the built-inSATA Raid devices some of these motherboards have, or with add-on SATAraid cards?

I believe that any current mbrd with SATA will still have an ATA-100/133
IDE interface which will allow your drive to perform at its best.
I was also wondering which middle-of-the road motherboards with andwithout RAID give the best bang-for-the-buck?

There're so many integrated options that it's hard to decide for someone
else - it depends what bells 'n' whistles you want. I'd been using Asus
almost exclusively for years but recently I've had good luck with MSI for
mbrds.

Rgds, George Macdonald

"Just because they're paranoid doesn't mean you're not psychotic" - Who, me??

Tony Hill wrote:
On Mon, 29 Dec 2003 03:09:14 -0500, George Macdonald
I still use Win98SE and Tony does have a point about stability. I stilldon't know what causes some of the occasional problems I have but Istrongly suspect that there are certain combos of installed software whichinteract badly with each other. Yup. Win9x combined with essentially ANY other software (including the bundled apps like IE) is a recipe for disaster. As long as you just run Win9x all on it's own with no applications at all, you're usually fine :>


??? Pumping XP sales again Tony?

What he's talking about is crap software run with -other- crap software
taking down the system. This same crap software will crash on XP, just that
with XP it crashes more gracefully.
--

Stacey

Tony Hill wrote:
On Sun, 28 Dec 2003 20:35:02 -0500, stacey <fotocord@yahoo.com> wrote:Tony Hill wrote: Do yourself a favor and get either Win2K or WinXP for this P4 system and don't even bother trying to get Win98 running. Trust me, you will have a faster, more responsive and SIGNIFICANTLY more stable system that will cause FAR less hair-pulling.BS. Maybe more stable (if SP1 doesn't screw it up) but XP isn't "fasterand more responsive) than 98SE. I've been running a P4 system with 98SE(when I have to use windows) for over a year with no problems and nostability issues. I think 99% of the stability issues people have withwin98 is junk hardware. I upgraded an older system (AMD K6-2 450MHz, 192MB of memory) from Win98 to Win2K, and the system was NOTICEABLE more responsive in Win2K. Win98 was fine with little to no load and/or just running a single application, but it lagged a lot more when multitasking. As for the junk hardware, I have NEVER found any system that was stable running Win9x, regardless of what hardware was used. I've even sat down at PCs with top-notch hardware who's owner claimed it was perfectly stable and never crashed and I'll bring the system down in a matter of hours (sometimes just minutes) without even trying. Win9x is fine if you reboot your computer at least once a day, never run any sort of services and only ever run one application at a time. Beyond that it's totally out of it's league.The only think you can trust using XP is being bent over as far as theEULA and using an OS that allows easy acess to viruses and hackers. WinXP has FAR more security features in place than Win9x.

LOL like the ports they left open that caused the last run of worms?

Win9x has absolutely NO concept of user permissions, and everything is ALWAYS run with 100% full access regardless of what you're doing.

Which only affect people who allow others acess to the shared files. Most
people run XP as the -admin- (and there is no real warning against doing
this..) so what's the diff?
The one and only advantage that Win9x has over Win2K/XP from a security standpoint is that Windows Messenger is not enabled and listening for remote connections by default

And the other undisclosed ports that also are open by default?

--

Stacey

On Tue, 30 Dec 2003 20:45:48 -0500, stacey <fotocord@yahoo.com> wrote:
Tony Hill wrote: On Mon, 29 Dec 2003 03:09:14 -0500, George MacdonaldI still use Win98SE and Tony does have a point about stability. I stilldon't know what causes some of the occasional problems I have but Istrongly suspect that there are certain combos of installed software whichinteract badly with each other. Yup. Win9x combined with essentially ANY other software (including the bundled apps like IE) is a recipe for disaster. As long as you just run Win9x all on it's own with no applications at all, you're usually fine :>??? Pumping XP sales again Tony?

What? You'll be telling us next that Tony's been recruited by The Canopy
Group.;-)
What he's talking about is crap software run with -other- crap softwaretaking down the system. This same crap software will crash on XP, just thatwith XP it crashes more gracefully.

I think the only argument here is the definition of crap software. In
fact, my system has been suspiciously fragile, on and off, since the
March/April 2002 tax season... when TurboTax silently installed IE 5.5SP2.
I have similar systems in the office and it seems to me that as soon as you
upgrade IE beyond 5.01SP2 (the last version with plugin support) Win98SE
gets squirrely. It's possible that my use of Netscape and latterly Mozilla
as a principal browser has something to do with it. The previusly
mentioned Acrobat Reader 5.10 hangs, on my home machine, are getting me mad
and my ire is naturally directed at Adobe as it *appears* to be the
culprit. Then again, since I have office systems with it which work fine
with it I'm drawn back to Win98SE as the source for blame. As Clara Peller
might have said: "Where's the crap?"<shrug>:-)

Rgds, George Macdonald

"Just because they're paranoid doesn't mean you're not psychotic" - Who, me??

On Wed, 31 Dec 2003 05:39:59 -0500, George Macdonald
<fammacd=!SPAM^nothanks@tellurian.com> wrote:
I think the only argument here is the definition of crap software. Infact, my system has been suspiciously fragile, on and off, since theMarch/April 2002 tax season... when TurboTax silently installed IE 5.5SP2.I have similar systems in the office and it seems to me that as soon as youupgrade IE beyond 5.01SP2 (the last version with plugin support) Win98SEgets squirrely. It's possible that my use of Netscape and latterly Mozillaas a principal browser has something to do with it. The previuslymentioned Acrobat Reader 5.10 hangs, on my home machine, are getting me madand my ire is naturally directed at Adobe as it *appears* to be theculprit. Then again, since I have office systems with it which work finewith it I'm drawn back to Win98SE as the source for blame. As Clara Pellermight have said: "Where's the crap?"<shrug>:-)

I don't know. Win98SE is still going strong on my kid's machine. Has
all the latest M$ updates applied, including IE6, and it works fine.
I've always had good luck with 98. I only recently migrated to Win2k
Pro on my main machine, which to me is perfect timing, considering the
EOL of 98 support from M$. Win2k is an obviously "better" OS, but
it's also noticeably slower - for common tasks I/O-bound tasks, my new
3GHz box feels no faster than the old 1GHz box running 98SE.

On Tue, 30 Dec 2003 20:49:35 -0500, stacey <fotocord@yahoo.com> wrote:Tony Hill wrote: Win9x is fine if you reboot your computer at least once a day, never run any sort of services and only ever run one application at a time. Beyond that it's totally out of it's league.The only think you can trust using XP is being bent over as far as theEULA and using an OS that allows easy acess to viruses and hackers. WinXP has FAR more security features in place than Win9x.LOL like the ports they left open that caused the last run of worms?

Port. Just one (port 135), and that will be disabled by default with
SP2 (it SHOULD have been disabled right from the get-go, Messenger is
rather useless for 99% of computer users).
Win9x has absolutely NO concept of user permissions, and everything is ALWAYS run with 100% full access regardless of what you're doing.Which only affect people who allow others acess to the shared files. Most

Of course, Win9x tends to turn on Microsoft networking by default when
you setup a network connection, and there have been more than one
security holes associated with that. And then there's the issue of
any application that is listening to internet activity. If it's
compromised, it's instant superuser access.
people run XP as the -admin- (and there is no real warning against doingthis..) so what's the diff?

The diff is that you CAN set up Win2K/XP to have security. You can
NOT setup Win9x to have any concept of security, no matter how hard
you try. Your only solution is to turn off everything, sit behind a
firewall and pray.

Don't get me wrong, WinXP is hardly the pinnacle of security, it has
MANY faults that I've complained about both here and in other forums.
Some of these are going to be fixed with SP2, but they are mostly
things that SHOULD have been fixed long ago. Microsoft has been WAY
late to the boat when it comes to security, and despite all the noise
they've made in the media they still haven't got it. They just don't
take the "secure by default" attitude to software design and instead
seem to hack on security as an afterthought. However, at least with
WinXP they had that afterthought. Win9x has absolutely ZERO security.
The one and only advantage that Win9x has over Win2K/XP from a security standpoint is that Windows Messenger is not enabled and listening for remote connections by defaultAnd the other undisclosed ports that also are open by default?

There are none, I've checked.

-------------
Tony Hill
hilla <underscore> 20 <at> yahoo <dot> ca

On Tue, 30 Dec 2003 20:45:48 -0500, stacey <fotocord@yahoo.com> wrote:Tony Hill wrote: Yup. Win9x combined with essentially ANY other software (including the bundled apps like IE) is a recipe for disaster. As long as you just run Win9x all on it's own with no applications at all, you're usually fine :>??? Pumping XP sales again Tony?What he's talking about is crap software run with -other- crap softwaretaking down the system. This same crap software will crash on XP, just thatwith XP it crashes more gracefully.

With XP, or Win2K, or Linux, or any halfway worthwhile operating
system, the application crashes and the OS goes merrily on it's way.
It really shouldn't matter HOW crappy the applications are, it
shouldn't cause the operating system any harm. with Win9x, that just
doesn't work. If applications crash in Win9x, they REGULARLY put the
operating system in an unstable state, requiring a reboot.

This isn't meant to be "pumping XP sales", more just recommending that
people try ANYTHING other than Win9x. Heck, even the old MacOS
(pre-OS X) managed a higher level of stability, and that OS was
totally archaic for everything that wasn't the GUI.

Win9x was somewhat of a necessary evil for it's time, but that time is
over now. Move on, nothing to see here.

-------------
Tony Hill
hilla <underscore> 20 <at> yahoo <dot> ca

chrisv wrote:
I don't know. Win98SE is still going strong on my kid's machine. Has all the latest M$ updates applied, including IE6, and it works fine. I've always had good luck with 98. I only recently migrated to Win2k Pro on my main machine, which to me is perfect timing, considering the EOL of 98 support from M$. Win2k is an obviously "better" OS, but it's also noticeably slower - for common tasks I/O-bound tasks, my new 3GHz box feels no faster than the old 1GHz box running 98SE.

That's been my experience as well. I "tweaked" 2K, shut down every service
not needed etc and it still makes my new 2100 XP box feel as slow as my old
PIII 800. Maybe I'm just lucky with 98SE but I've never had the "stability"
problems people complain about? At this point I'm pissed I -wasted my
money- buying win2K when I ended up going back to 98SE for my windows apps.
I'm trying to avoid windows altogether at this point and as soon as some
good video editing apps get ported to linux, I'm done.

--

Stacey

Tony Hill wrote:
Microsoft has been WAY late to the boat when it comes to security, and despite all the noise they've made in the media they still haven't got it.

Ever consider they don't want security in this -configuration- i.e. per
-user- licensed software? IMHO they want to promote their "secure
computing" by allowng all this crap to escalate, then they can say "We have
a solution, you pay for software on a per -use- basis" and claim it's more
"secure" that way! MS could easily have a secure OS (they can't be that
stupid..)they don't want it to be. What they want is users making monthly
payments to them.
--

Stacey

stacey <fotocord@yahoo.com> wrote:
chrisv wrote: I don't know. Win98SE is still going strong on my kid's machine. Has all the latest M$ updates applied, including IE6, and it works fine. I've always had good luck with 98. I only recently migrated to Win2k Pro on my main machine, which to me is perfect timing, considering the EOL of 98 support from M$. Win2k is an obviously "better" OS, but it's also noticeably slower - for common tasks I/O-bound tasks, my new 3GHz box feels no faster than the old 1GHz box running 98SE.That's been my experience as well. I "tweaked" 2K, shut down every servicenot needed etc and it still makes my new 2100 XP box feel as slow as my oldPIII 800.

I did the tweeking as well. Used the guide at blackviper.com.
Maybe I'm just lucky with 98SE but I've never had the "stability"problems people complain about? At this point I'm pissed I -wasted mymoney- buying win2K when I ended up going back to 98SE for my windows apps.

Oh, you paid money for Win2k? Of course, so did I. 8)
I'm trying to avoid windows altogether at this point and as soon as somegood video editing apps get ported to linux, I'm done.

I'm going toward Linux as well. I dual-boot Win2k and Mandrake 9.2 at
home. I'm getting comfortable with it. It's quite useable, and it's
rapidly improving.

On Wed, 31 Dec 2003 08:04:07 -0600, chrisv <chrisv@nospam.invalid> wrote:
On Wed, 31 Dec 2003 05:39:59 -0500, George Macdonald<fammacd=!SPAM^nothanks@tellurian.com> wrote:I think the only argument here is the definition of crap software. Infact, my system has been suspiciously fragile, on and off, since theMarch/April 2002 tax season... when TurboTax silently installed IE 5.5SP2.I have similar systems in the office and it seems to me that as soon as youupgrade IE beyond 5.01SP2 (the last version with plugin support) Win98SEgets squirrely. It's possible that my use of Netscape and latterly Mozillaas a principal browser has something to do with it. The previuslymentioned Acrobat Reader 5.10 hangs, on my home machine, are getting me madand my ire is naturally directed at Adobe as it *appears* to be theculprit. Then again, since I have office systems with it which work finewith it I'm drawn back to Win98SE as the source for blame. As Clara Pellermight have said: "Where's the crap?"<shrug>:-)I don't know. Win98SE is still going strong on my kid's machine. Hasall the latest M$ updates applied, including IE6, and it works fine.I've always had good luck with 98. I only recently migrated to Win2kPro on my main machine, which to me is perfect timing, considering theEOL of 98 support from M$. Win2k is an obviously "better" OS, butit's also noticeably slower - for common tasks I/O-bound tasks, my new3GHz box feels no faster than the old 1GHz box running 98SE.

Like I said, I have similar systems at work which are fine. It's not that
Win98 is always unstable - it's just that even being careful about
intrusive software and cleaning out obvious crap... it *can* get broken
with normal software which comes with devices you need to make the computer
umm... useful.

Rgds, George Macdonald

"Just because they're paranoid doesn't mean you're not psychotic" - Who, me??

chrisv wrote:
Maybe I'm just lucky with 98SE but I've never had the "stability"problems people complain about? At this point I'm pissed I -wasted mymoney- buying win2K when I ended up going back to 98SE for my windowsapps. Oh, you paid money for Win2k?

Yep, bought it from a friend who got it with a new computer he bought and
wiped the drive to install 98SE. Paid for 98SE as well but Bill assumes I'm
a thief?! What's a laugh is he ran me (and lots of others) off with the
product activation yet it didn't stop people from pirating his software.
I'm trying to avoid windows altogether at this point and as soon as somegood video editing apps get ported to linux, I'm done. I'm going toward Linux as well. I dual-boot Win2k and Mandrake 9.2 at home. I'm getting comfortable with it. It's quite useable, and it's rapidly improving.

I'm using Mandrake 9.1, people seem to feel 9.2 is a little buggy? I belong
to mandrake club and got a download of 9.2 but 9.1 is running so well, I'm
not really that interested in "upgrading". Probably will wait for 10.0 or
10.1

--

Stacey

On Wed, 31 Dec 2003 16:07:31 GMT, Tony Hill <hilla_nospam_20@yahoo.ca>
wrote:
On Tue, 30 Dec 2003 20:49:35 -0500, stacey <fotocord@yahoo.com> wrote:Tony Hill wrote: Win9x is fine if you reboot your computer at least once a day, never run any sort of services and only ever run one application at a time. Beyond that it's totally out of it's league.>The only think you can trust using XP is being bent over as far as the>EULA and using an OS that allows easy acess to viruses and hackers. WinXP has FAR more security features in place than Win9x.LOL like the ports they left open that caused the last run of worms?Port. Just one (port 135), and that will be disabled by default withSP2 (it SHOULD have been disabled right from the get-go, Messenger israther useless for 99% of computer users).

Blaster used 135 as its initial entry point but there are other known ports
sitting waiting to be "exploited" in one way or another. The security
sites normally advise disabling TCP: 135, 137, 139, 143, 445, 593; UDP 135,
445, 593; and there are suspicions of others like TFTP: 69... and then
there's the ephemeral ports where docs are scant.
Win9x has absolutely NO concept of user permissions, and everything is ALWAYS run with 100% full access regardless of what you're doing.Which only affect people who allow others acess to the shared files. MostOf course, Win9x tends to turn on Microsoft networking by default whenyou setup a network connection, and there have been more than onesecurity holes associated with that. And then there's the issue ofany application that is listening to internet activity. If it'scompromised, it's instant superuser access.

Yes Win9x is vulnerable but in different ways. The trouble with NT, 2K, XP
is that it's basically a Server OS with Server features built in and now
you have millions of home users who are ill-equipped to handle malware
attacks on it, through services they don't understand. With Win9x,
off-hand I can't think of any attack which didn't require the malware to
tease the user into executing/installing software for the initial attack
entry point. IOW the XP attack is passive, the 9X one requires a certain
trickery on the part of the attacker and gullibility on the part of the
user.

Rgds, George Macdonald

"Just because they're paranoid doesn't mean you're not psychotic" - Who, me??

On Thu, 01 Jan 2004 19:31:53 -0500, George Macdonald
<fammacd=!SPAM^nothanks@tellurian.com> wrote:Port. Just one (port 135), and that will be disabled by default withSP2 (it SHOULD have been disabled right from the get-go, Messenger israther useless for 99% of computer users).Blaster used 135 as its initial entry point but there are other known portssitting waiting to be "exploited" in one way or another. The securitysites normally advise disabling TCP: 135, 137, 139, 143, 445, 593; UDP 135,445, 593; and there are suspicions of others like TFTP: 69... and thenthere's the ephemeral ports where docs are scant.

None of those ports other than port 135 are open by default though.
Ports 137 and 139 (and 138) are opened if you turn on Microsoft
networking. I can't remember how/why the others were turned on, but
they do require a user to do something to open them up. Of course,
due to the piss-poor documentation users often might not know that
they have opened a port.

I know recently I complained about an issue along these lines. I like
to consider myself a fairly tech-savvy user, but I accidently ran my
system with a totally useless port sitting open for about a month
before I caught it with a port scan. In my case it was running MS
Task Scheduler that opened port 1025 (the first user-space port, I
think it will use others if 1025 is busy, but that is the default).
Nowhere was there ANY documentation that or indication that a port was
being opened, and obviously I have absolutely no desire to have
someone remotely scheduling tasks on my PC, but there was absolutely
no way to turn this off.
Of course, Win9x tends to turn on Microsoft networking by default whenyou setup a network connection, and there have been more than onesecurity holes associated with that. And then there's the issue ofany application that is listening to internet activity. If it'scompromised, it's instant superuser access.Yes Win9x is vulnerable but in different ways. The trouble with NT, 2K, XPis that it's basically a Server OS with Server features built in and nowyou have millions of home users who are ill-equipped to handle malwareattacks on it, through services they don't understand. With Win9x,off-hand I can't think of any attack which didn't require the malware totease the user into executing/installing software for the initial attackentry point. IOW the XP attack is passive, the 9X one requires a certaintrickery on the part of the attacker and gullibility on the part of theuser.

Win9x did have a major problem with MS Networking. This was often
turned on by default and was always bound to all network ports. MANY
Win9x machines run with MS Networking listening, and it has had more
than it's share of security flaws, some of which are remotely
exploitable.

Then there were also the application bugs, particularly in IE and
Outlook/OE. These also affect Win2K and XP, but at least there are
somewhat fewer bugs in the present versions (though if you aren't
patching the system regularly you'll get screwed no matter what OS you
have). Some of these did not even require any sort of user
interaction, there were at least some OE bugs that allowed a malicious
e-mail to install and execute code without the user even opening the
message.

In short, I don't really see that Win9x is in any way safer or more
secure than Win2K or WinXP, even for the most clueless of users. MS
did do one inexcusably stupid thing (turning on Windows Messenger by
default), but the chances of a regular Joe-average computer users not
having some exploitable service on either Win9x or Win2K/XP is pretty
darn slim. For the clueless user, I'm not convinced that either Win9x
or Win2K/XP are at all secure (Apple Macs and OS X are really starting
to look like a nice idea for a lot of people). As I mentioned before,
the real advantage of Win2K and WinXP is not so much that they are
more secure by default, but simply that they can be made more secure,
while with Win9x the only way to make the system secure is to never
turn the power on.

-------------
Tony Hill
hilla <underscore> 20 <at> yahoo <dot> ca

Tony Hill wrote:
As I mentioned before, the real advantage of Win2K and WinXP is not so much that they are more secure by default, but simply that they can be made more secure, while with Win9x the only way to make the system secure is to never turn the power on.

But his point (and mine) is by the time most people have a system conected
to a broad band router with XP, all sorts of security flaws are opened up.
And as you found out, the security documentation is non-existant. Maybe XP
can be made more secure (if you can find any documentation!), but it can
also be made a -whole lot- less secure just as easily! Make me wonder if
they aren't doing this on purpose?
--

Stacey

On Fri, 02 Jan 2004 03:57:39 GMT, Tony Hill <hilla_nospam_20@yahoo.ca>
wrote:
On Thu, 01 Jan 2004 19:31:53 -0500, George Macdonald<fammacd=!SPAM^nothanks@tellurian.com> wrote:Port. Just one (port 135), and that will be disabled by default withSP2 (it SHOULD have been disabled right from the get-go, Messenger israther useless for 99% of computer users).Blaster used 135 as its initial entry point but there are other known portssitting waiting to be "exploited" in one way or another. The securitysites normally advise disabling TCP: 135, 137, 139, 143, 445, 593; UDP 135,445, 593; and there are suspicions of others like TFTP: 69... and thenthere's the ephemeral ports where docs are scant.None of those ports other than port 135 are open by default though.Ports 137 and 139 (and 138) are opened if you turn on Microsoftnetworking. I can't remember how/why the others were turned on, butthey do require a user to do something to open them up. Of course,due to the piss-poor documentation users often might not know thatthey have opened a port.

I don't know all the details of what does the turning on but
http://www.eeye.com/html/Research/Advisories/AD20031111.html mentions 139
and 445. When you say "Microsoft networking" do you mean Client for
Microsoft Networks? The trouble I have here is that everything is based on
what is currently known. The Blaster Worm entry was not known until the
eEye published the "vulnerability" - it does not breed confidence.
Of course, Win9x tends to turn on Microsoft networking by default whenyou setup a network connection, and there have been more than onesecurity holes associated with that. And then there's the issue ofany application that is listening to internet activity. If it'scompromised, it's instant superuser access.Yes Win9x is vulnerable but in different ways. The trouble with NT, 2K, XPis that it's basically a Server OS with Server features built in and nowyou have millions of home users who are ill-equipped to handle malwareattacks on it, through services they don't understand. With Win9x,off-hand I can't think of any attack which didn't require the malware totease the user into executing/installing software for the initial attackentry point. IOW the XP attack is passive, the 9X one requires a certaintrickery on the part of the attacker and gullibility on the part of theuser.Win9x did have a major problem with MS Networking. This was oftenturned on by default and was always bound to all network ports. MANYWin9x machines run with MS Networking listening, and it has had morethan it's share of security flaws, some of which are remotelyexploitable.

Not sure what they all were nor where they are documented but the DCOM/RPC
thing was obviously a NT/2K/XP only thing. My point is that every home XP
system on the planet became a relay point for the distribution of the worm
and again as home systems, patch awareness is kinda low.

Rgds, George Macdonald

"Just because they're paranoid doesn't mean you're not psychotic" - Who, me??

On Fri, 02 Jan 2004 05:45:52 -0500, George Macdonald
<fammacd=!SPAM^nothanks@tellurian.com> wrote:On Fri, 02 Jan 2004 03:57:39 GMT, Tony Hill <hilla_nospam_20@yahoo.ca>wrote:None of those ports other than port 135 are open by default though.Ports 137 and 139 (and 138) are opened if you turn on Microsoftnetworking. I can't remember how/why the others were turned on, butthey do require a user to do something to open them up. Of course,due to the piss-poor documentation users often might not know thatthey have opened a port.I don't know all the details of what does the turning on buthttp://www.eeye.com/html/Research/Advisories/AD20031111.html mentions 139and 445. When you say "Microsoft networking" do you mean Client forMicrosoft Networks?

Yup, "Client for Microsoft Networks" and the whole SMB deal. Port 445
was a new port added with Win2K in order to do SMB over TCP/IP
directly instead of going over NetBIOS.
The trouble I have here is that everything is based onwhat is currently known. The Blaster Worm entry was not known until theeEye published the "vulnerability" - it does not breed confidence.

Of course nothing is known until someone discovers it and publishes
the vulnerability, that's the way it works with every operating
system. Windows, like Linux, Solaris and AIX, definitely DOES have
unknown vulnerabilities. That's why we've got firewalls!
Win9x did have a major problem with MS Networking. This was oftenturned on by default and was always bound to all network ports. MANYWin9x machines run with MS Networking listening, and it has had morethan it's share of security flaws, some of which are remotelyexploitable.Not sure what they all were nor where they are documented but the DCOM/RPCthing was obviously a NT/2K/XP only thing. My point is that every home XPsystem on the planet became a relay point for the distribution of the wormand again as home systems, patch awareness is kinda low.

Yup, turning on Windows Messenger by default was an inexcusably stupid
thing done by Microsoft. Even the most dense computer programmer
should have known that this was a HUGE security flaw waiting to
happen. Without that Blaster would have had only a tiny fraction of
it's effect. Sure, it still could have accessed systems through the
other vulnerabilities, but those had to be turned on by users.

-------------
Tony Hill
hilla <underscore> 20 <at> yahoo <dot> ca

Tony Hill wrote:
Even the most dense computer programmer should have known that this was a HUGE security flaw waiting to happen.

Which leads back to my thinking, they did it on purpose. They knew it would
be exploited and could promote their .NET secure computing initiative
--

Stacey

On Sat, 03 Jan 2004 21:26:51 -0500, stacey <fotocord@yahoo.com> wrote:Tony Hill wrote: Even the most dense computer programmer should have known that this was a HUGE security flaw waiting to happen.Which leads back to my thinking, they did it on purpose. They knew it wouldbe exploited and could promote their .NET secure computing initiative

No offense Stacy, but I think you've smoking the crackpot pipe with
this conspiracy theory (fun as it may be). Network security flaws
have seriously tarnished Microsoft's reputation (for good reason), so
I really can't see how they could be in ANY way helpful in promoting a
service that depends EVEN MORE on Microsoft's network security.

Saying "Ohh, I know we fucked up last time, but this time just give us
MORE responsibility and we'll do a better job" isn't a winning
marketing strategy for any company, not even Microsoft.

-------------
Tony Hill
hilla <underscore> 20 <at> yahoo <dot> ca

On Sat, 03 Jan 2004 07:29:10 GMT, Tony Hill <hilla_nospam_20@yahoo.ca>
wrote:
On Fri, 02 Jan 2004 05:45:52 -0500, George Macdonald<fammacd=!SPAM^nothanks@tellurian.com> wrote:
<<snip>>I don't know all the details of what does the turning on buthttp://www.eeye.com/html/Research/Advisories/AD20031111.html mentions 139and 445. When you say "Microsoft networking" do you mean Client forMicrosoft Networks?Yup, "Client for Microsoft Networks" and the whole SMB deal. Port 445was a new port added with Win2K in order to do SMB over TCP/IPdirectly instead of going over NetBIOS.

SMB? Tsk, tsk - don't you mean CIFS?:-)
The trouble I have here is that everything is based onwhat is currently known. The Blaster Worm entry was not known until theeEye published the "vulnerability" - it does not breed confidence.Of course nothing is known until someone discovers it and publishesthe vulnerability, that's the way it works with every operatingsystem. Windows, like Linux, Solaris and AIX, definitely DOES haveunknown vulnerabilities. That's why we've got firewalls!

All I'm saying is that there may be no "known" open ports... until the next
one.
Win9x did have a major problem with MS Networking. This was oftenturned on by default and was always bound to all network ports. MANYWin9x machines run with MS Networking listening, and it has had morethan it's share of security flaws, some of which are remotelyexploitable.Not sure what they all were nor where they are documented but the DCOM/RPCthing was obviously a NT/2K/XP only thing. My point is that every home XPsystem on the planet became a relay point for the distribution of the wormand again as home systems, patch awareness is kinda low.Yup, turning on Windows Messenger by default was an inexcusably stupidthing done by Microsoft. Even the most dense computer programmershould have known that this was a HUGE security flaw waiting tohappen. Without that Blaster would have had only a tiny fraction ofit's effect. Sure, it still could have accessed systems through theother vulnerabilities, but those had to be turned on by users.

I'm confused by your (actually also M$'s) use of "Windows Messenger".
There is a component of Windows XP installation called Windows Messenger
but it's my understanding that this is basically the MSN Messenger
interface. Are you not referring to the Windows Messenger Service, the
thing that brought us the horrible (non-browser) pop-up ads. There are so
many different angles on that service: some "security sites" said it was
not safe to turn it off since it is used by some apps, like Norton AV, to
pop-up a warning message. OTOH now even M$ says just turn it off.<shrug>

Are you sure about the involvement of Messenger Service in the Blaster
infection? I don't think turning off Messenger will disable the RPC stuff.

Rgds, George Macdonald

"Just because they're paranoid doesn't mean you're not psychotic" - Who, me??

Tony Hill wrote:
On Sat, 03 Jan 2004 21:26:51 -0500, stacey <fotocord@yahoo.com> wrote:Tony Hill wrote: Even the most dense computer programmer should have known that this was a HUGE security flaw waiting to happen.Which leads back to my thinking, they did it on purpose. They knew itwould be exploited and could promote their .NET secure computinginitiative No offense Stacy, but I think you've smoking the crackpot pipe with this conspiracy theory (fun as it may be). Network security flaws have seriously tarnished Microsoft's reputation

I'm betting they blame it on other people rather than themselves. Notice
they are offering large $$$ on their "reward" program? Looks like they are
trying to blame hackers and present day networking with user based software
as the cause. I can easily see the "If you use our secure computing .NET
system where -we- keep the software remotely, it would always be patched
and up to date against attacks" arguement?? And you don't think the non-IT
bussinessmen would buy that arguement?

As you said even a moron would know this is a huge security flaw yet they
did it anyway?

--

Stacey

George Macdonald wrote:

Are you sure about the involvement of Messenger Service in the Blaster infection? I don't think turning off Messenger will disable the RPC stuff.


Which was another default setting which is asking home users for trouble.
--

Stacey

On Sun, 04 Jan 2004 16:36:22 -0500, George Macdonald
<fammacd=!SPAM^nothanks@tellurian.com> wrote:On Sat, 03 Jan 2004 07:29:10 GMT, Tony Hill <hilla_nospam_20@yahoo.ca>wrote:Yup, "Client for Microsoft Networks" and the whole SMB deal. Port 445was a new port added with Win2K in order to do SMB over TCP/IPdirectly instead of going over NetBIOS.SMB? Tsk, tsk - don't you mean CIFS?:-)

Sorry, my mistake. I can never keep up with the acronym-of-the-day
club! :>
Of course nothing is known until someone discovers it and publishesthe vulnerability, that's the way it works with every operatingsystem. Windows, like Linux, Solaris and AIX, definitely DOES haveunknown vulnerabilities. That's why we've got firewalls!All I'm saying is that there may be no "known" open ports... until the nextone.

Open ports are dead-easy to find! Any decent port-scanner will pick
them up in a matter of minutes. Vulnerabilities are another matter
altogether. Just because a port is open doesn't necessarily mean that
it has any vulnerabilities (though history has shown that basically
all services ever made have vulnerabilities), but if the port is not
open at all than it's definitely not vulnerable. That's what DOS is
not vulnerable to any remote exploits!
Not sure what they all were nor where they are documented but the DCOM/RPCthing was obviously a NT/2K/XP only thing. My point is that every home XPsystem on the planet became a relay point for the distribution of the wormand again as home systems, patch awareness is kinda low.Yup, turning on Windows Messenger by default was an inexcusably stupidthing done by Microsoft. Even the most dense computer programmershould have known that this was a HUGE security flaw waiting tohappen. Without that Blaster would have had only a tiny fraction ofit's effect. Sure, it still could have accessed systems through theother vulnerabilities, but those had to be turned on by users.I'm confused by your (actually also M$'s) use of "Windows Messenger".There is a component of Windows XP installation called Windows Messengerbut it's my understanding that this is basically the MSN Messengerinterface.

Nope! Absolutely ZERO connection with MSN Messenger. Windows
Messenger is a TOTALLY different beast from MSN Messenger, despite the
common name.
Are you not referring to the Windows Messenger Service, thething that brought us the horrible (non-browser) pop-up ads.

That's the one!
There are somany different angles on that service: some "security sites" said it wasnot safe to turn it off since it is used by some apps, like Norton AV, topop-up a warning message. OTOH now even M$ says just turn it off.<shrug>

It's completely safe to turn it off, it's an absolutely useless
service and even Norton AV can find other ways to get you virus
warnings if need be.
Are you sure about the involvement of Messenger Service in the Blasterinfection? I don't think turning off Messenger will disable the RPC stuff.

It doesn't turn it off, but without Windows Messenger, Blaster has no
entry point in a default setup. This is the one and only point port
that is completely open and listening to the world by default, and it
allows ANYONE in the world to not only pop up spam on your screen, but
also gives people a way to access RPC. Everyone who looked into the
security consequences of this knew it was a BIG HONKING RED FLAG, it
was a security exploit just waiting to happen. Sure enough, about a
month before the Blaster worm was released, someone not only
documented the vulnerability but even posted code to show how it could
be exploited.

Having Windows Messenger listening to local announcements by default
(eg from Norton Anti-Virus) might have made some sense, albeit not
much sense. However what Microsoft did was to have it listen to the
entire world by default with NO method of disabling this short of
disabling the service altogether. This was absolutely boneheaded of
them! Even 10 years ago when WinNT first came out and security
vulnerabilities weren't as common as they are today this was an
inexcusably stupid thing to do. Whoever made that decision 10 years
ago deserves to be smacked upside the head, but whoever decided to
KEEP that service open until this day (as I mentioned before, they are
FINALLY closing it by default in WinXP SP2 and Win2003 SP1) deserves
to be taken out back and shot!

With Windows Messenger service disabled, Blaster never would have
happened. Sure, it could still go through open ports of people who
had manually enabled another service with RPC support, but that would
have affected less than 1/10th of the number of people that Blaster
affected, probably more like 1/100th.

-------------
Tony Hill
hilla <underscore> 20 <at> yahoo <dot> ca

On Mon, 05 Jan 2004 07:33:45 GMT, Tony Hill <hilla_nospam_20@yahoo.ca>
wrote:
On Sun, 04 Jan 2004 16:36:22 -0500, George Macdonald<fammacd=!SPAM^nothanks@tellurian.com> wrote:
<<snip>>>Not sure what they all were nor where they are documented but the DCOM/RPC>thing was obviously a NT/2K/XP only thing. My point is that every home XP>system on the planet became a relay point for the distribution of the worm>and again as home systems, patch awareness is kinda low.Yup, turning on Windows Messenger by default was an inexcusably stupidthing done by Microsoft. Even the most dense computer programmershould have known that this was a HUGE security flaw waiting tohappen. Without that Blaster would have had only a tiny fraction ofit's effect. Sure, it still could have accessed systems through theother vulnerabilities, but those had to be turned on by users.I'm confused by your (actually also M$'s) use of "Windows Messenger".There is a component of Windows XP installation called Windows Messengerbut it's my understanding that this is basically the MSN Messengerinterface.Nope! Absolutely ZERO connection with MSN Messenger. WindowsMessenger is a TOTALLY different beast from MSN Messenger, despite thecommon name.

I don't have WinXP handy but if you look in Add/Remove Programs and
Windows/System(?) Setup you'll see something called Windows Messenger which
is installed by default. That's the one that I think is basically MSN
Messenger - I always disable it and never use such things anyway so have no
way of knowing exactly what it does. Like I said, M$ has confused everyone
with this nomenclature.
Are you not referring to the Windows Messenger Service, thething that brought us the horrible (non-browser) pop-up ads.That's the one!

Right - OK.

<<snip>>
Are you sure about the involvement of Messenger Service in the Blasterinfection? I don't think turning off Messenger will disable the RPC stuff.It doesn't turn it off, but without Windows Messenger, Blaster has noentry point in a default setup. This is the one and only point portthat is completely open and listening to the world by default, and itallows ANYONE in the world to not only pop up spam on your screen, butalso gives people a way to access RPC. Everyone who looked into thesecurity consequences of this knew it was a BIG HONKING RED FLAG, itwas a security exploit just waiting to happen. Sure enough, about amonth before the Blaster worm was released, someone not onlydocumented the vulnerability but even posted code to show how it couldbe exploited.

Right - that was Last Stage of Delirium: http://lsd-pl.net/
Having Windows Messenger listening to local announcements by default(eg from Norton Anti-Virus) might have made some sense, albeit notmuch sense. However what Microsoft did was to have it listen to theentire world by default with NO method of disabling this short ofdisabling the service altogether. This was absolutely boneheaded ofthem! Even 10 years ago when WinNT first came out and securityvulnerabilities weren't as common as they are today this was aninexcusably stupid thing to do. Whoever made that decision 10 yearsago deserves to be smacked upside the head, but whoever decided toKEEP that service open until this day (as I mentioned before, they areFINALLY closing it by default in WinXP SP2 and Win2003 SP1) deservesto be taken out back and shot!With Windows Messenger service disabled, Blaster never would havehappened. Sure, it could still go through open ports of people whohad manually enabled another service with RPC support, but that wouldhave affected less than 1/10th of the number of people that Blasteraffected, probably more like 1/100th.

I haven't looked at the details of the code enough to argue them but the
paper/URL trail leads me to believe the contrary. The Blaster exploit was
through the RPC service and a buffer overflow to DCOM and is documented
here in July
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS03-026.asp
and updated in September here
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS03-039.asp
with no mention of "Messenger Service" but mentions the possible disabling
of DCOM Service. A better explanation of the details is here
http://www.eeye.com/html/Research/Advisories/AL20030811.html

The Messenger Service exploit, again through RPC, is documented here in
October
http://www.microsoft.com/technet/treeview/?url=/technet/security/bulletin/MS03-043.asp
and does mention disabling of "Messenger Service".

As I understood the mechanisms, RPC can be listening on several ports, one
of which is 135 and will forward "requests" to various services... like
DCOM and Messenger. RPC is a necessary part of the the OS networking
environment and without the buffer overflows in the "services" is basically
secure. IOW turning off one of the "services" does not disable RPC and
disabling Messenger Service does not disable DCOM... which is how Blaster
made its entry.

If you have better evidence to support your contention that disabling
Messenger Service would have squelched Blaster.....

Rgds, George Macdonald

"Just because they're paranoid doesn't mean you're not psychotic" - Who, me??

On Mon, 05 Jan 2004 02:00:20 -0500, stacey <fotocord@yahoo.com> wrote:Tony Hill wrote: No offense Stacy, but I think you've smoking the crackpot pipe with this conspiracy theory (fun as it may be). Network security flaws have seriously tarnished Microsoft's reputationI'm betting they blame it on other people rather than themselves. Noticethey are offering large $$$ on their "reward" program? Looks like they aretrying to blame hackers and present day networking with user based softwareas the cause.

Sure they can try it, but it hasn't worked at all, even if cases where
it WAS user based software that was the source of the problem.
I can easily see the "If you use our secure computing .NETsystem where -we- keep the software remotely, it would always be patchedand up to date against attacks" arguement?? And you don't think the non-ITbussinessmen would buy that arguement?

No, I don't think they would, or at least not enough of them to make
up for the LARGE amount who would scoff the idea. While there are
some totally clueless businessmen, most aren't. Most just want their
IT things to work correctly every time, and most have been burned
enough by Microsoft networking problems (at home and at work) that
they aren't likely to put faith in MS to deliver 100% each and every
time.

-------------
Tony Hill
hilla <underscore> 20 <at> yahoo <dot> ca

stacey <fotocord@yahoo.com> wrote:
I'm going toward Linux as well. I dual-boot Win2k and Mandrake 9.2 at home. I'm getting comfortable with it. It's quite useable, and it's rapidly improving.I'm using Mandrake 9.1, people seem to feel 9.2 is a little buggy? I belongto mandrake club and got a download of 9.2 but 9.1 is running so well, I'mnot really that interested in "upgrading". Probably will wait for 10.0 or10.1

9.2 seems to have some nice (although subtle) refinements over 9.1, in
my opinion. I'm still looking foward to when they get the 2.6 kernel
in there.

On Mon, 05 Jan 2004 05:22:41 -0500, George Macdonald
<fammacd=!SPAM^nothanks@tellurian.com> wrote:Nope! Absolutely ZERO connection with MSN Messenger. WindowsMessenger is a TOTALLY different beast from MSN Messenger, despite thecommon name.I don't have WinXP handy but if you look in Add/Remove Programs andWindows/System(?) Setup you'll see something called Windows Messenger whichis installed by default. That's the one that I think is basically MSNMessenger - I always disable it and never use such things anyway so have noway of knowing exactly what it does. Like I said, M$ has confused everyonewith this nomenclature.

Yup. Two programs from the same company with the same name (I don't
know if they've officially changed the name of "MSN Messenger" to
"Windows Messenger", or if it just uses that name sometimes). Very
confusing!
With Windows Messenger service disabled, Blaster never would havehappened. Sure, it could still go through open ports of people whohad manually enabled another service with RPC support, but that wouldhave affected less than 1/10th of the number of people that Blasteraffected, probably more like 1/100th.I haven't looked at the details of the code enough to argue them but thepaper/URL trail leads me to believe the contrary. The Blaster exploit wasthrough the RPC service and a buffer overflow to DCOM and is documented

I believe you're actually quite right here, I must be confusing my
exploits! It would seem that Blaster does indeed go through DCOM and
not Messenger (though an exploit for that was found not much later).
The two just happen to use the same port (135) and are both RPC
services.

Guess that makes TWO incredibly stupid things that MS has done
recently! (err, I suppose they brains stopped working way back in '93
or '94 when WinNT came out and they still haven't started working
yet).

I've done a bit of looking, and there's actually quite a sad state of
default open ports on most operating systems out there. It turns out
that a default install of WinXP has at least 4 open ports by default
(not just the one I had open), ports 135, 139 and 445 (all the RPC
stuff previously mentioned), port 1025 (Task Scheduler, apparently
that's turned on in a default install, though it never was in any
WinXP setup I had). Mac OS X has at least one, though I've heard of
three different services being enabled in a default install. Redhat
Linux (recent Taroon beta at least) has a grand total of 7 open ports.
Solaris seems to have DOZENS of open ports in it's default install.

It's really quite a disturbing trend! One would think that at this
stage in the game companies would have smartened up and closed ALL
ports in a default install. The vast majority of these services are
just NOT needed, and those that do need them can turn them on
themselves!

-------------
Tony Hill
hilla <underscore> 20 <at> yahoo <dot> ca

On Mon, 05 Jan 2004 18:10:12 GMT, Tony Hill <hilla_nospam_20@yahoo.ca>
wrote:
It's really quite a disturbing trend! One would think that at thisstage in the game companies would have smartened up and closed ALLports in a default install. The vast majority of these services arejust NOT needed, and those that do need them can turn them onthemselves!

Well I'll admit to not having installed the Blaster patch as soon as it
became available. From previous experience and observations of many
others, M$ had garnered some distrust of Service Packs etc. and they were
often delayed till "someone else" confirmed the patches to the patches.

We did get hit by Blaster but it was really kinda strange the way it
happened. I'd been busy messing with our Router - reading up on the
firewall stuff, which was not that easy to follow - because we'd been
pestered by the (Messenger Service) DirectAdvertizer pop-up ads. So I
finally got the firewall figured out and the correct filters in, which
stopped the ads *and* would have stopped Blaster as well... EXCEPT someone
picked up Blaster on a laptop at home and brought it into the office before
I'd had time to check on the patches.

I believe that laptops can be a serious problem here. Many people are
allowed to take them home for "work" but often install all kinds of
personal doo-hickeys. They also get fed-up with switching user to an
administrator account to do anything which needs that privilege... so they
then give their user account administrator privilege and before you know
it, they're blissfully browsing (very) high risk Web sites with a
non-passworded adminstrator acount. Most people seem to need to be
bludgeoned before they realize they were in danger.<shrug>

Rgds, George Macdonald

"Just because they're paranoid doesn't mean you're not psychotic" - Who, me??

Tony Hill <hilla_nospam_20@yahoo.ca> wrote: Yup. Two programs from the same company with the same name (I don't know if they've officially changed the name of "MSN Messenger" to "Windows Messenger", or if it just uses that name sometimes). Very confusing!

The version of MSN Messenger that comes with Windows XP is "Windows
Messenger" (and is not kept up to date relative to the MSN Messenger version
that is available for download... it's on version 4.7, vs 6.x)... MSN
Messenger is separately available for download.

As noted elsewhere, the Messenger service (just "Messenger" as far as I
know) is a separate and unrelated part of NT/2000/XP.

--
Nate Edel http://www.nkedel.com/

"I say we take off and nuke the entire site from orbit. That's the only way
to be sure." -- Ripley, _Aliens_