I'm not a programmer-type under-the-hood Windows expert
but I've tended many Windows boxes since Windows 3.0
in small office environments.
I've been following the discussions on whether Win98
is vulnerable to the recent WMF exploits and just for
fun did a bit of impromptu fooling around with the
"browsercheck.wmf" file found at:
http://www.heise.de/security/dienste/browsercheck/demos/ie/wmf.shtml
It doesn't seem to do anything to my Win98 machine.
Seems to me this is because of the lack of WMF file
associations on my machine.
Note that my tests were done with VirusScan
DAT 4663 which does NOT see Bloodhound.Exploit.56.
I offer the results of what I found for
what it may be worth. I like Win98 because the
bad guys tend to prefer to play with the latest
MS OSs and McAfee could always be relied upon to
make up the difference. I can't tell you how many
of my friends, acquaintances, and co-workers have
had their later OS home machines trashed, but then
again I know a lot of people who are clueless; all
the more reason I kept the boxes I had responsibility
over an OS or two behind the times. I hope recent
events don't put a spotlight on 98 and inspire
the creations of "retro-viruses" so to speak.
My system specs:
===
Windows98SE 4.10.2222A
Office2000
Word2000 (9.0.2720)
Outlook Express 5 (5.50.4133.2400)
Internet Explorer 6.0.2600.0000IS
Firefox 1.0.7
Image Eye 7.1 (default image viewer)
DataViz Conversions Plus 4
McAfee VirusScan Home Edition 7.00.5000.0
(DAT 4.0.4663 12/30/05)
Results:
===
doubleclicking on browsercheck.wmf
results in Conversions Plus opening
identifying file as a dbII file and asking
for input on how to open or convert;
viewing or attempting conversion fails
without incident or it asks for a program
to open it with because there are no
associations and you can just cancel.
doubleclicking on
browsercheck.wmf renamed to browsercheck.jpg
results in Image Eye viewer attempt to open
which fails - unknown format
===
browsercheck.wmf sent as attachment to Outlook
intercepted by Earthlink and stripped
indentified as Bloodhound.Exploit.56
I couldn't get around this, so I can't say what
Outlook would do if it actually got the attachment,
however...
browsercheck.wmf renamed to browsercheck.jpg
sent as attachment to Outlook
NOT intercepted by Earthlink
displayed as broken icon in Outlook viewer pane
attempt to open it identifies file as
c:\windows\Temporary Internet Files\Content.IE5\
XXXXXXX\browsercheck.wmf
"This file does not have a program associated
with it for performing this action. Create an
association in My Computer by clicking Views
and then clicking Folder Options"
===
browsercheck.wmf dropped into Word
results in clickable icon
doubleclicking results in embedded object warning
doubleclicking again identifies file as
c:\windows\temp\pkge0e1.wmf
"This file does not have a program associated
with it for performing this action. Create an
association in My Computer by clicking Views
and then clicking Folder Options"; clicking OK
yields: "No Application is associated with this file"
browsercheck.wmf renamed to browsercheck.jpg
dropped into Word
results in clickable icon
doubleclicking results in embedded object warning
doubleclicking again results in Image Eye viewer fails
- unknown format
===
browsercheck.wmf dropped into Internet Explorer
results in download warning;
telling it to open the file results in
Conversions Plus dialogue box due to lack
of file association
browsercheck.wmf renamed to browsercheck.jpg
dropped into Internet Explorer
results in broken icon
===
browsercheck.wmf dropped into Firefox
results in download warning
telling it to open the file results in
repeated download warnings
browsercheck.wmf renamed to browsercheck.jpg
dropped into Firefox results in display error
===
Attempting to import browsercheck.wmf or
browsercheck.wmf renamed to browsercheck.jpg
into Word Clipart fails without problems
===
