Worms affecting unfirewalled Windows 98 SE

I

Ian B.

Are there any worms that'll currently infect 98 SE machines connected to the
net without a firewall? I ask because I connected someone else's laptop to
the net, thinking I'll only be downloading stuff that I've created and no
risk of viruses. Then I remembered about the large number of worms, I can't
think of a highly distributed one to hand that'll infect by half hour or so
of net connection, but I just wanted to check, are there any?

TIA,
Ian
 
N

null

Are there any worms that'll currently infect 98 SE machines connected to the
net without a firewall? I ask because I connected someone else's laptop to
the net, thinking I'll only be downloading stuff that I've created and no
risk of viruses. Then I remembered about the large number of worms, I can't
think of a highly distributed one to hand that'll infect by half hour or so
of net connection, but I just wanted to check, are there any?
Click to expand...

Some propagate via poorly protected shares. Bugbear is one that comes
to mind. If you had file sharing disabled, that should have helped
quite a bit. Anyway, what's the problem with scanning the drive to
find out?


Art
http://www.epix.net/~artnpeg
 
F

FromTheRafters

Ian B. said:
Are there any worms that'll currently infect 98 SE machines connected to the
net without a firewall? I ask because I connected someone else's laptop to
the net, thinking I'll only be downloading stuff that I've created and no
risk of viruses. Then I remembered about the large number of worms, I can't
think of a highly distributed one to hand that'll infect by half hour or so
of net connection, but I just wanted to check, are there any?
Click to expand...

The Blaster worm variants that use the DCOM RPC exploit
won't affect Win98 even if DCOM RPC has been added to
that platform. At least that is how I understand the situation.

There are plenty of other things to worry about though. Why
don't you scan it for adware, spyware, and malware that you
could have "drive-by" downloaded while browsing?
 
J

James Egan

but I just wanted to check, are there any?
Click to expand...

There are some, but if you don't have file and printer sharing
installed or if it is installed but not bound to the tcp/ip stack of
your Internet connection then you are okay without a firewall.


Jim.
 
F

frans

Ian said:
Are there any worms that'll currently infect 98 SE machines connected to the
net without a firewall? I ask because I connected someone else's laptop to
the net, thinking I'll only be downloading stuff that I've created and no
risk of viruses. Then I remembered about the large number of worms, I can't
think of a highly distributed one to hand that'll infect by half hour or so
of net connection, but I just wanted to check, are there any?
Click to expand...

If you disable 'Windows Networking' it is probably safer then W2K and XP
 
D

Duane Arnold

The Blaster worm variants that use the DCOM RPC exploit
won't affect Win98 even if DCOM RPC has been added to
that platform. At least that is how I understand the situation.
Click to expand...

Where is the information on this about DCOM on a Win9x O/S will not be
affected by the RPC exploite? From my understanding of DCOM, DCOM is DCOM
no matter what Windows O/S it is on.

Duane :)
 
F

FromTheRafters

Duane Arnold said:
Where is the information on this about DCOM on a Win9x O/S will not be
affected by the RPC exploite? From my understanding of DCOM, DCOM is DCOM
no matter what Windows O/S it is on.
Click to expand...

After discussing this at length last year, I ran across a TechNet or
KnowledgeBase article which mentioned that the implementation
of DCOM RPC on those platforms does not install the affected
program module - so there is no DCOM RPC vulnerability on
those platforms.

I rather doubt my ability to track down this article, but I will
give it a try and post back ~ don't hold your breath though. ;o)
 
M

me

FromTheRafters said:
After discussing this at length last year, I ran across a TechNet or
KnowledgeBase article which mentioned that the implementation
of DCOM RPC on those platforms does not install the affected
program module - so there is no DCOM RPC vulnerability on
those platforms.

I rather doubt my ability to track down this article, but I will
give it a try and post back ~ don't hold your breath though. ;o)
Click to expand...

This one states that W9x and WMe are not vulnerable.
Not much tech. info. :(

http://go.microsoft.com/?linkid=220723

J
 
M

me

Duane said:
The link stops at the Search Page.

Duane :)
Click to expand...

Aw sh... ancient (dated 8-14-03)? Could be my screwup, too.
Anyway, if you wish, I can email you a copy that page.

J
 
D

Duane Arnold

Never mind emailing -- here it is now (and updated 1-22-04):
http://www.microsoft.com/security/incident/blast.asp
Click to expand...

I saw that link awhile back and it may be correct that the Win 9'x and ME
O/S may not be exploited by the particular Blaster exploit, since the
programming logic to do the exploit may be using COM or COM+ programming
discipline which is exploitable on the NT based O/S(s) only and the fact
that it's installed by default on those O/S as there may be applications
that are installed on those platforms that use COM or COM+ in the
programming logic.

DCOM if installed on a Win 9'x or ME O/S can be exploited most likely by
another Win 9'x or ME O/S machine on a network. Those O/S(s) are old and
outdated technology and their time has come and gone. And they don't have
the prestige like the NT based O/S have when they are exploited. So, no one
bothers to go after those platforms.

But DCOM is DCOM and it can be exploited no matter what O/S platform its
on. That's to my understanding of it.

Duane :)
 
F

FromTheRafters

This one states that W9x and WMe are not vulnerable.
Not much tech. info. :(

http://go.microsoft.com/?linkid=220723
Click to expand...

Looking around I find many places like that - not affected - no
amplifications as to why. I also find many places subscribing to
the belief that they are affected (none from Microsoft on this
side of the fence) again with no specific details.

My statement still stands (because it was specifically about the
"Blaster" RPC vector), but the implications that the vulnerability
doesn't exist on those platforms can't be backed up with any
official documentation that I can find. I still believe it to be the
case however. DCOM is DCOM, but the implementation of
it on differing platforms makes it so that not all are identical.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Can a Firewall Protect Against Worm Viruses? 1
Blaster Worm? Not? What then? 4
Worms 6
Wireless Internet Service claims MS installing Blaster Worm 1
Worm Affect Network Accessibility? 5
USB Flash disk in Windows 98 SE 5
Avast users. 3
What's this "Internet Gateway"? 4

Top