Advisories and vulnerability comparison: Windows 98(se) vs Windows XPhome

V

Virus Guy

XP.

What a joke.

This is an example of Macro$haft support for a "supported product" ?

How many bandaids can you (should you) apply to a product before it
should rightly be declared "dead on arrival" ???

Windows 98(se) was better "out-of-the-box" than XP is even now.

-------------

http://secunia.com/product/16/

Microsoft Windows XP Home Edition with all vendor patches installed
and all vendor workarounds applied, is currently affected by one or
more Secunia advisories rated Highly critical.

This is based on the most severe Secunia advisory, which is marked as
"Unpatched" in the Secunia database. Go to Unpatched/Patched list
below for details.

(http://secunia.com/product/16/#advisories)

Currently, 23 out of 116 Secunia advisories, are marked as "Unpatched"
in the Secunia database.

-------------

http://secunia.com/product/13/

Microsoft Windows 98 Second Edition with all vendor patches installed
and all vendor workarounds applied, is currently affected by one or
more Secunia advisories rated Less critical

This is based on the most severe Secunia advisory, which is marked as
"Unpatched" in the Secunia database. Go to Unpatched/Patched list
below for details.

(http://secunia.com/product/13/#advisories)

Currently, 3 out of 30 Secunia advisories, are marked as "Unpatched"
in the Secunia database.

--------------

Here are the 3 unpatched Win-98 issues (all of which either cause
trivial problems or require physical access to the system). It
appears that only the legacy installation of Microsoft Java represents
any real lingering threat to Windows 98(se) systems that are otherwise
fully patched and updated.

--------------

1) Windows buffer overflow in riched20.dll
http://secunia.com/advisories/8099/

The vulnerability is caused by a boundary error in the dynamic link
library "riched20.dll" in the function that draws figure strings. This
can be exploited by constructing a malicious ".rtf" file where the
figure string sets a font size larger than 1024 bytes and luring a
user to open the file. Any application using the vulnerable function
in "riched20.dll" will crash.

Solution: Do not open files with RTF content from untrusted sources.

----------------

2) Microsoft Java Virtual Machine Cross-Site Communication
Vulnerability
http://secunia.com/advisories/12047/

Marc Schoenefeld has reported a vulnerability in Microsoft Java
Virtual Machine, allowing Java applets originating from different
domains to communicate.

The problem is that applets share a common class loader for the system
classes, allowing sites to use public static fields for Cross-Site
communication. This could potentially be exploited to cause
information leakage.

This is a breach of sandbox restrictions.

The vulnerability has been reported in version 5.0.0.3810. Other
versions may also be affected.

Solution: Use another Java implementation.

----------------

3) Microsoft Windows Unspecified USB Device Driver Vulnerability
http://secunia.com/advisories/16210/

A vulnerability has been reported in Microsoft Windows, which can be
exploited by malicious people with physical access to a vulnerable
system to compromise it.

The vulnerability is caused due to an unspecified boundary error in a
USB device driver and can be exploited to cause a buffer overflow via
a specially crafted USB device.

Successful exploitation allows execution of arbitrary code with SYSTEM
privileges, but requires physical access to a vulnerable system

Solution: Restrict physical access to vulnerable systems.
Disable USB support.
 
P

PCR

Thanks for the report. It's far better to sit here until we crumble to dust, then-- JUST as I always said! Ah, ha, ha!


--
Thanks or Good Luck,
There may be humor in this post, and,
Naturally, you will not sue,
should things get worse after this,
PCR
(e-mail address removed)
| XP.
|
| What a joke.
|
| This is an example of Macro$haft support for a "supported product" ?
|
| How many bandaids can you (should you) apply to a product before it
| should rightly be declared "dead on arrival" ???
|
| Windows 98(se) was better "out-of-the-box" than XP is even now.
|
| -------------
|
| http://secunia.com/product/16/
|
| Microsoft Windows XP Home Edition with all vendor patches installed
| and all vendor workarounds applied, is currently affected by one or
| more Secunia advisories rated Highly critical.
|
| This is based on the most severe Secunia advisory, which is marked as
| "Unpatched" in the Secunia database. Go to Unpatched/Patched list
| below for details.
|
| (http://secunia.com/product/16/#advisories)
|
| Currently, 23 out of 116 Secunia advisories, are marked as "Unpatched"
| in the Secunia database.
|
| -------------
|
| http://secunia.com/product/13/
|
| Microsoft Windows 98 Second Edition with all vendor patches installed
| and all vendor workarounds applied, is currently affected by one or
| more Secunia advisories rated Less critical
|
| This is based on the most severe Secunia advisory, which is marked as
| "Unpatched" in the Secunia database. Go to Unpatched/Patched list
| below for details.
|
| (http://secunia.com/product/13/#advisories)
|
| Currently, 3 out of 30 Secunia advisories, are marked as "Unpatched"
| in the Secunia database.
|
| --------------
|
| Here are the 3 unpatched Win-98 issues (all of which either cause
| trivial problems or require physical access to the system). It
| appears that only the legacy installation of Microsoft Java represents
| any real lingering threat to Windows 98(se) systems that are otherwise
| fully patched and updated.
|
| --------------
|
| 1) Windows buffer overflow in riched20.dll
| http://secunia.com/advisories/8099/
|
| The vulnerability is caused by a boundary error in the dynamic link
| library "riched20.dll" in the function that draws figure strings. This
| can be exploited by constructing a malicious ".rtf" file where the
| figure string sets a font size larger than 1024 bytes and luring a
| user to open the file. Any application using the vulnerable function
| in "riched20.dll" will crash.
|
| Solution: Do not open files with RTF content from untrusted sources.
|
| ----------------
|
| 2) Microsoft Java Virtual Machine Cross-Site Communication
| Vulnerability
| http://secunia.com/advisories/12047/
|
| Marc Schoenefeld has reported a vulnerability in Microsoft Java
| Virtual Machine, allowing Java applets originating from different
| domains to communicate.
|
| The problem is that applets share a common class loader for the system
| classes, allowing sites to use public static fields for Cross-Site
| communication. This could potentially be exploited to cause
| information leakage.
|
| This is a breach of sandbox restrictions.
|
| The vulnerability has been reported in version 5.0.0.3810. Other
| versions may also be affected.
|
| Solution: Use another Java implementation.
|
| ----------------
|
| 3) Microsoft Windows Unspecified USB Device Driver Vulnerability
| http://secunia.com/advisories/16210/
|
| A vulnerability has been reported in Microsoft Windows, which can be
| exploited by malicious people with physical access to a vulnerable
| system to compromise it.
|
| The vulnerability is caused due to an unspecified boundary error in a
| USB device driver and can be exploited to cause a buffer overflow via
| a specially crafted USB device.
|
| Successful exploitation allows execution of arbitrary code with SYSTEM
| privileges, but requires physical access to a vulnerable system
|
| Solution: Restrict physical access to vulnerable systems.
| Disable USB support.
 
D

Duane Arnold

Virus Guy said:
XP.

What a joke.

This is an example of Macro$haft support for a "supported product" ?

How many bandaids can you (should you) apply to a product before it
should rightly be declared "dead on arrival" ???

Windows 98(se) was better "out-of-the-box" than XP is even now.

You don't know what you're talking about. XP is a NT based O/S like Win 2K
and they both have the same or similar features because they are NT based
O/S(s) with the same origins, which was made available to the consumer home
user market with XP Home.

Win 9'x will never ever match a NT based O/S as to what a NT based O/S can
do. If Win 9'x was all that and it's not, then there would be Win 9'x
servers on the market.

Long

http://64.233.161.104/search?q=cach...n.ppt+Windows+9x++O/S+vs+Windows+NT+O/S&hl=en

Short

http://tinyurl.com/5u9w8

I'll take a NT based O/S Home, Pro or Server edition O/S over a Win 9'x O/S
any day of the week. As long as patches can be applied that's all that
counts.

Win 9'x is old and outdated.

Duane :)
 
D

Dan

Duane said:
You don't know what you're talking about. XP is a NT based O/S like Win 2K
and they both have the same or similar features because they are NT based
O/S(s) with the same origins, which was made available to the consumer home
user market with XP Home.

Win 9'x will never ever match a NT based O/S as to what a NT based O/S can
do. If Win 9'x was all that and it's not, then there would be Win 9'x
servers on the market.

Long

http://64.233.161.104/search?q=cach...n.ppt+Windows+9x++O/S+vs+Windows+NT+O/S&hl=en

Short

http://tinyurl.com/5u9w8

I'll take a NT based O/S Home, Pro or Server edition O/S over a Win 9'x O/S
any day of the week. As long as patches can be applied that's all that
counts.

Win 9'x is old and outdated.

Duane :)
LOL! If you check out Microsoft's history you will find out that NT
(New Technology) was called Not There by early Microsoft system
engineers because they felt it was inferior to the 9x code.
 
D

Duane Arnold

Dan said:
LOL! If you check out Microsoft's history you will find out that NT
(New Technology) was called Not There by early Microsoft system
engineers because they felt it was inferior to the 9x code.

LOL! Where is the Win 9'x code now? It's nowhere is where it's at. That
crap Win 9'x O/S that I have had to write applications/programs for way
back when is a crash prone piece of junk including SE that shared the 16
bit O/S thread with everything else that was 16 bit running on the machine.

So if another 16 bit application/program hung that non protected 16 bit
thread the thread that the O/S shared, that crash prone platform was/is
going down. Win 9'x is where it belongs on the outdated trash heap.

Duane :)
 
D

Dan

Duane said:
LOL! Where is the Win 9'x code now? It's nowhere is where it's at. That
crap Win 9'x O/S that I have had to write applications/programs for way
back when is a crash prone piece of junk including SE that shared the 16
bit O/S thread with everything else that was 16 bit running on the machine.

So if another 16 bit application/program hung that non protected 16 bit
thread the thread that the O/S shared, that crash prone platform was/is
going down. Win 9'x is where it belongs on the outdated trash heap.

Duane :)
I find your line of logic very interesting. My Windows 98SE system is
very stable and never seems to crash. I dual-boot with XP Pro. which
was hacked a few months back. It is very interesting that nothing
happened to my 98SE system but XP Pro. failed. This may be partially
due to the fact that I use Microsoft firewall for XP Pro. but Zone Alarm
Professional for 98SE. Anyway, I have never really cared for XP Pro. as
much since it does not run older programs as well as 98SE. For
instance, KQ IV runs on my 98SE machine side of my computer without any
problems. However, on the XP Pro. side of my machine it will run but
without any music. The sound card works on both sides of the machine
but XP Pro. cannot run the program with music even in compatibility
mode. I will use XP Pro. where I must but I still prefer 98SE. Have a
nice day and Vista will probably end up putting XP on the trash heap.
 
D

Duane Arnold

Dan said:
I find your line of logic very interesting. My Windows 98SE system is
very stable and never seems to crash.

Well, you have not put that piece of junk programming wise to the hammer
like I have put it to the hammer in a corporate environment or seen that
crap go up in smoke like I have seen crash and burn.
I dual-boot with XP Pro. which
was hacked a few months back.

You're a home user.
It is very interesting that nothing
happened to my 98SE system but XP Pro. failed.

You're a home user.
This may be partially
due to the fact that I use Microsoft firewall for XP Pro. but Zone Alarm
Professional for 98SE.

And you're bringing up ZA to me, please.
Anyway, I have never really cared for XP Pro. as
much since it does not run older programs as well as 98SE.

The programs were not certified to run on the NT based platform is the
bottom like.
For
instance, KQ IV runs on my 98SE machine side of my computer without any
problems. However, on the XP Pro. side of my machine it will run but
without any music.

A home user perspective.
The sound card works on both sides of the machine
but XP Pro. cannot run the program with music even in compatibility
mode.

It don't run on the NT based platform, then it doesn't run

I will use XP Pro. where I must but I still prefer 98SE. Have a
nice day and Vista will probably end up putting XP on the trash heap.


It's very interesting that I don't see any Win 9'x based server editions
of the O/S. The NT based Win 2K will replace Win 98SE in the long run as
the work horse that everyone will go to, when Win 9'x SE or otherwise
finally -- finally hits the trash heap.

I don't have any problems running anything on the XP Pro machines at
home or in the work environment. I don't have any problems programming
and running solutions on the NT XP pro platform.

Vista is based off of NT just like Win NT, 2K, XP, 2K3 are NT based
O/S(s) and not Win 9'x so there you go.

You have a nice day too, as you don't know what you're talking about.

Duane :)
 
J

James Egan

Win 9'x will never ever match a NT based O/S as to what a NT based O/S can
do.

Like the maximum number of concurrent network connections, for
example, D. lol

xp home 5
xp pro 10
win9x 250


Jim.
 
D

Duane Arnold

James said:
Like the maximum number of concurrent network connections, for
example, D. lol

xp home 5
xp pro 10
win9x 250


Jim.

I just got back from taking 3 .NET interviews for jobs and got the grand
tour and the whole nine yards. I have not seen a Win 9'x machine used
nowhere in the corporate environment since 1998 when all Win 9'x
machines were kicked to the curb. No body in those interviews were
talking about Win 9'x that's for that's for sure. ;-)

Get out of here with this BS what at kind of minuscule and I am going to
spell it out (bullshit) are you talking about?

It's dumb *clowns* like you that will sit there and come up some BS.

LOL LOL LOL LOL *boy* you tickle me. ;-)

I got server editions of the Win NT based O/S that can do more than 250
concurrent connections.

What are you going to come up with next *clown* about an NT based O/S as
opposed to Win 9'x O/S, because that's all you are to me.

You should get out of my face with this garbage *clown* LOL LOL LOL LOL.

Oh btw, I had to put the name calling in -- I couldn't help it. :)

LOL LOL LOL

Only some cheap broke company or cheap broke home user like *you* would
be hanging all over Win 9'x. ;-)

Duane :)
 
J

James Egan

Get out of here with this BS what at kind of minuscule and I am going to
spell it out (bullshit) are you talking about?

It's dumb *clowns* like you that will sit there and come up some BS.

It's not BS, Bw. You were talking about the wonders of xp against
win9x.

Although xp is superior to 9x in many ways, concurrent networking
connections is one where it is definitely inferior.


LOL LOL LOL LOL *boy* you tickle me. ;-)

I got server editions of the Win NT based O/S that can do more than 250
concurrent connections.

Big deal. A free unix machine running samba is more efficient than
your NT servers. The comparison in question was between similar
workstation os's



Jim.
 
D

Duane Arnold

James said:
It's not BS, Bw. You were talking about the wonders of xp against
win9x.

Although xp is superior to 9x in many ways, concurrent networking
connections is one where it is definitely inferior.






Big deal. A free unix machine running samba is more efficient than
your NT servers. The comparison in question was between similar
workstation os's



Jim.
We're NOT and I repeat NOT talking about unix, linux or lineX as fas as
that is concerned. You're a *clown* to me plain and simple that's always
making some kind of worthless excuse and post to me, crying in your
Pamper as usual.

I know all about Linux and Samba networking as it's on my network. My
discussion to the other poster was about NT based O/S(s) server,
workstation or otherwise. And as usual your Lone Ranger dumbass must
ride in on your broom as usual.

Will you stop posting to me you absolute *clown* and you're nothing to
me -- nothing. LOL LOL LOL

Duane :)
 
D

Duane Arnold

It's not BS, Bw. You were talking about the wonders of xp against
win9x.

No, I am talking about what a NT based O/S, which XP is part of that
class, as opposed to Win 9'x class. That's all it's ever been about.
However, I like the way you put your spin on to what I have said. That's
real good real good. Yeah, okay dokey you read into what you want to. ;-)
Although xp is superior to 9x in many ways, concurrent networking
connections is one where it is definitely inferior.


Although xp is superior to 9x in many ways, concurrent networking
connections is one where it is definitely inferior.

Minisucle comparsion for an outdated O/S that's seen its day and the
time has passed it.

Yeas, one day in its best days and its best mode it was a file server.
;-) LOL.

It's a poor and broke excuse.

Win 9'x has seen its day. It's over for it. It's been over for a long
time - put it on the trash heap where it belongs. It's only hanging on
by a thumb nail, because of *clown* like you.

Duane :)
 
J

James Egan

Will you stop posting to me

Don't flatter yourself, buckwheat. I'm posting to usenet not to you.

Like everyone else, I have a good laugh at your drivel. Just don't
reply if it bothers you.


Jim.
 
D

Duane Arnold

Don't flatter yourself, buckwheat. I'm posting to usenet not to you.

Yeah, BS you lying dog -- you lying lying dog! ;-)

That's a good one you're posting to usenet. It's a sorry spin but
nevertheless it's spin. I am on the floor with laughter. LOL
Like everyone else, I have a good laugh at your drivel. Just don't
reply if it bothers you.

Oh, you're just too much. LOL LOL LOL. Do know that nothing you post
bothers me. I have no respect for you should tell you something. At
least, the other poster I had some respect for the poster. You I have none

Little *Master* Egan is on the scene don't flatter yourself with
yourself boy.

BTW, your mama loved Buckwheat when he comb his hair as he put the
Johnson to her. She hollered shake it like a susuage Buckwheat baby
shake it like a susuage. Then they had *you*. ;-)

You're not even original you little *clown*. Do get on your broom and
ride into the next room maybe into the corner. ;-)

I do love dogging you out!

Duane :)
 
P

PCR

Is this the kind of diatribe XP-dementia leads to?
You should have worn your tinfoil hat!


--
Thanks or Good Luck,
There may be humor in this post, and,
Naturally, you will not sue,
should things get worse after this,
PCR
(e-mail address removed)
message <censored>
| Duane :)
 
D

Duane Arnold

PCR said:
Is this the kind of diatribe XP-dementia leads to?
You should have worn your tinfoil hat!

Maybe, when I ask your *ho* ass mama for her permission to ware it. ;-)

Duane :)
 
D

Duane Arnold

One other thing, go suck on *Master* Egan's Johnson while you're at too.
You can Win 9'x it clean.

Yeah, he can be the file server and you can be the client. ;-)

Duane :)
 
P

PCR

Yuck!


--
Thanks or Good Luck,
There may be humor in this post, and,
Naturally, you will not sue,
should things get worse after this,
PCR
(e-mail address removed)
<yuck!>
| Duane :)
 
D

Duane Arnold

PCR said:

Well, maybe you should go **** yourself. ;-)

Will that be better? After all, Little *Master* Egan is a lying *dog*!

You put yourself here I didn't put you here, just like that dumbass
Little *Master* Egan did it too. ;-)

LOL

Duane :)
 
P

PCR

| Will that be better?

That was a little better, yea. STILL, I must delete all your posts &
leave this thread! Bye! I have a reputation to uphold!


--
Thanks or Good Luck,
There may be humor in this post, and,
Naturally, you will not sue,
should things get worse after this,
PCR
(e-mail address removed)
"Duane Arnold" <""Yep-Don't-Bother\"@[email protected]">
<censored>
| Duane :)
|
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top