Re: Windows 98 Users Face Increased Security Risk, Says Study

[InfoSec News <isn () c4i org>]

Forwarded from: matthew patton <pattonme () yahoo com>

--- InfoSec News <isn () c4i org> wrote:
> http://www.eweek.com/article2/0,4149,1410097,00.asp
>
> A new research paper to be released on Thursday is warning those
> companies still running Microsoft Windows 98 that they face an
> increased risk of a network security breach when Microsoft retires
> the product at the end of this year.

I really don't think so actually. Win98 has precious little capability
compared to say 2K or XP. Granted it doesn't offer much in the way of
desktop security and stupid users clicking on wanton email/url's can
toast their box more readily than a properly configured (ie. local
user is not LocalAdmin) NT family machine. But so many corporate
NT-class machines can't be bothered to do security properly anyway.

It seems to me the vast majority of M$'s nasty bugs have to do with
apps and the 'fancy' OS's like NT and up - be it IE, Office, SQLServer
and the like. IE/Office need to be updated regularly etc, sure and
that support isn't going away just yet.

Did M$ pay these guys to write this so they could sell a few zillion
more copies of XP and boost quarterly sales?

win95/98 works just fine for desktop use. I still use it. I read my
email, surf the web, generate a document or two. Isn't that the very
definition of 99.8% of all corporate PeeCee's? My work laptop is 2K
and it's a sorry pain in the butt. It's long been a contention of mine
that less capable software has less things to compromise and if
compromised isn't as capable of an attack platform. Now were did I put
my copy of Mosaic...

> the major driver is a direct result of delaying PC refreshment
> purchases during the recent economic slowdown," he said.

or maybe Intel or AMD begged them to write it. I only last month
sidelined my 266mhz K6 desktop because I couldn't play any moderately
recent (year 2000+) games on it. Now 1.3ghz of my 1.3ghz CPU goes to
wasting electrons and turning them into heat and doing RC5/OGR key
searches.

> "Companies with a significant investment in Windows 98—and who did
> not purchase an extended hot fix support contract this summer—should
> immediately evaluate strategies to retire all installations of
> 'Internet-facing' Windows," the study said.

There's a trigger-word! "internet-facing."  What's that mean? that the
PC is out there hosting connections coming from the wider 'net or that
a user is using a machine to surf? If the former, well ok anybody
using 98 as a server needs to be summarily shot. If the latter, what's
the big deal? Can't content filtering, virus protection, user
education against stupidity, and refusing to allow users to run lousy
products pretty much put the kibosh to most of the bugs? I mean, IE
and Outlook should have been removed from every corporate desktop ages
ago. Running Office/IE/Outlook on 95/98 or NT/2K/XP makes no
difference.

> "Any Windows 95 or 98-based PC with access to the Internet
> (including
>
> mobiles that leave the company network) should be candidates for
> migrating to Windows XP or Windows 2000.

why? where is the justification? where is the cost basis? If I'm a
corporate IT guy I need to know damn well WHY I should and WHY the
huge cost is worth it or is otherwise justified.

> To help its customers with this, AssetMetrix, the Lab's parent
> company, will on Thursday announce a new asset management service
> known as Win98-Exodus, designed to help corporations identify PCs
> running Windows 98 and Windows 95 and help them develop a migration
> strategy toward Windows 2000 and Windows XP.

heh, talk about a non-biased report then. This alone makes me regard
their recommendations with considerable distrust.


=====
"Be kind and compassionate to one another, forgiving each
 other, just as in Christ God forgave you." Ephesians 4:32

Hurt and disappointment enter every marriage from time to time.
When this happens, we choose to either forgive or develop
resentment. Love will not last if we do not learn to forgive.

__________________________________
Do you Yahoo!?
New Yahoo! Photos - easier uploading and sharing.
http://photos.yahoo.com/



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.