Slashdot Mirror
Microsoft Stops Supporting Win98 Early
Christopher_G_Lewis writes "Today Microsoft announced that it is 'not feasible to make the extensive changes necessary to Windows Explorer on Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME) to eliminate the vulnerability' to fix Security Bulletin MS06-15. Granted, the vulnerability is easily prevented by basic firewalling, but this basically is the first time Microsoft has admitted that Windows 98 is so broken that it's crazy to be running it on today's Internet."
Maybe I'm crazy, but that OS is, what, 8 years old? How many OSes from that time would be safe to run on today's 'net? Mac OS... what? 8, maybe 9? Solaris 7/8? HP-UX 10?
Ok, Sol8 I could see I guess, but for all that I'm a Mac bigot these days, I can't really blame MS for being unable to support software that old. Sure, it was broken as hell when it came out, but at this point, I'd really rather they try to keep XP or (/sigh) maybe Vista reasonably up-to-date.
I think Microsoft is missing a serious opportunity here. It's called branching.
If they are forced to fix vulnerabilities for an old piece of software without getting paid I can see how that doesn't make sense. But I cannot imagine that there is NOBODY who will pay for vulnerability fixes to their old line instead of upgrading.
Why? Because some software runs on 98 and not on 2000 or XP. Some software will probably run on XP and not Vista in the future. If they dealt with the branch constructively, this could represent another revenue stream for them.
I don't believe it's cannabilistic because the people who would stay on a branch have to because of other software, not because they are cheap. Eventually, they will spend the same amount of money on security updates that it takes to purchase XP but won't have to upgrade their custom software for the new environment.
Is there some reason this wouldn't work?
You are checking your backups, aren't you?
No, I'll get modded down, but... ;)
Look, the truth is that Win XP and to a lesser but still significant extent Win 2k are real, solid OSs. They're targets because of their omnipresence, and moreso because they're 'competitors' to Linux, which is so endeared unto a community like this one.
So we hear the most about the Windows vulnerabilities, yet I just updated some of the software on my Linux box to fix a few security holes, too. And in all honesty...like any other piece of software, if you keep up with the updates and are conscious of the risks and pitfalls of everyday use, it's a safe, fast, and secure OS. If you tossed a version of your favorite Linux distro released circa 1998 onto a computer you would have some VERY serious problems running it smoothly and/or securely.
ACs are modded -6. I don't read you, I don't mod you, I don't see you. Don't like it? Don't be a coward.
Support lifecycle ends on July 11, 2006, so it hardly seems worth the effort to patch for Microsoft. Besides, a pc still running Win98 on the internet without a firewall is probably already compromised, so this patch won't help anything.
If you need the "Windows" environment (for legacy apps?), then 98SE is a perfectly good operating system for computers over 5 years old. It runs almost everything (that the hardware could handle, at least), and is a whole lot lighter than XP.
:|
I mean, if you're not wedded to applications, you can get almost any Linux install to run, better, on a machine that can handle 98SE, but some people aren't down for that
Returned Peace Corps IT Volunteer
Since Windows 95, their whole design was based on extending their products (including Internet Explorer) with insecure features. MS-Word viruses, ActiveX viruses, javascript viruses, and now we even have DRM viruses.
It's not that Windows 9x was old, but that it was awfully designed. Linux is older than Windows 9x, and they got the privileges and file permissions right since the beginning.
Most security updates in Open Source software like Firefox or Linux are due to implementation flaws (i.e. buffer overflows), but the problem we're dealing with here, is a DESIGN FLAW.
Very different, indeed.
You do realize that you need to patch client application security vulnerabilities too? Sure, there may be no "invisible" wormable exploit such as that used by Blaster (since Win98 is running no services). But all of the holes in IE, AIM, MS Office, Quicken, Firefox, and whatever else you use are still there. A large amount of malware relies on client-application vulnerabilites (straight buffer overflows, file parsing errors, etc.) to spread.
Now, you can say, "I never use applications except games from Win98". And if that's true, good for you. But those games could have holes, or they could rely on DLLs that have holes (IE libraries in particular).
Even worse, a whole lot of other folks are browsing the web, answering email, and using IM from Win98. A firewall does not provide client-app security, and these folks will be quickly owned when patches stop coming. Nor does AV software protect you from a lot of attacks at the network protocol layer, as most AV software does not scan network connections in real time or only handles HTTP and POP3 scanning. Until we can formally prove the correctness of all software running on the device, patching will always be necessary for Internet-connected machines (no matter what the operating system).