Slashdot Mirror
Microsoft Stops Supporting Win98 Early
Christopher_G_Lewis writes "Today Microsoft announced that it is 'not feasible to make the extensive changes necessary to Windows Explorer on Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME) to eliminate the vulnerability' to fix Security Bulletin MS06-15. Granted, the vulnerability is easily prevented by basic firewalling, but this basically is the first time Microsoft has admitted that Windows 98 is so broken that it's crazy to be running it on today's Internet."
Win98 is broken? That's crazy talk, I've been using it for years, and I've never had any prob#$*(*^^(*&!@ NO CARRIER
Those who anthropomorphize science and/or nature already believe in an intelligent designer.
well, I'll get modded down but...
MS got it wrong... "Windows 98 is so broken that it's crazy to be running it on today's Internet" For some reason this contains a "98" which came out of nowhere. It should read
"Windows is so broken that it's crazy to be running it on today's Internet"
*''I can't believe it's not a hyperlink.''
How many people still actually run Windows 98?
It only took them 8 years to realize Windows 98 was broken.... Not bad.
I jest I jest *ducks*
Maybe I'm crazy, but that OS is, what, 8 years old? How many OSes from that time would be safe to run on today's 'net? Mac OS... what? 8, maybe 9? Solaris 7/8? HP-UX 10?
Ok, Sol8 I could see I guess, but for all that I'm a Mac bigot these days, I can't really blame MS for being unable to support software that old. Sure, it was broken as hell when it came out, but at this point, I'd really rather they try to keep XP or (/sigh) maybe Vista reasonably up-to-date.
I think Microsoft is missing a serious opportunity here. It's called branching.
If they are forced to fix vulnerabilities for an old piece of software without getting paid I can see how that doesn't make sense. But I cannot imagine that there is NOBODY who will pay for vulnerability fixes to their old line instead of upgrading.
Why? Because some software runs on 98 and not on 2000 or XP. Some software will probably run on XP and not Vista in the future. If they dealt with the branch constructively, this could represent another revenue stream for them.
I don't believe it's cannabilistic because the people who would stay on a branch have to because of other software, not because they are cheap. Eventually, they will spend the same amount of money on security updates that it takes to purchase XP but won't have to upgrade their custom software for the new environment.
Is there some reason this wouldn't work?
You are checking your backups, aren't you?
How are Microsoft's commitments to its operating systems structured? Are they a vague "promise" or contractual? If they are the latter, then I sincerely hope that someone will make this a legal issue. After all, does Microsoft offer a laissez-faire response if the other party is the one breaking the terms of a contract?
paid incident support ends on July 11, 2006. only a month away. mainstream support ended in 2002. this isn't a big deal.
Marge, get me your address book, 4 beers, and my conversation hat.
Support lifecycle ends on July 11, 2006, so it hardly seems worth the effort to patch for Microsoft. Besides, a pc still running Win98 on the internet without a firewall is probably already compromised, so this patch won't help anything.
but this basically is the first time Microsoft has admitted that Windows 98 is so broken that it's crazy to be running it on today's Internet.
I am not so sure they actually said that, did they? Or did you put words in their mouth?
Slashdot - Where the slash is most definitely to the left.
You can pick up a nice cheap perfectly sufficient router with NAT for around $30. I wouldn't trust any computer directly on the wire without a router. I don't care what OS it's running.
I'd like to be able to run internal services on my systems without having to mess around with restricting IPs at the app level. It's a lot easier to just open ports at the router level if I want outside people to connect to my service.
Work Safe Porn
In other words it costs too much manpower (money) to close the hole in Win98, so they are saying we will not do it. This is a poor design decision coming back to bite them.
looks like they already did.
You can still register and operate a Ford model T on public roads.
However, 'round here in Dallas I would strongly recommend to keep it off I-635
(ya' might get shot!)
Since Windows 95, their whole design was based on extending their products (including Internet Explorer) with insecure features. MS-Word viruses, ActiveX viruses, javascript viruses, and now we even have DRM viruses.
It's not that Windows 9x was old, but that it was awfully designed. Linux is older than Windows 9x, and they got the privileges and file permissions right since the beginning.
Most security updates in Open Source software like Firefox or Linux are due to implementation flaws (i.e. buffer overflows), but the problem we're dealing with here, is a DESIGN FLAW.
Very different, indeed.
At least Win95 is safe!
I'll miss you, I'll especially miss the times a full-blown OS was in the range of 50MB.
Vista is gonna be around 8GB (11GB with debug files in the Beta2).
Of course, I'm left with managing over 14 machines here (and it's pro bono) for a few kids centers here, and Win98 is about the only thing that runs decently on these machines.
They have a firewall and Firefox instead of IE. Firefox also drops Win98 support in the next release.
In our eternal quest for cooler and newer and neater, we're burning dollars like crazy throwing our perfectly working machines and software. When will we learn...
I've had a single Win'98 installation since about 1999. Never needed to reinstall or anything. I still use it for my gaming - it has DirectX 9, so it runs World of Warcraft, Galciv2, GTA:SA, and so on. I have no need to upgrade to 2000 or XP. (For "real work" I use Linux).
One of the reasons why I have not upgraded is also that Win'98 is the last Windows that has full, native DOS easily accessible, so that older games work. In the recent years this argument has lost significance due to DosBox, though, but many DOS4GW games did not work properly only some time ago.
"You're crazy to run Win'98 in todays internet" is not exactly true. Win'98 has only one service that is being offered and that is the samba file/printer sharing. Turn that off and you have no open ports on a Win'98 machine - compared to Win2000 or XP where you have loads of ports active (think of all the RPC worms of the yesteryear). Yes, my Win'98 is behind a firewall, but even if it weren't I wouldn't be too concerned. I'm not using samba sharing (and yes, I've verified this with nmap).
The only attack that works would be against the TCP/IP stack itself (read: Winnuke), but that has been patched ages ago.
I'm going to keep running my Win'98 until games will require DirectX 10. Then I'll make a decision on whether I'll upgrade to Vista or check out how Cedega works at that point (Also, Dosbox probably runs everything by then). Why should I pay for intermediate versions (2k, XP, 2003 server) when Win'98 does everything that I want? Win'98 is light (compared to multimedia-laden XP) and secure enough for a single-user environment.
Without support for Windows 98, what will users with limited-capability computers (e.g., computers equipped with 300-MHz processors) do?
Release they got their money's worth out of an almost 10 year old computer, and plop down $300 for a newer one? Or they could install Linux, although they'd be able to do less than they do with their computers now.
Or, as the article points out, put the computer behind a firewall, which pretty much every home user should do regardless of OS.
well, Windows ME came out in Sept 2000, less than six years old right now. Security updates for five years for an OS that costs money is probably OK for home use, but I could see some small businesses wanted a somewhat longer cycle.
Win 98 and ME have better license agreements too.
Those license agreements don't have the weird clauses about M$ being able to remotely disable your access to internet services at any time for any reason, or about your consent to have third-party DRM pushed to you over the internet automatically without your consent or knowledge (both of which are in the XP license agreement).
VMWare.
Ditch the extra power-sucking hardware.
While MS may have stopped supporting win98 in terms of patches etc, the industry stopped supporting it a long time ago. MS also stopped supporting it for much of their office products quite a while back. Even hardware such as printers have been not supporting the old OS in the last few years.
Basically win98 was good if you still need to run some legacy 9x apps, maybe some DOS stuff, and get on the internet for email or browsing. It seems now that it's day has passed even for browsing, as the forthcoming versions of both IE and firefox have stopped support, and now patch support has stopped as well.
However, what to do with all those businesses (especially low-profit government entities such as schools) with older machines, win98 licenses, and not a lot of money to spend on either hardware or operating systems? To me, it looks this is just another push for those entities towards a linux desktop, not based on any technical details, but due to just plain ol' dollars and cents.
Part of the secret to your success that you use your machine wirelessly. Most wireless routers protect you from exploits like the one mentioned in the article.
Wasn't windows 98 the first edition bundled the browser with the OS - for the benefit of the consumer of course? Bit ironic that it's now cited at the reason to drop support.
Microsoft announces it will still continue to patch and support Microsoft BOB due to its overwhelming popularity and stability among home users.
Yeah, my karma sucks....but so do the mods.
...Does that mean I can install this illegal copy now?
You do realize that you need to patch client application security vulnerabilities too? Sure, there may be no "invisible" wormable exploit such as that used by Blaster (since Win98 is running no services). But all of the holes in IE, AIM, MS Office, Quicken, Firefox, and whatever else you use are still there. A large amount of malware relies on client-application vulnerabilites (straight buffer overflows, file parsing errors, etc.) to spread.
Now, you can say, "I never use applications except games from Win98". And if that's true, good for you. But those games could have holes, or they could rely on DLLs that have holes (IE libraries in particular).
Even worse, a whole lot of other folks are browsing the web, answering email, and using IM from Win98. A firewall does not provide client-app security, and these folks will be quickly owned when patches stop coming. Nor does AV software protect you from a lot of attacks at the network protocol layer, as most AV software does not scan network connections in real time or only handles HTTP and POP3 scanning. Until we can formally prove the correctness of all software running on the device, patching will always be necessary for Internet-connected machines (no matter what the operating system).
Every one of my Windows machines has a one gig FAT 32 boot partition on which I first install a patched version of DOS from bootdisk.com with USB drive support.
I then install Win2K/XP so that I always have the option of booting straight into DOS.
This not only allows me to play old games, it also allows me to run PartitionMagic for DOS (a real lifesaver) w/o having to dig out boot disks.
I dub thee... Sir Phobos, Knight of Mars, Beater of Ass.
Except I've seen a recent push in the media to ditch Win98. They're even pushing the, "You're Not Cool" buttons, which makes me think somebody is getting desperate. . . Now why on earth would the Big World Out There care which version of Windows the public is using? Here are a list of possible answers and general points which strike me off the top of my head. . .
1. Money. If you can convince a few million people that they need to spend a few hundred bucks on a new operating system, (Like, ooooh, say, Vista which is being released so very soon), what better way to increase initial sales on a new product? Mod me down, and I know some of you will want to, (hello MS astroturfers), but this seems like a fairly obvious marketing ploy to jeer and scare people into buying a new product. In other words, FUCK Microsoft; I'm not about to be manipulated by highschool popular kid tactics.
2. DRM. Later releases of Windows are linked to Microsoft and secret services in ways which allow the Powers That Be to keep tabs on you at all times. You want to control media? What better way than to put an OS with built in spy abilities on every desktop and lap top in the world? Win98 isn't so useful to the Black Hats this way; it was written too early in Microsoft's evolution; somewhat before their dance with the devil took it down the domestic spying and social control road.
3. Fear. Anybody who tells me that Win98 is not a safe system is a fool. Win98 has a very short list of vulnerabilities. Nobody attacks it. I don't run a virus checker and my very basic firewall takes care of every other danger. Look at the last three years of viruses and bugs which have hit the world; how many of them have affected Win98? Like 1 percent? Or less? Exactly.
I'll stick with Win98 until they make it illegal not to have government eyes installed in our homes. The way this is going, I probably won't have to wait too long. . .
-FL
I've read some of your comments, and most of them are crap. I'm a net engineer/tech of 20 years. This is the same old BS that software companies pull all the time. "We need more money, your software is old, give us more money 'cause we aren't going to support your product anymore." It's a crappy business practice.
Many people don't need the latest IE, media player, shockwave, java, directx, animated ads, 3mbit broadband, 256mb ddr3 PCIe vidcards (with cooling fans *sigh*), processors that use a rediculous amount of power in both the processor itself and the means to keep it cool...just to check their e-mail, do some word processing, surf, download some media, listen to some music, burn some stuff, and balance a checkbook. There are plenty of Win3.1 programs that do most of this, and I'd only upgrade to Win98se for the internet stuff and the CD functionality. The usefullness, to the average users I see every day, needs only to be upped to XP or 2000server if "little Timmy" needs to play some action game online, teleconference or watch a vid stream smoothly, or use a wireless router with some security. The majority of users aren't even planning on using these in the future. Let's not even talk about how fast a P3 800mhz running 98se with 256mbpc100ram, and a 128mb agp vidcard ran the programs of its day vs. how slow an AMD64, with 1gbDDR2, and a 128pcie vidcard run the larger, clunkier programs of today. I see no improvement, it's even slower. There have been very few actual improvements. One exception would be LCD screens, best thing to happen since broadband, and before that, the cd burner.
What about the old PC's we gave away to charitable organizations? or those that will now end up in the landfill? The end of Wme or W98se will surely mean most computers owned before 2002 will be in landfills.
If companies are going to do this, they should list how long they intend to support the product before you buy it. If this is capitalism, let the markets sort out support time as a factor. I'm sure when I pay $495 for my 5 w98se licenses in 2003 from the computer shop (which I didn't), I was expecting a little more than this. If micros*it had listed "were pulling the plug in 3years" on the box, I'd have looked a little more closely at the Red Hat sitting next to it on the shelf. The one good idea I saw was a pay customer service model, though we shouldn't have to pay it.
In any case, doesn't microsh*t make billions with every release of windows? Why is it too expensive for them to provide support for something that works, they made their money. It isn't fair to compare operating system support to, say, support for Madden '03. It's an operating system. Why don't you end support for ms calculator or solitaire instead?
(rant over)
(maybe not)
I suspect, slightly, that this move comes from the fact that 98se and ME are both so easily copied and MS wants everyone to pay. If this is their logic, while fair in a business sense, it's unfair to their paying users and the environment.
(ok, now end rant)
The resposes to this article are more proof that a majority of people on SlashDot don't realize that Win9x and Win2k/XP are ENTIRELY different OSes. Different code bases, actually different code all around.
Windows 101 for Slashdot People
Win3.x was 16bit OS for the x86 only platform and was programmed primarily in C and Assembly
Win9x was a 32bit OS built on top of Win3.x technology and again was programmed using C and Assembly in a lot of areas.
WinNT was a New OS technology with a 'real' kernel and subsystem technology that was built entirely in portable C for Cross Platform Support
WinXP is the modern version of WindowsNT, still built completely in portable C and C++ with no assembly optimization allowed outside of the HAL.
The ONLY reason that Win9X and WinXP 'look' a bit alike is purely cosmetic for end user ease.
So people that are still running Win9x, they deserve the blue screens, you won't have them with XP unless you have hardware failure - you know, like a *nix...
Also as for Win98 being lighter for test environments, you are doing a disservice, especially if you are using it for development testing. Applications run differently on WinXP. Also as for Win9x being lighter, the only truth in this is that Win9x will run well on 32mb of RAM, where WindowsXP requires 64mb of RAM for the 'same level' of performance, and with 128MB of RAM WinXP will run 'faster' than Win98.
I run into people all the time that still associate Windows 'instablity' with Win9x and a 8 year old OS that was mothballed with WinXP was released.
I understand that a lot of peeps and friends in the *nix world run Dual boots or VM versions of Win98, but you need to really move on even if you have to run a hacked version of XP. There are things that will still make you mad at MS but your computer crashing under Windows won't be one of them.
- Install your aged CDs. (Potato? I forget.)
- dselect update
- dselect select
- dselect install
- Repeat previous step until there's nothing left to install.
I should try this sometime on a stable install. I updated a sarge install and a sid install recently that had both been disconnected from the 'net for a couple years (the sarge was originally a Testing machine; while I was DSL-less, sarge was released; meant I had to edit myYeah, you can use apt-get too, but I found that dselect was smarter about the package install order.
The key difference, at least between Debian and Windows, is open ports. You toss on a potato or woody install, and there are no open ports. You toss on an XP install, and the stupid thing leaves a bunch of ports open, including freaking NETBIOS.
Closed ports by default gives you a chance to install updates, and not get creamed. That's the difference.
my old sig used to be funny, but then slashcode ate it and now it's not funny anymore
Considering that Windows 2000 was released before Windows ME, isn't this tantamount to Microsoft admitting what we all already knew: that releasing WinME at all was a mistake?
Web 2.0 == Giant Blogspam Circle Jerk