Slashdot Mirror
Microsoft Stops Supporting Win98 Early
Christopher_G_Lewis writes "Today Microsoft announced that it is 'not feasible to make the extensive changes necessary to Windows Explorer on Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME) to eliminate the vulnerability' to fix Security Bulletin MS06-15. Granted, the vulnerability is easily prevented by basic firewalling, but this basically is the first time Microsoft has admitted that Windows 98 is so broken that it's crazy to be running it on today's Internet."
Maybe I'm crazy, but that OS is, what, 8 years old? How many OSes from that time would be safe to run on today's 'net? Mac OS... what? 8, maybe 9? Solaris 7/8? HP-UX 10?
Ok, Sol8 I could see I guess, but for all that I'm a Mac bigot these days, I can't really blame MS for being unable to support software that old. Sure, it was broken as hell when it came out, but at this point, I'd really rather they try to keep XP or (/sigh) maybe Vista reasonably up-to-date.
I think Microsoft is missing a serious opportunity here. It's called branching.
If they are forced to fix vulnerabilities for an old piece of software without getting paid I can see how that doesn't make sense. But I cannot imagine that there is NOBODY who will pay for vulnerability fixes to their old line instead of upgrading.
Why? Because some software runs on 98 and not on 2000 or XP. Some software will probably run on XP and not Vista in the future. If they dealt with the branch constructively, this could represent another revenue stream for them.
I don't believe it's cannabilistic because the people who would stay on a branch have to because of other software, not because they are cheap. Eventually, they will spend the same amount of money on security updates that it takes to purchase XP but won't have to upgrade their custom software for the new environment.
Is there some reason this wouldn't work?
You are checking your backups, aren't you?
Where did the words "on today's Internet" come from?
If this signature is witty enough, maybe somebody will like me.
How are Microsoft's commitments to its operating systems structured? Are they a vague "promise" or contractual? If they are the latter, then I sincerely hope that someone will make this a legal issue. After all, does Microsoft offer a laissez-faire response if the other party is the one breaking the terms of a contract?
No, I'll get modded down, but... ;)
Look, the truth is that Win XP and to a lesser but still significant extent Win 2k are real, solid OSs. They're targets because of their omnipresence, and moreso because they're 'competitors' to Linux, which is so endeared unto a community like this one.
So we hear the most about the Windows vulnerabilities, yet I just updated some of the software on my Linux box to fix a few security holes, too. And in all honesty...like any other piece of software, if you keep up with the updates and are conscious of the risks and pitfalls of everyday use, it's a safe, fast, and secure OS. If you tossed a version of your favorite Linux distro released circa 1998 onto a computer you would have some VERY serious problems running it smoothly and/or securely.
ACs are modded -6. I don't read you, I don't mod you, I don't see you. Don't like it? Don't be a coward.
Support lifecycle ends on July 11, 2006, so it hardly seems worth the effort to patch for Microsoft. Besides, a pc still running Win98 on the internet without a firewall is probably already compromised, so this patch won't help anything.
but this basically is the first time Microsoft has admitted that Windows 98 is so broken that it's crazy to be running it on today's Internet.
I am not so sure they actually said that, did they? Or did you put words in their mouth?
Slashdot - Where the slash is most definitely to the left.
If you need the "Windows" environment (for legacy apps?), then 98SE is a perfectly good operating system for computers over 5 years old. It runs almost everything (that the hardware could handle, at least), and is a whole lot lighter than XP.
:|
I mean, if you're not wedded to applications, you can get almost any Linux install to run, better, on a machine that can handle 98SE, but some people aren't down for that
Returned Peace Corps IT Volunteer
You can still register and operate a Ford model T on public roads.
However, 'round here in Dallas I would strongly recommend to keep it off I-635
(ya' might get shot!)
Since Windows 95, their whole design was based on extending their products (including Internet Explorer) with insecure features. MS-Word viruses, ActiveX viruses, javascript viruses, and now we even have DRM viruses.
It's not that Windows 9x was old, but that it was awfully designed. Linux is older than Windows 9x, and they got the privileges and file permissions right since the beginning.
Most security updates in Open Source software like Firefox or Linux are due to implementation flaws (i.e. buffer overflows), but the problem we're dealing with here, is a DESIGN FLAW.
Very different, indeed.
At least Win95 is safe!
I've had a single Win'98 installation since about 1999. Never needed to reinstall or anything. I still use it for my gaming - it has DirectX 9, so it runs World of Warcraft, Galciv2, GTA:SA, and so on. I have no need to upgrade to 2000 or XP. (For "real work" I use Linux).
One of the reasons why I have not upgraded is also that Win'98 is the last Windows that has full, native DOS easily accessible, so that older games work. In the recent years this argument has lost significance due to DosBox, though, but many DOS4GW games did not work properly only some time ago.
"You're crazy to run Win'98 in todays internet" is not exactly true. Win'98 has only one service that is being offered and that is the samba file/printer sharing. Turn that off and you have no open ports on a Win'98 machine - compared to Win2000 or XP where you have loads of ports active (think of all the RPC worms of the yesteryear). Yes, my Win'98 is behind a firewall, but even if it weren't I wouldn't be too concerned. I'm not using samba sharing (and yes, I've verified this with nmap).
The only attack that works would be against the TCP/IP stack itself (read: Winnuke), but that has been patched ages ago.
I'm going to keep running my Win'98 until games will require DirectX 10. Then I'll make a decision on whether I'll upgrade to Vista or check out how Cedega works at that point (Also, Dosbox probably runs everything by then). Why should I pay for intermediate versions (2k, XP, 2003 server) when Win'98 does everything that I want? Win'98 is light (compared to multimedia-laden XP) and secure enough for a single-user environment.
You might try Edubuntu. The default installation includes LTSP and is designed for small computer labs. You only have to admin one machine and the clients will run on old boxes. You can also reduce noise/power consumption removing the drives from the clients.
Bigtime Consulting - "We're the best because we cost the most"
Win 98 and ME have better license agreements too.
Those license agreements don't have the weird clauses about M$ being able to remotely disable your access to internet services at any time for any reason, or about your consent to have third-party DRM pushed to you over the internet automatically without your consent or knowledge (both of which are in the XP license agreement).
Wasn't windows 98 the first edition bundled the browser with the OS - for the benefit of the consumer of course? Bit ironic that it's now cited at the reason to drop support.
You do realize that you need to patch client application security vulnerabilities too? Sure, there may be no "invisible" wormable exploit such as that used by Blaster (since Win98 is running no services). But all of the holes in IE, AIM, MS Office, Quicken, Firefox, and whatever else you use are still there. A large amount of malware relies on client-application vulnerabilites (straight buffer overflows, file parsing errors, etc.) to spread.
Now, you can say, "I never use applications except games from Win98". And if that's true, good for you. But those games could have holes, or they could rely on DLLs that have holes (IE libraries in particular).
Even worse, a whole lot of other folks are browsing the web, answering email, and using IM from Win98. A firewall does not provide client-app security, and these folks will be quickly owned when patches stop coming. Nor does AV software protect you from a lot of attacks at the network protocol layer, as most AV software does not scan network connections in real time or only handles HTTP and POP3 scanning. Until we can formally prove the correctness of all software running on the device, patching will always be necessary for Internet-connected machines (no matter what the operating system).