I wonder how closely related it is to the statistic that 29% [w3schools.com] of people surfing the web have the screen res at 800x600. If the computer isn't broken (all jokes aside) and the user doesn't mind scrolling sideways a lot, a non-techy will probably keep that machine until dies.
There have been many innovations, features, and improvments between windows 95 and today. even the iconic grandma only who uses her 2nd hand win98 machine for email and photos of her grandchildren would benifit from some of those innovations.
Most of those innovations made it into Win98 SE. The rest are Borg technology I want nothing to do with.
If an old system still works, then, by all means, keep using it, but personally, I'm glad I don't have to reboot my computer every day anymore.
which is also a traditional karma-grab.:) I rarely reboot my Win98 SE desktop and Win Me laptop. They power down when unused and come back up when I move the mouse.
and you have hopes for Longhorn? Holy cow. Which vaporware version?
Although using an old operating system is fine for just some box sitting there not connected to any sort of network, once you plug it into a network you have a disaster waiting to happen. Many of these old operating systems are sitting there unpatched just waiting to become a sysadmin's worst nightmare. Although, if it was possible to keep these old OS'es patched, I don't see anything wrong with using them.
The old operating systems don't need patched. Security breaches exploit Borg technology forced on users from Windows 2000 and later in the OS, IE, and Outlook as Microsoft attempts to assimilate us.
But you can patch them and do workarounds for their security problems that keep them every bit as secure as anything else new out there (maybe even more so!!!) and if you don't need newer functionality but just to keep doing a job then why spend money needlessly on something that doesnt need to upgrade and still works?
Actually, almost all of the security problems have been with IE, Outlook, and Windows 2000 and later Microsoft Borg technology. I have stayed at Win98 SE and Netscape/Mozilla browsers and email (currently 7.02/5.0) with a BlackIce firewall and I simply don't have malware problems.
Without that I read in the/. million bots writeup the other day from German researchers that a current Windows PC is usually infected within a couple of minutes, sometimes seconds, after logging on to the internet, average being ten minutes. Prior to that I had read the average is twenty minutes.
Of course I don't click on email attachments or click on any button in a popup, either.:) I also usually just keep Javascript turned off as well to get rid of ads and popups, turning it on only when needed.
Does Win95 still access the internet? Play Solitaire? MineSweeper? MP3's (even on old, creaky Pentium I systems)?
Then, quite simply, for most people who just want email and browsing it's more than sufficient for them. Same goes for a lot of small businesses. They don't need multi-Gigahertz machines or recent OS licenses. They just need something that will run their word processors, spreadsheets, and print docs.
And that something would continue to work just fine but hardware breaks or gets too relatively slow to current capability. When that happens their new PC has some other Microsoft something on it, which is the only way that Microsoft has ben able to force upgrades and new purchases of its OS.
When my Win98 SE desktop (dual boot with Mandrake) and WinMe laptop can no longer be kept running, it will be Linux only from now on, though I will be running my Win98 SE installed in VMWare (which I already have).
But not until I have to. Everything works just fine for now (through broadband, dialup, and wireless ISP's for example). I am not into multimedia however.
But, at least the suite formerly known as Moz is now open source, and I'm not shy in donating to projects that I like. Sure hope they come up with a better name than "Sea Monkey" though. No car or "from the ashes" names though, something dignified that reminds one of its rich history yet still relevant in a modern world...Lazarus perhaps?
.. the story title totally misleads people into thinking that Thunderbird itself has been dropped. Perhaps a better title would be: "Thunderbird 1.0.1 dropped, 1.0.2 on the way" or "Thunderbird postponed to version 1.0.2"
Not sure if this was what the parent was talking about, but I browse only with Firefox and AVG has detected Java worms. This is using the latest java from sun, latest firefox.
Not sure which site it was, but it wasn't a porn or warez site or anything like that.
First time I heard of a Java worm is in this/. thread. WTF. I googled it and got all kinds of hits on something about a Java Worm game or something, so skipping past that there's this from sun java forum:
Re: is it true that applet can spread worms? Author: al3-ph Mar 15, 2005 8:18 AM (reply 3 of 3)
There is at least one piece of known adware that is spread via Firefox. It requires a click by the user to accept an expired security certificate. Here is some commentary:
If accepted, the Java applet then downloads a separate Windows executable into the temporary folder and then executes it.
Looks like the same Neil Diamond lyric site thing/. ran a thread on where one is presented a Java dialogue and asked to ok an untrusted company, which I commented on yesterday.
But even with all that Firefox, IE, Java incorrectly labeled exploit stuff it wasn't called a Java worm. What is a Java worm, and how would AV software identify one?
Of cource FireFox and other browsers could just put a SecurityManager in place, that is called when the java code calls Runtime.exec("evil.exe") and deny it (or present the user with a choice... again). This is already possible and _very_ easy.
I don't see a problem with that, maybe I'm missing something. "evil.exe" is already on the system, passed AV, was already requested to be installed, etc., so is inherently trusted. It's the creation of "evil.exe" from a.jar that I'm addressing.:)
The browser option needs to default to off. I don't see any need for a browser applet to write to my disk. I don't think the people who get hit by this exploit would know to turn the option off.
I agree. The user was looking for Neil Diamond lyrics, not even installing anything. The default should be off. Those few who know they are using something in Java that will use their disk can check it on.
Java apps, that is native apps on the system, should not be so easily confused with the trusted Java sandbox applets with only a "do you trust this" prompt standing between the sandbox and anarchy.
The Java apps can be downloaded and installed more explicitly with the users prior knowledge and consent.
I'm not overly familiar with the "exploit" you're talking about, but I can think of several ways around this suggested fix.
Probably the simplest problem is how does the JVM know if there are exe's embedded in the jar file? Now, if there were some standard "exe in jar" packaging scheme then yes, the JVM could look at the.jar file and warn the user about the contents. However (even in this case), what stops someone simply cutting-and-pasting the entire compiled code for the.exe into a string, then having their java code write this string to a file on disk? Bingo, instant executable file.
The so called exploit was covered a couple of days ago in a/. thread, something like "Firefox used to exploit IE".
Turns out it wasn't a Firefox exploit, or an IE exploit, or even a Java exploit. It was a site that downloaded a Java.jar which prompted Java to ask if the user wanted to trust this untrusted company, with a lot of yellow exclamation marks, at which point most people click ok and the.jar installed a boatload of adware/spyware/malware.
After what you quoted, I described a scenario for checking for.exe's in the.jar. I suggested three things:
1) The Java Community provide an OS dependent security call for the JVM to make that would make contents available to any available AV software for inspection.
2) Monitor calls that create or rename system files. This would be monitoring data flowing through JNI, and would be monitoring for and either disallow or request permission with specific file names OS dependent commands to create or rename files to executable extensions. This is native direct OS API stuff, not trying to determine what any program called might do.
3) Monitor in a similar way downloads that the.jar software may perform.
This is not guaranteed to be bulletproof, but it catches straightforward ways to transfer native executables out of a.jar or downloaded to the system, so that a user is asked to trust each executable, not a carte blanche for some obscure and deliberately misleading malware company name to run amuck with an obscure OK.
Acknowledged, Java has some downfalls (slow, etc) and it is not a native programming language...
I just completed my first project in Java, rewriting my Double Deck Pinochle DOS 8086 game in Java, and I was pleasantly surprised. On my first go round on playing cards, I accidentally didn't have a stop between players and I had a clear screen call (blank the text area) in there instead.
It went through the logic of playing all four cards of a trick and displaying to screen with a clear and I didn't even see the screen flicker.
It was only a text area, and I'm now replacing with a panel and then further GUI enhancements, but Java was instantaneous going through complex logic. (Java 1.3 on 1.2 Ghz Win98)
Slightly off-topic, but what impact will Sun's open-sourcing of the JVM have?
Allow Sun to show that they are receptive to the community clamoring for Java to be open sourced while still having a shot at maintaining a standard non forked Java.
I'd like to see an open source, "simpler" version of java as an option in FireFox. Currently, I don't have java installed because there are exploits for it (for example, java allows websites to exploit IE even if the user is using another browser, such as FireFox or opera). I don't really need it for anything, either, but I'd use a stripped down version. It just seems too bloated now, for the uses.
If that simpler Java implementation allowed the user to say yes when asked if they trust a company to install software, then that "exploit" would still exist.
You may envision something simpler that can only run in the Java sandbox, but probably a browser option limiting users from permitting the install makes more sense, and let the user decide.
This is a suggestion on that I posted to Sun's home page comments box yesterday. Whether the new JUIL licensing makes this easier to consider I don't know, but these kind of things need to be agreed upon by the community and stay standard.
rd
Beyond rewording the Java install security warning into potential consequences, which is much needed as pointed out, is the problem that the.jar after installed also then installed several Windows malware programs.
If they were.exe's in the.jar file then the JVM should make the data available to OS security inspection with an OS specific security call, even if the API to call has to be provided by the Java Community to, for example, provide a program to invoke identified default AV, etc.
Also, for many of us it is assumed that what is in a.jar is Java, and although may have been given permission to write files, not assumed that those files are Windows.exe's.
Whether explicitly named as an executable file or renamed with an OS API call, in addition to the above trusted stuff Java should ask for permission to create an OS native executable which is way beyond the permission we intended to give to access files on the OS disk!
It is just a one time deal on an install, or in this worst case, several from the.jar, so is not onerous to a user. It also should not involve a lot of overhead as its only the OS API commands to create or rename files to or with an executable extension.
If any malware was subsequently downloaded and installed by the just installed Java program then another layer of permissions need to be asked for each additional install.
In other words, it is insufficient to ask if Java can be trusted, then let it install native OS programs unsupervised.
I am a Java programmer for the past year (writing my own stuff, unemployed) and have a program I plan to deploy, so this is very important to me that users can trust that Java will monitor what they have authorized to get out of the sandbox.
May not be fair, but Java will earn even more trust from users doing this. Let's make lemonade out of this lemon.
Sun has a lot of tight control of java. But I believe IBM also has their own java implementation, and I think that version has alot of proprietary and licensed code.
Why do you think that? IBM created a superior background garbage collection for example and gave it back to the community. IBM of course write JVM's for their own OS's, and those JVM's meet Java Community specs.
It would do IBM no good to have a proprietary JVM. I haven't even heard of proprietary Java extensions from anyone but Microsoft. Would you know anything about that?
Unfortunately Borland isn't the way forward either. Delphi 8 shipped as a.NET-only product, and while Delphi 2005 finally shipped with a new Win32 version, many at Borland have said that a move to Win64 isn't in the cards.
Delphi/Kylix cross-platform was something that sounded like a good alternative and I saw thay still have it up on their site. I have older versions of both, not the cross-platform versions (Delphi 5/Kylix 1).
I think it's something VB6 people could consider for a future cross-platform alternative unless the plug is being pulled.
Slashdot Mirror
$15 hardware modem?? Links plz!!
:)
You apparently haven't got to the $3.85 modem post yet.
rd
I wonder how closely related it is to the statistic that 29% [w3schools.com] of people surfing the web have the screen res at 800x600. If the computer isn't broken (all jokes aside) and the user doesn't mind scrolling sideways a lot, a non-techy will probably keep that machine until dies.
Why would I need to scroll sideways?
rd
There have been many innovations, features, and improvments between windows 95 and today. even the iconic grandma only who uses her 2nd hand win98 machine for email and photos of her grandchildren would benifit from some of those innovations.
Most of those innovations made it into Win98 SE. The rest are Borg technology I want nothing to do with.
rd
Yes, and lots of older worms won't work on WinXP or 2k. To think you are safer on something 10 years old with no updating is crazy.
It may be crazy, but it's my experience. Wouldn't be the first time someone told me I was crazy.
rd
Funny thing is I'd wager none of those mods have any experience tweaking 98se/lite and have no idea how stable it can be.
/lite in Win98 SE/lite that has been referred to?
Certainly not anyone who rated your comment overrated. My main dsktop is Win98 SE.
Btw, what is the
rd
They're talking about Windows 95... (Score:5, Insightful)
:)
by jnetsurfer (637137)
They're talking about Windows 95... doesn't that mean broken?
Actually it was humorous insight.
rd
If an old system still works, then, by all means, keep using it, but personally, I'm glad I don't have to reboot my computer every day anymore.
:) I rarely reboot my Win98 SE desktop and Win Me laptop. They power down when unused and come back up when I move the mouse.
which is also a traditional karma-grab.
and you have hopes for Longhorn? Holy cow. Which vaporware version?
rd
Working in a call centre currently. No-name, don't want to risk getting fired ;-)
If they read this, they shouldn't fire you, they should promote you.
rd
Although using an old operating system is fine for just some box sitting there not connected to any sort of network, once you plug it into a network you have a disaster waiting to happen. Many of these old operating systems are sitting there unpatched just waiting to become a sysadmin's worst nightmare. Although, if it was possible to keep these old OS'es patched, I don't see anything wrong with using them.
The old operating systems don't need patched. Security breaches exploit Borg technology forced on users from Windows 2000 and later in the OS, IE, and Outlook as Microsoft attempts to assimilate us.
rd
But you can patch them and do workarounds for their security problems that keep them every bit as secure as anything else new out there (maybe even more so!!!) and if you don't need newer functionality but just to keep doing a job then why spend money needlessly on something that doesnt need to upgrade and still works?
/. million bots writeup the other day from German researchers that a current Windows PC is usually infected within a couple of minutes, sometimes seconds, after logging on to the internet, average being ten minutes. Prior to that I had read the average is twenty minutes.
:) I also usually just keep Javascript turned off as well to get rid of ads and popups, turning it on only when needed.
Actually, almost all of the security problems have been with IE, Outlook, and Windows 2000 and later Microsoft Borg technology. I have stayed at Win98 SE and Netscape/Mozilla browsers and email (currently 7.02/5.0) with a BlackIce firewall and I simply don't have malware problems.
Without that I read in the
Of course I don't click on email attachments or click on any button in a popup, either.
rd
Does Win95 still access the internet? Play Solitaire? MineSweeper? MP3's (even on old, creaky Pentium I systems)?
Then, quite simply, for most people who just want email and browsing it's more than sufficient for them. Same goes for a lot of small businesses. They don't need multi-Gigahertz machines or recent OS licenses. They just need something that will run their word processors, spreadsheets, and print docs.
And that something would continue to work just fine but hardware breaks or gets too relatively slow to current capability. When that happens their new PC has some other Microsoft something on it, which is the only way that Microsoft has ben able to force upgrades and new purchases of its OS.
When my Win98 SE desktop (dual boot with Mandrake) and WinMe laptop can no longer be kept running, it will be Linux only from now on, though I will be running my Win98 SE installed in VMWare (which I already have).
But not until I have to. Everything works just fine for now (through broadband, dialup, and wireless ISP's for example). I am not into multimedia however.
rd
I thought it was the biblical Lazarus, rising from the dead (if I recall Sunday school correctly). Apropos either way.
Even if there is a good solid business acceptable name given, internal release project names should be symbolic, such as Lazarus.
rd
But, at least the suite formerly known as Moz is now open source, and I'm not shy in donating to projects that I like. Sure hope they come up with a better name than "Sea Monkey" though. No car or "from the ashes" names though, something dignified that reminds one of its rich history yet still relevant in a modern world...Lazarus perhaps?
the company's preferred browser
or for short, Preferred
rd
.. the story title totally misleads people into thinking that Thunderbird itself has been dropped.
Perhaps a better title would be:
"Thunderbird 1.0.1 dropped, 1.0.2 on the way"
or
"Thunderbird postponed to version 1.0.2"
Just a thought...
Or we could try some geek marketing, as in...
Mozilla Thunderbird 1.0.2 accelerated
or in true marketing vaporware speak...
Thunderbird 1.0.2 is here already!
rd
Not sure if this was what the parent was talking about, but I browse only with Firefox and AVG has detected Java worms. This is using the latest java from sun, latest firefox.
/. thread. WTF. I googled it and got all kinds of hits on something about a Java Worm game or something, so skipping past that there's this from sun java forum:
= 31 385&st=30#
/. ran a thread on where one is presented a Java dialogue and asked to ok an untrusted company, which I commented on yesterday.
Not sure which site it was, but it wasn't a porn or warez site or anything like that.
First time I heard of a Java worm is in this
Re: is it true that applet can spread worms?
Author: al3-ph Mar 15, 2005 8:18 AM (reply 3 of 3)
There is at least one piece of known adware that is spread via Firefox. It requires a click by the user to accept an expired security certificate. Here is some commentary:
http://forums.tomcoyote.org/index.php?showtopic
If accepted, the Java applet then downloads a separate Windows executable into the temporary folder and then executes it.
Looks like the same Neil Diamond lyric site thing
But even with all that Firefox, IE, Java incorrectly labeled exploit stuff it wasn't called a Java worm. What is a Java worm, and how would AV software identify one?
rd
Of cource FireFox and other browsers could just put a SecurityManager in place, that is called when the java code calls Runtime.exec("evil.exe") and deny it (or present the user with a choice... again).
.jar that I'm addressing. :)
This is already possible and _very_ easy.
I don't see a problem with that, maybe I'm missing something. "evil.exe" is already on the system, passed AV, was already requested to be installed, etc., so is inherently trusted. It's the creation of "evil.exe" from a
rd
The browser option needs to default to off. I don't see any need for a browser applet to write to my disk. I don't think the people who get hit by this exploit would know to turn the option off.
I agree. The user was looking for Neil Diamond lyrics, not even installing anything. The default should be off. Those few who know they are using something in Java that will use their disk can check it on.
Java apps, that is native apps on the system, should not be so easily confused with the trusted Java sandbox applets with only a "do you trust this" prompt standing between the sandbox and anarchy.
The Java apps can be downloaded and installed more explicitly with the users prior knowledge and consent.
rd
I'm not overly familiar with the "exploit" you're talking about, but I can think of several ways around this suggested fix.
.jar file and warn the user about the contents. However (even in this case), what stops someone simply cutting-and-pasting the entire compiled code for the .exe into a string, then having their java code write this string to a file on disk? Bingo, instant executable file.
/. thread, something like "Firefox used to exploit IE".
.jar which prompted Java to ask if the user wanted to trust this untrusted company, with a lot of yellow exclamation marks, at which point most people click ok and the .jar installed a boatload of adware/spyware/malware.
.exe's in the .jar. I suggested three things:
.jar software may perform.
.jar or downloaded to the system, so that a user is asked to trust each executable, not a carte blanche for some obscure and deliberately misleading malware company name to run amuck with an obscure OK.
Probably the simplest problem is how does the JVM know if there are exe's embedded in the jar file? Now, if there were some standard "exe in jar" packaging scheme then yes, the JVM could look at the
The so called exploit was covered a couple of days ago in a
Turns out it wasn't a Firefox exploit, or an IE exploit, or even a Java exploit. It was a site that downloaded a Java
After what you quoted, I described a scenario for checking for
1) The Java Community provide an OS dependent security call for the JVM to make that would make contents available to any available AV software for inspection.
2) Monitor calls that create or rename system files. This would be monitoring data flowing through JNI, and would be monitoring for and either disallow or request permission with specific file names OS dependent commands to create or rename files to executable extensions. This is native direct OS API stuff, not trying to determine what any program called might do.
3) Monitor in a similar way downloads that the
This is not guaranteed to be bulletproof, but it catches straightforward ways to transfer native executables out of a
I hope that clarifies. Thanks for the feedback.
rd
Acknowledged, Java has some downfalls (slow, etc) and it is not a native programming language...
I just completed my first project in Java, rewriting my Double Deck Pinochle DOS 8086 game in Java, and I was pleasantly surprised. On my first go round on playing cards, I accidentally didn't have a stop between players and I had a clear screen call (blank the text area) in there instead.
It went through the logic of playing all four cards of a trick and displaying to screen with a clear and I didn't even see the screen flicker.
It was only a text area, and I'm now replacing with a panel and then further GUI enhancements, but Java was instantaneous going through complex logic. (Java 1.3 on 1.2 Ghz Win98)
rd
IBM has 64-bit VMs for PowerPC/AIX, PowerPC/Linux, and z/Linux IIRC
And IBM's AS/400/iSeries/i5 is 64 bit PowerPC, so the Java JVM on the AS/400 would be 64 bit.
rd
Slightly off-topic, but what impact will Sun's open-sourcing of the JVM have?
Allow Sun to show that they are receptive to the community clamoring for Java to be open sourced while still having a shot at maintaining a standard non forked Java.
rd
I'd like to see an open source, "simpler" version of java as an option in FireFox. Currently, I don't have java installed because there are exploits for it (for example, java allows websites to exploit IE even if the user is using another browser, such as FireFox or opera). I don't really need it for anything, either, but I'd use a stripped down version. It just seems too bloated now, for the uses.
.jar after installed also then installed several Windows malware programs.
.exe's in the .jar file then the JVM should make the data available to OS security inspection with an OS specific security call, even if the API to call has to be provided by the Java Community to, for example, provide a program to invoke identified default AV, etc.
.jar is Java, and although may have been given permission to write files, not assumed that those files are Windows .exe's.
.jar, so is not onerous to a user. It also should not involve a lot of overhead as its only the OS API commands to create or rename files to or with an executable extension.
If that simpler Java implementation allowed the user to say yes when asked if they trust a company to install software, then that "exploit" would still exist.
You may envision something simpler that can only run in the Java sandbox, but probably a browser option limiting users from permitting the install makes more sense, and let the user decide.
This is a suggestion on that I posted to Sun's home page comments box yesterday. Whether the new JUIL licensing makes this easier to consider I don't know, but these kind of things need to be agreed upon by the community and stay standard.
rd
Beyond rewording the Java install security warning into potential consequences, which is much needed as pointed out, is the problem that the
If they were
Also, for many of us it is assumed that what is in a
Whether explicitly named as an executable file or renamed with an OS API call, in addition to the above trusted stuff Java should ask for permission to create an OS native executable which is way beyond the permission we intended to give to access files on the OS disk!
It is just a one time deal on an install, or in this worst case, several from the
If any malware was subsequently downloaded and installed by the just installed Java program then another layer of permissions need to be asked for each additional install.
In other words, it is insufficient to ask if Java can be trusted, then let it install native OS programs unsupervised.
I am a Java programmer for the past year (writing my own stuff, unemployed) and have a program I plan to deploy, so this is very important to me that users can trust that Java will monitor what they have authorized to get out of the sandbox.
May not be fair, but Java will earn even more trust from users doing this. Let's make lemonade out of this lemon.
rd
Sun has a lot of tight control of java. But I believe IBM also has their own java implementation, and I think that version has alot of proprietary and licensed code.
Why do you think that? IBM created a superior background garbage collection for example and gave it back to the community. IBM of course write JVM's for their own OS's, and those JVM's meet Java Community specs.
It would do IBM no good to have a proprietary JVM. I haven't even heard of proprietary Java extensions from anyone but Microsoft. Would you know anything about that?
rd
Unfortunately Borland isn't the way forward either. Delphi 8 shipped as a .NET-only product, and while Delphi 2005 finally shipped with a new Win32 version, many at Borland have said that a move to Win64 isn't in the cards.
Delphi/Kylix cross-platform was something that sounded like a good alternative and I saw thay still have it up on their site. I have older versions of both, not the cross-platform versions (Delphi 5/Kylix 1).
I think it's something VB6 people could consider for a future cross-platform alternative unless the plug is being pulled.
rd
The VB guys are screwed if MS decided to dump VB6.
Yeah, you're right, that's the deal they made with the devil. Maybe some companies will think twice about staying locked into that.
rd