lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Thu, 04 Sep 2003 21:59:17 -0700
From: Andreas Marx <amarx@...a-it.de>
To: BugTraq <BUGTRAQ@...URITYFOCUS.COM>
Subject: Why is Win98 not listed in MS03-034?


Hi!

I was just wondering what has happened with MS03-034, because Windows 98 
was not listed as platform anymore (in the section "Platforms not 
affected"), only Windows Me. This usually means, that this platform is not 
supported any longer and no further patches will be provided anymore. I 
contacted Microsoft and they told me, that this is the case with Windows 
98/98 SE:

THERE WILL BE NO MORE (FREE) SECURITY UPDATES FOR THIS PLATFORM (WIN 98). 
PERIOD.

According to their lifecycle policy 
(http://support.microsoft.com/default.aspx?id=fh;[ln];lifeprodw) the 
free-of-charge support period has ended 30-Jun-2003. But I always thought 
that they will still be releasing security updates until the 
end-of-life-period, which is, according to the above website, 16-Jan-2004.

However, I was wrong. So, if you're still using Windows 98/98 SE you should 
switch to an other OS very soon. I'm sure that new security vulnerabilities 
will be discovered on this platform and due to the fact, that there will be 
no more security updates, the use of Windows 98 will get more and more 
risky every day. Virus authors will adopt these security vulnerabilities 
soon to get their nasty malwares spreading faster than ever. And without a 
proper fix from MS, you will run into big trouble.

If a Blaster-like worm will be released that affected Win 9x platforms, you 
won't be able to use your computer anymore, because there will be no fix 
for it. No av program would help you much, because they can only stop 
dropped files, but not the exploit itself. You have lost. You will need to 
switch to a more recent OS. And you have to pay for it...

cheers,
Andreas Marx
Head of the Anti-Virus Test Center at the University of Magdeburg, Germany
-- 
Andreas Marx <amarx@...a-it.de>, http://www.av-test.org
GEGA IT-Solutions GbR, Klewitzstr. 7, 39112 Magdeburg, Germany
Phone: +49 (0)391 6075466, Fax: +49 (0)391 6075469

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ