Forwarded from: matthew patton <pattonme@private> --- InfoSec News <isn@private> wrote: > http://www.eweek.com/article2/0,4149,1410097,00.asp > > A new research paper to be released on Thursday is warning those > companies still running Microsoft Windows 98 that they face an > increased risk of a network security breach when Microsoft retires > the product at the end of this year. I really don't think so actually. Win98 has precious little capability compared to say 2K or XP. Granted it doesn't offer much in the way of desktop security and stupid users clicking on wanton email/url's can toast their box more readily than a properly configured (ie. local user is not LocalAdmin) NT family machine. But so many corporate NT-class machines can't be bothered to do security properly anyway. It seems to me the vast majority of M$'s nasty bugs have to do with apps and the 'fancy' OS's like NT and up - be it IE, Office, SQLServer and the like. IE/Office need to be updated regularly etc, sure and that support isn't going away just yet. Did M$ pay these guys to write this so they could sell a few zillion more copies of XP and boost quarterly sales? win95/98 works just fine for desktop use. I still use it. I read my email, surf the web, generate a document or two. Isn't that the very definition of 99.8% of all corporate PeeCee's? My work laptop is 2K and it's a sorry pain in the butt. It's long been a contention of mine that less capable software has less things to compromise and if compromised isn't as capable of an attack platform. Now were did I put my copy of Mosaic... > the major driver is a direct result of delaying PC refreshment > purchases during the recent economic slowdown," he said. or maybe Intel or AMD begged them to write it. I only last month sidelined my 266mhz K6 desktop because I couldn't play any moderately recent (year 2000+) games on it. Now 1.3ghz of my 1.3ghz CPU goes to wasting electrons and turning them into heat and doing RC5/OGR key searches. > "Companies with a significant investment in Windows 98—and who did > not purchase an extended hot fix support contract this summer—should > immediately evaluate strategies to retire all installations of > 'Internet-facing' Windows," the study said. There's a trigger-word! "internet-facing." What's that mean? that the PC is out there hosting connections coming from the wider 'net or that a user is using a machine to surf? If the former, well ok anybody using 98 as a server needs to be summarily shot. If the latter, what's the big deal? Can't content filtering, virus protection, user education against stupidity, and refusing to allow users to run lousy products pretty much put the kibosh to most of the bugs? I mean, IE and Outlook should have been removed from every corporate desktop ages ago. Running Office/IE/Outlook on 95/98 or NT/2K/XP makes no difference. > "Any Windows 95 or 98-based PC with access to the Internet > (including > > mobiles that leave the company network) should be candidates for > migrating to Windows XP or Windows 2000. why? where is the justification? where is the cost basis? If I'm a corporate IT guy I need to know damn well WHY I should and WHY the huge cost is worth it or is otherwise justified. > To help its customers with this, AssetMetrix, the Lab's parent > company, will on Thursday announce a new asset management service > known as Win98-Exodus, designed to help corporations identify PCs > running Windows 98 and Windows 95 and help them develop a migration > strategy toward Windows 2000 and Windows XP. heh, talk about a non-biased report then. This alone makes me regard their recommendations with considerable distrust. ===== "Be kind and compassionate to one another, forgiving each other, just as in Christ God forgave you." Ephesians 4:32 Hurt and disappointment enter every marriage from time to time. When this happens, we choose to either forgive or develop resentment. Love will not last if we do not learn to forgive. __________________________________ Do you Yahoo!? New Yahoo! Photos - easier uploading and sharing. http://photos.yahoo.com/ - ISN is currently hosted by Attrition.org To unsubscribe email majordomo@private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Mon Dec 15 2003 - 06:01:10 PST