Microsoft: No security updates for 98/ ME after July 2006!

Crossposted from Dameocrat Blog

Several interesting news items related to this.

Quote:
Microsoft Clarifies Support for Windows 98, Windows Millennium

Microsoft announced a clarification in extended security update support for Windows 98, Windows 98 Second Edition, and Windows Millennium (Me) Editions for critical security issues. Windows 98 and Windows 98 Second Edition support was scheduled to end on January 16, 2004. The continual evaluation of the Support Lifecycle policy revealed, however, that customers in smaller and emerging markets needed additional time to upgrade their product. Therefore, critical security updates for Windows 98, Windows 98 Second Edition, and Windows Me will be provided on the Windows Update site through June 30, 2006.
Key Dates:

* Paid incident support for Windows 98, Windows 98 Second Edition, and Windows Millennium Edition (Me) is available through June 30, 2006.

  • Critical security updates will be provided on the Windows Update site through June 30, 2006.
  • Customers may request non-critical security fixes for Windows 98, Windows 98 Second Edition, Windows Me, and the most current version of their components until June 30, 2006 through typical assisted-support channels.
  • Windows 98, Windows 98 Second Edition, and Windows Me downloads for existing security issues will continue to be available through regular assisted-support channels at no charge until June 30, 2006.
  • No-charge incident support and extended hotfix support for Windows 98 and Windows 98 Second Edition ended on June 30, 2003.
  • No-charge incident support and extended hotfix support for Windows Me ended on December 31, 2003.

Microsoft is already leaving these customers high and dry for the WMF security flaw, according to cnet.

Quote:
Windows 98, ME users left vulnerable to WMF bug?
January 5, 2006 5:17 PM PST

Microsoft on Thursday rushed out an update to address a serious security flaw in Windows. Patches are available for Windows 2000, Windows XP, and Windows Server 2003, but Microsoft left out Windows 98 and Windows Millennium Edition.

The flaw lies in the way the OS software handles Windows Meta File images. Microsoft deems the issue “critical” only for Windows 2000, Windows XP and Windows Server 2003, the problem is not as big for Windows 98 and Windows ME because it is harder to exploit on those OSes, the company said in its MS06-001 security bulletin..

Experts from iDefense, F-Secure and SANS agree that no attacks that target the older Windows versions have surfaced. Yet that might only be a matter of time, said Mike Murray, director of vulnerability and exposure research at nCircle, a vulnerability management company in San Francisco.

Releasing a patch for Windows 98 and Windows ME would be the right thing to do, according to Murray. “Even Microsoft acknowledges that the vulnerability exists in those OSes, someone will figure out how to exploit it,” he said. …….

Here is someone in the reply section.

Quote:

MS is wrong not to support 98
Reader post by: Bill Dautrive
Posted on: January 8, 2006, 2:51 PM PST
Story: Windows 98, ME users left vulnerable to WMF bug?

Why?

Simple. Around 50% of the windows world is using something other then XP. So why would that mean that MS should still support it?

The intenet is an extremely dangerous place and MS is the primary reason for it. With so many older MS OS’s out there unprotected, it causes serious problems for everyone.

No one should have to pay to have problems that MS neglected fixed. We are not talking features here, but security problems that are the fault of Microsoft. All these people using the lame car anology are missing the point and clearly lack understanding of the issues. Even if a 1950 whatever is found to be defective, how many are on the road, how many has 100% original parts? That anology does not even come close to fitting this situtation, stop being ignorant.

Bottom line: These are serious security issues that came about through incompetance and negligence on Microsofts part. Asking anyone but Microsoft to pay for this is beyond ignorant.


Korea is responding by trying to go linux.

Quote:

The nation’s six ministries including the Ministry of Information and Communication (MIC) convened of late to discuss ways of reducing dependence on Microsoft, the world’s biggest software maker.

“We agreed to cut down on our heavy reliance on Windows while promoting open-source programs such as Linux as an alternative,” an MIC official said.

As action plans, the six ministries agreed to make Internet banking services and programs dealing with public grievance operable on a Linux-empowered system. Up until now, the programs could be run only through Windows.

“To secure broad-based adoption of non-Windows programs, the government will evaluate ministries regarding how much they brace for open-source programs,” the official said.

But, is the linux community offering an alternative to these former customers of Microsoft? Afterall, while there may be distros designed to work on older legacy computers, none of them are designed to be as easy to use as windows 98. Problems include, having to mount the disk drive from the command line, no control panels for easier customization on many of their light windows managers, like fluxbox and icewm, and the greater difficulty encountered when installing a linux program. I can untar tarballs, but I can never configure one. make and “make install” never work. Also the more feature rich Guis like KDE and Gnome are often to resource intensive to work quickly with anything under Pentium 3 or AMD K6-3. They both need at least 256 mb of memory to operate at a good clip. The typical windows 98 system, was Pentium I-MMX or Pentium II with 64-128 mb of memory.

According the same article more asinine members of the linux community are probably gearing up to infect these people with viruses in July.

Quote:
`Windows 98 is still widely used. Some people would replace their programs with advanced systems like Windows 2000 and XP. But some will continue to bank on Windows 98 even after this July,” Seung Jae-mo, the researcher at the Korea Information Security Agency, said.

He expected hacking and virus attacks would rage in the latter half of this year as global crackers would launch full-throttle attacks on Windows 98-outfitted computers that will not be updated regularly.

I personally feel the efforts of all those code vigilantes would be better spent creating an “easy to use” distro for older computers, but what do I know?

According to Wikipedia, small business customers of Microsoft who can’t pay for an upgrade to xp are being offered a thin client but the program is getting no advertising from Microsoft, and it is not being offered to home users of of Win 98 and ME. There is a something like a thin client being offered developing countries called “Windows XP Starter Edition,” but Microsoft is not offering this to home users in the developed countries and we may not be able to afford the latest thing either.

Yes, I am biased because I am a “Win 98” user. I switched to feather as a dual boot, but I don’t find it easy to use, and I started out with a DOS system, so I am not ignorant of command lines like most 98 people. The heavier distros just run way slow. I have tried “Debian Woody” with KDE and and “Red Hat 7.3” with Gnome. Neither Gnome nor Kde were much easier to use than Feather’s Fluxbox despite the more familiar appearance. They still made it difficult to install programs, and there plug n play wasn’t nearly as good as Feathers. They also didn’t have easy to use control panels though the control panels existed.

“Windows 3.1” and 95 users were left in the cold in 2002.

This didn’t harm 3.1 users as much since the hackers focused on 32 bit Windows after 95 was invented, but most any virus that involved NT/Xp will harm 95, 98, and ME.

Sober Virus harmed 95 users badly.  I remember having to work on a number of friends computers as a result of it.

Anyhoo, if you want to keep your computer safe after this time. Here are your alternatives.

Install an antivirus program, and keep it updated. If you have one of those thirty day trials and you let it expire, you should purchase it. If you can’t afford it, use a free alternative like AVG.

Get, a spyware program and keep it updated. Many are offered free. I personally like the spyware checker on my cousins’ yahoo toolbar. My personal favorite is “Spyware Search and Destroy.”

Only use “Internet Explorer” if you have to. It will save you tons of headaches. Otherwise, use Firefox or Opera, Netscape, or some other browser completely unrelated to IE. Opera is now completely free. Firefox now has a user agent switcher extension, which makes Internet Explorer only websites(bill paying and online banking mostly) think you are using Internet Explorer. Opera has this feature built in. If you must use IE, out of necessity or bad habit, please tweak the security setting to ask for prompts before downloading unsigned active x controls. I personally set Firefox and Opera to erase cookies when I close my browser. I make exceptions for frequently visited sites like my.yahoo. I believe you can do this with Internet Explorer as well.

Don’t use “Outlook Express. It is the “kick me” sign of the internet. It automatically executes attachments when you open an email. The majority of viruses are made to take advantage of this feature. “Sober Virus” took advantage of this execution then raided the address book of Outlook. I personally use Thunderbird. It is just much safer then OE, and it has a really good spam filter, which learns over time and becomes better the more you use it. There are many other good free email programs out there that you can try. The M2 client on Opera is really cool.  It threads your email just like google mail does.  Pegasus is my old standby. Using webmail, like yahoo, google, mail.com, is also very safe. If you must use Outlook Express, turn off the setting that automatically opens attachments. This may or may not help. Some viruses turn them on, even when they are off. It is the most popular email program so hackers make most of their viruses for it. Not using it is the best and most inexpensive way to protect yourself.

Like it or not,you probably need a firewall these days. I personally use a freeware program called “Tiny Personal Firewall,” but it involves a lot of good guessing as far as what to let through and what to refuse. Basically I let traffic through if I have just opened a new program, and it is obviously related to that program. I have heard “Zone Alarm” is easier to use, but whenever I tried it, I found it too resource intensive.

Radical alternatives: Get rid of Windows 98/Me. This means installing a light distro of Linux. hat means many new things to learn, and some greater difficulty in certain areas.

Light distro to look at.

“Feather Linux”: This is my old favorite thus far. It is quick. It does plug and play very well for a Linux distro, and set up my dsl modem really easily. It installs in less than 10 minutes generally. You update it with a program called apt-get. You will need to install “Open Office” if you want a word processor with a dictionary. The dictionary in Abiword doesn’t work. The nicest feature of Feather is that it automatically mounts floppy drives. This distro has to be burned. The only drawback is its use of a desktop “windows manager” called Fluxbox.  It is very quick, and light, but it is not easy to use if you are used to Windows.  Instead of having a “Start Menu” you access all your programs from the right click of your mouse. It has no control panel for easy customization. You have to use configuration scripts.

Damn Small Linux a.k.a. DSL. It is similar to feather, but I haven’t tried it much. This distro can be purchased as well as burned. It uses the Icewm windows manager. Icewm is like Windows 9x, only it doesn’t have a control panel for customization. Like Feather and Luit, DSL uses Tiny X server instead of xorg or xfree86. This means it can be used on very old computers, including 386 DX so long as they have at least 24 Mb of memory. These specs don’t apply to the programs in the package necessarily. Firefox will always require at least 64 mg of memory and at least Pentium MMX or greater. The same goes for Open Office. Fortunately nearly all Win98/ME computers should do just fine with these specifications, but if you have lessor specs there are alternatives, which can be searched for at debian.org. Siag, and Ted or good WP suites for low resources systems, and link2, with the graphics switch links2 -g, is an amazing little browser. DSL has hacked version of Dillo, which runs on very low system resources. They modified it to handle frames and Javascript.

Luit Linux. Basically “Damn Small” with XFCE. XFCE is very easy to use for a light desktop. It has a control panel and is generally easy to customize, and figure out, relative to Icewm and Fluxbox.

BTW, Feather, DSL and Luit are all live CDs. This means they will run from the cd rom. This is great because, you can try them out, set them up, and experiment with them, before you install them on your hardrive. This is a great advantage, from a configuration standpoint.

Xubuntu: Ubuntu with XFCE desktop. This is what I am currently using. XFCE is a very light desktop, with some very easy-to-use features. It is not offered as a separate distro. You have to order the Ubuntu CDs, then you need to do a server install of Ubuntu, then you install the xubuntu-desktop with apt-get from the command line. There are instructions for this at the Ubuntu website. If you have dial-up, downloading the Xubuntu desktop may take as much as ten hours. If you have highspeed, it will take two or less. The next distro will be out sometime in June and by then they may offer Xubuntu as a separate distro. Let’s cross our fingers, because this will really benefit dial-up users. I like XFCE a lot. It is very light and feature rich with an easy to understand control panel. Xubuntu doesn’t use tiny x though. Tiny X makes it possible for Feather, DSL and Deli to go on computers as old a 386DX with 24 Mb of memory. Xubuntu probably won’t go that far, but it works just fine on the MMX/Pentium II era machines. The biggest advantage of this distro is the Ubuntu community, which is extensive and helpful. It also helps that you can get the installation disks for free and without a cd burner, or shipping fees. If you go their website, you will likely get sent several installation disks rather than just one. I think Ubuntu developers want you to share this distro with your friends.

All three of these distros are based on Debian. The default desktop of Ubuntu is Gnome. It will operate pretty slowly, on most Pentium I and II computers. It can be tweaked some by using hdparm, but I don’t like it very much. I upgraded my hardrive from 4 Gb to 30Gb three years ago, so I installed a dual boot of 98 and “Debian Linux.” A dual boot configuration is a good thing if you are scared of getting rid of 98 completely. Admittedly I couldn’t get the winmodem dial up working on my first install of Debian Linux, so keeping 98 was handy. Buying a larger disk drive to accommodate both is fairly inexpensive. You can probably buy a 30 Gb hardrive for less than 20 dollars on Ebay nowadays. That is more than enough to accomodate Windows 98 and Linux, yet it is cheap because today it is considered a dinky diskdrive.

Do your research before you install Linux. You should get a manual for your distro online, or from the library or bookstore. The Ubuntu community has a lot online. This is why I have started to using Ubuntu. Pay particular attention to the problem of Windows specific dial up modems. When I first installed Debian, I had to get an external modem, because I just couldn’t get my winmodem to work. If you have an internal modem, it is probably a winmodem. Cable and DSL modems that are connected to a USB hub, rather than an ethernet adapters are also a drag. They aren’t well identified by Linux at all. I have no experience with wifi. Ubuntu has a quick start guide that should help if you are new to Linux.

There are some promising new distros on the horizon that could benefit 98/ME users. I am currently paying close attention to “STX Linux,” a Slackware-based distro, that employs the “Equinox Desktop.” This desktop looks and feels very much like “Windows 98”. It even has a really good control panel. They just came out with their first full release a month ago. They claim that it runs on a 486DX with 32 megabytes of memory. I’ll be paying close attention to the buzz on this one, but I currently don’t know any users.

Mepis has a very good reputation among former Windows users. They have been beta testing a light version for a while now. Unfortunately, it appears they are using KDE which in my experience runs slower than Gnome on my AMD K6 II.

Some people are also making a distro called Ubuntu lite,but it is in beta testing now. It will employ Equinox or Icewm.

Anyway, there’s a run down of your alternatives, as I see them.  I will be following this story in the future.