Text 11446, 212 rader
Skriven 2006-06-09 22:24:32 av Rich Gauszka (1:379/45)
Kommentar till text 11443 av Rich (1:379/45)
Ärende: Re: Are Windows 9x Explorer users toast security wise?
==============================================================
From: "Rich Gauszka" <gauszka@hotmail.com>
This is a multi-part message in MIME format.
------=_NextPart_000_001B_01C68C13.7AF59560
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
My original subject line said "Are W2k Explorer users toast security = wise?"
. Do you disagree with Christopher Budd or do you think he was = misquoted by
pcworld about 2k and it's security vulnerability and the = extensive
reengineering of a critical core components that would be = needed?
It's the 'extensive reengineering' quote that got my attention
I would bet a good many people that have home networks have port 139 = open for
file and print sharing. Just issuing a blurb to close it seems = a bit
pointless. I also doubt any of those people that are on 98 will = invest in a
perimeter firewall.=20
I would say they are all zombie/trojan candidates but I can't talk about = them
anymore as I am inficted with the wga 'phone home' trojan=20
=20
"Rich" <@> wrote in message news:448a28f2$1@w3.nls.net...
What nonsense! Windows 2000 was updated in the original release of =
http://www.microsoft.com/technet/security/bulletin/MS06-015.mspx. = Windows 9x
is not being updated. From the bulletin
If Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), =
and Microsoft Windows Millennium Edition (ME) are listed as an affected =
product, why is Microsoft not issuing security updates for them?
During the development of Windows 2000, significant enhancements =
were made to the underlying architecture of Windows Explorer. The = Microsoft
Windows 98, Microsoft Windows 98 Second Edition (SE), and = Microsoft Windows
Millennium Edition (ME) Windows Explorer architecture = is much less robust
than the more recent Windows architectures. Due to = these fundamental
differences, after extensive investigation, Microsoft = has found that it is
not feasible to make the extensive changes = necessary to Windows Explorer on
Microsoft Windows 98, Microsoft Windows = 98 Second Edition (SE), and Microsoft
Windows Millennium Edition (ME) to = eliminate the vulnerability. To do so
would require reengineer a = significant amount of a critical core component of
the operating system. = After such a reengineering effort, there would be no
assurance that = applications designed to run on these platforms would continue
to = operate on the updated system.
Microsoft strongly recommends that customers still using Microsoft =
Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft = Windows
Millennium Edition (ME) protect those systems by placing them = behind a
perimeter firewall which is filtering traffic on TCP Port 139. = Such a
firewall will block attacks attempting to exploit this = vulnerability from
outside of the firewall, as discussed in the = workarounds section below.
Rich
"Rich Gauszka" <gauszka@hotmail.com> wrote in message =
news:4489d02a@w3.nls.net...
http://news.yahoo.com/s/pcworld/20060609/tc_pcworld/126041
Microsoft said it wasn't feasible to make extensive changes to =
Windows=20
Explorer to eliminate a security vulnerability since the underlying=20
architecture of Windows 2000 is much less robust, wrote Christopher =
Budd, a=20
program manager with Microsoft's security response center.
"Due to these fundamental differences, these changes would require=20
reengineering a significant amount of a critical core component of =
the=20
operating system," Budd said.
As a result, applications may not run on the updated system, he =
said.
------=_NextPart_000_001B_01C68C13.7AF59560
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Diso-8859-1">
<META content=3D"MSHTML 6.00.2900.2873" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT face=3DArial size=3D2>My original subject line said =
"<FONT=20
size=3D2>Are W2k Explorer users toast security wise?" </FONT>. Do = you=20
disagree with Christopher Budd or do you think he was misquoted by =
pcworld=20
about 2k and it's security vulnerability and the extensive <FONT=20
face=3D"Times New Roman" size=3D3>reengineering of a critical core =
components=20
that would be needed?</FONT></FONT></DIV>
<DIV>It's the 'extensive reengineering' quote that got my =
attention</DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>I would bet a good many people that =
have home=20
networks have port 139 open for file and print sharing. Just = issuing
a=20
blurb to close it seems a bit pointless. I also doubt any of those = people
that=20
are on 98 will invest in a perimeter firewall. </FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>I would say they are all zombie/trojan =
candidates=20
but I can't talk about them anymore as I am inficted with the wga 'phone =
home'=20
trojan </FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2> </FONT></DIV>
<BLOCKQUOTE dir=3Dltr=20
style=3D"PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; =
BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
<DIV>"Rich" <@> wrote in message <A=20
=
href=3D"news:448a28f2$1@w3.nls.net">news:448a28f2$1@w3.nls.net</A>...</DI=
V>
<DIV><FONT face=3DArial size=3D2> What nonsense! =
Windows 2000=20
was updated in the original release of <A=20
=
href=3D"http://www.microsoft.com/technet/security/bulletin/MS06-015.mspx"=
>http://www.microsoft.com/technet/security/bulletin/MS06-015.mspx</A>.&nb=
sp;=20
Windows 9x is not being updated. From the bulletin</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<BLOCKQUOTE dir=3Dltr style=3D"MARGIN-RIGHT: 0px">
<DIV><STRONG>If Microsoft Windows 98, Microsoft Windows 98 Second =
Edition=20
(SE), and Microsoft Windows Millennium Edition (ME) are listed as an =
affected product, why is Microsoft not issuing security updates for=20
them?<BR></STRONG>During the development of Windows 2000, =
significant=20
enhancements were made to the underlying architecture of Windows =
Explorer.=20
The Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), =
and=20
Microsoft Windows Millennium Edition (ME) Windows Explorer =
architecture is=20
much less robust than the more recent Windows architectures. Due to =
these=20
fundamental differences, after extensive investigation, Microsoft =
has found=20
that it is not feasible to make the extensive changes necessary to =
Windows=20
Explorer on Microsoft Windows 98, Microsoft Windows 98 Second =
Edition (SE),=20
and Microsoft Windows Millennium Edition (ME) to eliminate the=20
vulnerability. To do so would require reengineer a significant =
amount of a=20
critical core component of the operating system. After such a =
reengineering=20
effort, there would be no assurance that applications designed to =
run on=20
these platforms would continue to operate on the updated=20
system.<BR><BR>Microsoft strongly recommends that customers still =
using=20
Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and=20
Microsoft Windows Millennium Edition (ME) protect those systems by =
placing=20
them behind a perimeter firewall which is filtering traffic on TCP =
Port 139.=20
Such a firewall will block attacks attempting to exploit this =
vulnerability=20
from outside of the firewall, as discussed in the workarounds =
section=20
below.</DIV></BLOCKQUOTE>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>Rich</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<BLOCKQUOTE=20
style=3D"PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; =
BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
<DIV>"Rich Gauszka" <<A=20
href=3D"mailto:gauszka@hotmail.com">gauszka@hotmail.com</A>> =
wrote in=20
message <A=20
=
href=3D"news:4489d02a@w3.nls.net">news:4489d02a@w3.nls.net</A>...</DIV><B=
R><A=20
=
href=3D"http://news.yahoo.com/s/pcworld/20060609/tc_pcworld/126041">http:=
//news.yahoo.com/s/pcworld/20060609/tc_pcworld/126041</A><BR>Microsoft=20
said it wasn't feasible to make extensive changes to Windows =
<BR>Explorer to=20
eliminate a security vulnerability since the underlying =
<BR>architecture of=20
Windows 2000 is much less robust, wrote Christopher Budd, a =
<BR>program=20
manager with Microsoft's security response center.<BR><BR><BR>"Due =
to these=20
fundamental differences, these changes would require =
<BR>reengineering a=20
significant amount of a critical core component of the <BR>operating =
system," Budd said.<BR><BR><BR>As a result, applications may not run =
on the=20
updated system, he =
said.<BR><BR></BLOCKQUOTE></BLOCKQUOTE></BODY></HTML>
------=_NextPart_000_001B_01C68C13.7AF59560--
--- BBBS/NT v4.01 Flag-5
* Origin: Barktopia BBS Site http://HarborWebs.com:8081 (1:379/45)
|