>This doesn't mean that W98 is secure. On Secunia's site the latest >(corrected) vulnerability is dated 20060613, less than 1 month ago, and >tomorrow someone could find a new one that won't be corrected.
Sure, that could happen but seeing how there are only two known exploits published in 2006 for Windows 98 I think it is safe to say that the risk is fairly low. Why should Microsoft spend millions of dollars to operate a team to update Windows 98 when there was such a low volume of exploits for Windows 98 with very little details regarding the specifics of the exploit and no known code has been released to exploit these vulnerabilities? >You don't need 2000 vulnerability. It's enough only one exploit to >create a 70 millions PC zombi net. I'd like to see someone discus the plan of execution of exactly how a hacker would go about compromising 70 million Windows 98 computers. Create a malicious website with Quake cheat codes? My guess is that whatever number of computers is really running Windows 98; these computers are underutilized. >Maybe you are just getting confused. One thing is security and another >one are the "features". From a *security* point of view, OSS solutions >like FF or TB, can be more secure than the counterparts IE and OE. > >However, AFAIR, browser's *features* are not the main topic of this >mailing list I disagree; there is always the middle ground between usability\features versus risk. Is your computer so secure that it can not perform the tasks you are looking to complete? My point for this comment is to express a different solution to surfing the internet as a non-administrator, significantly lowering risk and still enjoy the feature rich functionality that IE offers. >Seems MS partners are recommending using IE, but if you use a lot of XUL >applications IE is really the worst solution. Whatever tool is best for the job. *cough* .NET *cough* >But I think this is OT, here, don't you agree? Indeed. Angelo Castigliola III Enterprise Security Architecture UnumProvident The posts and threads in this email do not reflect the opinions of nor are endorsed by UnumProvident, Inc., nor any of its employees. -----Original Message----- From: Flavio Visentin [mailto:[EMAIL PROTECTED] Sent: Wednesday, July 12, 2006 5:56 PM To: Castigliola, Angelo; full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] 70 million computers are using Windows 98rightnow -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Castigliola, Angelo wrote: > There are no known remote exploits for the > Windows 98 operating system. This doesn't mean that W98 is secure. On Secunia's site the latest (corrected) vulnerability is dated 20060613, less than 1 month ago, and tomorrow someone could find a new one that won't be corrected. > I Could not tell you how many exploits are > out there for Internet Explorer or Outlook\Express that will allow > someone to compromise Windows 98 but I guess very few. You don't need 2000 vulnerability. It's enough only one exploit to create a 70 millions PC zombi net. > is a better solution then the open source > solutions that are notorious for features not working with Microsoft > rich websites (if the website\application loads at all). Maybe you are just getting confused. One thing is security and another one are the "features". From a *security* point of view, OSS solutions like FF or TB, can be more secure than the counterparts IE and OE. However, AFAIR, browser's *features* are not the main topic of this mailing list > Seems like the > major computer nerds always recommend firefox for windows however if you > use a lot of .NET web applications then firefox is a very poor solution. Seems MS partners are recommending using IE, but if you use a lot of XUL applications IE is really the worst solution. But I think this is OT, here, don't you agree? - -- Flavio Visentin GPG Key: http://www.zipman.it/gpgkey.asc There are only 10 types of people in this world: those who understand binary, and those who don't. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (GNU/Linux) iD8DBQFEtW/9usUmHkh1cnoRAo3UAJ9qOSp1a9LLUI51pHCqjVUigm8LTwCfXcl9 dbphXjK5pTzE/dWftOkVFyY= =LmIq -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/