Internet Explorer 6.0 Sp1 Component Update 3.0 for Windows 98

[98 Guy]

For those of you that want to use various Win-2K updates from Microsoft
and apply them to your Win-98 system, this update package has been
designed to bring together all those various updates and install them
automatically.

MD InternetExplorer 6.0sp1 Component Update 3.0

*Windows Script Update 5.6
*971961 - Unofficial JScript Security Update
*944338 - Unofficial Windows Script Security Update
*973354 - Unofficial Outloook Express Cumulative Security Update
*976325 - Unofficial Internet Explorer Cumulative Security Update (with
uninstall)
*905495 - Unofficial Security Update (MSIEFTP)
*885258 - Security Update (PROCTEXE)
*816362 - Security Update (MSHTA)
*958869 - Unofficial Security Update (VGX)
*906216 - Unofficial Security Update (DHTML+TRIEDIT)
*920670 - Unofficial Security Update (HLINK)
*918439 - Security Update (ART Image Rendering)
*816093 - JVM 3810 Security Update
*961371 - Unofficial Web fonts update
*824220 - Unofficial Security Update (IMGUTIL)
*886677 - Unofficial Security Update (MLANG)
*896156 - Unofficial Security Update (MSHTMLED)
*893627 - Hotfix for Bug with Group Policies Not Applied in IE6sp1
*973525 - Unofficial ActiveX Kill Bits (AKB) Security Vulnerability Fix
*931125 - Windows Roots Update

*Unofficial DirectX Media (DXM) 6.0 Update

--------------------------------------------------------------
http://rapidshare.de/files/48815001/MDIE6CU30E.EXE.html
---------------------------------------------------------------

*Size: ~14mb

What's new:

*976325 - Unofficial Internet Explorer Cumulative Security Update (with
uninstall)
*961371 - Unofficial web fonts update

removed:

*974455 - Unofficial Internet Explorer Cumulative Security Update
*976749 - Unofficial Internet Explorer Update
*908519 - Web fonts update

 

[MEB]

For those of you that want to use various Win-2K updates from Microsoft
and apply them to your Win-98 system, this update package has been
designed to bring together all those various updates and install them
automatically.

You know damn well these also subject the users to potential and
ongoing vulnerabilities which are *not* protected via 9X capable AV
and other programs due to the differing operating environments and
expected respective activities. Moreover, *these files* may give users a
false and dangerous feeling that they HAVE secured their systems, when,
IN FACT, they have added to the potential and/or now unknown real
vulnerabilities.

Why don't you just keep this crap over on MSFN and the other sites and
forums that cater to this type of UNTESTED [other than installation]
modifications.

Don't bother pointing to the users of those modifications for supposed
"testing" as most of those {such as you} know *only* that the
modifications install.

MD InternetExplorer 6.0sp1 Component Update 3.0

*Windows Script Update 5.6
*971961 - Unofficial JScript Security Update
*944338 - Unofficial Windows Script Security Update
*973354 - Unofficial Outloook Express Cumulative Security Update
*976325 - Unofficial Internet Explorer Cumulative Security Update (with
uninstall)
*905495 - Unofficial Security Update (MSIEFTP)
*885258 - Security Update (PROCTEXE)
*816362 - Security Update (MSHTA)
*958869 - Unofficial Security Update (VGX)
*906216 - Unofficial Security Update (DHTML+TRIEDIT)
*920670 - Unofficial Security Update (HLINK)
*918439 - Security Update (ART Image Rendering)
*816093 - JVM 3810 Security Update
*961371 - Unofficial Web fonts update
*824220 - Unofficial Security Update (IMGUTIL)
*886677 - Unofficial Security Update (MLANG)
*896156 - Unofficial Security Update (MSHTMLED)
*893627 - Hotfix for Bug with Group Policies Not Applied in IE6sp1
*973525 - Unofficial ActiveX Kill Bits (AKB) Security Vulnerability Fix
*931125 - Windows Roots Update

*Unofficial DirectX Media (DXM) 6.0 Update

--------------------------------------------------------------
http://rapidshare.de/files/48815001/MDIE6CU30E.EXE.html
---------------------------------------------------------------

*Size: ~14mb

What's new:

*976325 - Unofficial Internet Explorer Cumulative Security Update (with
uninstall)
*961371 - Unofficial web fonts update

removed:

*974455 - Unofficial Internet Explorer Cumulative Security Update
*976749 - Unofficial Internet Explorer Update
*908519 - Web fonts update

--
MEB
http://peoplescounsel.org/ref/windows-main.htm
Windows Info, Diagnostics, Security, Networking
http://peoplescounsel.org
The "real world" of Law, Justice, and Government
___---

 

[MEB]

You know damn well these also subject the users to potential and
ongoing vulnerabilities which are *not* protected via 9X capable AV
and other programs due to the differing operating environments and
expected respective activities. Moreover, *these files* may give users a
false and dangerous feeling that they HAVE secured their systems, when,
IN FACT, they have added to the potential and/or now unknown real
vulnerabilities.

I agree, he should have perhaps added some warning to that effect, but
he knows he doesn't need to as you will do so for him. (I just _knew_
what the next post I would see would be!)

Does this set of fixes actually ADD to the vulnerabilities of a system,
or just CHANGE it - i. e. could it be that it introduces some new ones
but closes some (while also adding other things, such as a DirectX and a
web fonts update)?

[They're of academic interest to me anyway - I do not have IE of any
flavour on my '98SEl machines, one of which has never been online and
the other does so very rarely.]

[Full quote of original post snipped.]

Good questions. If it were the OSs designed for it might fulfill the
desired effect, temporarily. However, there is no "patch Tuesday" or
"zero day" hotfixes for Win9x and these will contain vulnerabilities IN
THE OSs designed, for which updates will be received, Win9X won't.
These are for the interface to the Internet, the browser, waving in the
breeze...

Just as the last posted suggested junk from 98 Guy was patched in a
week or so, and is NOT part of a normal Win9X installation {MS XML4}, so
rather obviously they introduce vulnerabilities that wouldn't be there
to start with. NO ONE tests these for 9X vulnerabilities and they DO
introduce new vulnerabilities into the OSs intended; nor even for
compatibility beyond they install...

On the other hand, if you want to *manual* check every day to see if
Microsoft has offered any security or file fixes, AND check for whether
they work in 9X, AND are willing to be a "guinea pig" for any new and
COMPLETELY UNKNOWN 9X vulnerabilities, then sure, install; just don't
expect anyone to be able to help fix your system and don't expect your
software will be compatible... including any malware protection.

Somewhere along the line since EOL, these people lost track of what
they hoped to accomplish, keeping 9X alive... that requires someone
actually test and NOT JUST FOR INSTALLATION, and creation of NEW
browsers and malware programs...

--
MEB
http://peoplescounsel.org/ref/windows-main.htm
Windows Info, Diagnostics, Security, Networking
http://peoplescounsel.org
The "real world" of Law, Justice, and Government
___---

 

[MEB]

You know %^&% well these also subject the users to potential and
ongoing vulnerabilities which are *not* protected via 9X capable AV
and other programs due to the differing operating environments and
expected respective activities. Moreover, *these files* may give users a
false and dangerous feeling that they HAVE secured their systems, when,
IN FACT, they have added to the potential and/or now unknown real
vulnerabilities.

I agree, he should have perhaps added some warning to that effect, but
he knows he doesn't need to as you will do so for him. (I just _knew_
what the next post I would see would be!)

Does this set of fixes actually ADD to the vulnerabilities of a system,
or just CHANGE it - i. e. could it be that it introduces some new ones
but closes some (while also adding other things, such as a DirectX and a
web fonts update)?

[They're of academic interest to me anyway - I do not have IE of any
flavour on my '98SEl machines, one of which has never been online and
the other does so very rarely.]

[Full quote of original post snipped.]

Good questions. If it were the OSs designed for it might fulfill the
desired effect, *temporarily*. However, there is no "patch Tuesday" or
"zero day" hotfixes for Win9x and these will contain vulnerabilities IN
THE OSs designed, for which updates will be received, Win9X won't.
These are for the interface to the Internet, the browser, waving in the
breeze... or are these supposedly NOT for people using IE6? Then there
is ZERO reason to install them as they patch the last group of supposed
fixes...

Just as the last posted suggested junk from 98 Guy was patched in a
week or so, and is NOT part of a normal Win9X installation {MS XML4}, so
rather obviously they introduce vulnerabilities that wouldn't be there
to start with. NO ONE tests these for 9X vulnerabilities and they DO
introduce new vulnerabilities into the OSs intended.

On the other hand, if you want to *manually* check every day to see if
Microsoft has offered any security or file fixes, AND check for whether
they work in 9X, AND are willing to be a "guinea pig" for any new and
COMPLETELY UNKNOWN 9X vulnerabilities, then sure, install; just don't
expect anyone to be able to help fix your system and don't expect your
software will be compatible... including any malware protection.

Somewhere along the line since EOL, these people lost track of what
they hoped to accomplish, keeping 9X alive... that requires someone
actually test and NOT JUST FOR INSTALLATION, and creation of NEW
browsers and malware programs...

But this was already stated for the most part... WHY you two chose to
post otherwise is the actual question...

--
MEB
http://peoplescounsel.org/ref/windows-main.htm
Windows Info, Diagnostics, Security, Networking
http://peoplescounsel.org
The "real world" of Law, Justice, and Government
___---

 

[rob^_^]

Hi All,

Have a look at 98 Guy's headers. I would not trust someone using Opera to
build IE patches for an unsupported OS or browser.

You may as well accept those Windows Updates trojans that appear in your
Inbox (NOT). I think he is wearing black.

Regards.

 

[98 Guy]

rob^_^ top-poasted:

Hi All,

Hi Shit-head.

Have a look at 98 Guy's headers. I would not trust someone
using Opera to build IE patches for an unsupported OS or
browser.

Oh, I'm using Opera am I?

I think he is wearing black.

Since when is the use of Opera diagnostic of a black-hat?

You may as well accept those Windows Updates trojans that
appear in your inbox (NOT)

Why don't you take this up with the win-98 community at msfn.org?

Go there and tell them what you think of this update:

http://www.msfn.org/board/index.php...263179&showtopic=97816&view=findpost&p=888724

 

[PA Bear [MS MVP]]

+1

Hi All,

Have a look at 98 Guy's headers. I would not trust someone using Opera to
build IE patches for an unsupported OS or browser.

You may as well accept those Windows Updates trojans that appear in your
Inbox (NOT). I think he is wearing black.

Regards.

 

[98 Guy]

PA Bear top-poasted:

+1

Care to tell us what that means?

 

[N. Miller]

Have a look at 98 Guy's headers. I would not trust someone using Opera
to build IE patches for an unsupported OS or browser.

How does one use a web browser to build OS, or browser patches?

 

[N. Miller]

PA Bear top-poasted:

Care to tell us what that means?

Pretty much the same thing as, "<AOL> 'Me too!"

 

[98 Guy]

Pretty much the same thing as, "<AOL> 'Me too!"

So - he's being a dork about this too?

 

[98 Guy]

Another convoluted statement from MEB.

If the win-2K patch files for IE6 work for win-98, then use them.

If those files introduce new vulnerabilities for a win-98 system, then
there two possibilities:

a) The new vulnerability is unique to win-98 and is caused by some
peculiar interaction between win-98 and the win-2K patch file that does
not exist on a win-2k system.

b) The new vulnerability will effect win-2K and *might* also affect
win-98 equally. Microsoft will issue yet another patch for this
vulnerability when discovered, assuming win-2k is still being supported.

Now look carefully at those two possible outcomes.

Outcome (a) will probably NEVER be discovered because of the simple fact
that no security analysts or hackers will be examining or testing or
looking for vulnerabilites on a platform consisting of win-98 and IE6
patches derived from win-2K updates.

Outcome (b) is much more likely than (a), and it can be presumed that a
fix will be made available soon after it's discovery. And until it is
discovered - it does not exist.

So even if you want to speculate that the use of these files might cause
some unique vulnerability to a win-98 system, the odds of that
vulnerability being discovered and leveraged is ridiculously small.

Bingo. Meb just said it himself.

If no one is testing this combination of win-98 and Win-2K patch files,
then any vulnerability they may uniquely cause to a win-98 system will
go undetected and therefore will never be leveraged by hackers.

Security by obscurity.

If MEB is trying to say that these patches introduce new vulnerabilities
into win-2k (the intended OS), then that's complete and outrageously
wild speculation. Presumably Microsoft would not create updates or
patches for the "intended OS's" that contain known vulnerabilities.

If MEB is trying to say that these patches introduce new vulnerabilities
into Win-98, then again that is complete speculation without any shred
of testing evidence that he claims he is an expert at performing.

It would be useful for MEB to cut the bullshit lawyer-speak and behave
like a normal person and utter clear and understandable statements.

 

[N. Miller]

"N. Miller" wrote:

So - he's being a dork about this too?

Perhaps. OTOH, I wouldn't mix different Windows version system files, unless
it was tested, and recommended, by Microsoft.

 

[98 Guy]

Perhaps. OTOH, I wouldn't mix different Windows version system
files, unless it was tested, and recommended, by Microsoft.

I don't know how much you've been following issues relating to IE (IE6)
after the official end of support for win-98 (which happened in July
2006).

The fact is that after July 2006, there has been no such files, testing,
or recommendations by Microsoft for anything relating to win-98. This
was not a surprise - or unexpected.

IE6 files are not (technically speaking) system files. Files relating
to IE can be stripped out of win-98 (perhaps more easily for win-95).

It was speculated back in 2006 that most IE6 patches that Microsoft
released for Win-2K would be easily and seamlessly usable on win-98
because they both use the exact same version (IE6-Sp1). By intention,
Microsoft has never allowed win-2K to be compatible with IE6-SP2 (the
version of IE6 that came with XP-SP2). The binary files for that
version are somewhat different and are not compatible with win-9x.

So, to re-cap:

1) The end of official support of any kind for Win-98 in July 2006
marked the point at which Microsoft would no long make any comment or
statement about win-98 in any of it's advisories or bulletins, and for
which Microsoft would no longer identify any new patch or update file as
being compatible (or incompatible) with win-98.

2) The lack of mention of win-98 in any patch or update file released
for the past 3 years DOES NOT MEAN that the file won't work or is not
compatible with win-98. Practically speaking, this is notable mostly
when we are speaking about patch files released for Windows 2000.

3) Simple file-substitution of new win-2K patch files onto a win-98
system is enough to determine if win-98 is compatible with the files.
If the win-98 system is usable an can perform all operations as expected
with the new files, then that is generally enough of a test to determine
compatibility. No harm can really be done to a system that does not
function as intended during this test, and the original files can be
easily replaced.

4) A respectible-sized user base of win-98 systems with these file
substitutions can be found at msfn.org. These users pay close attention
to the workings and performance of their win-98 systems, and any hint of
file incompatibility are discussed at length. There is a very good
consensus that the various IE6 updates that have been been made for
win-2K over the past 3 years function well on win-98.

 

[MEB]

On 12/11/2009 03:16 AM, J. P. Gilliver (John) wrote:

[98Guy's putative enhancements/updates/whatever]

Does this set of fixes actually ADD to the vulnerabilities of a system,
or just CHANGE it - i. e. could it be that it introduces some new ones
but closes some (while also adding other things, such as a DirectX and a
web fonts update)?

[]
Good questions. If it were the OSs designed for it might fulfill the

Thank you.

desired effect, temporarily. However, there is no "patch Tuesday" or
"zero day" hotfixes for Win9x and these will contain vulnerabilities IN
THE OSs designed, for which updates will be received, Win9X won't.
These are for the interface to the Internet, the browser, waving in the
breeze...

Just as the last posted suggested junk from 98 Guy was patched in a
week or so, and is NOT part of a normal Win9X installation {MS XML4}, so
rather obviously they introduce vulnerabilities that wouldn't be there

They certainly have the potential to do so, though whether they actually
do so hasn't been tested either.

to start with. NO ONE tests these for 9X vulnerabilities and they DO
introduce new vulnerabilities into the OSs intended; nor even for
compatibility beyond they install...

They are more likely to, yes.

On the other hand, if you want to *manual* check every day to see if
Microsoft has offered any security or file fixes, AND check for whether
they work in 9X, AND are willing to be a "guinea pig" for any new and
COMPLETELY UNKNOWN 9X vulnerabilities, then sure, install; just don't
expect anyone to be able to help fix your system and don't expect your
software will be compatible... including any malware protection.

Equally, if you don't ever install any of these patches, you will not
suffer from any of the new potential vulnerabilities, but you will also
never experience any of the (equally "potential") benefits, either.

Somewhere along the line since EOL, these people lost track of what
they hoped to accomplish, keeping 9X alive... that requires someone
actually test and NOT JUST FOR INSTALLATION, and creation of NEW
browsers and malware programs...

As I've said before, they can choose to preserve in aspic their 98
system as it was at the instant of EOL, or they can choose to take
potential risks for potential benefits. It's their choice. If they
choose the latter, they can be reassured to whatever extent they trust
98g, and worried to whatever extent they believe you.

So you intend to claim the benefit of installation, verses say, a
different application providing BETTER support for new formats...

The cost is???? that to use these DOES AND WILL CONTINUE to place these
parties doing so in the position of NO knowledge of what present
vulnerabilities they have and NO way to protect themselves from them.
The *TESTS* come from the fact that these supposed installable files
WILL be updated by Microsoft *for the supported OSs* and Win9X will not
receive them, nor will any fixes be designed to correct vulnerabilities
within 9X created by their installation.

If MSFN and those doing the same want to "keep Win98 alive" then work
on the well defined vulnerabilities at EOL and correct those. These are
supposed coders and programmers,,,

So it appears this is just more of an attempt to waste some more time
while resting on OLD laurels...

--
MEB
http://peoplescounsel.org/ref/windows-main.htm
Windows Info, Diagnostics, Security, Networking
http://peoplescounsel.org
The "real world" of Law, Justice, and Government
___---

 

[MEB]

I don't know how much you've been following issues relating to IE (IE6)
after the official end of support for win-98 (which happened in July
2006).

The fact is that after July 2006, there has been no such files, testing,
or recommendations by Microsoft for anything relating to win-98. This
was not a surprise - or unexpected.

IE6 files are not (technically speaking) system files. Files relating
to IE can be stripped out of win-98 (perhaps more easily for win-95).

It was speculated back in 2006 that most IE6 patches that Microsoft
released for Win-2K would be easily and seamlessly usable on win-98
because they both use the exact same version (IE6-Sp1). By intention,
Microsoft has never allowed win-2K to be compatible with IE6-SP2 (the
version of IE6 that came with XP-SP2). The binary files for that
version are somewhat different and are not compatible with win-9x.

So, to re-cap:

1) The end of official support of any kind for Win-98 in July 2006
marked the point at which Microsoft would no long make any comment or
statement about win-98 in any of it's advisories or bulletins, and for
which Microsoft would no longer identify any new patch or update file as
being compatible (or incompatible) with win-98.

2) The lack of mention of win-98 in any patch or update file released
for the past 3 years DOES NOT MEAN that the file won't work or is not
compatible with win-98. Practically speaking, this is notable mostly
when we are speaking about patch files released for Windows 2000.

3) Simple file-substitution of new win-2K patch files onto a win-98
system is enough to determine if win-98 is compatible with the files.
If the win-98 system is usable an can perform all operations as expected
with the new files, then that is generally enough of a test to determine
compatibility. No harm can really be done to a system that does not
function as intended during this test, and the original files can be
easily replaced.

4) A respectible-sized user base of win-98 systems with these file
substitutions can be found at msfn.org. These users pay close attention
to the workings and performance of their win-98 systems, and any hint of
file incompatibility are discussed at length. There is a very good
consensus that the various IE6 updates that have been been made for
win-2K over the past 3 years function well on win-98.

AND the whole moronic idea by these purported supporters of this
activity is that you just *IGNORE* that prior files were NOT created the
same. Look within the original files during 9X support period and note
the various internal patching AND/OR DISTINCT 2K or 9X files in some of
the files PER OS and directed via the setup. *THAT* is what was once
done by Microsoft to make sure of compatibility AND THAT IT ADDRESSED
THE VULNERABILITIES within the *INTENDED* OSs.

The supposed respectable user base are users who think those creating
the modified files *DO* check for vulnerabilities and are generally as
ignorant as 98 Guy. ALL these supposed modifiers now do is make an
installer from the NT BASED files and are ONLY concerned with that
installation. As for supposed user testing, think of 98 Guy and all this
party DOESN'T know and understand...

--
MEB
http://peoplescounsel.org/ref/windows-main.htm
Windows Info, Diagnostics, Security, Networking
http://peoplescounsel.org
The "real world" of Law, Justice, and Government
___---

 

[98 Guy]

So you intend to claim the benefit of installation, verses say, a
different application providing BETTER support for new formats...

What the hell does that mean?

What do you mean by a "different application"?

If you're trying to ask why someone wouldn't use a different browser
(Firefox, etc) instead of IE6, then why not just say that?

Why are you always obtuse and vague in your use of language?

The reason why you'd want to update these IE6 files is because they ARE
hooked into by the operating system and using another browser is no
garantee that those files will not be called upon for one task or
another.

The cost is???? that to use these DOES AND WILL CONTINUE to
place these parties doing so in the position of NO knowledge
of what present vulnerabilities they have and NO way to
protect themselves from them.

Why are you stating that the use of these patch files *will* confer
vulnerabilities to win-98?

How can you make such a claim?

Give an example (by CVE or some other identifier) of a vulnerability
that will result if these IE6 files are patched into a win-98 system.

The *TESTS* come from the fact that these supposed installable
files WILL be updated by Microsoft *for the supported OSs*
and Win9X will not receive them,

Nothing you just said in that statement makes any sense.

"these supposed installable files WILL be updated by Microsoft"

It's not that they "will" be updated. They *ARE* being updated. What
is the significance of that?

" *for the supported OSs* and Win9X will not receive them"

Microsoft states the applicability for those files. Win-9x WILL receive
them if the user gives them to it.

Microsoft will not place them in the list of files it serves for win-98
updates on the windowsupdate server because it has closed all new
submissions 3 years ago.

Microsoft's silience on ALL THINGS RELATING TO WIN-98 does not equate to
a blanket statement that no files it releases for win-2K might be
operable on win-98.

You continue to ignore the fact that Microsoft's complete silence about
win-98 does not mean that some patch files it has released in the past 3
years are perfectly compatible with it. We expect Microsoft not to tell
us this even when it's true, because their own support policy forbids
it.

nor will any fixes be designed to correct vulnerabilities
within 9X created by their installation.

That is the largest flaw in your argument, for which you will not
address here in public.

Any vulnerability that *might* be caused by a peculiar interaction
between win-98 and these files would presumably be a unique
vulnerability that would not exist on win-2K. You propose that such a
vulnerability would leave win-98 users exposed to a problem that
Microsoft would never create a patch for, because the vulnerability
would not exist under win-2K.

The flaw in that argument is that any such hypothetical vulnerability
would be extremely unlikely to ever be detected, because it would
require that professional analysts, hobbyists or hackers would be
examining the combination of win-98 with installed patches from win-2k
looking for it.

Given that current win-9x usage on the internet is estimated to be 0.1%
(1 out of every 1000 computers in current use) it's highly unlikely that
people are examining standard installations of win-98 for new
vulnerabilities, let alone non-standard installations.

A vulnerability that is never discovered by anyone can never become a
threat.

If MSFN and those doing the same want to "keep Win98 alive"
then work on the well defined vulnerabilities at EOL and
correct those.

How do you know that these "well defined" vulnerabilities are not
corrected by the use of win-2k patch files?

And note that Microsoft has never admitted to the existance of any
vulnerabilities that win-9x has or had at EOL because microsoft became
silent to all things pertaining to win-98 at EOL.

And even before EOL, Microsoft made vague references to win-98 in their
advisory bullitens to make it appear that the bullitens applied to
win-98 - when in fact they did not.

 

[N. Miller]

It was speculated back in 2006 that most IE6 patches that Microsoft
released for Win-2K would be easily and seamlessly usable on win-98
because they both use the exact same version (IE6-Sp1).

Would you bet your life on untested speculation? Most parachutists, and rock
climbers do not.

 

[MEB]

What the hell does that mean?

What do you mean by a "different application"?

If you're trying to ask why someone wouldn't use a different browser
(Firefox, etc) instead of IE6, then why not just say that?

Why are you always obtuse and vague in your use of language?

The reason why you'd want to update these IE6 files is because they ARE
hooked into by the operating system and using another browser is no
garantee that those files will not be called upon for one task or
another.

HAHAHAHAHA, so now you ADMIT that these are part of system activities
rather than your other post's comments... SINCE THEY ARE and do affect
the working within the OS, then the vulnerabilities included within the
files DO affect the other programs AS WELL AS ANY MALWARE PROTECTIONS.

Why are you stating that the use of these patch files *will* confer
vulnerabilities to win-98?

How can you make such a claim?

Give an example (by CVE or some other identifier) of a vulnerability
that will result if these IE6 files are patched into a win-98 system.

Because you have EVERY PRIOR VULNERABILITY AND FIX listed at CERT as
well as the present ones either now or will in the future.

Nothing you just said in that statement makes any sense.

"these supposed installable files WILL be updated by Microsoft"

It's not that they "will" be updated. They *ARE* being updated. What
is the significance of that?

" *for the supported OSs* and Win9X will not receive them"

Microsoft states the applicability for those files. Win-9x WILL receive
them if the user gives them to it.

Microsoft will not place them in the list of files it serves for win-98
updates on the windowsupdate server because it has closed all new
submissions 3 years ago.

Microsoft's silience on ALL THINGS RELATING TO WIN-98 does not equate to
a blanket statement that no files it releases for win-2K might be
operable on win-98.

You continue to ignore the fact that Microsoft's complete silence about
win-98 does not mean that some patch files it has released in the past 3
years are perfectly compatible with it. We expect Microsoft not to tell
us this even when it's true, because their own support policy forbids
it.

THEY ARE DESIGNED FOR THE SUPPORTED OSs *ONLY*. There is no need now,
for Microsoft to include any code specific to Win9X activities and its
OS workings in any NEW fixes since 2006, which it did PRIOR to EOL.

That you idiots can't figure that out is telling of your mental facilities.

That is the largest flaw in your argument, for which you will not
address here in public.

Any vulnerability that *might* be caused by a peculiar interaction
between win-98 and these files would presumably be a unique
vulnerability that would not exist on win-2K. You propose that such a
vulnerability would leave win-98 users exposed to a problem that
Microsoft would never create a patch for, because the vulnerability
would not exist under win-2K.

The flaw in that argument is that any such hypothetical vulnerability
would be extremely unlikely to ever be detected, because it would
require that professional analysts, hobbyists or hackers would be
examining the combination of win-98 with installed patches from win-2k
looking for it.

Given that current win-9x usage on the internet is estimated to be 0.1%
(1 out of every 1000 computers in current use) it's highly unlikely that
people are examining standard installations of win-98 for new
vulnerabilities, let alone non-standard installations.

A vulnerability that is never discovered by anyone can never become a
threat.

That's the stupidest argument you've made yet. A vulnerability exist
when someone OUTSIDE the malware writer/hacker community *discovers* it.
OTHERWISE, it *remains* an unknown attack vector to the public.

In Win9X, there aren't a sufficient number of QUALIFIED coders and
programmers looking for any NEW vulnerabilities produced BY THESE
non-standard installations, because NO ONE in the protection community
is looking.

How do you know that these "well defined" vulnerabilities are not
corrected by the use of win-2k patch files?

And note that Microsoft has never admitted to the existance of any
vulnerabilities that win-9x has or had at EOL because microsoft became
silent to all things pertaining to win-98 at EOL.

And even before EOL, Microsoft made vague references to win-98 in their
advisory bullitens to make it appear that the bullitens applied to
win-98 - when in fact they did not.

Many did when applied in a specific fashion, others were included
because IE6 was never properly ported for Win9X usage in the first place
and Microsoft was unsure since it was not really interested in Win9X in
the years leading up to EOL. If it were, it would have corrected the
large file manipulation issues and other BROKEN or vulnerable aspects in
the Win9X OS. Microsoft DIDN'T; that should spell it out rather clearly
to even the most dense on the planet.

--
MEB
http://peoplescounsel.org/ref/windows-main.htm
Windows Info, Diagnostics, Security, Networking
http://peoplescounsel.org
The "real world" of Law, Justice, and Government
___---

 

[98 Guy]

Would you bet your life on untested speculation? Most
parachutists, and rock climbers do not.

Most parachutists and rock climbers do not pack computers running
windows-98 as part of their survival gear.

Any computer that is running mission-critical or life-support functions
should theoretically not have an internet connection and should not
allow the user to "surf the web" while in operation.

So your hyperbolic analogy doesn't really apply.

Microsoft has identified certain reasons to release new versions of
files related to IE6-SP1. The have done so periodically over the life
of that program, and will continue to do so until Win-2K reaches
end-of-life, which I think will happen mid-next year.

When those files are copied to a win-98 system (replacing existing
files) they allow the system to operate normally, with no errors or
lock-ups. That's quite a trick to do given the complexity of how these
files and functions interact with the OS. The slightest incompatibility
usually renders a system inoperable.

The conclusion one can draw from that is that Microsoft would release
the exact same files as part of a win-98 update patch if Microsoft's
support policy for win-98 allowed it.