From: "Rich Gauszka" 

This is a multi-part message in MIME format.

------=_NextPart_000_001B_01C68C13.7AF59560
Content-Type: text/plain;
        charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

My original subject line said  "Are W2k Explorer users toast security
= wise?" . Do you disagree with Christopher Budd or do you think he
was = misquoted by pcworld about 2k and it's security vulnerability and the
= extensive reengineering of a critical core components that would be =
needed?
It's the 'extensive reengineering' quote that got my attention

I would bet a good many people that have home networks have port 139 = open
for file and print sharing. Just issuing a blurb to close it seems = a bit
pointless. I also doubt any of those people that are on 98 will = invest in
a perimeter firewall.=20

I would say they are all zombie/trojan candidates but I can't talk about =
them anymore as I am inficted with the wga 'phone home' trojan=20

 =20
  "Rich"  wrote in message news:448a28f2$1{at}w3.nls.net...
     What nonsense!  Windows 2000 was updated in the original release of =
http://www.microsoft.com/technet/security/bulletin/MS06-015.mspx.  =
Windows 9x is not being updated.  From the bulletin

    If Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), =
and Microsoft Windows Millennium Edition (ME) are listed as an affected =
product, why is Microsoft not issuing security updates for them?
    During the development of Windows 2000, significant enhancements =
were made to the underlying architecture of Windows Explorer. The =
Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and =
Microsoft Windows Millennium Edition (ME) Windows Explorer architecture =
is much less robust than the more recent Windows architectures. Due to =
these fundamental differences, after extensive investigation, Microsoft =
has found that it is not feasible to make the extensive changes = necessary
to Windows Explorer on Microsoft Windows 98, Microsoft Windows = 98 Second
Edition (SE), and Microsoft Windows Millennium Edition (ME) to = eliminate
the vulnerability. To do so would require reengineer a = significant amount
of a critical core component of the operating system. = After such a
reengineering effort, there would be no assurance that = applications
designed to run on these platforms would continue to = operate on the
updated system.

    Microsoft strongly recommends that customers still using Microsoft =
Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft =
Windows Millennium Edition (ME) protect those systems by placing them =
behind a perimeter firewall which is filtering traffic on TCP Port 139. =
Such a firewall will block attacks attempting to exploit this =
vulnerability from outside of the firewall, as discussed in the =
workarounds section below.

  Rich

    "Rich Gauszka"  wrote in message =
news:4489d02a{at}w3.nls.net...

    http://news.yahoo.com/s/pcworld/20060609/tc_pcworld/126041
    Microsoft said it wasn't feasible to make extensive changes to =
Windows=20
    Explorer to eliminate a security vulnerability since the underlying=20
    architecture of Windows 2000 is much less robust, wrote Christopher =
Budd, a=20
    program manager with Microsoft's security response center.


    "Due to these fundamental differences, these changes would require=20
    reengineering a significant amount of a critical core component of =
the=20
    operating system," Budd said.


    As a result, applications may not run on the updated system, he =
said.


------=_NextPart_000_001B_01C68C13.7AF59560
Content-Type: text/html;
        charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable








My original subject line
said  =
"Are W2k Explorer users toast security
wise?" . Do = you=20
disagree with Christopher Budd or do you think he was misquoted by
= pcworld=20
about 2k and it's security vulnerability and the extensive reengineering of a
critical core = components=20
that would be needed?
It's the 'extensive reengineering' quote that got my =
attention
 
I would bet a good many people that =
have home=20
networks have port 139 open for file and print sharing. Just = issuing a=20
blurb to close it seems a bit pointless. I also doubt any of those = people that=20
are on 98 will invest in a perimeter firewall. 
 
I would say they are all zombie/trojan =
candidates=20
but I can't talk about them anymore as I am inficted with the wga 'phone = home'=20
trojan 
 
  

  "Rich" <{at}> wrote in message news:448a28f2$1{at}w3.nls.net...
     What
nonsense!  =
Windows 2000=20
  was updated in the original release of http://www.microsoft.com/technet/security/bulletin/MS06-015.mspx"=
>.&nb" target="new">http://www.microsoft.com/technet/security/bulletin/MS06-015.mspx.&nb=
sp;=20
  Windows 9x is not being updated.  From the
bulletin
   
  
    If Microsoft Windows 98, Microsoft Windows 98 Second =
Edition=20
    (SE), and Microsoft Windows Millennium Edition (ME) are listed as an =

    affected product, why is Microsoft not issuing security updates for=20
    them?During the development of Windows 2000, =
significant=20
    enhancements were made to the underlying architecture of Windows =
Explorer.=20
    The Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), =
and=20
    Microsoft Windows Millennium Edition (ME) Windows Explorer =
architecture is=20
    much less robust than the more recent Windows architectures. Due to =
these=20
    fundamental differences, after extensive investigation, Microsoft =
has found=20
    that it is not feasible to make the extensive changes necessary to =
Windows=20
    Explorer on Microsoft Windows 98, Microsoft Windows 98 Second =
Edition (SE),=20
    and Microsoft Windows Millennium Edition (ME) to eliminate the=20
    vulnerability. To do so would require reengineer a significant =
amount of a=20
    critical core component of the operating system. After such a =
reengineering=20
    effort, there would be no assurance that applications designed to =
run on=20
    these platforms would continue to operate on the updated=20
    system.Microsoft strongly recommends that customers still =
using=20
    Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and=20
    Microsoft Windows Millennium Edition (ME) protect those systems by =
placing=20
    them behind a perimeter firewall which is filtering traffic on TCP =
Port 139.=20
    Such a firewall will block attacks attempting to exploit this =
vulnerability=20
    from outside of the firewall, as discussed in the workarounds =
section=20
    below.
   
  Rich
   
  
    "Rich Gauszka" <gauszka{at}hotmail.com>">mailto:gauszka{at}hotmail.com">gauszka{at}hotmail.com>
=
wrote in=20
    message news:4489d02a{at}w3.nls.net...http:=">http://news.yahoo.com/s/pcworld/20060609/tc_pcworld/126041">http:=
//news.yahoo.com/s/pcworld/20060609/tc_pcworld/126041Microsoft=20
    said it wasn't feasible to make extensive changes to Windows =
Explorer to=20
    eliminate a security vulnerability since the underlying =
architecture of=20
    Windows 2000 is much less robust, wrote Christopher Budd, a =
program=20
    manager with Microsoft's security response
center."Due =
to these=20
    fundamental differences, these changes would require =
reengineering a=20
    significant amount of a critical core component of the operating =

    system," Budd said.As a result,
applications may not run =
on the=20
    updated system, he =
said.

------=_NextPart_000_001B_01C68C13.7AF59560--

--- BBBS/NT v4.01 Flag-5