Get ready for Patch Tuesday. July 13th will be the biggest update for 18 months, with no less than 12 security bulletins: 9 for the Windows OS, 2 for Office and 1 for Exchange. Of these, both Windows and Office updates include one flagged as critical, the highest Microsoft threat rating. At the same time, Microsoft is also releasing 3 non-security, yet apparently high priority, patches for Windows and a new version of the Windows Malicious Software Removal Tool.

If you are a Windows 98 or ME user, however, you’d better make the most of it as this will be the last set of updates you get. If you want a secure system you can pretty much forget it, just as Microsoft pretty much wants to forget you. As has been made clear for some time now, there will be no updates offered for these OS versions after June 2006. But forgive me for being pedantic, it isn’t the 11th July yet is it? So why has Microsoft decided not to bother with a critical security vulnerability patch to protect 98/ME users against a Component Object Model flaw in Windows Explorer? Pretty much all other Windows users got their protection on April 11th, and at the time Microsoft said it would deliver the 98/ME solution as soon as possible. Which looks like being the 12th of never now, perhaps Donny Osmond has been put in charge of Microsoft Security? Certainly I suspect he’d make more sense than the crazy horses who decided that “…these architectures will not support a fix for this issue now or in the future.”

I know, I know: everything comes to an end sometime, and Windows 98 is hardly the height of OS sophistication. No, it cannot use .NET Framework 2.0, NTFS or local security. Yes, Macromedia will be pulling the plug on Windows 98 extensions soon enough. No, there are less and less drivers being written that support it so there is an ever decreasing hardware pool that works on the platform. But is it truly obsolete when so many people still use it? According to a Jupiter Research survey in December 2005, 16% of the 2300 home users asked were running 98 or 98SE. And perhaps more to the point, does Microsoft have a moral duty to keep it secure as possible? I’m inclined to answer no to both questions, resting the moral obligation upon the user. And just to prove that I’m not all mouth and no trousers, Windows 98 users can use their firewalls to filter traffic on TCP Port 139 in order to block attacks that try to exploit the vulnerability at issue. Better still, upgrade to the more secure (note ‘more’ not ‘completely’) Windows XP SP2. Just in case you missed it, support for XP SP1 ends on October 11th 2006…

I second it. Just because a company has at one time released a program, it needn't constantly protect it while its still in common use.


Let's say for a moment that Microsoft made cars. Would you expect there to be parts for a 1998 Microsoft Sedan?

I would. But then again, I would also acknowledge that the part may need to be ordered, and there might be a handling fee on it. But I would expect to be able to get it. For cars, I would suggest 20 years to have parts available. But not necessairly for free.

At some point, the 98 folks are going to need to move forward. Either retire from the internet, or build up a defense paradigm.

As for my private consulting thing, I won't work with 98 anymore. I am not going to go looking all over the etherized tundra for drivers and the like.

As for business applications, I know of a handful of 98 computers used on specialty devices isolated from floppy disks and the internet. They'll be fine.


Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.