VOGONS


First post, by WildW

User metadata
Rank Member
Rank
Member

Does anyone know if a system running an older version of Windows, specifically 95 or 98, would be susceptable to recent malware like Wannacrypt that we've been hearing so much about lately? I have a 98SE system that I've just rebuilt, and in the past I've used network shares to move files around as it's a little more convenient that USB drives (no front USB on this machine 😜). For now I've not installed my network drivers, but I would like to.

I imagine the networking might have the same vulnerabilities, but then there's the question of whether the virus could even run once it got in. I don't have much to lose beyond my Crimson Skies saves, but still, enquiring minds need to know / reassurance.

Reply 1 of 16, by Sammy

User metadata
Rank Oldbie
Rank
Oldbie

In my DSL Router i have set that every new MAC adress is blocked for the Internet, but can access Local Network (Lan IP 192.168.178.x)

When i install a new system, in virtualbox or on a real machine, then i can access Local FTP and Printers, but no internet. (this is for Win9x machines)

When i want internet (if i try a new Linux Distro in a VM, for example) i put this PC in the DSL Router on the Whitelist.

Reply 2 of 16, by Ampera

User metadata
Rank Oldbie
Rank
Oldbie

A LAN connection is fine for older machines, but there is still malware out there that targets older machines, and while the same can be said for newer machines, older machines are a lot easier to hurt (Especially DOS based windows versions) and don't have really any defense against a virus.

Reply 3 of 16, by clueless1

User metadata
Rank l33t
Rank
l33t

The only practical way malware can get into your network from the internet is:
a) you let it in by clicking a link
b) you're not running behind a router

Routers (even without firewall abilities) use network address translation to drop unsolicited inbound traffic. That's why so many PCs were infected in the days before Windows XP SP2 (when Microsoft enabled the software firewall), because people still occasionally connected their single PC straight to the modem. No router+no software firewall=pwned.

When you click a link in an email or visit a malicious site, you are initiating the connection, and routers do route traffic back to your machine if you initiate. 😀

So, just being on the LAN is not necessarily dangerous. If you're getting email or browsing the web on your Win9x, then you're in a riskier position.

You could still get infected if another machine on your LAN somehow allows a worm in that is network-aware. The machine that brought it in might have defenses to block infection, but it still could find other LAN devices that aren't protected and jump there.

@Sammy, you could accomplish the same thing by going into the system you don't want to have internet access, assign it a static IP on your LAN, and simply delete the gateway:

nogateway.png
Filename
nogateway.png
File size
11.13 KiB
Views
1726 views
File license
Fair use/fair dealing exception

If the machine does not have a gateway defined, it can't get to the outside world.

The more I learn, the more I realize how much I don't know.
OPL3 FM vs. Roland MT-32 vs. General MIDI DOS Game Comparison
Let's benchmark our systems with cache disabled
DOS PCI Graphics Card Benchmarks

Reply 4 of 16, by Errius

User metadata
Rank l33t
Rank
l33t

Oh this brings back memories. I think Windows 2000 had a built-in instant messaging system that was taken out with XP? I remember within minutes of connecting a new W2K installation to the internet I'd begin getting weird messages pop-up on the screen.

Is this too much voodoo?

Reply 5 of 16, by WildW

User metadata
Rank Member
Rank
Member

I appreciate that getting a virus is fairly difficult in the first place, but with the recent ones exploting network shares I know there is an attack vector. From the times I've had to reinstall the kids' computers I know they download and install any old thing without thinking about it. Even my partner will sometimes go weeks without rebooting rather than let Windows install updates.

Reply 6 of 16, by dr_st

User metadata
Rank l33t
Rank
l33t
Errius wrote:

Oh this brings back memories. I think Windows 2000 had a built-in instant messaging system that was taken out with XP? I remember within minutes of connecting a new W2K installation to the internet I'd begin getting weird messages pop-up on the screen.

We used to have fun with that in the computer room, after figuring out how to send messages to network peers. Especially by sending scary messages to unsuspecting victims.

https://cloakedthargoid.wordpress.com/ - Random content on hardware, software, games and toys

Reply 7 of 16, by Jorpho

User metadata
Rank l33t++
Rank
l33t++
WildW wrote:

I appreciate that getting a virus is fairly difficult in the first place, but with the recent ones exploting network shares I know there is an attack vector.

I understand that XP was actually invulnerable to the recent ones unless a specific update (released long after XP support officially ended) was installed. Windows 9x would thus be immune to those particular attacks. In fact, 95/98/ME used a very different network protocol than later versions of Windows, though it's not obvious from its apparent functionality.

Reply 8 of 16, by chinny22

User metadata
Rank l33t++
Rank
l33t++
WildW wrote:

Does anyone know if a system running an older version of Windows, specifically 95 or 98, would be susceptable to recent malware like Wannacrypt that we've been hearing so much about lately? I have a 98SE system that I've just rebuilt, and in the past I've used network shares to move files around as it's a little more convenient that USB drives (no front USB on this machine 😜). For now I've not installed my network drivers, but I would like to.

I imagine the networking might have the same vulnerabilities, but then there's the question of whether the virus could even run once it got in. I don't have much to lose beyond my Crimson Skies saves, but still, enquiring minds need to know / reassurance.

You could put your retro PC's on one subnet (say 10.0.0.1) and your internet connection on another (say 192.168.1.1)
any recent OS can support 2 IP address, and could talk to either network.
So yes that PC could potentially infect your retro network, but only that 1 as it is the only link between the 2 networks and should also be less vulnerable as well with better security, updates, and all that stuff that wasn't a concern for our retro systems.

Personally I don't do anything, I don't apply any updates to reto PC's just slows them down, and while they can get out on the internet I never do. Trying to surf the web with IE5 or whatever is horrible IMHO. But also don't have family members infecting other computers on the network either, hadn't thought of that future hurdle

Reply 9 of 16, by 95DosBox

User metadata
Rank Member
Rank
Member
WildW wrote:

I appreciate that getting a virus is fairly difficult in the first place, but with the recent ones exploting network shares I know there is an attack vector. From the times I've had to reinstall the kids' computers I know they download and install any old thing without thinking about it. Even my partner will sometimes go weeks without rebooting rather than let Windows install updates.

I suggest you clone image your Windows partition. It should be fairly small about 300MB? For programs I'd install them to another partition so that it keeps your Windows partition small and compact.

If you get infected it just takes a few seconds to restore the image back. Beats reinstalling everything from scratch. My 1 cent. 😀

Reply 10 of 16, by WildW

User metadata
Rank Member
Rank
Member
95DosBox wrote:

I suggest you clone image your Windows partition. It should be fairly small about 300MB? For programs I'd install them to another partition so that it keeps your Windows partition small and compact.

If you get infected it just takes a few seconds to restore the image back. Beats reinstalling everything from scratch. My 1 cent. 😀

Have done this actually. I'm dual booting to XP so I have Macrium Reflect running there, 400MB for the Windows 98 image.

Reply 13 of 16, by dr_st

User metadata
Rank l33t
Rank
l33t

Win98 - theoretically, yes, since a lot of the Win32 APIs are available, but I bet the kits they use would not work out of the box. With enough determination you could probably get it to run on Win98, but the gain would not be worth the effort.

DOS - obviously not. It's not even remotely the same OS. It is more likely to get it to run on Linux (but you would have to find different exploits to get it there in the first place, since the ones from Windows would not be relevant.

https://cloakedthargoid.wordpress.com/ - Random content on hardware, software, games and toys

Reply 14 of 16, by spiroyster

User metadata
Rank Oldbie
Rank
Oldbie
dr_st wrote:

Win98 - theoretically, yes, since a lot of the Win32 APIs are available, but I bet the kits they use would not work out of the box. With enough determination you could probably get it to run on Win98, but the gain would not be worth the effort.

Win95/98 are safe from the payload it appears. Due to the fact it uses cmd.exe (not present in 98/95 iirc) to facilitate its intention.
https://blogs.technet.microsoft.com/mmpc/2017 … f-date-systems/

Reply 15 of 16, by agent_x007

User metadata
Rank Oldbie
Rank
Oldbie

@up Indeed - DOS/Win 95/98/ME, all use Command.com and NOT cmd.exe.
Source : https://www.computerhope.com/cmd.htm
So, Wannacrypt can't be run on them because there isn't available console to execute scripts it uses.
KernelEX may change that (I think)...
Either way, good to know 😀

After some read :
SMBv1 hack probably won't work on Win 95/98 either, since SMB inside Win 98 uses different kind of security model ("share level" used by Windows for Workgroups) vs. Win NT and newer OS'es (with "user level" model).
Basicly - share level model in SMB can't block access to single files, only directories/folders (for example).
It uses a password only authentication (ie. if you know the password, you can access the share).
You also don't need to have special privileges to access a share (or be logged in as Admin).
Lastly : SMB protocol is disabled by default on Win 95/98.

157143230295.png

Reply 16 of 16, by 95DosBox

User metadata
Rank Member
Rank
Member
agent_x007 wrote:

Can Wannacrypt virus encrypt DOS/Windows 98 from Win98/DOS ?
Because I don't see how a program that complex could work on Win 10/7/XP and Win98/DOS, at the same time.

I don't think the Wannacrypt virus programmer had the foresight to include infecting DOS systems since they probably make up such a miniscule amount of actual users it would have gone unnoticed. They would probably just use a Stone Virus variation and secretly look for Command.Com and infect your boot partition. But it's so simple to reformat the boot partition and restore it there would be nothing gained for wasting their time doing it and assuming all DOS users probably either are retro users or simply people with such outdated systems they don't have the income to upgrade. Plus that system would have to be part of a MultiOs setup or else there would be no way that Wannacrypt virus could infect the DOS directly without an internet connection to a Windows based OS first. Too many things must happen and then they would have to write special code to encrypt the DOS files and how can you even see the ransom ware pop up window? I guess they could do an ASCII window version but then how could they enforce the time limit since there is no internet connection. You'd just change your date and time and get more time to avoid the time bomb until you could decrypt it.