I seem to remember that win 98 could only address up to 64MB
of RAM. That was one of the reasons I switched to XP in 2006 or so.
Nevertheless, I'm still going to use XP. Have not used a
resident AV for more or less 5 years now.
A very large number of softwares no longer work on 98. And Win
8 - 10 (and to a lesser extent Win 7) are just dumb terminals now.
[]'s

PS Anything won't work on XP, I use Devuan 2.0. Except for
Firefox, which is a security nightmare, it's pretty "safe". No
systemDisease.

That's true, and those vulns will likely apply only to the monstrosity
that is Win 10. However, to deliver the exploits they're unlikely to
be using a 32 bit executable built with Visual Studio 6 or a script
that will even run on my system.
You have a point about the early NT systems having all manner of
unnecessary services running by default with ports open to the
internet. That's why I've configured my Win2k to have minimal services
running and further tweaked it to close any other listening ports that
I don't specifically require for the current network task. Network
access is also completely disabled when I'm not actively using it.

Ehm. You're still spewing complete horse shit as factual information.
Win2k and XP are by far, not the most insecure flavors of NT to
exist. You're writing from your arsehole concerning subject matter
you barely understand. We've been over this, many many times before.
Nothings changed since the last time you spewed your nonsense.
Actually, no, it hasn't. By default, as in out of the box, netbios
was bound to your tcp/ip stack. Which made remote drive mapping a
very friendly prospect if you weren't behind a 3rd party firewall.
That's not a fair or reasonably sound test, either. It had visible
ports with buggy server side software listening. With a firewall,
those ports wouldn't be available to the outside world unless you
made firewall rules stating they should be. If you intentionally
cripple your defenses by limiting and/or disabling them, then you
deserve to be 0wned.
That wasn't a set in stone deal. And, only an idiot would surf the
net on a windows (any windows) system in the dmz and/or with a
disabled firewall. It's a stupid thing to be doing. Btw, your win9x
machines without a firewall were (and still are) vulnerable to a
variety of tcp/ip based exploits. A firewall is your friend.
Bullshit. Zone alarm, tinyfirewall, etc would have kept you safe in
the event you weren't behind a nat based firewall. I don't know where
your getting your figures from, but, DSL/cable with firewalls have
been common place for a bit more than a decade now. Atleast in this
area. Perhaps if you live in a very rural place, it took longer...

You write as if the world would end the moment you plugged a cable
into an XP machine to give it internet access and that's just not so
in real life.
And it was just as wrong then, too. It's no secret that for whatever
crazy misinformed reason you think windows 9x is far more secure than
the later NT editions, but, it doesn't make it so. It just shows that
you're a paranoid and extremely misinformed individual.
Not just the user, but any/every single program the user runs.
There's nothing on a windows 9x system to compartmentalize damage or
restrict where and what a program you ran has access too. Nothing
stops it from accessing any file on your hard disk it likes. There's
no permissions, no security, nothing. A simple virus written in the
late 90s/early 00s can *easily* take your entire machine within
minutes. You have NO SECURITY features on your OS which would even
slow the process down. What's more, your OS doesn't have to emulate
the code, it can run it real; which allows full functionality and
minimal risk of a code crash. Where as with NT based systems, it's
emulated and the risk of failure is higher.

That's not even including the security permissions that could
restrict and/or limit what the virus can access and how deep it can
get into your machine as far as infections goes.

I've offered you a sample to play with and get owned by on more than
one occasion, but, you've yet to put your money where your mouth is
and put windows 9x 'security' to the test with something that *will*
take it from you.
No, they aren't. Many of those exploits came via browser surfing with
IE and users doing stupid things, just as they did with Windows 9x.
The only exception being, on NT, the malware they just installed
isn't actually everywhere on the NT machine; it has restricted
access. Where as with the windows 9x system, even the mbr is up for
grabs and modification. Total, 0wnage before windows 9x even boots,
if one wants to go that route.

I know that nothing I or anyone else writes is ever going to change
your opinion, and, I don't much care. I don't respond to you
expecting you to realize you're wrong, it's for the benefit of anyone
who's read your logical on the surface (but still inaccurate results)
rants concerning the so called superior security windows 9x offers
over NT.

There's something else about windows 9x I've never seen you mention.
You either don't run into the problem because your machines don't run
24/7, or you have, and have just learned to deal with it. After so
many days, windows 9x (me included) has to be hard reset. It cannot
run for say, 90 days at one time. NT systems can. I believe around
the 42, 43rd or so day, the systems resources are depleted (due to
memory leaks) and a reset has to be performed to regain use of the
machine. I know this because I've seen it, many times, first hand.
And, it's a documented issue with microsoft, too. It's actually quite
known amongst repair tech circles. It's why windows 9x makes for a
horrible host for an FTP server. It was never fixed, it'll never be
fixed. It was present since windows 3x and carried all the way to
Windows ME.

Another thing you probably don't know about the windows code base
iterations. Everything that isn't NT based still had actual DOS/early
windows 3.x native code present in their executables and libraries.
Yep, you read that correctly. MS recycled and recycled and recycled.

Windows 9x is still, to this day, a glorified (using an MS version of
time slicing to give you the false impression of multi tasking) shell
riding on top of, in lieu of (as is the case with NT based systems)
DOS. It's a shell. An advanced shell, but a shell non the less.
Windows ME tried to hide the fact it was still DOS based by making it
more difficult to reach a command prompt on startup. Flipping a
couple of bytes in IO.SYS would cause it to act like Windows 9x
again; which it was based on, and did so poorly, MS pulled it from
the sales distribution channels three months after it's release.

If you'd like to discuss operating system history in greater detail
sometime, lemme know. It's a subject that's always interested me.
Primarily because I've watched the systems change throughout the
years... When you've been doing I.T professionally for as long as I
have (and many like me), it's not history so much as it's a trip down
memory lane for us.

In a throwback to the ’90s, NTFS bug lets anyone hang or crash Windows
7, 8.1

It's like the c:\con\con bug all over again.

Peter Bright - May 25, 2017 9:45 pm UTC

Those of you with long memories might remember one of the more amusing
(or perhaps annoying) bugs of the Windows 95 and 98 era: certain
specially crafted filenames could make the operating system crash.
Malicious users could use this to attack other people's machines by
using one of the special filenames as an image source; the browser would
try to access the bad file, and Windows would promptly fall over.

It turns out that Windows 7 and 8.1 (and Windows Vista, but that's out
of support anyway) have a similar kind of bug. They can be taken
advantage of in the same kind of way: certain bad filenames make the
system lock up or occasionally crash with a blue screen of death, and
malicious webpages can embed those filenames by using them as image
sources. If you visit such a page (in any browser), your PC will hang
shortly after and possibly crash outright.

The Windows 9x-era bug was due to an error in the way that operating
systems handled special filenames. Windows has a number of filenames
that are "special" because they don't correspond to any actual file;
instead, they represent hardware devices. These special filenames can be
accessed from any location in the file system, even though they don't
exist on-disk.

While any of these special filenames would have worked, the most common
one used to crash old Windows machines was con, a special filename that
represents the physical console: the keyboard (for input) and the screen
(for output). Windows correctly handled simple attempts to access the
con device, but a filename included two references to the special
device—for example, c:\con\con—then Windows would crash. If that file
was referenced from a webpage, for example, by trying to load an image
from file:///c:/con/con then the machine would crash whenever the
malicious page was accessed.

The new bug, which fortunately doesn't appear to afflict Windows 10,
uses another special filename. This time around, the special filename of
choice is $MFT. $MFT is the name given to one of the special metadata
files that are used by Windows' NTFS filesystem. The file exists in the
root directory of each NTFS volume, but the NTFS driver handles it in
special ways, and it's hidden from view and inaccessible to most
software. Attempts to open the file are normally blocked, but in a move
reminiscent of the Windows 9x flaw, if the filename is used as if it
were a directory name—for example, trying to open the file
c:\$MFT\123—then the NTFS driver takes out a lock on the file and never
releases it. Every subsequent operation sits around waiting for the lock
to be released.Forever. This blocks any and all other attempts to access
the file system, and so every program will start to hang, rendering the
machine unusable until it is rebooted.

As was the case nearly 20 years ago, webpages that use the bad filename
in, for example, an image source will provoke the bug and make the
machine stop responding. Depending on what the machine is doing
concurrently, it will sometimes blue screen. Either way, you're going to
need to reboot it to recover. Some browsers will block attempts to
access these local resources, but Internet Explorer, for example, will
merrily try to access the bad file.

We couldn't immediately cause the same thing to occur remotely (for
example, by sending IIS a request for a bad filename), but it wouldn't
immediately surprise us if certain configurations or trickery were
enough to cause the same problem.

Microsoft has been informed, but at the time of publication has not told
us when or if the problem will be patched.