^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Contents

1 - Abstract
2 - Root
3 - TCP/IP
4 - Encryption
5 - Permissions
6 - Conclusion

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

1 - Abstract

As much as I like Win98 it is totally insecure. Programs in the root directory can allow remote web access. This could mean to browse your system files with possibly read and write permissions, upload and download files, remotely execute code, and whatever else you can think of. If your system has important files on it then you could be in trouble. The Access Controls in Win98 are misleading and can allow an attacker to access your hard drive with read/write permissions unpassworded. Also there is no encryption scheme between the network components so basically anyone can sniff your passwords and whatever else you type, and improper permissions allow trojan horses to carry out instructions with no restrictions. All of these security issues have the potential of giving an attacker remote administration over your Win98 system. The possibilities that come with that are endless. This advisory goes over several security problems in the Win98 operating system. I think you’ll be interested reading it. Have fun!

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

2 - Root

In Windows we have what is called the root directory. This is C:\WINDOWS. Files in the root directory can carry out system-wide processes that may be compromising to the security of the system. Explorer.exe has been exploited in past versions to allow remote access to Win95/98 over the web. In fact any program in the root directory has the potential of being exploited. Sometimes programs are written without security in mind or maybe the programmers look over parts of the code and don't realize there's a problem. There could be a buffer overflow or a poorly written function that allows remote browsing of databases. If you store medical or other personal information like credit card numbers, addresses, or company documents then this is obviously a concern. Nobody wants to wake up one morning and see that their fifteen-page paper that was suppose to be released tomorrow has been downloaded by a teen hacker. Windows 98 fails to incorporate security necessary to prevent these types of attacks. The only thing I can recommend at this time is that you download a free commercial firewall that's been released by a respectable company other than Microsoft.

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

3 - TCP/IP

Many of today's Windows '98 users want to share files with other computers on their existing network. One of the easiest ways to do this is using the TCP/IP protocol. All the user has to do is go to settings in the start menu, control panel and when Explorer opens up, click on the network icon. When the network config folder opens there will be a list of what network components have been installed. Just one click on TCP/IP and then Add.. File and print sharing.. OK and it's done. The thing most people don't realize when setting up shares is that they don't stop to think or don't realize that people other than the intended people can also access these shares and without a password. They assume that the password will be the same as their Windows logon password. Well they assumed wrong. Windows '98 provides poor configuration for networks which leaves them succeptible to attack to anyone on the Internet or on the network. For example if I were on a network and new the ip address of the computer running shares I would open an MSDOS window and:

C:\>net use p: \\targetip\ipc$
The command completed successfully.

C:\>net view \\targetip
Shared resources at \\targetip

Share name Type Used as Comment

-------------------------------------------------------------------------------
ADMIN$ Disk Remote Admin
C$ Disk C Drive
D$ Disk D Drive
IPC$ IPC Remote IPC
NETLOGON Disk Logon server share
HPLaser4 Printer HP LaserJet 4si
The command completed successfully.

Basically what I just did was create a null connection with the IPC$ share and view what shares were on the network. Now I can map to any of these shares like C$ and browse them with read/write permissions. What this means is that I can take a look at any file on the system. The access control features of Windows 98 are poorly set up and make misconfiguration of NetBIOS easy. To learn more about NetBIOS check out The NT Wardoc by Rhino9.

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

4 - Encryption

You would think that in cooperation with the network components of Windows 98 that there would be some sort of encryption between host and client but there's not. If you do in fact have a password set on your shares any attacker who is sniffing the network can see you typing in your username and password in cleartext. Win98 provides no prevention of this.

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

5 - Permissions

In the Windows environment there are no permissions on files by default. The potential of what someone might do with access to all of the files that are a part of the Windows 98 operating system is risky. They could also download a program which may be a virus or a trojan horse that executes instructions without any restrictions. This can't be good for anyone. Your Windows 98 computer is at risk of being compromised because Microsoft didn’t pay attention and didn’t do a clean job.

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

6 - Conclusion

Although Win98 provides excellent point-and-click features it is far beyond not being secure. Since the update from Win 95 to Win 98 Microsoft has failed to improve the system as far as security is concerned. There is absolutely no protection at all. If that’s what you’re looking for in an operating system Windows is not the way to go. Switch to Unix or something. Basically that’s all you can do. Microsoft continues to downplay the security concerns of Windows 98 as I write this. I don’t think anyone’s addressed all of these issues in one informative advisory before so I decided to. I hope you’ve enjoyed this advisory! Keep tabs on gH and me and KeyRoot.