Internet Explorer 6.0 Sp1 Component Update 3.0 for Windows 98

For those of you that want to use various Win-2K updates from Microsoft
and apply them to your Win-98 system, this update package has been
designed to bring together all those various updates and install them
automatically.

MD InternetExplorer 6.0sp1 Component Update 3.0

*Windows Script Update 5.6
*971961 - Unofficial JScript Security Update
*944338 - Unofficial Windows Script Security Update
*973354 - Unofficial Outloook Express Cumulative Security Update
*976325 - Unofficial Internet Explorer Cumulative Security Update (with
uninstall)
*905495 - Unofficial Security Update (MSIEFTP)
*885258 - Security Update (PROCTEXE)
*816362 - Security Update (MSHTA)
*958869 - Unofficial Security Update (VGX)
*906216 - Unofficial Security Update (DHTML+TRIEDIT)
*920670 - Unofficial Security Update (HLINK)
*918439 - Security Update (ART Image Rendering)
*816093 - JVM 3810 Security Update
*961371 - Unofficial Web fonts update
*824220 - Unofficial Security Update (IMGUTIL)
*886677 - Unofficial Security Update (MLANG)
*896156 - Unofficial Security Update (MSHTMLED)
*893627 - Hotfix for Bug with Group Policies Not Applied in IE6sp1
*973525 - Unofficial ActiveX Kill Bits (AKB) Security Vulnerability Fix
*931125 - Windows Roots Update

*Unofficial DirectX Media (DXM) 6.0 Update

--------------------------------------------------------------
http://rapidshare.de/files/48815001/MDIE6CU30E.EXE.html
---------------------------------------------------------------

*Size: ~14mb

What's new:

*976325 - Unofficial Internet Explorer Cumulative Security Update (with
uninstall)
*961371 - Unofficial web fonts update

removed:

*974455 - Unofficial Internet Explorer Cumulative Security Update
*976749 - Unofficial Internet Explorer Update
*908519 - Web fonts update

You know damn well these also subject the users to potential and
ongoing vulnerabilities which are *not* protected via 9X capable AV
and other programs due to the differing operating environments and
expected respective activities. Moreover, *these files* may give users a
false and dangerous feeling that they HAVE secured their systems, when,
IN FACT, they have added to the potential and/or now unknown real
vulnerabilities.

Why don't you just keep this crap over on MSFN and the other sites and
forums that cater to this type of UNTESTED [other than installation]
modifications.

Don't bother pointing to the users of those modifications for supposed
"testing" as most of those {such as you} know *only* that the
modifications install.

I agree, he should have perhaps added some warning to that effect, but
he knows he doesn't need to as you will do so for him. (I just _knew_
what the next post I would see would be!)

Does this set of fixes actually ADD to the vulnerabilities of a system,
or just CHANGE it - i. e. could it be that it introduces some new ones
but closes some (while also adding other things, such as a DirectX and a
web fonts update)?

[They're of academic interest to me anyway - I do not have IE of any
flavour on my '98SEl machines, one of which has never been online and
the other does so very rarely.]

Good questions. If it were the OSs designed for it might fulfill the
desired effect, temporarily. However, there is no "patch Tuesday" or
"zero day" hotfixes for Win9x and these will contain vulnerabilities IN
THE OSs designed, for which updates will be received, Win9X won't.
These are for the interface to the Internet, the browser, waving in the
breeze...

Just as the last posted suggested junk from 98 Guy was patched in a
week or so, and is NOT part of a normal Win9X installation {MS XML4}, so
rather obviously they introduce vulnerabilities that wouldn't be there
to start with. NO ONE tests these for 9X vulnerabilities and they DO
introduce new vulnerabilities into the OSs intended; nor even for
compatibility beyond they install...

On the other hand, if you want to *manual* check every day to see if
Microsoft has offered any security or file fixes, AND check for whether
they work in 9X, AND are willing to be a "guinea pig" for any new and
COMPLETELY UNKNOWN 9X vulnerabilities, then sure, install; just don't
expect anyone to be able to help fix your system and don't expect your
software will be compatible... including any malware protection.

Somewhere along the line since EOL, these people lost track of what
they hoped to accomplish, keeping 9X alive... that requires someone
actually test and NOT JUST FOR INSTALLATION, and creation of NEW
browsers and malware programs...

Good questions. If it were the OSs designed for it might fulfill the
desired effect, *temporarily*. However, there is no "patch Tuesday" or
"zero day" hotfixes for Win9x and these will contain vulnerabilities IN
THE OSs designed, for which updates will be received, Win9X won't.
These are for the interface to the Internet, the browser, waving in the
breeze... or are these supposedly NOT for people using IE6? Then there
is ZERO reason to install them as they patch the last group of supposed
fixes...

Just as the last posted suggested junk from 98 Guy was patched in a
week or so, and is NOT part of a normal Win9X installation {MS XML4}, so
rather obviously they introduce vulnerabilities that wouldn't be there
to start with. NO ONE tests these for 9X vulnerabilities and they DO
introduce new vulnerabilities into the OSs intended.

On the other hand, if you want to *manually* check every day to see if
Microsoft has offered any security or file fixes, AND check for whether
they work in 9X, AND are willing to be a "guinea pig" for any new and
COMPLETELY UNKNOWN 9X vulnerabilities, then sure, install; just don't
expect anyone to be able to help fix your system and don't expect your
software will be compatible... including any malware protection.

Somewhere along the line since EOL, these people lost track of what
they hoped to accomplish, keeping 9X alive... that requires someone
actually test and NOT JUST FOR INSTALLATION, and creation of NEW
browsers and malware programs...

But this was already stated for the most part... WHY you two chose to
post otherwise is the actual question...

Have a look at 98 Guy's headers. I would not trust someone using Opera to
build IE patches for an unsupported OS or browser.

You may as well accept those Windows Updates trojans that appear in your
Inbox (NOT). I think he is wearing black.

They certainly have the potential to do so, though whether they actually
do so hasn't been tested either.

They are more likely to, yes.

As I've said before, they can choose to preserve in aspic their 98
system as it was at the instant of EOL, or they can choose to take
potential risks for potential benefits. It's their choice. If they
choose the latter, they can be reassured to whatever extent they trust
98g, and worried to whatever extent they believe you.

I don't know how much you've been following issues relating to IE (IE6)
after the official end of support for win-98 (which happened in July
2006).

The fact is that after July 2006, there has been no such files, testing,
or recommendations by Microsoft for anything relating to win-98. This
was not a surprise - or unexpected.

IE6 files are not (technically speaking) system files. Files relating
to IE can be stripped out of win-98 (perhaps more easily for win-95).

It was speculated back in 2006 that most IE6 patches that Microsoft
released for Win-2K would be easily and seamlessly usable on win-98
because they both use the exact same version (IE6-Sp1). By intention,
Microsoft has never allowed win-2K to be compatible with IE6-SP2 (the
version of IE6 that came with XP-SP2). The binary files for that
version are somewhat different and are not compatible with win-9x.

So, to re-cap:

1) The end of official support of any kind for Win-98 in July 2006
marked the point at which Microsoft would no long make any comment or
statement about win-98 in any of it's advisories or bulletins, and for
which Microsoft would no longer identify any new patch or update file as
being compatible (or incompatible) with win-98.

2) The lack of mention of win-98 in any patch or update file released
for the past 3 years DOES NOT MEAN that the file won't work or is not
compatible with win-98. Practically speaking, this is notable mostly
when we are speaking about patch files released for Windows 2000.

3) Simple file-substitution of new win-2K patch files onto a win-98
system is enough to determine if win-98 is compatible with the files.
If the win-98 system is usable an can perform all operations as expected
with the new files, then that is generally enough of a test to determine
compatibility. No harm can really be done to a system that does not
function as intended during this test, and the original files can be
easily replaced.

4) A respectible-sized user base of win-98 systems with these file
substitutions can be found at msfn.org. These users pay close attention
to the workings and performance of their win-98 systems, and any hint of
file incompatibility are discussed at length. There is a very good
consensus that the various IE6 updates that have been been made for
win-2K over the past 3 years function well on win-98.

So you intend to claim the benefit of installation, verses say, a
different application providing BETTER support for new formats...

The cost is???? that to use these DOES AND WILL CONTINUE to place these
parties doing so in the position of NO knowledge of what present
vulnerabilities they have and NO way to protect themselves from them.
The *TESTS* come from the fact that these supposed installable files
WILL be updated by Microsoft *for the supported OSs* and Win9X will not
receive them, nor will any fixes be designed to correct vulnerabilities
within 9X created by their installation.

If MSFN and those doing the same want to "keep Win98 alive" then work
on the well defined vulnerabilities at EOL and correct those. These are
supposed coders and programmers,,,

So it appears this is just more of an attempt to waste some more time
while resting on OLD laurels...

AND the whole moronic idea by these purported supporters of this
activity is that you just *IGNORE* that prior files were NOT created the
same. Look within the original files during 9X support period and note
the various internal patching AND/OR DISTINCT 2K or 9X files in some of
the files PER OS and directed via the setup. *THAT* is what was once
done by Microsoft to make sure of compatibility AND THAT IT ADDRESSED
THE VULNERABILITIES within the *INTENDED* OSs.

The supposed respectable user base are users who think those creating
the modified files *DO* check for vulnerabilities and are generally as
ignorant as 98 Guy. ALL these supposed modifiers now do is make an
installer from the NT BASED files and are ONLY concerned with that
installation. As for supposed user testing, think of 98 Guy and all this
party DOESN'T know and understand...

What the hell does that mean?

What do you mean by a "different application"?

If you're trying to ask why someone wouldn't use a different browser
(Firefox, etc) instead of IE6, then why not just say that?

Why are you always obtuse and vague in your use of language?

The reason why you'd want to update these IE6 files is because they ARE
hooked into by the operating system and using another browser is no
garantee that those files will not be called upon for one task or
another.

Why are you stating that the use of these patch files *will* confer
vulnerabilities to win-98?

How can you make such a claim?

Give an example (by CVE or some other identifier) of a vulnerability
that will result if these IE6 files are patched into a win-98 system.

Nothing you just said in that statement makes any sense.

"these supposed installable files WILL be updated by Microsoft"

It's not that they "will" be updated. They *ARE* being updated. What
is the significance of that?

" *for the supported OSs* and Win9X will not receive them"

Microsoft states the applicability for those files. Win-9x WILL receive
them if the user gives them to it.

Microsoft will not place them in the list of files it serves for win-98
updates on the windowsupdate server because it has closed all new
submissions 3 years ago.

Microsoft's silience on ALL THINGS RELATING TO WIN-98 does not equate to
a blanket statement that no files it releases for win-2K might be
operable on win-98.

You continue to ignore the fact that Microsoft's complete silence about
win-98 does not mean that some patch files it has released in the past 3
years are perfectly compatible with it. We expect Microsoft not to tell
us this even when it's true, because their own support policy forbids
it.

That is the largest flaw in your argument, for which you will not
address here in public.

Any vulnerability that *might* be caused by a peculiar interaction
between win-98 and these files would presumably be a unique
vulnerability that would not exist on win-2K. You propose that such a
vulnerability would leave win-98 users exposed to a problem that
Microsoft would never create a patch for, because the vulnerability
would not exist under win-2K.

The flaw in that argument is that any such hypothetical vulnerability
would be extremely unlikely to ever be detected, because it would
require that professional analysts, hobbyists or hackers would be
examining the combination of win-98 with installed patches from win-2k
looking for it.

Given that current win-9x usage on the internet is estimated to be 0.1%
(1 out of every 1000 computers in current use) it's highly unlikely that
people are examining standard installations of win-98 for new
vulnerabilities, let alone non-standard installations.

A vulnerability that is never discovered by anyone can never become a
threat.

How do you know that these "well defined" vulnerabilities are not
corrected by the use of win-2k patch files?

And note that Microsoft has never admitted to the existance of any
vulnerabilities that win-9x has or had at EOL because microsoft became
silent to all things pertaining to win-98 at EOL.

And even before EOL, Microsoft made vague references to win-98 in their
advisory bullitens to make it appear that the bullitens applied to
win-98 - when in fact they did not.

HAHAHAHAHA, so now you ADMIT that these are part of system activities
rather than your other post's comments... SINCE THEY ARE and do affect
the working within the OS, then the vulnerabilities included within the
files DO affect the other programs AS WELL AS ANY MALWARE PROTECTIONS.

Because you have EVERY PRIOR VULNERABILITY AND FIX listed at CERT as
well as the present ones either now or will in the future.

THEY ARE DESIGNED FOR THE SUPPORTED OSs *ONLY*. There is no need now,
for Microsoft to include any code specific to Win9X activities and its
OS workings in any NEW fixes since 2006, which it did PRIOR to EOL.

That you idiots can't figure that out is telling of your mental facilities.

That's the stupidest argument you've made yet. A vulnerability exist
when someone OUTSIDE the malware writer/hacker community *discovers* it.
OTHERWISE, it *remains* an unknown attack vector to the public.

In Win9X, there aren't a sufficient number of QUALIFIED coders and
programmers looking for any NEW vulnerabilities produced BY THESE
non-standard installations, because NO ONE in the protection community
is looking.

Many did when applied in a specific fashion, others were included
because IE6 was never properly ported for Win9X usage in the first place
and Microsoft was unsure since it was not really interested in Win9X in
the years leading up to EOL. If it were, it would have corrected the
large file manipulation issues and other BROKEN or vulnerable aspects in
the Win9X OS. Microsoft DIDN'T; that should spell it out rather clearly
to even the most dense on the planet.

Most parachutists and rock climbers do not pack computers running
windows-98 as part of their survival gear.

Any computer that is running mission-critical or life-support functions
should theoretically not have an internet connection and should not
allow the user to "surf the web" while in operation.

So your hyperbolic analogy doesn't really apply.

Microsoft has identified certain reasons to release new versions of
files related to IE6-SP1. The have done so periodically over the life
of that program, and will continue to do so until Win-2K reaches
end-of-life, which I think will happen mid-next year.

When those files are copied to a win-98 system (replacing existing
files) they allow the system to operate normally, with no errors or
lock-ups. That's quite a trick to do given the complexity of how these
files and functions interact with the OS. The slightest incompatibility
usually renders a system inoperable.

The conclusion one can draw from that is that Microsoft would release
the exact same files as part of a win-98 update patch if Microsoft's
support policy for win-98 allowed it.

On Wed, 16 Dec 2009 20:28:49 -0500, 98 Guy wrote:

> "N. Miller" wrote:

>>> It was speculated back in 2006 that most IE6 patches that
>>> Microsoft released for Win-2K would be easily and seamlessly
>>> usable on win-98

>> Would you bet your life on untested speculation? Most
>> parachutists, and rock climbers do not.

> Most parachutists and rock climbers do not pack computers running
> windows-98 as part of their survival gear.

But they do check their gear thoroughly.

> Any computer that is running mission-critical or life-support functions
> should theoretically not have an internet connection and should not
> allow the user to "surf the web" while in operation.

Matters not about mission critical. It is my GD computer, and it GD well
better work when I need it. And who supports this bastardized OS if
something should go wrong? You?

> So your hyperbolic analogy doesn't really apply.

It damned well does apply, unless you don't mind bailing out the bilge on
your own when things go wrong.

> Microsoft has identified certain reasons to release new versions of
> files related to IE6-SP1. The have done so periodically over the life
> of that program, and will continue to do so until Win-2K reaches
> end-of-life, which I think will happen mid-next year.

So we are going to add Windows 2000 specific files to Windows 98, thus
creating a chimera; the legendary monster.

> When those files are copied to a win-98 system (replacing existing
> files) they allow the system to operate normally, with no errors or
> lock-ups. That's quite a trick to do given the complexity of how these
> files and functions interact with the OS. The slightest incompatibility
> usually renders a system inoperable.

The issue is vulnerabilities.

> The conclusion one can draw from that is that Microsoft would release
> the exact same files as part of a win-98 update patch if Microsoft's
> support policy for win-98 allowed it.

One can draw all the conclusions one wishes. But they would be wrong.
Microsoft actually tests those patches on Windows 2000. They are not testing
them against Windows 98.

Now, it is your computer, so do with it as you will. But be honest, and add
a proper disclaimer; your files are untested against Windows 98, and
unsupported in Windows 98. They may introduce more vulnerabilities than they
cure. Use at your own risk.

Excuse me, now, while I go check the 'chute.

--
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drum

You still don't get it. You're comparing equipment that your life
really depends on with the box sitting at your feet that allows you to
send and recieve trivial or inconsequential spam, access meaningless
websites, or download music / movies / porn. You still want to equate
the two?

Disengenuous argument.

If you are so concerned about having a supported system, you wouldn't
still be using windows-98.

And in any case, obtaining and using newer versions of patched files IS
a form of support.

And it's not like it's not a reversable process. You can try those
files, and if you don't like them - you can go back to what you had.

Why the anger and bitterness over this?

If things go wrong (which hasn't been detected by anyone yet) you simply
revert to the original files.

Is that remedy too complex for you to carry out?

That's what this is all about.

And it's not necessarily the case that these are "Win-2k specific"
files. Other files have been exactly similar in the past between 2K and
98.

The whole point of using these newer files is to patch *known*,
*existing* vulnerabilities. That's why Microsoft created and released
them.

So you are now part of the strange crowd who thinks that by using these
files, they are replacing a set of known vulnerabilities with a set of
as of yet unknown, potential vulnerabilities?

Isin't that a worthy bargain - even if true?

Even if the combination of using these win-2k files on win-98 does
create new vulnerabilities, the real question is who will discover or
look for them? Do you think there are hackers out there that are
testing the combination of win-98 with these files, looking for
vulnerabilities that don't exist on win-2k systems, so they can leverage
those vulnerabilities?

Do you realize that only 1 out of every 1000 computers in use is running
win-9x/me, and that perhaps only 1% of those systems might try this
trick of installing the win-2k files?

You can't be concerned about the effectiveness of these files as used on
win-98 on the one hand, and simultaneously NOT be concerned that you're
running an operating system that hasn't received an official security
patch or update in over 3 years.

And like others, you are confused by Microsoft's official policy
regarding win-98.

Microsoft has placed a gag order on itself regarding Win-98 for the past
3.5 years. Even if microsoft tested these files internally on win-98
and found them perfectly compatible, it wouldn't announce that to the
outside world anyways.