iHi malware fighters,
Some security tips to use Win98SE as secure as possible after
7-11
(1) Use Firefox in stead of Internet Explorer. If the websites
that you visit does not need Flash, do not install the plug-in.
Disable Java in Firefox unless you need it. Or use the NoScript
add-on.
(2) Renove "Client for Microsoft Networks" from the network
settings. If you, without any programs openened, in a dos-box
run in the command: netstat -an
you will see that windows does not listen for any port. This
can be affirmed by using a tool like TCPView (download free
from (
http://www.sysinternals.com/Utilities/TcpView.html).
After this you cannot exchange files in the "Microsoft "way"
(also known as SMB). A printer that runs directly on your
own system will normally function, but if there is another
PC hanging on inside the home it does not work any more.
Files can be exchanged also internally with tools like
FileZilla (open source and free at
http://filezilla.sourceforge.net/).
(3) Rename in "C:\Windows\System\" this file with the name
"mshta.exe" in something different, like for instance
"mshtanot.exe" (or delete this, or move to another site).
This file was not standard for Win9x and came along with
MSIE 5.5 or 6.0, and is being used to "interpret" (execute)
.hta files. HTA stands for HTml Application; these kind of
files actually consists of a combination of html and
VBScript. A HTA file launched from your disk can do the same
like an exe file, which could be wipe all your files.
Under W9X you do not need mshta.exe; it is mainly used in
malware exploits. Look for more info:
http://www.security.nl/article/13849/ for a MSIE bug still
unpatched. If WinME uses mshta.exe for some purpose, is not known to
me, but on that system you cannot simply rename mshta.exe
or delete; "windows file protection" will reinstall it at once.
N.B. check after the latest WindowsUpdate if mshta.exe
was not added.
(4) Change then Explorer settings to:
- Choose under "Hidden Files" for "Show All Files"
- Remove the tack for "Hide file extensions for known
file types"
- Windows Desktop (Custom Settings): choose NOT for "Enable
all web-related content on my desktop" but for "Use
Windows Classic Desktop", and under "View Web content in
Folders" you choose "Only for folders where I select 'As web
page' (View Menu)".
(5) Know your system. Close down all programs and run e.g.
Proces Explorer (free download from
[url]http://www.sysinternals.com/Utilities/ProcessExplorer.html[/ur]),
and save the list as a textfile. Or make a screen snapshot of:
Alt-PrintScrn, paste in Paint, print this or save this like
"processes-date-time.gif" (colours faint somehat but the file
stays nice and small).
But it is very coinvenient if you know what all these processes are
for (Google!) but it is not necessary. If in doubt that something was
added later, you can check. Or use SFC.
Also run Autoruns once in a while(free to be downloaded from
[url]http://www.sysinternals.com/Utilities/Autoruns.html[/ur])
and keep a list for comparison later.
(6) Check this file C:\Windows\Hosts. On normal systems this has
, exept for empty rules starting with # ,only: 127.0.0.1 localhost
(and there could be several spaces before "localhost"). There are
a few legit applications that can add IP-adress+ hostname, but
if something is added there it could be by previous or still active
malware.
When the final updates for Windows 98 and Me come out July 11, Windows 98 and Me will be complete. After downloading all the various Windows Updates, it would be the perfect time to make a full backup of your system.
There are free and commercially available programs that will let you take an image of your hard drive you can use to recover from some disaster like a total hard-drive failure or messed-up software installation.
polonus