Avoid Windows 9x Problems

Hints and tips about reducing security problems with Windows 9x, mainly by avoiding Microsoft products.

With only a little luck I'll eventually move to a different operating system to Windows. Doubtless I'll have to start a different page, about problems with some other operating system.

Are Fixes Needed?

Hundreds of millions of people use Windows, usually without changing much, so why do I disagree? Why do I think it is broken enough to need changing?

Habitual Captive Users
Millions using Windows do so because it came with their computer. Manufacturers pay for a copy of Windows for every computer they sell, whether the purchaser wants Windows or not. This has now been ruled illegal in the USA. In my opinion it was never legal in Australia.
Unstable
Early versions of Windows were unacceptably fragile in use. They crash frequently, sometimes even daily. This gradually got better, but other operating systems (Unix, Epoc, Novell) can work for years without instability.
Security
The default system security in Windows and in MS Office applications is so pathetic that it seems designed to deliberately encourage the spread of computer viruses, and the use of Windows systems as zombies. This sort of vulnerability seems to me to have increased rather than decreased over the years.
Registry
A single point of control for system initialisation files (the registry) ensures that applications that access the registry can really stuff it up, making the system less stable. I believe the registry is a monumentally stupid and vulnerable idea.
Mistrust
Inclusion of computer identifying materials such as MAC or IP numbers in headers of some versions of Microsoft Office documents indicates to me a desire for control that I find intolerable. I do not trust Microsoft to do the right thing with identifying materials derived from my computer. Reactions from Microsoft at the time indicate their corporate culture is such that they don't even see what the problem is. Because I can't trust their applications, I find it safer to avoid them.
Cost Effective
I am convinced that somewhere in large business libraries there is an obscure financial statistics paper that proves a large business is better off pissing off a percentage of their customers to the point where they stop being customers, rather than spending lots getting the product to work correctly. Personally, on consumer durables, I give a company three problem products during my lifetime. On the third problem product, I never again deal with that company. Not with any other division, nor with any other range of their products, not even if everyone in the entire world now claims they make the best. Microsoft has passed my boycott forever threshold.

Are Fixes Sufficient?

I don't believe I have Windows sufficiently fixed to consider it a reliable, long term choice for my own computing.

However, by deliberately moving away from massive Office products, I am making a later move to different products a lot easier and less traumatic. In addition, I have a substantially smaller, faster, and more reliable system in the meanwhile. I can put off spending money getting new hardware, and can much more easily use discarded and cheap older hardware or second hand systems, thus reducing the total cost of ownership of my computing facilities. I believe that in the long run, I spend less time in non-work related computing operations by sticking with an older system for much longer.

Windows 3.11

In June 2000 I re-installed Windows 3.11 (Windows for Workgroups) on a clean disk after a fairly major crash. After some searching for older programs, I found I could run all my major applications reasonably compatibly. That is, I had text editing, desktop publishing, scanning of photos, email, news and web access, Ghostscript, plus Ethernet access to another computer. I did have to use Trumpet Winsock (a third party program for internet access) as I couldn't locate a WfW TCP/IP stack from Microsoft (I'm sure I remember there being one).

So how much was the functionality of my computer reduced? Not a whole lot. There were three programs for which I couldn't find any acceptable substitute. These were PsiWin, for connecting a Psion palmtop for downloads and backups), however I could use a PCMCIA adaptor to move all the files using a Compact Flash. I also could not run the Psion 5 emulator. A mapping program from Auslig called Australia Unfolded 2 also needed Windows 9x.

My main objection however is that Windows 3.11 is even less stable than later versions. Trivial things crash it. On the other hand it boots faster (well, bios takes 33 seconds, OpenDos 7 takes 9 seconds, WfW takes 11 seconds). On a different, faster, system, bios takes 23 seconds, and Windows 98SE takes 75 second.

Replace Windows

Some Linux people say you can solve all your Windows problems by replacing it with one of several varieties of Linux. While Linux is a lot more stable, and generally pretty easy to install (although installing is not precisely the same as installing correctly), it lacks support for many essential peripherals. Try to find a sane driver for a parallel port scanner, for example. Also IrDA support is a problem. However the PCMCIA support seems to me much better than in Windows, especially if you have an older adaptor.

Scanners supported by Linux are mostly SCSI and are listed at http://www.mostang.com/sane/sane-backends.html. Roland Turner suggested looking for a UMAX Astra 1220S

The basic problem with this approach is you have to find replacements for all your applications, and some of your peripherals. If you happen to find these easily, then a move to Linux will involve only security issues (indeed, Open BSD may be better for security). If you can't locate appropriate applications and peripherals, then Linux is of little advantage.

Update to a more robust Windows

Windows NT does not meet my needs. It lacks support for IrDA, which I use extensively. It lacks support for USB, which I detest, but many recent peripherals only have USB, so I may be forced to use USB at some future date.

Windows XP system requirements greatly exceed the capabilities of my computer, in speed, memory and disk space. Since I don't need any of the additional applications it provides, and since my existing computer works fine, I can not see any good reason to spend money on a new computer. In addition, XP may not support the legacy IrCOMM facility, which I use extensively.

It is possible that Windows 2000 could be considered a potential upgrade from 98, without new hardware. I do know it doesn't support IrCOMM however.

Fixing Windows 98

Running DOS with Long File Name (LFN) Support, but no GUI

Messy, but it can be done, at least in 95/98. Not sure how much use it is, except when you need a bootable floppy with network support.

Windows loads all the drivers for the GUI, including the VFAT file system for LFN. However it accepts the regular command shell instead.

Removing Dangers from Windows

The basics to retain data are

The default network setup installed by Windows is inherently insecure. You can test your PC using some software from Steve Gibson at http://grc.com. Steve also gives details of just what to change to make your simple network setup more secure (although I think he overdramatises the situation). Basically, you remove all the ports (especially NetBIOS) that can be seen outside your computer, by not having them associated with your modem or external connection such as cable or DSL. Your only modem or DSL associations should be with TCP/IP. You should not run any sort of FTP or HTTP server. (I used to add - unless you are aware of the risks).

Port monitors and personal firewalls are not a solution. They just leave things even more open (an exception is the sort of firewall running on a separate box, with one connection to the outside world, and another connection to your internal network ... and these need to be installed and updated correctly). However, once you do make your computer reasonably secure, it is worth running a well regarded firewall such as ZoneAlarm, just to track what attempts are made on your computer. You will be astonished. The thing to avoid is to just stick in a firewall and forget about security. First of all, make Windows secure, and then add a firewall.

Windows seems to install scripting programs, and associate them with potential virus programs of a type you may receive over the net. I believe you should remove the associations on all scripting extensions such as Visual Basic scrips .vbs that are run by the Windows Scripting Host WSH. Disable or change to Edit the action for the following file types. .wsc, .wsh, .ws, .wsf, .vbs, .vbe, .jse In fact, remove the WSH entirely by renaming wscript.exe and cscript.exe

ActiveX is positively dangerous. Unless you have a computer basically for games, I would remove it.

Although attractive programs, Outlook and Outlook Express are the prime target for various virus and worm attacks. I believe you should remove both these programs, and use less common alternatives that do not support scripting. Programming access to Outlook is part of the Outlook Object model. I don't believe that can be made safe, so removal is the only secure method (patches are available only for some Outlook versions).

I think using early versions of Eudora for email is a lot safer. You will however need to edit the eudora.ini to warn about executing a wider range of file types. You can filter spam using MailWasher, which also allows you to list email addresses of your friends, so they can pass global filter settings. For example, you may care to filter out all hotmail and yahoo addresses, since so much spam comes via them. For news, Forte Agent seems reliable.

Consider removing fire sharing and printer sharing (these are over the NetBios ports).

Don't run any sort of peer to peer sharing program. If you have to run then, find outside programs that will add some protection.

Don't run instant messaging of any sort. If you do run, remember it can be read, so if you use it for business, consider encrypting (needs to be done at both ends).

Multiple attacks exist against Internet Explorer. Although it is an excellent browser, I do not believe it is a safe choice for use on the Internet. I suggest replacing IE with Opera, without the Java plugin. Once installed, I would disable scripting (Javascript attacks), plugins (attacks are possible via Flash), popups (who needs popup advertising), animations (mostly used by advertisers), and cookies (I'm not interested in helping a site track my actions). You can turn each of these on again if a specific site really needs them, however unless the site has a good reason for using each (a shopping cart application may need cookies, for example), I'd suggest just avoiding that site.

Windows 98 installs all sorts of things you probably don't need, many of them likely to assist in getting attacked by a virus. If you prefer a different browser, why not remove Internet Explorer from it? Shayne Brooks has a whole site giving full details and scripts of how this is done. www.litepc.com He has a file only about 19 k, that does the job for you. There are also patches to run the Windows 95 Explorer under 98, which means things work faster.

Track Changes in Windows

Log changes to your registry and files using utilities RegMon and FileMon www.sysinternals.com If you don't know what has been changed, how can you hope to fix it?

There are some nice system tracking utilities, both free and shareware, at DiamondCS, including port monitors and registry protectors.

Remove Excess Files

Windows helpfully adds all manner of files to your system, even when you tell it not too. If you are like me, you want all the space you can get for your own data, not for Windows. Here are some things you can remove.

Internet Explorer
While it is very good (in my opinion, better than Netscape), it is also very large and very vulnerable. Replace it with the much smaller Opera.
Stationery
All sorts of HTML and GIF pictures for making cards. Very nice, but if you not use it, remove them from \Program Files \Common Files \Microsoft Shared \Stationery
Web Server
Including a web server, an FTP server, or any other internet server is insanity, from a security viewpoint.
Exchange
Vulnerable.
Outlook Express
Positively dangerous default settings.
Net Meeting
Not needed for private use.

Windows Startup

The fewer things running, the more stable Windows is. However programs can start from the Startup Folder, froma registry key, on from an initialising file. Use the System Configuration Utility msconfig.exe in the windows\system directory to check config.sys, autoexec.bat, system.ini, win.ini, startup and generally control how Windows starts.

SysInfo

Start the System Information Utility (Start, Programs, Accessories, System Tools, System Information). It has some very nice details of your system, and some excellent Tools.

Version Conflict Manager helps locate and replace system files that should be updated. When Windows updates files from your hard drive from your Windows CD, it silently replaces both older AND newer files with the CD versions. It copies the replaced ones into c:\windows\vcm where Version Conflict Manager can check them.

Restoring Lost System Files

These are files listed in the registry that Windows 98 couldn't find when it started. Take a note of which files Windows 98 can't find.

Start the System Information Utility (Start, Programs, Accessories, System Tools, System Information). System File Checker does a Cyclic Redundancy Check of DLL, EXE and SYS files, detecting ones that have been altered. The CRCs are stored in default.sfc

Use Tools, System File Checker, click Extract One File from Installation Disk, then click Start. This will bring up Windows Extract utility to extract one file from a compressed Windows Cab file, and place it where it is required. You can do this manually with Extract, but this is probably easier.

Using the Extract Utility

EXTRACT [/Y] [/A] [/D | /E] [/L dir] cabinet [filename ...]
EXTRACT [/Y] source [newname]
EXTRACT [/Y] /C source destination

  cabinet  - Cabinet file (contains two or more files).
  filename - Name of the file to extract from the cabinet.
             Wild cards and multiple filenames (separated by
             blanks) may be used.

  source   - Compressed file (a cabinet with only one file).
  newname  - New filename to give the extracted file.
             If not supplied, the original name is used.

  /A         Process ALL cabinets.  Follows cabinet chain
             starting in first cabinet mentioned.
  /C         Copy source file to destination (to copy from DMF disks).
  /D         Display cabinet directory (use with filename to avoid extract).
  /E         Extract (use instead of *.* to extract all files).
  /L dir     Location to place extracted files (default is current directory).
  /Y         Do not prompt before overwriting an existing file.

Disable Windows Scripting Host and VB Script

WSH is installed if you choose a standard installation of the operating system, or if you install Internet Explorer 5.

Untick Windows Scripting Host in the Accessories of the Add Remove Programs utility.

In Explorer, View, Options, File Types' tab find VBScript Script File and remove it.

Windows Resource Kit

Appeared in some Windows CDs in the Tools folder, ready for installing. Lots of detailed Windows information in the Resource Kit Online Book.

There is also a Resource Kit Tools Sampler. Batch98 lets you enter install options to create an inf file to automate installation. INF Installer lets you add device drivers to the automated install. Text File Viewer adds an Explorer window to a Notepad workalike. Cliptray is a multiple clipboard.

File List for the Windows 98 Resource Kit Sampler

BATCH.EXE: Microsoft Batch Setup utility. Creates files for automated installation of Windows 98 and components.
CHDOSCP.EXE: Code Page Changer. Changes the Code Page used for MS-DOS-based programs to match Windows 98 Regional Settings.
CHECKLINKS.EXE: Link Check Wizard. Finds and eliminates dead links and shortcuts.
CLIPTRAY.EXE: Clip Tray. Optimizes and manages the Clipboard.
FAT32WIN.EXE: Fat32 Conversion Information Tool.
INFINST.EXE: Windows 98 Inf installer Utility.
LFNBACK.EXE: Long Filename Backup Utility.
MINITEL .TTF Files. Minitel font emulation files for HyperTerminal.
NETMON: Network Monitor. Service for remote monitoring of network performance on Windows 98 client machines.
QUIKTRAY.EXE: Quick Tray. Organizes the icons in the Windows 98 system tray.
POLEDIT.EXE: System Policy Editor.  Sets administrative policies to define configuration settings for individual users, individual computers, or groups of users.
PWLEDIT.EXE: Windows 98 Password List Editor.
REMOTREG: Microsoft Remote Registry. Service for remotely viewing and editing the Registry on Windows 98 client machines.
RPCPP: Remote Procedure Call Print Provider. Service for administering network printers from Windows 98 machines.
SNMP Agent: Windows 98 SNMP network protocol agent.
TEXTVIEW.EXE: Text file viewer. Quickly displays the contents of text files.
TIMETHIS.EXE: Time This. Scripting tool that times how long it takes for the system to execute a given command.
TZEDIT.EXE: Time Zone Editor. Creates and edits time zone entries for the Date/Time icon in Control Panel.
USBVIEW.EXE: USB Viewer. USB Device information and troubleshooting tool.
WAITFOR.EXE: Scripting tool that causes the computer to wait for a signal sent over the network.
WHERE.EXE: Command-line tool that reports the location of a specified file on the hard disk.
WINDIFF.EXE: File and Directory comparison. Compares the contents of files or directories and reports differences.
WINSET.EXE. Command-line/scripting tool that sets global environment variables for Windows 98.
WSHADMIN.HLP: Windows Scripting Host Administrator's Guide. Guide to running scripts and designing applications for Windows Scripting Host.
Note: TweakUI has been removed from the Windows 98 Resource Kit.

Windows Utilities

Telnet, ftp (check the -s: option for batch driven ftp sessions). ipconfig and winipcfg give a different amount of information about IP numbers.

Sources of Computers

I'm too remote from shops to keep track of prices, so I look on the web first to get an idea of Australian prices. Then I check the handy monthly magazine Computer Market to find who really has stuff cheap. http://www.ozbuy.com>

I hope you have enjoyed www.ericlindsay.com.