[pchelpers] Re: good news for Windows ME, 98, 95 users

Thank you, Ekhart, for all the time and effort you put into this.

-- 
=====
GTCox
=====
-- 



Ekhart GEORGI (last name last) wrote:
> (rant on)
> I've spent a lot of time trying to find information on how to protect 
> these operating systems against the new critical VML exploit going 
> around since Microsoft doesn't even bother to provide workarounds and 
> manual solutions. Don't get me wrong, i can understand that a company 
> decides to no longer provide full support for old products, but 
> Microsoft's attitude is a radical departure from centuries of 
> established business ethics and practices, in addition to being blatant 
> proof of not understanding the basics of social responsibility.
>
>   

> No car manufacturer that decides to stop fixing a model in its official 
> dealer garages would refuse to sell left-over old parts to customers or 
> private repair shops or refuse to tell customers about garages that 
> still fix the old models. Many car mechanics in official garages would 
> also be willing to tell you about repair tricks and compatible parts, 
> and there would definitely not be any policy to prevent that. All this 
> kind of unethical behavior would be especially damaging to the company's 
> image if cars were built in a way that normal users could get repairs 
> done only in official shops while the service is still provided. (We're 
> getting there with the huge increase in electronics in cars.) Providing 
> automatic updates for years and then suddenly turning support off 
> completely is exactly the same thing that heroine dealers do.
>
>   

> Nobody sane is expecting Microsoft to provide full support for old 
> products, but there is no excuse for MS's refusal to provide info on 
> manual workarounds and links to websites that provide volunteer support 
> and even functional patches for these old products. And it's still an 
> open question as to what is "old" - when MS first tried to drop support 
> for 98, it was still being used in back office computers in 80%(!) of 
> all companies, and MS knew that! When some companies tried Linux on 
> these, they discovered that they ran faster and better and safer and 
> with easier update procedures than the front-office computers with XP. 
> When this caused many companies to switch all computers to Linux, 
> Microsoft got scared and turned its heroine dealer method back on for an 
> extra year or so.
>   

> (rant off)
>
> The good news in a nutshell consists of the following websites (I'll be 
> sending more links as soon as i find them in my bookmarks):
>
> http://www.msfn.org/board/index.php?s=f9292bacf767984231309536ec879895&showtopic=83171&view=findpost&p=565543
> direct download:
> - Unofficial MS IE 6.0/6.0 SP1 Patch for Windows 98/98 SE/NT4 SP6a/ME 
> [1.03 MB]:
> http://www.mdgx.com/files/IE925486.EXE
>
> http://www.msfn.org/board/?showtopic=46581
> http://www.msfn.org/board/index.php?showforum=8
> http://www.mdgx.com/spx/98alive.htm
>
> (These patches perhaps don't work in non-English versions of Windows. In 
> that case, look at the workarounds there or below.)
>
>   

> Of course, one shouldn't go downloading anything one finds anywhere on 
> the Internet, but the fuss caused by Microsoft and so-called security 
> experts of big outfits making normal people worry whether they should 
> trust private patches and solutions offered on normal public sites is 
> ridiculous and/or dishonest. Most people are honest, and if anyone 
> posted malware or a malfunctioning patch or workaround, there would be 
> immediate reactions by gurus who want to help (and show how clever they 
> are :-)). As long as you wait a while, you can be sure that any 
> solutions posted on any normal forum works and is safe. In fact, many 
> people have Microsoft's automatic updates set to only notify them of new 
> updates because it's usually best to wait a few days until normal users 
> have provided free R&D to MS. MS has outsourced a large part of R&D to 
> this army of unpaid workers, and consumer protection agencies have still 
> not understood what's going on. Many official MS patches are not tested 
> enough and cause problems until new versions are produced a few days later.
>
> In case you don't want to install the patches listed at the sites above, 
> do the manual workarounds (found there too) explained below to get rid 
> of the recently discovered vulnerability. Since VML is essentially 
> unnecessary, it's enough to disable the file with the security problem:
>
>   

> Go to control panel < Internet options < general (the tab that's open) <
> home page: click use blank and OK
>
> (explanation on)
> Even if you go can't use Firefox www.mozilla.org or any other safe 
> browser like Opera www.opera.com or K-Meleon 
> http://en.wikipedia.org/wiki/K-Meleon for certain sites, you don't want 
> IE opening up to any page automatically unless you need it that day. If 
> you do continue using IE, the first thing is to make it safer 
> http://web.archive.org/web/20050309003927/http://www.spywareinfo.com/articles/hijacked/prevent.php
> As you can see, i had to get that from Wayback because that article has 
> been replaced by a newer one that has a very different attitude towards 
> IE: http://www.spywareinfo.com/articles/vmware/baintro.php
>   

> (explanation off)
>
> Then go to http://www.isotf.org/zert/testvml.htm and see if IE crashes 
> (it should). (For "fun", you can also test Firefox or other safe browsers).
>
> Then press the Windows key (flag) + R (or start < run) and copy and
> paste this into the box (with everything in one line, spaces and
> quotation marks preserved):
> regsvr32 /u "C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.DLL"
>
> If you have a non-English version of Windows, that may work despite the 
> English path name. If you get an error message or if 
> http://www.isotf.org/zert/testvml.htm still crashes IE, open Windows 
> Explorer (Winkey+E) and replace the English words in the command line 
> with the equivalents of this in your language:
> C:\Program Files\Common Files\Microsoft Shared\VGX.
>
> Then retest the vulnerability by going to
> http://www.isotf.org/zert/testvml.htm again.
>
> If there's still a problem, use Windows Explorer to go to C:\Program 
> Files\Common Files\Microsoft Shared\VGX. Open that folder and rename 
> VGX.DLL to disabledVGX.DLL. If you can't open the folder, first go to 
> view < folder options and turn on "show hidden files".
>
>
>
>   


-- 
-------list-services-below-----------
Regards, John Durham (list moderator) <http://modecideas.com/contact.html?sig>
Freelists login at http://www.freelists.org/cgi-bin/lsg2.cgi
List archives at http://www.freelists.org/archives/pchelpers
PC-HELPERS list subscribe/unsub at http://modecideas.com/discuss.htm?sig
Latest news live feeds at http://modecideas.com/indexhomenews.htm?sig
Good advice is like good paint- it only works if applied.

Other related posts: