[pchelpers] Re: good news for Windows ME, 98, 95 users

Hello:
  I appreciate all the work you did in finding these sites. My operating system 
is Windows ME. But my knowledge of computers is very low.I would like to 
download these patches, but I am afraid of clicking on the wrong thing and 
getting into trouble. Would it be asking to much give me some detailed steps 
and sort of walk me through what I need to do. 
  If this is asking to much please just tell me and I will understand.
  Take Care
  Morris Gratton
  
"Ekhart GEORGI (last name last)" <Ekhart.GEORGI@xxxxxxxxxxx> wrote:
  (rant on)
I've spent a lot of time trying to find information on how to protect 
these operating systems against the new critical VML exploit going 
around since Microsoft doesn't even bother to provide workarounds and 
manual solutions. Don't get me wrong, i can understand that a company 
decides to no longer provide full support for old products, but 
Microsoft's attitude is a radical departure from centuries of 
established business ethics and practices, in addition to being blatant 
proof of not understanding the basics of social responsibility.

No car manufacturer that decides to stop fixing a model in its official 
dealer garages would refuse to sell left-over old parts to customers or 
private repair shops or refuse to tell customers about garages that 
still fix the old models. Many car mechanics in official garages would 
also be willing to tell you about repair tricks and compatible parts, 
and there would definitely not be any policy to prevent that. All this 
kind of unethical behavior would be especially damaging to the company's 
image if cars were built in a way that normal users could get repairs 
done only in official shops while the service is still provided. (We're 
getting there with the huge increase in electronics in cars.) Providing 
automatic updates for years and then suddenly turning support off 
completely is exactly the same thing that heroine dealers do.

Nobody sane is expecting Microsoft to provide full support for old 
products, but there is no excuse for MS's refusal to provide info on 
manual workarounds and links to websites that provide volunteer support 
and even functional patches for these old products. And it's still an 
open question as to what is "old" - when MS first tried to drop support 
for 98, it was still being used in back office computers in 80%(!) of 
all companies, and MS knew that! When some companies tried Linux on 
these, they discovered that they ran faster and better and safer and 
with easier update procedures than the front-office computers with XP. 
When this caused many companies to switch all computers to Linux, 
Microsoft got scared and turned its heroine dealer method back on for an 
extra year or so.
(rant off)

The good news in a nutshell consists of the following websites (I'll be 
sending more links as soon as i find them in my bookmarks):

http://www.msfn.org/board/index.php?s=f9292bacf767984231309536ec879895&showtopic=83171&view=findpost&p=565543
direct download:
- Unofficial MS IE 6.0/6.0 SP1 Patch for Windows 98/98 SE/NT4 SP6a/ME 
[1.03 MB]:
http://www.mdgx.com/files/IE925486.EXE

http://www.msfn.org/board/?showtopic=46581
http://www.msfn.org/board/index.php?showforum=8
http://www.mdgx.com/spx/98alive.htm

(These patches perhaps don't work in non-English versions of Windows. In 
that case, look at the workarounds there or below.)

Of course, one shouldn't go downloading anything one finds anywhere on 
the Internet, but the fuss caused by Microsoft and so-called security 
experts of big outfits making normal people worry whether they should 
trust private patches and solutions offered on normal public sites is 
ridiculous and/or dishonest. Most people are honest, and if anyone 
posted malware or a malfunctioning patch or workaround, there would be 
immediate reactions by gurus who want to help (and show how clever they 
are :-)). As long as you wait a while, you can be sure that any 
solutions posted on any normal forum works and is safe. In fact, many 
people have Microsoft's automatic updates set to only notify them of new 
updates because it's usually best to wait a few days until normal users 
have provided free R&D to MS. MS has outsourced a large part of R&D to 
this army of unpaid workers, and consumer protection agencies have still 
not understood what's going on. Many official MS patches are not tested 
enough and cause problems until new versions are produced a few days later.

In case you don't want to install the patches listed at the sites above, 
do the manual workarounds (found there too) explained below to get rid 
of the recently discovered vulnerability. Since VML is essentially 
unnecessary, it's enough to disable the file with the security problem:

Go to control panel < Internet options < general (the tab that's open) <
home page: click use blank and OK

(explanation on)
Even if you go can't use Firefox www.mozilla.org or any other safe 
browser like Opera www.opera.com or K-Meleon 
http://en.wikipedia.org/wiki/K-Meleon for certain sites, you don't want 
IE opening up to any page automatically unless you need it that day. If 
you do continue using IE, the first thing is to make it safer 
http://web.archive.org/web/20050309003927/http://www.spywareinfo.com/articles/hijacked/prevent.php
As you can see, i had to get that from Wayback because that article has 
been replaced by a newer one that has a very different attitude towards 
IE: http://www.spywareinfo.com/articles/vmware/baintro.php
(explanation off)

Then go to http://www.isotf.org/zert/testvml.htm and see if IE crashes 
(it should). (For "fun", you can also test Firefox or other safe browsers).

Then press the Windows key (flag) + R (or start < run) and copy and
paste this into the box (with everything in one line, spaces and
quotation marks preserved):
regsvr32 /u "C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.DLL"

If you have a non-English version of Windows, that may work despite the 
English path name. If you get an error message or if 
http://www.isotf.org/zert/testvml.htm still crashes IE, open Windows 
Explorer (Winkey+E) and replace the English words in the command line 
with the equivalents of this in your language:
C:\Program Files\Common Files\Microsoft Shared\VGX.

Then retest the vulnerability by going to
http://www.isotf.org/zert/testvml.htm again.

If there's still a problem, use Windows Explorer to go to C:\Program 
Files\Common Files\Microsoft Shared\VGX. Open that folder and rename 
VGX.DLL to disabledVGX.DLL. If you can't open the folder, first go to 
view < folder options and turn on "show hidden files".



-- 
-------list-services-below-----------
Regards, John Durham (list moderator) 
Freelists login at http://www.freelists.org/cgi-bin/lsg2.cgi
List archives at http://www.freelists.org/archives/pchelpers
PC-HELPERS list subscribe/unsub at http://modecideas.com/discuss.htm?sig
Latest news live feeds at http://modecideas.com/indexhomenews.htm?sig
Good advice is like good paint- it only works if applied.



                                
---------------------------------
Make free worldwide PC-to-PC calls. Try the new Yahoo! Canada Messenger with 
Voice



-- 
-------list-services-below-----------
Regards, John Durham (list moderator) <http://modecideas.com/contact.html?sig>
Freelists login at http://www.freelists.org/cgi-bin/lsg2.cgi
List archives at http://www.freelists.org/archives/pchelpers
PC-HELPERS list subscribe/unsub at http://modecideas.com/discuss.htm?sig
Latest news live feeds at http://modecideas.com/indexhomenews.htm?sig
Good advice is like good paint- it only works if applied.

Other related posts: