Network loophole

[flamecruiser]

I've noticed that in some systems, esp. win95, if the system is part of a network, which requires a user to type in his username and password, and if you press Ctrl+Esc, the task manager will appear. From there, you can access almost anything. This is a loophole, right?
Why is it that only some win98 systems are patched?

[powertoad5000]

It is a loophole, sure - it existed on our networks at school the whole time that we were on Windows 98. However, most networks where security is a real concern run on OS's like Windows 2000 or XP. I doubt that there would be many corporate networks running on Windows 98; even back then they would have been on NT4. And in reality, all this bug gives you is local access. I would think that the reason only some 98 systems are patched is that it's not a huge issue for most sysadmins.

-toad

[Maverick811]

Originally posted here by flamecruiser
I've noticed that in some systems, esp. win95, if the system is part of a network, which requires a user to type in his username and password, and if you press Ctrl+Esc, the task manager will appear. From there, you can access almost anything. This is a loophole, right?
Why is it that only some win98 systems are patched?

There really is no security on any Windows OS before say NT or 2000. So I wouldn't call it a loophole or anything, just a lack of any kind of security. The login for Windows 9x is basically worthless, unless you are logging into a network domain. Even then it doesn't do a whole heck of a lot for you, because you can still bypass the login and gain local access to the mahine.

[t2k2]

I believe that systempolicyeditor (poledit.exe) is used to lock this down. We used to do it when we had win9x clients on our network. Sometimes, there were machines that were built without locking things like the run prompt down. You can do it by machine or user. I hope this helps clear it up for you.

[keithis35]

Yep the system policy editor is definitely the way to go, but try looking at
www.regedit.com for more information,

you would be surprised at how far you can actually harden a windows 9x system...

[flamecruiser]

But all the systems are configured the same way. Why is it that only some systems are 'patched'?

[vanman]

Well I think it is really up to you to get all the latest patches and updates for 98 systems.Just do the best you can, otherwise upgrade to a better system like powertoad and maverick811 has spoken about.

regards
v/man

[avdven]

But all the systems are configured the same way. Why is it that only some systems are 'patched'?

It may not be patches that's stopping it at all. It may simple be the difference between Windows 98 and Windows 98 SE. Granted, I haven't used a 9x workstation in quite some time, but I know that 98 SE was much more stable and fixed a lot of security issues which Windows 98 (original) had.

AJ

[flamecruiser]

Well. they are all the same systems... no SE or wadeva...

[avdven]

In that case, it just sounds like you have some lazy network admins. Is it a school network or a business/enterprise network? If it's a school network, I can understand it because most schools/school districts (at least in my expierences down here) are too cheap to purchase a good imaging program such as Symantec Ghost. If it's any type of corporate network they don't really have any excuse, and they probably shouldn't be using Windows 98 in the first place. Generally, only the schools around here (at least that I know of) still use Windows 98 networks. Most companies are either running NT or 2000 now, with either similar MS server products, *nix servers or novell servers.

AJ