Window 9x vs. NT based system for network v vulnerabilities

[Irongeek]

I’ve heard it said many times that Windows NT based systems (4, 2000 and XP) are more secure than Windows 9x based system. From a local security stand point I understand this as 9x does not have NTFS or multi-user support in the same way as NT bases systems do, as well as having weaker policy management. But from a network security standpoint, since you can do so much less with a 9x box remotely from across a network, is it not more secure on a network then an XP box? I’ve read of many remote exploits for XP (hell, DCOM alone.), but few for 98. I’ve been using NT based system for awhile now a it’s be a long time since I used a 9x system regularly, what kinds of common remote exploits are they vulnerable to out of the box?

[MrLinus]

Well, given the fact that Windows 9x didn't have any security makes it open. That said, it didn't run any "servers" but because of the nature of things like NetBIOS and IE (which was tied heavily into the OS itself along with Outlook) it was still vulnerable. WinGuides has a nice listing of some of the remote attacks.

And if IIRC, it was a lot of Win98 machines that Mafiaboy had used in that DDoS attack back in 2000/2001 (?).

edit

This Google Search might be helpful and a little more detailed. There are quite a few although I think MS directed most of their attention to NT and other server products because regular users didn't have the $$ to make MS concerned. Business, on the other hand, had more to lose. (getting back into that wonderful mindset of "I don't have anything worth stealing")

[Spyder32]

I can take any Window's OS (except WinMe) and make it into a server probably (one that's secure). Dunno how reliable/stable it'll be compared to Linux but I'm very capable of running a Win2k server. They have made great system servers in the past and continue to do so now.

[Irongeek]

I have no intention on making a Win98 server, I was just wondering how secure it was from network attacks out of the box with nothing added. I just don't hear much about it anymore.

[Spyder32]

Irongeek: I can tell you from personal experiences and experiments, a Win98 server could be done HOWEVER you said with nothing added. So in that case, I doubt it would make a good server and wouldn't last long (reliability and stability wise).

[Irongeek]

Sorry, I don't think you understand what I'm getting at, I'm not wanting to make a Win 98 server. I just want to know if in a way it makes a more secure network client (not from a local access stand point, just network).

[Spyder32]

In that event, I don't think so regardless. Especially if it has nothing added to it/added in.