Hello, newbie here so hi to all,

Can anyone recommend a decent Anti-Virus program and Spyware/Adware Program that works well and be supported for awhile for Windows 98 S.E

Lavasoft and Grisoft are dropping support for 98, and as I use these 2 progs I am concerned that I wont have anything to replace them.

Users of 98 have until August 08 when using the AVG Free AV prog, and sooner than that Lavasoft drop support at the end of this year.

I am aware that Spybot are still supporting 95/98 but I never really like it too much as it appeared to use quite a bit of resource.

I will more than likely have to purchase a new computer with Vista in the Autumn of next year.

I had tried Avast, but there still seems to be a problem using it for 98 with the quick launch icons disappearing, I think it's to do with not enough memory, but I am afraid to try again and install more memory, as I had tried before, and it cause I.E to loop and would not connect, so I removed the memory and went back to 256, I know that is a different topic but is connected in some way.

Thoughts please.

spybot doesnt use that much unless it is running, just disable teatimer and only run it when you want it

Greetings froman

Welcome to the forums!

First of all, Windows 98se does not handle memory above 256 very well AT ALL. So, MAKE SURE THE MAX. MEMORY USAGE IS SET TO 256. To do this, go to your MS Configuration utility. I'm sure you know how to do that, but just in case you don't :

* Click "Start >> Run"

* In the run box, type : msconfig

* Click on O.K.

The Msconfig box will pop up. Click on the "Advanced" button.

About half way down you will see "Limit memory to ... " Put a tick in that box and then set the memory to 256. Click O.K. .... then click Apply ... and OK again. Done!

--------------------------------------

As far as anti-viral programs go, you can use the free AV scanner called Clam Win. You can read all about it and download it here:

http://www.clamwin.com/

Hope this helps.

Best wishes,

Dr. Mac

Is the latest 1.5 version of Spybot ok with 98 then?

Will this stop the icons disappearing when using Avast then do you think?

Also if it does solve that problem then I hope to use Avast and Spybot 1.5

You shouldn't even need those programs. You need to practice good security. Which, for a start, means not using IE, but a recent browser that's actually updated and more secure.

What for? Just so you can run anti-malware programs? That's silly. Not to mention that Windows Vista is a recipe for disaster.

What browser do you recommend then? and one that's supported for 98 S.E

Mozilla Firefox
SeaMonkey
Opera

I'd recommend giving one or more of them a try: All run like a charm on Windows 98.

Where are you getting this from if I may ask ?


Clam Win is not good IMO. If you want something good go for Antivir/Avira.

As for substitutes for AdAware, there is Spybot S&D, Doctor Alex and SuperAntiSpyware.

And don't forget to run a good firewall. I would recommend Jetico 1.1.

I was going to ask the same question. Will he post an answer?

I know that many people think Norton Anti-Virus is bloated and slow, I must say that NAV 2002 is the last version that was NOT bloated and slow. And I have confirmed that when you install NAV 2002, it will update itself (LiveUpdate) with the latest definition files and scan engine. And you can re-enable it once a year (for free) if you delete the program completely and re-install it. NAV 2002 came either as stand-alone or as part of Norton System Works (NSW) 2002.

As for firewall, I don't believe in running a software firewall (for win-98 anyways). Get a NAT-router between your computer and your broad-band modem for BEST protection. Outgoing firewalls are useless.

Actually, AV software is pretty much useless these days. They will NOT detect the newest threats, and when they do detect something, they won't delete it. Of course, the situation is worse with win-2K or XP (they are more vulnerable and removal is more difficult vs win-98). I think quite a lot of exploits don't work properly on win-98 anyways.

The threat caused by IE6 when running win-98 is heavily over-rated.

I have no fear running win-98 and IE6.

I also run:

- Adaware
- Spybot SD (browser innoculation)
- Spyware Blaster (browser innoculation)
- a good hosts file

I also make sure I have the LATEST Java JRE, and ALSO uninstall all older versions of JRE (including the one that came with 98 originally).

You just defeated your own argument.

Moreover, the web browser is crap, having notoriously bad support for web standards.

I tried to update in the past, and after I had I noticed the fonts were all strange when playing yahoo pool.

I don't think outgoing firewalls are useless and far from it. On 2K/XP Online Armor and Comodo are blocking ALL known bypassing methods for example. Nearly half of the leak test programs don't run on 9x so it is a bit more difficult to assess the situation those platforms but the highest rated firewall (on 2k/xp tests) running on 9x is Jetico 1.1. On my machine it blocked several 0-Days trojans (meaning trojans undetected by any antivir programs) that got dropped in my system while I was browsing with IE.


Unlike you I run a firewall but no antivir program but I don't think they are useless either as the good ones will detect nearly all known malware, Kaspersky being a major headache for the malware guys it would appear.

But they won't detect, not even only new threats, but also old and known ones that are cleverly edited as to not match antivir programs definitions anymore, which is something nearly any idîot can do nowadays with the help of AV Devil (or similar program) to locate signatures offsets and reading a few small tuts for the final phase consisting in disassembling the signature, swap a few instructions, put it back in the exe and test if it still works. Those who don't want to do that or cannot do it can actually simply buy malware that is guaranteed undetected. Assassin 2.0 costs $100 and Turkojan 3 costs $80 for example. They are the so-called Private Editions. They also lift restrictions sometimes present in the public versions, such as the number of victims you can simultaneously connect to.

It would be foolish to believe 98 systems are not at risk, especially with the broad availability of extremely sophisticated PHP attack toolkits able to determine anything about a system and automatically deliver a custom tailored malware to that system if they can spot a vulnerability.

And those who believe there are no rootkits for the 9x platform are wrong as there are at least two known ones, both with source code if I am not mistaken. AFX Rootkit 2003 which is a user mode rootkit (running in ring3) and 9xRX which is a kernel mode rootkit (running in ring0).

Hi eidenk. Are you also aware of any reliable 'cloaking' method(s) that would foil any such malicious attempts to identify a system (specifically 9x systems in this context)?

hi bristols, unfortunately not I am afraid.

98 runs very well with an alternate browser. Using one eliminates a very large part of the entry points used by malware, leaving bad decisions by the user as its worst vulnerability. Even if IE6 and the alternate browsers were equal in security, the alternate browsers are usually faster, more user friendly, and don't waste resources like IE6 does.

AVs are going to be a problem for 98 users who want to use one. Of those still supporting 98, several are dropping it very soon. Instead of relying on a dwindling number of AVs, consider using the opposite approach to securing your 98 system. Whitelist the user applications and your systems executables, then block everything else. A default-deny security policy enforced by system configuration and a few good apps does better than any AV, and leaves you with a much faster system. An interesting read regarding AVs and security in general. http://www.ranum.com/security/computer_sec...ditorials/dumb/
I've been using a combination of Kerio 2.1.5, SSM free, and Proxomitron to protect my 98 box for a couple years, no AV installed. It has never failed to protect me, which is more than I can say for the AVs I've used.

Firewalls are another story. There's several that work good on 98. My favorite is Kerio 2.1.5. It's no longer supported but is very effective and lightweight. A software firewall might not be an absolute necessity if you've closed the NETBIOS ports, the only ones open on a default 98 system, but being able to control inbound and outbound traffic on a per application basis not only improves your security, it can actually speed up your connection slightly. With dialup, the difference can be very noticable.

As for the leaktests, using them to compare and promote one firewall over another is a gross disservice to users. The entire concept is flawed. How well a firewall performs with them depends largely on the rules in place. Leaktests favor features over configuration, suites over separate components, and are used heavily to push firewalls with HIPS components. Few if any of them will run on 98. Leaktests should be treated as configuration aids, not advertizing tools. If you're really worried about passing leaktests, combine a rule based firewall and a separate HIPS, block Internet Explorer, and you'll pass them all, at least all the ones that run on 98.

The common opinion, one promoted by M$, hardware vendors, and the big name security companies is that 98 is too insecure and unsupported to use on the net. This forum is a rare and welcome exception to that planned obsolescense mentality. With a few good apps and a user who will say "NO" to the unknown, 98 can be made equally as secure or more so than XP.
Rick

> 98 runs very well with an alternate browser.

And it runs very well with IE6, and in some cases (like booking air travel) you need to use IE6.

I find too many web sites that are not rendered correctly with Firefox, for example.

ALL browsers are affected by system-level file associations and file handling or parsing. The application of the "innoculation" feature by Spybot SD and Spyware blaster protects both IE and Firefox (and maybe other browsers) from the same threats. So too does a hosts file, and so too does the use of the most updated JRE.

Active-X is perfectly safe if a few simple settings are changed, and that is exactly what Spybot does to IE.

> leaving bad decisions by the user as its worst vulnerability.

The characterization that the user is usually responsible for web-based malware intrusion is wrong. There is DNS poisoning and server-farm hijacking that can result in infection that has nothing to do with the judgement of the user.

> AVs are going to be a problem for 98 users who want to use one.

The use of older versions of NAV (Norton Anti Virus) - say, the 2001 and 2002 versions, make a suitable AV solution for win-98. Those older versions will update themselves with the latest scan engine DLL and definition files via the LiveUpdate feature. In addition, simple un-install and re-install them to gain another year of free updating. While NAV is universally recognized as being bloat-ware, that is only true of versions 2003 and newer. Another option is Symantec Corporate AV (versions 8, 9 and maybe 10). That package runs on win-98, and does not expire.

In general, I am not a big advocate of AV software since quite a lot of malware these days are polymorphic (fast-flux) and most AV packages (even Kaspersky) doesn't always detect them. In addition, most AV does not do a good job (possibly ANY job) of removal.

The use of a firewall on a win-98 system is also stupid and a waste of resources.

Win-98 was never vulnerable to network intrusion the way win-2k and XP were. The most effective, efficient way to block unsolicited incoming attempts is to use a NAT-router between your broad-band modem and your computer.

As for un-authorized out-going attempts, such an attempt would have to require that your system is already infected with something, and most likely that something will have already turned off your software firewall anyways, so again the usefullness of a software firewall is pretty close to zero.

> I've been using a combination of Kerio 2.1.5, SSM free, and Proxomitron
> to protect my 98 box for a couple years,

Then you are foolish.

> It has never failed to protect me

Win-98 doesn't need protecting from unsolicited incoming requests. In other words, win-98 doesn't need the protection of a firewall UNLESS you've enabled file-sharing on TCP/IP.

> The common opinion, one promoted by M$, hardware vendors, and
> the big name security companies is that 98 is too insecure and
> unsupported to use on the net.

The big con with that argument is that M$ and IT people are really talking about desktop or login security (the ability to turn on a computer and access it's files or use it to access the network connected to it). They say that Win-9x is insecure, but that's what they really mean. It means they can't control who is using the computer. Naturally, home and SOHO users are not concerned with that type of security, but the popular or tech-press doesn't differentiate between login security and internet security.

I've operated an office with about a dozen win-98 systems (and some win-nt and win-2k systems) each with their own unique IP address, all of them directly facing the internet with NO firewall. That was between mid-2000 to late-2005. Guess what -> none of the win-98 systems ever had a network-based trojan or worm infect them, while the same couldn't be said for the NT and 2K machines.

> This forum is a rare and welcome exception to that
> planned obsolescense mentality.

And I suggest that more people here also participate in the win-98 usenet newsgroups (microsoft.public.win98.*) because quite frankly usenet is easier to use than these web-based forums.

> > The threat caused by IE6 when running win-98 is heavily over-rated.
> > I have no fear running win-98 and IE6.
> > I also run:
> > - Adaware
> > - Spybot SD (browser innoculation)
> > - Spyware Blaster (browser innoculation)
> > - a good hosts file
>
> You just defeated your own argument.

No I didn't.

I wouldn't run Firefox either without innoculating it with Spyware Blaster and also use a hosts file.

How flawed is that :

http://www.matousec.com/projects/windows-p...sts-results.php

> I don't think outgoing firewalls are useless and far from it.

They are more of a nuisance for the average user and the only real use for "power" users is to monitor what their software is doing on their box.

Almost all malware these days are designed to deactivate software firewalls (and AV software) or even modify them to make it look like they're still running.

> Jetico 1.1.
> On my machine it blocked several 0-Days trojans
> that got dropped in my system while I was browsing with IE.

Obviously you didn't lock down your IE properly, or your JRE.

> It would be foolish to believe 98 systems are not at risk

Win-98 has vulnerabilities because of the integration with IE (and those vulnerabilities don't go away just because you're using another browser like Firefox). But while the vulnerability exists, the exploit code probably won't function properly on win-98 like it was designed to do.

> AFX Rootkit 2003 which is a user mode rootkit (running in ring3)

Yea, but win-9x doesn't run Ring3.

> and 9xRX which is a kernel mode rootkit (running in ring0).

Archphase posted 9xrx a year ago so it's very new, and most probably nobody will use it.

It runs fine until it uses up your resources and forces you to reboot. The only pages I've had any problems with are those using ActiveX. Outside of MSN, they've been very few.


Yes, there are attack vectors that don't involve user interaction, but they are not responsible for the majority of the compromised PCs. The vast majority of infections are caused by something the user chose to install, open or click on. The next most common sources are weak Internet Explorer settings (and users who run it with those out of the box settings) and browser exploits, specifically IE6. Yes, there's other ways to infect a system, but the user and IE6 are responsible for most of the problem.


A five year old AV, Norton of all things, then tell me that I'm the one being foolish? That AV uses more disk space and resources than my entire security package combined. The last virus I've had was one allowed by the exact AV you suggest, and it was up to date. Every infection and system compromise I've experienced happened while using Norton products. Never again will anything Norton be used on any PC I own or maintain.

I mentioned that when I said to close the NETBIOS ports. Aside from that, 98 itself might not need firewall protection but the installed apps do.

Most of that malware doesn't run on 9X systems. On a PC with a default-deny policy enforced in the manner I suggested, malware doesn't run, period. If it can't run, it can't infect you.

Then you do admit that IE is responsible for most of 98s vulnerabilities. In all fairness, most of the recent exploits involving IE6 do nothing to a 98box. With the next one, who knows? Getting rid of IE gets rid of most of the vulnerabilities in a 9X box. If a user wants or "needs" IE, they should at least tighten up its settings. Ideally, they should run it thru Proxomitron and filter out the unwanted content.

Out of the box, 98 did little to control who uses it. That can be largely fixed too. The NT systems are better at user control, but that came with a whole new set of vulnerabilities to external attacks and the ability to hide files and infective processes from the OS and the user, the rootkit. A very bad trade.

It starts with how these tests are treated. The users chooses to start them and expects the software to contain them. Their responses to the security prompts are influenced by the fact that they know it's a test, such as allowing the initial process but blocking the hook it tries to set, then thinking they passed the test. The test never ran. If that "test" was a piece of malware bundled into an install, they'd probably have allowed the hook as part of the normal install process and be owned by someone. Responses to alerts don't reflect real life behavior because the user knows it's a test. Using the pcaudit2 leaktest as an example, most users will allow the process then block the hook. All that does is test if their firewall or separate HIPS will block a hook when they tell it to. On most systems, if the hook is allowed, the system will fail the test. The site leads the user to believe that they failed the test because their firewall allows the hooks. Their firewalls actually fail because loopback connections aren't properly controlled, poorly configured. The result is an emphasis on hook control features, aka HIPS over properly written firewall rules and system configuration. The user needs a better firewall instead of learning to configure the one they have. That is flawed. Look at his results. Only the newest "Pro" versions do well. My system passes that test and most of the ones that apply to 9X with an old firewall, Kerio 2.1.5 and SSM shut down. I don't agree with his reasoning that application control should be part of the firewall. IMO, both traffic and application control are important enough that they should be controlled separately to reduce the risk of common vulnerabilities taking down both at once. On a combined package, one piece of vulnerable code is enough to make that possible.
Rick

How does A-Squared Free work out for you all on the anti-malware front. It claims support of 98...

As does SuperAntiSpyware.

Yes, you did. You said running IE6 was not a serious threat, and then you present the use of software to mitigate threats by IE6.

Firefox is generally safe from threats. At least if you disable plug-ins, because those have their own sandbox that Firefox can't do anything about.

I have been researching a/v for 98se.

AVAST claim support using their older version and currently say threat lists will continue. (wrong name corrected!)
ClamWin (opensource) and its parent ClamAV look good BUT have NO ACTIVE SCANNING.
I'm still looking for other alternatives.

For firewall I've had a lot of goodluck with Sygate - which Symantec bought and destroyed. You can still download it if you search for it.

Win98SE is fine up to 512Mb - using it here with no special settings. Its best to have windows updated (official or a service pack from here). Above 512Mb you can edge up to higher figures (approx 768 enabled) but you have to set a few obscure settings or install fixes to stop win98 confusing itself.

The strongest advice is to use a whitelist program that stops unapproved executables running at all. This stops all but script/browser based attacks. I've been steered towards SSM. Have yet to try it. I have a similar thread running at WildersSecurity which had generated a mixture of useful advice and typical win98 derision. None of the detractors offered to buy me a better PC though - I did ask - or explained how to overcome the 20% loss of processing power each windows revision would cost me.

LOL to both win98 guy and herbalist.

There are still tons of software titles that run just fine on Windows 98 or ME.

My advise concerning a bi-directional firewall is probably an over-simplification of the matter:
"Keep your PC clean of malware and you won't need a BI-Directional Firewall."

Then every time you install or upgrade a program, go into MSCONFIG and make sure that the program didn't install a TSR to do automatic updates or otherwise access there web site on the internet.
If you find a new TSR there, shut if OFF.

Keeping a system clean, lean and mean isn't rocket science, but it does require a modicum of effort and persistence.

Merry Christmas Everyone!

Andromeda43

Mozilla Site Evangelism
What to do if you have problems with a Site

Frankly, my own Windows 95 installation runs well without IE at all!


ActiveX by design gives websites full control over access to your computer. That alone is enough to make it unacceptable IMO.


Not that they aren't relevant, but I'd say those problems lay chiefly in the server side.


Frankly, I agree on that note: I put more trust in my own two eyes and computer knowledge than software packages from defending myself against viruses and malware. I sometimes keep a copy of AVG on hand to scan isolated download files, etc., but the tests always come up dry.

Windows 9x is indeed more resistant to network intrusion by design than NT/2000/XP, given its lack of open ports with processes running.


I get tired of the popularly-touted "insecurity" spiels myself. The "additional security" that Windows NT/2000/XP/Vista provide on that note consists largely of user-account and password schemes that for a single-user computer constitute inconvenience, not security.


If I found Usenet easier to use than web-based forums (which I don't), I'd be posting there instead of here.

Agreed! usenet had its moment, way back when. I should know, for I'm on the net since BITNET. Now, nobody even remembers it. One must go where the people are, like it or not. And web-based forums are way better than usenet news, same as search engines like google just show how difficult life was in gopher's times. You can be resistant to change, and BTW, so am I, but that doesn't mean CP/M rules, because it doesn't

Microsoft Windows 98 usenet Newsgroups on the web ?

For malicious code delivered via web content, have you looked into Proxomitron? It performs many of the functions of NoScript, plus a whole lot more. It also works with all browsers. It's filter rules can be a bit intimidating if you don't know a little HTML, but there are filter sets available in addition to the default ones it comes with. It's the kind of app that gets more powerful as you learn it. I've had it for 2 years and am still learning more of what it can do. Incredible tool. The best part is that it's not an installed app. Just unzip it, set your browsers proxy settings and use it.

SSM can also help with web based attacks by controlling what your browser and WSH can do. A lot of browser exploits use the browser to gain access to another app or process that wouldn't normally be accessible. By limiting the parent-child settings, SSM can help defeat a lot of these.

One of the biggest things you can do to reduce the risk from new/unknown exploits from the web is to limit what can be launched in the browser. Whenever possible with web content, run it outside of the browser. That would include most media, PDFs, etc. Are you familiar with the PDF exploit that was fairly recent? Info here.
If the PDF is opened in the browser, the exploit succeeds. On mine, it worked with both IE6 and SeaMonkey via Adobe. Downloading the PDF and opening it with Foxit defeats it, this time. When opened in Adobe, SSM blocked Adobe's attempt to access the browser, something it can't do when the browser has already launched Adobe. Eliminating browser integration with other apps makes web browsing a bit inconvenient, but it does prevent a lot of exploits from working.

For scripts that are run from your PC, changing the default app for scripts to Notepad prevents a lot of their misuse. You can always add a context menu entry for scripts to open them with WSH as an option, keeping notepad as the default app for them. This way, you can view them first. An app like Script Sentry will also do this for you. It will also let you whitelist specific scripts if you want.
Rick

Crashed all the time on my win98se. Older versions used to be ok. But you can try it, since they claim support for win98 it will run on some configs for sure. Unless they really didn't do any tests at all but I don't think so.




Where do you get that info? The Avira website says something different, that they are going to stop the non-unicode VDF files on 31-12-2007. Just a few weeks to go
On the forum I see one post regarding this matter, a moderater claiming that it might be possible to use VDF files after this date. But he's not sure and doesn't give any more information.
He might be hinting to using the unicode VDF files. Installing those files manually might work. But that won't work with the automatic updater so that's a really uncomfortable solution.

Sorry that was me with a bad freudian slip. I meant to say that AVAST claim support for 98 which I found out while researching because Avira have stuck two fingers up to their win98 users.

Apologies for confusion caused.

What about Proxomitron? In addition to filtering web content, you can use Proxomitron to make it appear that you are using IE7 and Windows Vista (just one example), even though you're actually using Opera and Windows 98 SE.

Phil

Don't worry about it. I was using Avira and had to make sure anyway.

Avast is keeping up Win9x support for sure when it comes to anti virus-updates. The website is clear about that. However, most new program develpment will be xp/vista only (not all modules run on win98). So it seems that win98 users are stuck with Avast if they want a free AV software that has a background on-access scanner.
So despite all the reasons I had not to use Avast before, I decided to install it. (Win98se with all (un)official updates including kernelEx)
And I'm not to unhappy with it.

I only use the standard on-access scanner. I tried the E-mail and web providers as well but they are huge resource hogs. They still are when you stop them so I uninstalled them totally. I don't want those anyway, the standard background scanner is fine for me. No need to check files before I actually download them. Perhaps this is usefull for people who download warez and cracks on suspicious sites all the time, but for "normal" browsing it's not needed imho.

The only problem that I encounter is that after a on-demand scan I loose my icons??
First in the quick-launch bar and menu and later if I don't reboot I loose all, desktop and explorer included. I don't use a skin and disabled the animated tray icon. But it keeps happening from time to time.
Personally I can live with this because normally I rarely do on demand scans and if I do I will do it online. It seems pointless to me to do a on-demand scan with the same software that is running in the background already.
The detection rate of Avast is not the best compared to Avira or others so a reliable online scan (like Trendmicro, supports win98) might be a good idea when you are in doubt.

Re rootkits, mostly system executables etc will be infected usually taking up any padding space left in the target file to inject their code. This code then does it business by finding and executing any required functions in (system)dlls etc in the 2 gig virtual memory address space. By infecting system executables no registry alterations need to be made due to them being system files which run on os start, and they are hidden being they are default processes.
System safety monitor or any crc checking utility will help alert or prevent such actions.
herbalist lists such apps here http://www.msfn.org/board/index.php?showto...05936&st=60

Proxomitron addresses some of the methods used by websites to determine your OS and browser. It can modify the user agent in the headers and block specific javascripts. Java and ActiveX can also be used to determine what you're running. It might be possible with flash as well. The best Proxomitron can do with these is whitelisting sites that are allowed to run them and removing specific Java applets. The old JDList filter set had that feature but the site it was available on is now Search Portal. I have a copy of it but it's 4 years old now and needs updating. The Grypen and Sidki filter sets are still maintained as far as I know.
Rick

Actually, a rootkit is simply an executable who hides itself (and whatever payload it is bundled with and configured to hide) from the user.

A file that is alterated on disk is by no means a rootkit IMO as it is not hidden.

Alteration of files on disk is very easy to defeat as you've said, and is therefore barely used by attackers IMO as any decent firewall will block a modified executable that was previously set as trusted. Mine does.

The current hype seems to be FWB (which simply stands for firewal bypass). It consists into injecting code into a running process that is usually set as trusted (aka IE). As the injected malicious code is terminated along with the infected process when the latter is closed, FWB would seem to me to be not not suitable for everything. Certainly not for backdoor server I would say, unless code is injected in explorer.exe (which is running all the time on 99% of the windows machines) which apparently quite many are doing despite the fact you would normally not allow explorer to access the network without a prompt at least.

Not sure if all that falls under the FWB appellation works like that but I have certainly downloaded enough FWB uploaders, downloaders, backdoors etc... recently so that I can test the capabilities of those things by setting them up to do harmless things and run them on my machine. Which I will certainly be lazyly doing in the coming weeks.

Edit : Uploaded a compiled FWB sample + source code I downloaded from I don't remember where. It does not seek to bypass firewalls, it just launches notepad, injects code into it in memory and exits. Notepad is opened with a dialog box that does not exist in it normally.

http://rapidshare.com/files/77313778/fwb.zip.html

Dr. Mac's comment about Win98se not handling 256Mb of RAM is WRONG. Win98se handles 256mb+ of RAM well without any memory tweaks. It's when you get to 512Mb or greater that Win98se may choke at startup.

I'm currently beta testing Spybot 1.5.1.18 which you can find at the Spybot Beta forums site:
http://forums.spybot.info/forumdisplay.php?f=12

The official Spybot 1.5 release has some major kinks to work out such as the "floppy drive" scan when loading spybot 1.5; also it takes way too long to load when having the latest spybot detection updates installed. Both problems fixed in the latest Spybot beta.

Ditch any commercial antivirus programs you have installed and get NOD32 which also retains Win9x support.

w98Se 1g mem, running Panda antivirus&firewall. (yeah, firewall in case i install w2k or XP in same machine, they licence allows use on same machine).

ActiveX inside IE is normaly not able to launch exe files or script files through WSH (wscript.exe).
IE doesn't use WSH. It uses its internal script engine, otherwise running exe file through IE would be possible.
The default IE setting will prompt a warning yes/no dialog when such ActiveX is running on a webpage.
You can change the setting to totaly disable such function. Enabling it without promt however is pure suicide.

Maxthon offers diferent level of extra security features such as an ActiveX blocker and OffByOne displays webpages without scripts running at all.

To check for viruses and other such stuff on you computer , it's hard to beat: Dr. Web Cure-it

http://www.freedrweb.com/cureit/

It's updated several times a day! and it's FREE