Jump to content

Is it safe to use Windows 9x on the modern web?


Jody Thornton

Recommended Posts

See to me, there is ABSOLUTELY NO up to date browser that works on Win9x.  By that I mean one that can render HTML5 and do banking.  Right there, that should render Win9x as only being appropriate for offline use.

Link to comment
Share on other sites


> See to me, there is ABSOLUTELY NO up to date browser that works on Win9x.

> By that I mean one that can render HTML5 and do banking.

I use Opera 12.02 on this win-98 pc to do on-line banking.  I just did a bill payment on TD not 5 minutes ago in fact.  I do the same on RBC also.


 

Link to comment
Share on other sites

> Yieks! That can't be too secure.

I have an older relative that I set up a win-7 system for (Zotac Zbox).  Created a win-7 install image using RT7 and rolled in a bunch of MS updates.  So it was a pretty tweaked system.  Office 2010 (has gmail account which is accessed via outlook 2010).  I forget which version of FF.  A few days ago she was doing on-line banking (TD I think) and got an on-screen message claiming to be from Microsoft, saying something about her computer, wanting her to dial a certain phone number.  She freaked and pulled the power-bar cord out of the wall (which naturally shut down everything, cable modem, VOIP adapter, router, PC, monitor, etc).  So when you tell me that doing on-line banking with Opera 12.02 on a win-98 system is risky, I think about stuff like this that my poor old aunt gets from time to time and I would LOVE to get this on my win-98 PC so I can have a detailed look at the browser cache files, use cctask to see if anything new is running, and just generally figure out what URL triggered what server to put up this or that message.   Truth is, I think for any win-7, win-8 or win-10 PC, using any of those to do on-line banking is more risky vs win-98.  Those stupid browser exploits that are being discovered every day just plain fall flat on their face if they hit a win-98 box with an old browser.
 

Link to comment
Share on other sites

Regarding Netsurf:  I just downloaded and installed it.  Didn't seem to run right-off-the-bat, so I re-started just to be sure.  Using Kex default setting, running Netsurf I get this:

netsurf.exe is linked to missing export KERNEL32.DLL:VerSetConditionMask

Changing Netsurf Kex setting to Win-Me gives same error. Changing to Win-2k or XP gives a small window with Title "Warning" and the message is simply "CSSBase". Click OK. Netsurf browser window is on-screen, but no page-area is rendered. Menu options can be selected (File, Edit, etc) but no surfing is possible.
 

Link to comment
Share on other sites

1 hour ago, JodyT said:

Yieks!  That can't be too secure.

There are 7 vulnerable TLS protocols in Opera 12.02. Once they are disabled, I would think that my encrypted connections are no more or less insecure than those made with another more recent browser on another more recent system such as latest Chrome or Firefox on my Win7 laptops which I hardly ever use. If you know otherwise you'll let me know.
 

Link to comment
Share on other sites

> There are 7 vulnerable TLS protocols in Opera 12.02.

Vulnerable to what?  How does a vulnerable TLS protocol lead to remote comprimise / control of my PC?  What if my PC is on ethernet (not wifi) and is wired all the way to my modem and out of my house?
 

Link to comment
Share on other sites

Just to add (I can't edit my previous post because I can't find the "save" button using Opera 12.02) I see that Opera 12.02 has SSL3, TLS 1, TLS 1.1 and TLS 1.2 (I have all enabled).  There are about 2 dozen SSL3/TLS1 ciphers that can be individually enabled/disabled (all mine are enabled).  I want  max flexibility to connect to a website, so I enable everything.  Isin't the choice of protocol up to the website anyways?

> There are 7 vulnerable TLS protocols in Opera 12.02.

Do you mean ciphers, or protocols?  Like I said above, I see only 4 protocols.  If I can add more, tell me how.
 

Link to comment
Share on other sites

Vulnerable to being decrypted by a third party somewhere between your browser and the server you connect to and not speaking about MITM attack which everything is potentially vulnerable to on any browser/system currently.

No one can take control of your PC but your credentials such as credit card details could be stolen easily if you use one those 7 protocols, regardless whether you are wired or wireless.

And yes I meant cyphers indeed. If you disable those on the pic plus the two zero bit ones you will be fine.


 

opera security.png

Edited by loblo
adding stuff 7 pic
Link to comment
Share on other sites

21 minutes ago, loblo said:

There are 7 vulnerable TLS protocols in Opera 12.02. Once they are disabled, I would think that my encrypted connections are no more or less insecure than those made with another more recent browser on another more recent system such as latest Chrome or Firefox on my Win7 laptops which I hardly ever use. If you know otherwise you'll let me know.
 

I just simply would never use a browser that old for anything mission critical.  But then again, I'd say the same for Windows 9x.

Link to comment
Share on other sites

> Vulnerable to being decrypted by a third party somewhere between your browser and the server you connect to

Assuming we're not talking about MIM situation, I simply don't see how a "bad guy" can gain access to the telecom or networking equipment in the path between me and my bank to be able to monitor the data.

Regarding the ciphers, would the server I'm connecting to (ie - my bank) choose an insecure cipher in the first place to conduct the session?  Or am I assuming that all IT / web admins everywhere are sufficiently up on things to configure their websites to use / not use certain ciphers?
 

Link to comment
Share on other sites

You're right, risks are low but it's still in the realm of the possible that someone snoops on your connection or that some banking/payment servers use insecure ciphers.


 

Link to comment
Share on other sites

10 hours ago, JodyT said:

I just simply would never use a browser that old for anything mission critical.  But then again, I'd say the same for Windows 9x.

When you read about the capabilities of the CIA malware packages and what they can do on "modern" versions of windoze: https://wikileaks.org/vault7/releases/

It's clear that the NT-line of Windoze has become less trustworthy as its internal complexity grows and access to it's internal workings are being cut-off from users regardless what permissions or authority they have on the system.

I wouldn't trust a win-8 or win-10 system further than I could throw it.  I honestly don't know why anyone who is keeping up on current events would doubt that there more holes (intentional and otherwise) in these OS's than we can imagine, and the fullness of time (and wikileaks) will no doubt reveal.
 

Link to comment
Share on other sites

Sorry that seems a bit tin-foil hat-ish to me.  For all of the security holes there may be, Windows 9x is basically a house of cards structurally.  Security by obscurity first off isn't a strategy in my mind.  But running a partially protected mode environment on top of MS-DOS is flimsy.  Besides what devices do I no longer have access to in Windows 8?

And I'll tell you, Windows 8 runs WAY MORE stable than 9x ever ever did.

:)

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...