Jump to content
Strawberry Orange Banana Lime Leaf Slate Sky Blueberry Grape Watermelon Chocolate Marble
Strawberry Orange Banana Lime Leaf Slate Sky Blueberry Grape Watermelon Chocolate Marble

MSFN is made available via donations, subscriptions and advertising revenue. The use of ad-blocking software hurts the site. Please disable ad-blocking software or set an exception for MSFN. Alternatively, register and become a site sponsor/subscriber and ads will be disabled automatically. 



Sign in to follow this  
Nomen

Win-9x and meltdown vulnerability

Recommended Posts

I don't know if there's a thread anywhere on MSFN discussing the recent Meltdown and Spectre CPU-related vulnerabilities, but I thought I'd post here a question about how this might affect (or not) win-9x/me.  Would code (ie - code typically executed by or in a browser) be able to perform Meltdown memory-scanning activities on a 9x system?

 

 

Share this post


Link to post
Share on other sites

My answer is big no

Share this post


Link to post
Share on other sites

The Meltdown vulnerability is not an issue for Windows 9x because Kernel Memory was never protected in the first place. Only the Page Tables and maybe a few other areas are protected.
Windows 9x was never secure with respect to the Kernel.

The Spectre vulnerability is more relevant as it gives interprocess access that is not available to Meltdown. Windows 9x does not map "all" Physical RAM as does Linux according to the published articles.

I don't know how hard it is to use these vulnerabilities through a Browser.

Share this post


Link to post
Share on other sites
On 1/6/2018 at 12:04 AM, rloew said:

The Meltdown vulnerability is not an issue for Windows 9x because Kernel Memory was never protected in the first place.

That's what I figured.  So why wasn't everyone running around back in 2000 - 2006 screaming that hackers were going to be stealing passwords from win-9x kernel memory  back then?   For a typical single-user windoze system (9x or NT) - what's in the kernel ram that is such a big deal to get your hands on?

In the bigger picture, what does this say about the whole concept of having a separate admin (or root) access level vs user-level access to a system (again, thinking only of single-user, non-enterprise systems)?  Given all the hundreds of ways that separation has been shown to be faulty (on Windows NT systems) over the years, what has that basic design idea actually accomplished in the windows PC world?  I know it has led a a great deal of frustration (you don't have the rights or permissions to do this or that) so what did users get in return?  Looks more and more like nothing.

Share this post


Link to post
Share on other sites

There are a number of reasons:

1. Hackers weren't as sophisticated then. There weren't many ways to monetize their hacks so they mostly did it for boasting rights. States and organized crime were not involved as much.
2. Windows 9x was never promoted as a business OS so users were not particularly juicy targets.
3. In 9x Passwords are mostly in User Space so they don't appear in Kernel Space very often. Only 64-Bit OSes can map the entire Physical Space (including all User Spaces) into Virtual Memory.
4. Windows 9x was never secure, new hacks were never needed. The Thread Context hack has been around a very long time. I have found a few more that are easier to use.

For a single user, the advantages are more limited. Level based access does reduce the impact of bugs. Higher levels of security also protect against many kinds of mistakes but also cause higher levels of frustration.

This is probably the biggest reason why I develop using 9x. I can write code with less effort and debugging is far easier when the OS is not fighting me tooth and nail.
I can then port the code to other OSes, with much less debugging needed, if I choose to do so.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.

×